tags:

views:

1113

answers:

2
+2  Q: 

In WCF, for a webHttpBinding, how do I specify credentials in the client side web.config when the server is using basic authentication?

Hello,

I have two WCF RESTful services - the "general" service is public and has no security; the "admin" service I intend to use basic authentication over SSL. This is my server side web.config: 

<system.serviceModel>
    <bindings>
        <webHttpBinding>
            <binding name="general" maxReceivedMessageSize="2147483647">
                <readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647" />
                <security mode="None">
                    <transport clientCredentialType="None" />
                </security>
            </binding>
            <binding name="admin" maxReceivedMessageSize="2147483647">
                <readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647" />
                <security mode="Transport">
                    <transport clientCredentialType="Basic" />
                </security>
            </binding>
        </webHttpBinding>
    </bindings>
    <behaviors>
        <serviceBehaviors>
            <behavior>
                <serviceMetadata httpGetEnabled="true"/>
                <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>
        </serviceBehaviors>
        <endpointBehaviors>
            <behavior name="web">
                <webHttp/>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <services>
        <service name="MyNamespace.AppServices.GeneralService">
            <endpoint address="" binding="webHttpBinding" contract="MyNamespace.Contracts.IGeneralService" behaviorConfiguration="web" bindingConfiguration="general" />
        </service>
        <service name="MyNamespace.AppServices.AdminService">
            <endpoint address="" binding="webHttpBinding" contract="MyNamespace.Contracts.IAdminService" behaviorConfiguration="web" bindingConfiguration="admin" />
        </service>
    </services>
</system.serviceModel>

On the client side, I currently have code that looks like this:

private static IGeneralService GetGeneralChannel()
{
    WebHttpBinding binding = new WebHttpBinding();
    binding.Security.Mode = WebHttpSecurityMode.None;
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
    binding.MaxReceivedMessageSize = Int32.MaxValue;
    binding.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
    binding.ReaderQuotas.MaxArrayLength = Int32.MaxValue;

    WebChannelFactory<IGeneralService> cf = new WebChannelFactory<IGeneralService>(binding, new Uri("http://localhost:1066/GeneralService"));
    IGeneralService channel = cf.CreateChannel();
    return channel;
}

private static IAdminService GetAdminChannel()
{
    WebHttpBinding binding = new WebHttpBinding();
    binding.Security.Mode = WebHttpSecurityMode.Transport;
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
    binding.MaxReceivedMessageSize = Int32.MaxValue;
    binding.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
    binding.ReaderQuotas.MaxArrayLength = Int32.MaxValue;

    WebChannelFactory<IAdminService> cf = new WebChannelFactory<IAdminService>(binding, new Uri("http://localhost:1066/AdminService"));
    cf.Credentials.UserName.UserName = "myUserName";
    cf.Credentials.UserName.Password = "myPassword";

    IAdminService channel = cf.CreateChannel();
    return channel;
}

The question is, since I obviously do not want to hard-code all of this configuration information, how do I need to provide it in the web.config on the client? It is pretty clear to me that the binding element needs to look pretty much the same on the client as it does on the server. However, where do I indicate the credentials that are assigned to the WebChannelFactory?

Any help and/or insight will be appreciated.

Thanks, Steve

+1  A: 

You cannot put those credentials (username and password) into web.config and have WCF read them from there. This is one of the very few features in WCF which cannot be done in config - you have to set those credentials in your code.

Of course, in your code, you can read them from e.g. a database table, or a config entry somewhere - but you have to do that yourself. WCF can't be configured to automagically read those settings from somewhere.

marc_s  2009-12-18 14:20:48
that would explain why, after digging around all over the place, i have been unable to find anything that resembled username/password elements in wcf configuration schema - he hethanks for the info. it's just as easy to put these values in the appSettings element.
Steve Elmer  2009-12-18 15:19:08
A: 

never mind.. It helps if I read everything.

GunnerL3510  2010-02-18 17:55:19

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability