How to make a visual studio web reference pass message credentials

As part of my investigation into interoperability of our services I have spent some time trying to consume one of a sample web services without using “Add Service Reference” (part of .net 3.0).  The standard way of consuming a service in .net is to add a “Web reference”, which, behind the scenes, uses wsdl.exe to generate a proxy. The problem with this proxy is that it doesn’t support ws-* standards, and so we have to stop using wshttpbinding and rever to basic http binding. However this means that we lose the security context passing (user credentials in the message).

To solve this initial problem you can specify TransportWithMessageCredentials (see previous post), this places the credentials in the message and makes sure that the transport level is secured (using ssl). The next problem I encountered is that a web reference does not have the ability to pass message credentials. (There is a real gotcha here: the proxy class has a property called Credentials, this is the credentials to use for transport level security, not message level).

The way around this is detailed at  How to: Add Security Credentials to a SOAP Message
basically this involves installing  Web Services Enhancements (tested with 2.0 SP3). Version 2.0 of WSE is compatible with .net 1.1 (backwards compatibilty requirement). Once installed take the following steps:

  1. Add references to your client project to Microsoft.Web.Services2 and System.Web.Services
  2. Modify a web reference’s Reference.cs file so that the class inherits from Microsoft.Web.Services2.WebServicesClientProtocol
  3. Where a service call is made to the proxy first create a UsernameToken, specifying the required username, password and that the password is sent in plain text (ssl will secure it)
  4. Add the token to the client’s RequestSoapContext.Security.Tokens
  5. Call the web service
WebRef.Interface webClient = new WebRef.Interface();
UsernameToken user = new UsernameToken("username", "password", PasswordOption.SendPlainText);
webClient.RequestSoapContext.Security.Tokens.Add(user);
webClient.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60;
string response=webClient.Operation("request");
Advertisements

About Alex McMahon

I am a software developer, interested in .net, agile, alt.net. I've previously specialised with .net 3.0 technologies like WCF, whereas now I am trying to specialise in agile development and best practice and patterns. I am obsessed with looking at the latest technologies, tools, and methods, and trying them out. I am currently employed by Rockwell Collins in the UK.
This entry was posted in .net, development, interoperability, Security, wcf, web service, wse. Bookmark the permalink.

One Response to How to make a visual studio web reference pass message credentials

  1. Pingback: Proxy Templates » Blog Archive » Web Proxy July 5, 2007 12:11 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s