tags:

views:

889

answers:

2
+4  Q: 

How add service reference in visual studio 2008 authenticating against password-protected web service

Hello, first time here... great site Well, I want to reference a web service, and it requires user/pass authentication. In VS 2008, if I try to "add reference", or "add service reference", all I can type is the URL, there's no way to input my credentials. Obviously, if I try to load the ws, it shows me a nice message: "The request failed with HTTP status 403: Forbidden. Metadata contains a reference that cannot be resolved: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="weblogic"'. The remote server returned an error: (401) Unauthorized." So my question is: Is it possible (using VS 2008) to add a reference to a web service that is protected? How? Any help is kindly appreciated. Thanks!

+1  A: 

Depending on how the service is authenticated, you may be sol.

If it uses ASP.Net membership, no joy to be found. If the service code is yours, temporarily disable authentication to generate a proxy.

Otherwise, try using a standard mechanism:

http://username:[email protected]/service

Best choice: Get the WSDL from your vendor and use wsdl.exe to generate your proxy.

Update in response to comment:

Yes, mocking the service in order to generate a proxy is a perfectly reasonable plan, If the target service is an ASP.net service or only accepts and returns simple types.

The web service constructor has an overload that accepts an Uri or you could just modify the generated source.

If you choose to modify the generated source, you will probably want to just extract the proxy class and delete the webservice reference:

After you generate the proxy with VS, if you 'show all files' and drill down into the WebService Reference, you will find a file called Reference.cs. This is the only file you need. Copy the contents to another file and then just delete the web service reference.

If you do this, you can potentially add your authentication logic into the proxy at this point.

But again, getting the WSDL from the vendor is your best bet.

Good luck.

Sky Sanders  2010-04-08 21:47:28
Nope, we don't have control over the service (and they won't remove the authentication scheme). Using the duo user:pass in the URL also doesn't work...It would be possible to add reference to another service (one that doesn't need authentication), and thereafter, modify some config files and change the URL and input my credentials???
 2010-04-09 15:27:29
@user312305 - sure, that would be a way to go. See updated answer. As for the actual authentication, well that is another story. Your question asks how to generate a proxy, not how to authenticate and call a protected service programmatically. Ask another question and I will answer it. Be sure to include details on what platform and authentication scheme is in use, e.g IIS, Asp.net webservice, FormsAuthentication etc. It seems you may need to add a www-auth header.
Sky Sanders  2010-04-09 16:10:10
Well, thing is, our provider uses Vordel, which doesn't expose a wsdl (it exposes a URL instead, which "obscures" all operations available), so I'm lost about how generate a proxy using wsdl.exe (and that's the only thing I want- generate the proxy). I know the service works, and I can test it using SoapUI, by creating a new endpoint to a already generated wsdl project, and filling user/pass properties. I tried, in VS2008, generate a random WS Reference, but since I don't know what properties are exposed by the "real" service, I think I can't just modify the code. (Thanks for helping!)
 2010-04-09 16:43:46
My friend, reading your last comment, I wonder if it's necessary create a proxy at all... Is it possible to just call a URL programatically, passing credentials and the actual xml request as parameters??
 2010-04-09 16:49:27
@user312305 - depends. what does the request look like? are all parameters simple types? If so, perhaps. Otherwise posting a webrequest could be an option. How is it that you authenticate a call? are user/pass parameters of the call or do you call a seperate method to aquire a cookie or token?
Sky Sanders  2010-04-09 17:02:56
the service accepts only one parameter: a well-formed xml document (the response is another xml document). The authentication is made on the request (I guess the authorization fields goes on the request's header). Using SoapUI, if I omit user/pass request's properties, the service throws me a "401-Unauthorized" error. In C# I haven't found a way to directly call a URL, passing my credentials...
 2010-04-09 17:19:45
@user312305 Ok, so watch the 'http log' on soapUI and duplicate by posting an HttpWebRequest with the auth header added. My guess is that soapUI is hashing your password and adding a www-authenticate header. You need to determine the hash method expected by the service. You should be able to see that in the http log. google 'posting a form with HttpWebRequest' or some such.
Sky Sanders  2010-04-09 17:40:46
You were right indeed. SoapUI first tries posting to the endpoint of the service, then receives the 401 Unauthorized error, then does the same thing again, this time adding the header "Authorization: Basic RElSVFJBOnZIS2RuMHBp". The last bit may be the hashed user/pass. Will try WebRequest classes to see if I achieve something. Will be posting results. Thanks
 2010-04-09 18:03:30
Ok, finally got it working using directly httpWebRequest, it seems there is no way to add a service reference (in VS) which url is protected by basic authentication. Also, if there's no wsdl to create a mockup, you don't have another choice. Thanks @Sky Sanders for all help.
 2010-04-12 13:56:42
A: 

It sounds like you're trying to use a Web Reference, and not a Service Reference (although I believe a Web Reference is a one kind of Service Reference). In VS08, after you have launched the "Add Service Reference", typed the URL to the web service, click the "Advanced" button, then click the "Add Web Reference". Type the URL again, then click "Add Web Reference". Now you should have a web reference instead, then authentication is similar to below:

WebService.Service myService = new WebService.Service();
myService.Credentials = new System.Net.NetworkCredential("username", "password");
WebService.ResultType results = myService.MyMethodReturnsResultType();
Erik Philips  2010-07-14 22:41:19

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?