I'm tasked with creating a WCF service from a local wsdl file. I have done some R&D on this task. I have added a web reference of that local wsdl file. Now I want to create a client for this service in order access the service.
How do I provide the username and password in the client?
Currently, when I am accessing the service methods in the client I get an error:
Username is not provided.
Here's the relevant code:
ServiceGetProductFeeds.ProductFeedServiceClient SerProdFeeds = new ServiceGetProductFeeds.ProductFeedServiceClient();
SerProdFeeds.ClientCredentials.UserName.UserName = "XXXXXX";
SerProdFeeds.ClientCredentials.UserName.Password = "*******";
SerProdFeeds.getProductFeed();
Any tips on what's not correct with the above code?
Do you have security mode, clientCredentialtype configured appropriately in your configuration files? Here is a blog post that very closely matches your question. I hope this helps!
http://amadotech.blogspot.com/2009/11/error-username-is-not-provided-specify.html
Actually there're three causes with my application:
Security mode was not appropriae.
Client credential type was not appropriate.
The call missed passing the required Username and password.
Related
I got the below error while I was trying to authenticate through IBM Security Access Manager (using Sustainsys.Saml2.Owin)
Here is the Link of error code
I tested the code on another IDP https://stubidp.sustainsys.com/ and it's working.
Maybe the difference is with the test IDP (Stupidp) it was a solicited response but from IBM Security Access Manager was Unsolicited (Idp-initiated).
But I already set AllowUnsolicitedAuthnResponse = true
Here is the metadata that attached on IBM Security Access Manager
I find the solution I was sent a wrong metadata, the right one if you use SustainSys.Saml2 is to hit your SP URL "https://SP.com/Saml2" this will generate your SP metadata file.
The AssertionConsumerService was wrong was the action to be landed after login on the IDP, but the right one should be "https://SP/Saml2/Acs"
I am running Google Translate API in C#.
Running locally on my computer the next code works, but online on a server it throws the following error:
using Google.Cloud.Translation.V2;
TranslationClient client = TranslationClient.Create();
var response = client.TranslateText(sentence, targetLanguage, sourceLanguage: sourceLanguage);
"The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information."
Locally this runs just by installing Cloud SDK Installer which does all the settings, there is no need for authentication in code.
On the server, should I use instead OAuth 2.0 or Service account keys ?
Can someone assist me on how to solve this?
EDIT: Can someone confirm to me if it is necessary to have access to the local server to run commands in command line like here https://cloud.google.com/storage/docs/authentication ? This would be pretty ridiculous, instead of just writing code. For example Youtube API does not require local access.
Follow directions to get json file:
https://cloud.google.com/translate/docs/reference/libraries
Then run this code first:
System.Environment.SetEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS", "c:\mypath\myfile.json");
To generate a private key in JSON or PKCS12 format:
Open the list of credentials in the Google Cloud Platform Console.
OPEN THE LIST OF CREDENTIALS
Click Create credentials.
Select Service account key. A Create service account key window
opens.
Click the drop-down box below Service account, then click New service account.
Enter a name for the service account in Name.
Use the default Service account ID or generate a different one.
Select the Key type: JSON or P12.
Click Create. A Service account created
window is displayed and the private key for the Key type you
selected is downloaded automatically. If you selected a P12 key, the
private key's password ("notasecret") is displayed.
Click Close.
You can find more details here
https://cloud.google.com/storage/docs/authentication
Its all in the errormessage. You have two options
Run the Google Compute Engine on the machine you have your program running on and input your credentials there.
Use a service account and set the "GOOGLE_APPLICATION_CREDENTIALS" environment variable to reference your credentials file (which is a .json file that you can download from the google developer console.)
PS: Do not store your credentials file anywhere on the server where it may be accessed by someone else!
You must download API key from
https://console.developers.google.com/iam-admin/serviceaccounts
After that download .P12 file file to use it in your code
var certificate = new X509Certificate2(#"key3.p12", "notasecret", X509KeyStorageFlags.Exportable);
notasecret is default password
The easiest answer to my question , to avoid local settings on the server, is the third option of using the Translation API described below: using API keys.
This means just a simple POST to an endpoint that has the API key in the link.
https://cloud.google.com/docs/authentication/#getting_credentials_for_server-centric_flow
https://cloud.google.com/docs/authentication/api-keys
I'm trying to consume a web service provided by another group within our company. The service is written in Java and their JAVA test client functions properly. However, I cannot get a .NET4.0 or .NET 4.5 based WCF client to talk to it. They require https transport and since its JAVA I'm using basicHttpBinding. They also require Username/Password. In JAVA, they are saying the username/password is at the binding level and when looking at a message that was captured from their test code, there is NO evidence of the username or password being sent. I can connect to their service but cannot get authenticated because they are not seeing my username & password. Username and password is being set in code. I am currently testing against their dev server using their self signed cert. Our endpoints are physically 1500 miles apart but connect via internal corporate (secure) network.
