tags:

views:

47

answers:

1
Q: 

What is the WCF equivalent?

I am trying to port some code that is based on WSE3.0 to WCF. Basically, the old code has the following configuration:

<microsoft.web.services3>
    <diagnostics>
      <trace enabled="true" input="InputTrace.webinfo" output="OutputTrace.webinfo" />
    </diagnostics>
    <tokenIssuer>
      <statefulSecurityContextToken enabled="false" />
    </tokenIssuer>
</microsoft.web.services3>

When calling the same service through my "Service Reference" I get this error:

Request does not contain required Security header

My binding looks like this:

<basicHttpBinding>
    <binding name="LegalUnitGetBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
                receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
                bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                useDefaultWebProxy="true">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <security mode="Transport">
                </security> 
     </binding>
</basicHttpBinding>

From what I have understood, the service I'm calling only requires an SSL connection, since it receives a username and password as part of a request parameter.

Any help or suggestions would be greatly appreciated.

A: 

You'll have to pass credentials on the client side and validate them on the server side, I guess you are using IIS to Host? Instead of rehashing - here is an MVP post that should get you pointed in the right direction.

Key change that will get you thinking in your config file:

<security mode="TransportWithMessageCredential">
...
</security>
RandomNoob  2010-03-08 19:38:08
Well, the the service I'm calling is a java service hosted by a public office, and I have no insight whatsoever with regards to its implementation. Needless to say, their documentation is almost non-existing. I can call it from .net 2.0 using WSE3.0 without setting any credentials on the client.
klausbyskov  2010-03-09 08:56:09

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security