I've this web.config file to configure client proxy from a external service this service required authentication on the messages header, I've the service well configured on my web.config but for now I'm try create the proxy with this configuration on code,with propose change dynamically the user and password.
<cliente>
<endpoint address="https://wwwww.hhhahdhadhs.askadadasda" binding="basicHttpBinding" bindingConfiguration="MyConfiguration" contract="PROXY_ACSS_SERVICES.RegistoPrescricaoMedicamentos">
<headers>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>MyUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">87726655434</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>
</cliente>
<basicHttpBinding>
<binding name="PrescricaoMedicamentos" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
My problem is create the header where defined the username and password,
<headers>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>MyUser</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">87726655434</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
Thanks in advance
EDIT
Ladislav Mrnka after I create the proxy programmatically receive this message
'The request channel timed out attempting to send after
00:00:59.9829990. Increase the timeout value passed to the call to
Request or increase the SendTimeout value on the Binding. The time
allotted to this operation may have been a portion of a longer
timeout.'
This is my proxy configuration
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Name = "PrescricaoMedicamentos";
binding.CloseTimeout = new TimeSpan(0, 1, 0);
binding.OpenTimeout = new TimeSpan(0, 1, 0);
binding.ReceiveTimeout = new TimeSpan(0, 10, 0);
binding.SendTimeout = new TimeSpan(0, 1, 0);
binding.AllowCookies = false;
binding.BypassProxyOnLocal = false;
binding.HostNameComparisonMode = HostNameComparisonMode.StrongWildcard;
binding.MaxBufferSize = 65536;
binding.MaxBufferPoolSize = 524288;
binding.MaxReceivedMessageSize = 65536;
binding.MessageEncoding = WSMessageEncoding.Text;
binding.TextEncoding = System.Text.Encoding.UTF8;
binding.TransferMode = TransferMode.Buffered;
binding.UseDefaultWebProxy = true;
binding.ReaderQuotas = new XmlDictionaryReaderQuotas()
{
MaxDepth = 32,
MaxStringContentLength = 8192,
MaxArrayLength = 16384,
MaxBytesPerRead = 4096,
MaxNameTableCharCount = 16384
};
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
return binding;
}
I wondering if is possible add a static header to all messages in code.. Something like AddressHeader.CreateAddressHeader( 'authentication header') and apply this headers on my EndpointAddress configuration. This kind of approach substitute literal my first code
<headers>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>myusername</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">mypass</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
If the service correctly implements user name token profile change the security settings in your binding to:
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
And once you create a proxy set credentials by:
proxy.ClientCredentials.UserName.UserName = ...;
proxy.ClientCredentials.UserName.Password = ...;
Related
I´m looking for a way to add the following WSSE XML data into a SOAP request to a service:
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-D67150EFEFE71BA23416294396650191">
<wsse:Username>XXXXXXX</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXXXXX</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">XXXXXXX</wsse:Nonce>
<wsu:Created>2021-08-20T06:07:45.015Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
I´ve added the service as a service reference in VS 2017 and I´ve seen suggestion that points to app.config like
<bindings>
<basicHttpBinding>
<binding name="myBinding">
<security mode="TransportWithMessageCredential" >
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://...."
binding="basicHttpBinding" bindingConfiguration="myBinding"
contract="..." name="..." >
<headers>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>XXX</wsse:Username>
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>XXX</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>
</client>
And suggestion using BasicHttpBinding like
var binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
var endpoint = new EndpointAddress("https://....");
using (var client = new ServiceReference1.Client(binding, endpoint))
{
client.ClientCredentials.UserName.UserName = "XYZ";
client.ClientCredentials.UserName.Password = "XYZ";
ServiceReference1.Request request = new ServiceReference1.Request();
request.Request = new ServiceReference1.RequestType();
request.Request.Nr = "12345";
ServiceReference1.Response response = client.getData(request);
ServiceReference1.ResponseType[] responseMessages = response.Response;
}
But I´ve been unable to get anything working. The username and password have been tested via SoapUI.
Any suggestions?
