I'm looking for the way to provide credentials (grammatically) for HTTP proxy that should be used to connect to service (Security Token Service), the proxy credentials differ from the credentials for the service.
I saw several posts here (it took me back to 2006-8) and the solution was by changing the default proxy
WebProxy proxy = new WebProxy("http://myproxyserver",true);
proxy.Credentials = new NetworkCredential("username", "password");
WebRequest.DefaultWebProxy = proxy;
I think it is risky to change the global setting for all WebRequests from my assembly that performs a dedicated task.
I'm wondering if in .NET 4.5 there is a better solution for this case.
Similar questions:
WCF Custom Http Proxy Authentication
How can I set an HTTP Proxy (WebProxy) on a WCF client-side Service proxy?
Don't set default proxy, set proxy object with desired credentials per request
Related
We have implemented the proxy server for calling the third party website which is currently happening through firewall rule. We have added the Service account to Proxy server ,URL is whitelisted and IE browser has the Proxy set up.
Whenever we are calling the third party website , we are getting the 407 Authentication from proxy server and application running by Service account identity.
Is there anything like Microsoft is not allowing to pass the credentials to the proxy server ?
*Application deployed in IIS 10
*Asp.net web form
*Windows server 2016
Regarding the error 407 proxy authentication required, you can try to define a proxy class first, then set the Credentials property of the proxy object, and finally assign the defined proxy object to the Proxy proxy property of the Web Service object.
WebProxy proxy = new WebProxy(proxyAddress);
proxy.Credentials = new NetworkCredential("username", "password", "domain");
proxy.UseDefaultCredentials = true;
WebRequest.DefaultWebProxy = proxy;
HttpWebRequest request = new HttpWebRequest();
request.Proxy = proxy;
I'm having some issues implementing a client that talks to a WCF service. It's a WCF hosted by another company so I don't have access to its code. I used the Connected Service provider tool in Visual Studio to generate the client code so that I could make requests and everything works fine on my local machine. I am having an issue on our development environment where I receive the following error if I try to make a request with the client:
The HTTP request was forbidden with client authentication scheme 'Anonymous'
I've been looking at the client code (it's a lot of code) which is generated by the Provider tool and I think it may have something to do with the following block of code.
System.ServiceModel.BasicHttpBinding result = new System.ServiceModel.BasicHttpBinding();
result.MaxBufferSize = int.MaxValue;
result.ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max;
result.MaxReceivedMessageSize = int.MaxValue;
result.AllowCookies = true;
result.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
return result;
This more linked to firewall rules within corporate network.
I had same issue using non authorized proxy but got resolved secured proxy with ntlm ClientCredentialType
This error typically indicates that the WCF server authenticates the client-side with a certificate. The error will occur when the trust relationship between the server and the client have not been established yet.
In general, we need to provide client credential to be authenticated by the server so that be able to call the service. As for what kind of credentials need to be provided, it depends on the binding information on the server-side.
BasicHttpBinding binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
Namely, the above errors have indicated that the server authenticates the client with a certificate.
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
About authenticating the client with a certificate, you could refer to the below link for details.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
Feel free to let me know if there is anything I can help with.
Thanks for all the suggestions. This was actually just caused by a firewall rule that was setup within our organisation. Once that was removed the code worked as expected.
result.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.Transport;
Security is provided using HTTPS. The service must be configured with SSL certificates. The SOAP message is protected as a whole using HTTPS. The service is authenticated by the client using the service's SSL certificate. The client authentication is controlled through the ClientCredentialType.
https://learn.microsoft.com/en-us/dotnet/api/system.servicemodel.basichttpsecuritymode?view=netframework-4.8
I'm trying to get some resources from the website using simple HttpClient and HttpClientHandler classes. When i use Http, it works well but in case of Https it doesn't work. The following code is my settings:
var url="https://www.someurl.com";
var proxy = new WebProxy("127.0.0.1", 8888);
WebRequest.DefaultWebProxy = proxy;
htmlHandler = new HttpClientHandler();
htmlHandler.UseProxy = true;
htmlHandler.Proxy = proxy;
I also changed settings of .exe.config file and it didn't worked. I should note that just one entry in fiddler was shown:
Is the Tunnel line in the picture you included a reference to the site to which the .NET client is trying to send traffic? Or is it unrelated? (What is the Process column?)
What do you see on the LOG tab when traffic is sent to Fiddler?
The most likely explanation is that the Fiddler Root Certificate is not trusted by the account in which the .NET client application runs. Fiddler allows you to trust the Fiddler Root certificate on a machine-wide basis which will resolve such issues.
I am trying to access service bus via a squid3 webproxy with Basic authentication enabled in the proxy using C#
i am using below code to set the web proxy
webproxy webproxy = new webproxy("http://weproxyuri:port", false);
webproxy.credentials = new networkcredential("username", "password","domain");
WebRequest.DefaultWebProxy = webProxy
i am using below code to access service bus
MessagingFactory messagingFactory = MessagingFactory.CreateFromConnectionString(connectionstring);
QueueClient queueSendClient = messagingFactory.CreateQueueClient(queuename);
var bm1 = queueSendClient.Peek();
access of service bus is failing with error - The X.509 certificate CN=servicebus.windows.net is not in the trusted people store
in the proxy log i am seeing 1454679317.842 0 10.168.84.150 TCP_DENIED/407 4046 GET http://www.microsoft.com/pki/mscorp/msitwww2.crt - HIER_NONE/- text/html
in the network traces i am seeing host trying to connect to http://www.microsoft.com/pki/mscorp/msitwww2.crt first it is trying to connect with out authentication then proxy is saying HTTP/1.1 407 Proxy Authentication required as a response to the request for this ideally host should resend the request with Proxy-Authorization Header which contains username and password but i am seeing a weird behavior where host is not send the Proxy-Authorization Header in the second time
any registry key needs to be set ?
i am using windows core 2012 R2 as host
this issue is fixed in 3.0.50496.1 or higher version of Microsoft.ServiceBus.dll
in WSTrustChannelFactory documentation there is a reference to working with proxy:
One common pattern where the OnBehalfOf feature is used is the proxy
pattern where the client cannot access the STS directly but instead
communicates through a proxy gateway
I can't seem to find an example.
In some of my users' computers a proxy is defined for exteral request.
How can I request the token if the STS is behind proxy.
Currently I am getting it as follows:
var rst = new RequestSecurityToken{...}
IWSTrustChannelContract wsTrustChannelContract = factory.CreateChannel();
var token = wsTrustChannelContract.Issue(rst) as GenericXmlSecurityToken;
How can I change it to using the proxy?
Thanks.
OnBehalfOf is for situations where you build the proxy yourself - like the ADFS proxy.
I haven't seen any sample for that either - but it follows the same pattern as ActAs.
It has nothing to do with "regular" web proxies that might be between you and your STS.
But have a look here:
How can I set an HTTP Proxy (WebProxy) on a WCF client-side Service proxy?