views:

212

answers:

1

I have a Java based web service that requires basic authentication to communicate with it. If I type the WSDL url into my browser I'm prompted for Basic Auth. Which I can get by entering the correct credentials.

However using my WCF client doesn't work.

I construct my WCF client like this:

var binding = new BasicHttpBinding
{
  MaxReceivedMessageSize = 2048 * 10240,
  Security = {
    Mode = BasicHttpSecurityMode.TransportCredentialOnly, 
    Transport = {
      ClientCredentialType = HttpClientCredentialType.Basic,
      Realm = "MYREALM",
      ProxyCredentialType = HttpProxyCredentialType.None
    }, 
    Message = {
      ClientCredentialType = BasicHttpMessageCredentialType.UserName,
      AlgorithmSuite = SecurityAlgorithmSuite.Default
    }
  }
};

var client = new WebServiceClient(binding, endpoint);
client.ClientCredentials.UserName.UserName = username;
client.ClientCredentials.UserName.Password = password;
client.DoWebServiceMethod();

I get the following exception.

System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) 
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm="MYREALM"'.

From what I can tell I'm doing things right. Where am I going wrong?

A: 

I just setup the same thing -- I added a Service Reference in Visual Studio, and it came out similar to what you've done in code.

Two notes though, although it had security mode="Transport" set correctly, it didn't have clientCredentialType="Basic" set. I added to that my config and it still didn't work. Then I actually removed the message security since the service I'm contacting is SSL + Basic only:

<message clientCredentialType="UserName" algorithmSuite="Default" />

Voila -- it worked.

I'm not sure why this had an effect considering the element did not specify message level security... but it did.

Ethan J. Brown