views:

344

answers:

1

I'm building a webservice that needs to be accessible to a variety of potential platforms, including a number of older ASP and ASP .NET applications. After some research, I settled on a WCF service with both a REST (webHttpBinding) and SOAP (wsHttpBinding) endpoint (that way, I can support a wide range of platforms and still make the .NET coders happy).

For security, I'm using SSL and HTTP Authentication Basic against my own database of username/passwords. So I've written an HttpModule to handle the usernames and passwords and check for SSL. Now, the REST setup is working perfectly, but I'm having problems with the SOAP endpoint. No matter what settings I use, the SOAP client never sends me a WWW-Authorization header that I can use to authenticate. I'm assuming that setting something like <message clientCredentialType="UserName" /> should tell WCF that I expect an Authorization header, and that information will be picked up by Visual studio (or whatever client) when it creates a web reference. Perhaps I'm just being hopelessly naive.

So to summarize the question: is there any way that I can tell WCF to send me a WWW-Authorization header (ie, an HTTP basic header) along with the soap messages?

+2  A: 

You can create custom headers for your authentication.

Have a look here

Tony
Hmm, if that's the level of complexity my clients are going to have to deal with, I think I might be better off dropping SOAP support and giving them some API DLLs that wrap up the REST calls. The whole point of having the SOAP endpoint in my case was to make clients' lives easier (ie, all they would have to do is add a webreference) =)
Badjer