As part of my investigation into interoperability of our services I have spent some time trying to consume one of a sample web services without using “Add Service Reference” (part of .net 3.0). The standard way of consuming a service in .net is to add a “Web reference”, which, behind the scenes, uses wsdl.exe to generate a proxy. The problem with this proxy is that it doesn’t support ws-* standards, and so we have to stop using wshttpbinding and rever to basic http binding. However this means that we lose the security context passing (user credentials in the message).
To solve this initial problem you can specify TransportWithMessageCredentials (see previous post), this places the credentials in the message and makes sure that the transport level is secured (using ssl). The next problem I encountered is that a web reference does not have the ability to pass message credentials. (There is a real gotcha here: the proxy class has a property called Credentials, this is the credentials to use for transport level security, not message level).
The way around this is detailed at How to: Add Security Credentials to a SOAP Message
basically this involves installing Web Services Enhancements (tested with 2.0 SP3). Version 2.0 of WSE is compatible with .net 1.1 (backwards compatibilty requirement). Once installed take the following steps:
- Add references to your client project to Microsoft.Web.Services2 and System.Web.Services
- Modify a web reference’s Reference.cs file so that the class inherits from Microsoft.Web.Services2.WebServicesClientProtocol
- Where a service call is made to the proxy first create a UsernameToken, specifying the required username, password and that the password is sent in plain text (ssl will secure it)
- Add the token to the client’s RequestSoapContext.Security.Tokens
- Call the web service
WebRef.Interface webClient = new WebRef.Interface();
UsernameToken user = new UsernameToken("username", "password", PasswordOption.SendPlainText);
webClient.RequestSoapContext.Security.Timestamp.TtlInSeconds = 60;