Regards
Kaare
I have an app.config to call this service from .Net framework but now I have to do the same from core app. Here's the WCF client config:
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_certificate" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="128" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" negotiateServiceCredential="true">
<claimTypeRequirements>
<add claimType="http://docs.oasis-open.org/wsfed/authorization/200706/claims/action" isOptional="true"/>
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" isOptional="false"/>
<add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role"/>
</claimTypeRequirements>
<issuer address="https://some.url.com/STS/Issue.svc/trust/13/certificatemixed" binding="ws2007HttpBinding"
bindingConfiguration="certificateMixed"/>
<issuerMetadata address="https://some.url.com/STS/Issue.svc/mex"/>
<!-- THIS IS THE PROBLEM PART -->
<tokenRequestParameters>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
<Address>URN:MY.TEST.SERVICE</Address>
</EndpointReference>
</wsp:AppliesTo>
</tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding name="certificateMixed">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" establishSecurityContext="false"/>
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="behaviorSECertificate">
<clientCredentials>
<clientCertificate findValue="ab cd .. b4" storeLocation="LocalMachine" storeName="My"
x509FindType="FindByThumbprint"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
Pretty basic stuff. So now I do the same in .Net core code:
var issuerBinding = new WS2007HttpBinding(SecurityMode.TransportWithMessageCredential);
issuerBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
issuerBinding.Security.Message.EstablishSecurityContext = false;
issuerBinding.Name = "certificateMixed";
var prm = new WsTrustTokenParameters
{
IssuerBinding = issuerBinding,
IssuerAddress = new EndpointAddress(_seOptions.STSEndpoint),
MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10,
EstablishSecurityContext = false,
};
prm.ClaimTypes.Add(new ClaimType() { Uri = "http://docs.oasis-open.org/wsfed/authorization/200706/claims/action", IsOptional = true });
prm.ClaimTypes.Add(new ClaimType() { Uri = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier", IsOptional = false });
prm.ClaimTypes.Add(new ClaimType() { Uri = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role", IsOptional = true });
var binding = new WsFederationHttpBinding(prm);
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.NegotiateServiceCredential = true;
binding.Security.Mode = SecurityMode.TransportWithMessageCredential;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
ChannelFactory<IMyService> factory = new ChannelFactory<IMyService>(binding, new EndpointAddress(_seOptions.MyServiceUrl));
var cert = GetClientCertificate(); //X509Certificate2
var x = factory.Endpoint.EndpointBehaviors[typeof(ClientCredentials)];
((ClientCredentials)x).ClientCertificate.Certificate = cert;
IMyService client = factory.CreateChannel(new EndpointAddress(_seOptions.MyServiceUrl));
So the main question is- how do I add the tokenRequestParameters/AppliesTo section in code? I assume it would be something like this:
RequestSecurityToken tk = new RequestSecurityToken() { AppliesTo = new EndpointAddress("URN:MY.TEST.SERVICE") };
But I have no idea what to assign this object to.
RequestSecurityToken class is not applicable to .net core, you can see its support on this page: RequestSecurityToken Class. So you need to find a replacement for it in .net core. You can refer to Overview of porting from .NET Framework to .NET Core to consider how to migrate from .net framework to .net core. Hope my answer will help you.
I am calling a WCF web service programmatically by generating class files through SvcUtil.exe.
All working fine but when I try to send an image (literally a file with size more than 200KB), I get this error.
I know I need to increase maxReceivedMessageSize and maxBufferPoolSize to the maximum to send large files to the WCF service. Hence, the XML version of doing this will be like below:
<binding name="SampleBinding" allowCookies="true" messageEncoding="Mtom" maxReceivedMessageSize="20000000" maxBufferSize="20000000" maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32" maxArrayLength="200000000" maxStringContentLength="200000000"/>
<security mode="None">
<transport proxyCredentialType="Basic"/>
</security>
</binding>
In this app, since I am using class files generated by SvcUtil, I need to call my WCF service method programmatically.