I just need to know the proper config settings for "binding", "behavior", and "endpoint" to use at the client. I can post my settings but that would just be misleading as I've tried 100's of them and none give the desired result.
Any help you can give will be useful as long as it doesn't involve any changes on (or knowledge of) the service host side (its probably not even IIS).
Thanks for your thoughts.
Java client code looks like this:
ServiceImplServiceLocator locator = new ServiceImplServiceLocator();
locator.setServiceEndpointAddress( "https://<hostaddr>:8443/Service" );
locator.setServiceWSDDServiceName("Service");
ServiceImpl service = locator.getService();
ServiceSoapBindingStub binding = (ServiceSoapBindingStub) service;
binding.setUsername("Username");
binding.setPassword("Password");
// call web service
Return = binding.ServiceMethod( ... );
I need to import some model file into a Sharepoint central admin(HTTPS) from my local machine. What should be the configuration(using service.model)?
I am using the following configuration...
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_BusinessDataCatalogSharedService"
contract="BusinessDataCatalogSharedService" name="BasicHttpBinding_BusinessDataCatalogSharedService" />
And i am using the following c# code...
BusinessDataCatalogSharedServiceClient client =
new BusinessDataCatalogSharedServiceClient("BasicHttpBinding_BusinessDataCatalogSharedService1");
client.ClientCredentials.UserName.UserName = "...";
client.ClientCredentials.UserName.Password = "....";
I am getting the following error
MessageSecurityException was unhandeled
The HTTP request was forbidden with client authentication scheme 'Basic'.
I dont have enough knowledge about the authentication...Please help me out.
Thanks
Take a look at this information http://blog.adnanmasood.com/2008/07/16/https-with-basichttpbinding-note-to-self/
Most likely the problem is that you are running the service over HTTP not HTTPS. This will not work with username/password authentication. WCF is secure by default such that it will disallow calls with this type of authentication over HTTP.
You need to configure your service with a certificate to run over HTTPS and then also make the appropriate changes to you config (as is described in the link renu has posted).
i have some code that tries impersonate the callers windows security settings and then connect to another WCF service on a different machine
WindowsIdentity callerWindowsIdentity = ServiceSecurityContext.Current.WindowsIdentity;
using (callerWindowsIdentity.Impersonate())
{
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows;
EndpointAddress endpoint = new EndpointAddress(new Uri("net.tcp://serverName:9990/TestService1"));
ChannelFactory<WCFTest.ConsoleHost.IService1> channel = new ChannelFactory<WCFTest.ConsoleHost.IService1>(binding, endpoint);
WCFTest.ConsoleHost.IService1 service = channel.CreateChannel();
return service.PrintMessage(msg);
}
But I get the error:
"the caller was not authenticated by the service"
System.ServiceModel .... The request for security token could not be satisfied because authentication failed ...
The credentials I am trying to impersonate are valide windows credential for the box the service is on.
Any ideas why?
In order to support your scenario, you need to have an understanding of how Protocol Transition and Constrained Delegation work. You will need to configure both Active Directory and your WCF service endpoint(s) to support this. Note the use of the Service Principal Name (SPN). Take a look at the following link and see if they help you. The article has a sample to demonstrate the complete end-to-end configuration required to make this work.
How To: Impersonate the Original Caller in WCF Calling from a Web Application
Agree with marc_s this is the double-hop problem.
You need to get the windows authentication all the way through, therefore:
The request must be made in the context of a windows users
IIS must be configured to use windows authentication
Web.config must be set up for windows authentication with impersonate = true
The user that your application pool is running as, must be allowed to impersonate a user. This is the usual place where the double-hop problem occurs.
There is a right called "Impersonate a client after authentication"
http://blogs.technet.com/askperf/archive/2007/10/16/wmi-troubleshooting-impersonation-rights.aspx
Impersonation from you service to the next is a tricky issue, known as "double-hop" issue.
I don't have a final answer for that (I typically avoid it by using an explicit service account for the service that needs to call another service).
BUT: you should definitely check out the WCF Security Guidance on CodePlex and search for "Impersonation" - there are quite a few articles there that explain all the ins and outs of impersonating an original caller and why it's tricky.
Marc
If you are sure you have the credentials right on both hops, the next thing that could be causing the issue is the lack of the EndpointDnsIdentity being set on the endpoint.
DnsEndpointIdentity identity = new DnsEndpointIdentity("localhost"); // localhost is default. Change if your service uses a different value in the service's config.
Uri uri = new Uri("net.tcp://serverName:9990/TestService1");
endpoint = new EndpointAddress(uri, identity, new AddressHeaderCollection());