So I did,
var binding = new BasicHttpBinding();
binding.MaxReceivedMessageSize = binding.MaxBufferPoolSize = long.MaxValue;
binding.AllowCookies = true;
binding.ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas();
binding.ReaderQuotas.MaxArrayLength = binding.ReaderQuotas.MaxBytesPerRead = int.MaxValue;
binding.ReaderQuotas.MaxStringContentLength = binding.ReaderQuotas.MaxNameTableCharCount = int.MaxValue;
binding.ReaderQuotas.MaxDepth = int.MaxValue;
webAPI = new WebAPIClient(binding, new EndpointAddress(soapUrl));
The XML version works really well but the C# version failed with below stack trace:
There was an error on processing web request: Status code
413(RequestEntityTooLarge): Request Entity Too Large
EDIT
I have been approached to use custom binding. Below is my custom binding code:
CustomBinding binding = new CustomBinding()
{
Name = "SampleBinding",
ReceiveTimeout = new TimeSpan(0, 0, 10, 0, 0),
SendTimeout = new TimeSpan(0, 0, 10, 0, 0),
};
var element1 = new TextMessageEncodingBindingElement()
{
ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
{
MaxDepth = 2147483647,
MaxStringContentLength = 2147483647,
MaxArrayLength = 2147483647,
MaxBytesPerRead = 2147483647,
MaxNameTableCharCount = 2147483647
}
};
var element2 = new HttpTransportBindingElement()
{
ManualAddressing = false,
MaxReceivedMessageSize = 2147483647,
AllowCookies = false,
AuthenticationScheme = System.Net.AuthenticationSchemes.None,
BypassProxyOnLocal = false,
MaxBufferSize = 2147483647,
ProxyAuthenticationScheme = System.Net.AuthenticationSchemes.None,
TransferMode = TransferMode.Buffered,
UseDefaultWebProxy = true
};
var element3 = new TextMessageEncodingBindingElement(MessageVersion.Soap12WSAddressing10, System.Text.Encoding.UTF8);
binding.Elements.Add(element1);
binding.Elements.Add(element2);
binding.Elements.Add(element3);
webAPI = new WebAPIClient(binding, new EndpointAddress(soapUrl));
There was an error on processing web request: Status code
415(UnsupportedMediaType): Cannot process the message because the
content type 'application/soap+xml; charset=utf-8' was not the
expected type 'text/xml; charset=utf-8'.
I don't know what's wrong. May you help me?
I just found an answer and posting the same here for future users who might have the same issue as me:
My client call
webAPI = new WebAPIClient(new BasicHttpBinding(), new EndpointAddress(_urlString);
Server Configuration for the WCF Service
<endpoint address="url/WebAPI.svc" binding="basicHttpBinding" contract="MyContract.IWebAPI" />
<bindings>
<basicHttpBinding>
<binding maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
<readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</basicHttpBinding>
</bindings>
As you can see I did not mention any name for the binding configuration here and it just worked like a charm.
Answer inspired from this SO answer
I have my first WCF example working. I have the host on a website which have many bindings. Because of this, I have added this to my web.config.
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
This is my default binding http://id.web, which works with the following code.
EchoServiceClient client = new EchoServiceClient();
litResponse.Text = client.SendEcho("Hello World");
client.Close();
I am now trying to set the endpoint address at runtime. Even though it is the same address of the above code.
EchoServiceClient client = new EchoServiceClient();
client.Endpoint.Address = new EndpointAddress("http://id.web/Services/EchoService.svc");
litResponse.Text = client.SendEcho("Hello World");
client.Close();
The error I get is:
The request for security token could not be satisfied because authentication failed.
Please suggest how I may change the endpoint address at runtime?
Additional here is my client config, requested by Ladislav Mrnka
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IEchoService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="None" />
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://id.web/Services/EchoService.svc" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IEchoService" contract="IEchoService"
name="WSHttpBinding_IEchoService">
<identity>
<servicePrincipalName value="host/mikev-ws" />
</identity>
</endpoint>
</client>
</system.serviceModel>
So your endpoint address defined in your first example is incomplete. You must also define endpoint identity as shown in client configuration. In code you can try this:
EndpointIdentity spn = EndpointIdentity.CreateSpnIdentity("host/mikev-ws");
var address = new EndpointAddress("http://id.web/Services/EchoService.svc", spn);
var client = new EchoServiceClient(address);
litResponse.Text = client.SendEcho("Hello World");
client.Close();
Actual working final version by valamas
EndpointIdentity spn = EndpointIdentity.CreateSpnIdentity("host/mikev-ws");
Uri uri = new Uri("http://id.web/Services/EchoService.svc");
var address = new EndpointAddress(uri, spn);
var client = new EchoServiceClient("WSHttpBinding_IEchoService", address);
client.SendEcho("Hello World");
client.Close();
This is a simple example of what I used for a recent test.
You need to make sure that your security settings are the same on the server and client.
var myBinding = new BasicHttpBinding();
myBinding.Security.Mode = BasicHttpSecurityMode.None;
var myEndpointAddress = new EndpointAddress("http://servername:8732/TestService/");
client = new ClientTest(myBinding, myEndpointAddress);
client.someCall();
app.config
<client>
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="LisansSoap"
contract="Lisans.LisansSoap"
name="LisansSoap" />
</client>
program
Lisans.LisansSoapClient test = new LisansSoapClient("LisansSoap",
"http://webservis.uzmanevi.com/Lisans/Lisans.asmx");
MessageBox.Show(test.LisansKontrol("","",""));
We store our URLs in a database and load them at runtime.
public class ServiceClientFactory<TChannel> : ClientBase<TChannel> where TChannel : class
{
public TChannel Create(string url)
{
this.Endpoint.Address = new EndpointAddress(new Uri(url));
return this.Channel;
}
}
Implementation
var client = new ServiceClientFactory<yourServiceChannelInterface>().Create(newUrl);
I need to connect to some public wcf service, but there is some proxy between me and service.
If i use default proxy settings such as
<system.net>
<defaultProxy useDefaultCredentials="true" />
</system.net>
or
HttpWebRequest.DefaultWebProxy
it works perfectly fine
but i don't need to set proxy settings for entire application, i need to set it for specific connection. So how I can do that?
I saw ProxyAddress property
(client.Endpoint.Binding as BasicHttpBinding).ProxyAddress
but there is no any properties for credentials...
I was thinking to somehow modify HttpWebRequest, but I do not know how to get it...
Solved
Thank you all for your answers.
Answer of AntonK suitable for solving my problem.
At the time when this question was actual, I solved it in the same way, but without the use of web.config and wrote this method
void SetProxySettings<TChannel>(ClientBase<TChannel> client,
bool useProxy, string address, int port, string login, string password)
where TChannel : class
{
if (!useProxy) return;
var b = client.Endpoint.Binding as BasicHttpBinding;
if (b == null)
{
System.Diagnostics.Debug.WriteLine("Binding of this endpoint is not BasicHttpBinding");
return;
}
b.ProxyAddress = new Uri(string.Format("http://{0}:{1}", address, port));
b.UseDefaultWebProxy = false; // !!!
b.Security.Mode = BasicHttpSecurityMode.Transport;
b.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; // !!!
b.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Basic; // !!!
if (client.ClientCredentials == null) return;
client.ClientCredentials.UserName.UserName = login;
client.ClientCredentials.UserName.Password = password;
}
Here's an article dealing with this issue.
http://blogs.msdn.com/b/stcheng/archive/2008/12/03/wcf-how-to-supply-dedicated-credentials-for-webproxy-authentication.aspx
In summary, this is how to set a proxy for a specific service in the web.config. In the binding config, set proxyAddress="http://myproxy:8080" and set useDefaultWebProxy="false"
<bindings>
<basicHttpBinding>
<binding name="SubscriberFulfilmentServiceSOAP12Binding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:01:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"
textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="false"
proxyAddress="http://myproxy:8080"
messageEncoding="Text">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647"
maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
I found a solution. You have to update WCF to the latest.
Go to NuGet Package Manager -> Update all related Project URL of WCF There must be:
System.ServiceModel.Security
System.ServiceModel.NetTcp
System.ServiceModel.Http
This apply to .net core 2.1 version.
You can try this
HttpWebRequest request = HttpWebRequest.Create("URI") as HttpWebRequest;
var proxy = new WebProxy(HttpWebRequest.GetSystemWebProxy().GetProxy(request.RequestUri), true);
proxy.Credentials = new NetworkCredential(proxyUserName, proxyPassword, DomainName);
request.Proxy = proxy;
hope it helps