4

I have a WCF service configured to use Transport security and basic authentication.

The service is hosted in iiexpress withing vs2010.

I am able to connect from my client code but always receive:

"The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=realm'."

And this has an inner exception of:

"The remote server returned an error: (401) Unauthorized."

Similar to Can not call web service with basic authentication using WCF although my client code already has the settings set out in the answer.

I also followed HTTP Basic Authentication against Non-Windows Accounts in IIS/ASP.NET (Part 3 - Adding WCF Support) and the previous blog to set up a Module and the IAuthorizationPolicy classes.

IISExpress is configed in classic mode with anonymous and windows authentication disabled and SSL enabled.

Client Config:

<system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="NotificationHttpBinding">
          <security mode="Transport">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="https://localhost/NotificationService.svc"
         binding="basicHttpBinding" bindingConfiguration="NotificationHttpBinding"
         contract="NotificationPortType" name="BasicHttpBinding_NotificationPortType" />
    </client>
  </system.serviceModel>

Service Config:

<system.serviceModel>

    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

    <services>
      <service name="Notification.NotificationService" behaviorConfiguration="NotificationServiceBehavior">
        <endpoint binding="basicHttpBinding" contract="NotificationPortType" bindingConfiguration="NotificationHttpBinding" >
        </endpoint>
       </service>
    </services>

    <behaviors>
      <serviceBehaviors>
        <behavior name="NotificationServiceBehavior">
          <serviceMetadata />
          <serviceDebug includeExceptionDetailInFaults="false"/>
          <serviceAuthorization>
            <authorizationPolicies>
              <add policyType="Notification.HttpContextIdentityPolicy, Notification" />
            </authorizationPolicies>
          </serviceAuthorization>
        </behavior>
      </serviceBehaviors>
    </behaviors>

    <bindings>
      <basicHttpBinding>
        <binding name="NotificationHttpBinding">
          <security mode="Transport">
            <transport clientCredentialType="Basic" />
          </security>

        </binding>
      </basicHttpBinding>
    </bindings>

  </system.serviceModel>


  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

  <system.web>

    <httpModules>
      <add name="CustomBasicAuthentication" type="Notification.CustomBasicAuthenticationModule, Notification"/>
    </httpModules>

    <membership defaultProvider="SampleProvider">
      <providers>
        <add name="SampleProvider"  type="Notification.HardcodedSecurityProviders, Notification" />
      </providers>
    </membership>

  </system.web>

Client Code is nothing major:

static void Main(string[] args)
        {
            ServicePointManager.ServerCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => { return true; };

            NotificationPortTypeClient client = new NotificationPortTypeClient("BasicHttpBinding_NotificationPortType");

            client.ClientCredentials.UserName.UserName = "Test";
            client.ClientCredentials.UserName.Password = "PWD";


            client.sendNotification(new NotificationRequest());
        }

Alternatively If someone can show me an alternative of how to use IIS6 to host a service WCF which using basic http authentication while requiring SSL (https) I'll be happy with that!

UPDATE Seems this was my culprit all along: Avoid http 401 round trip

However, I found that my modules fired fine (in integrated mode) but I was then presented with a service error telling me that basic integration is required but not enabled on the host.

Opened up iisexpress applicationhost.config file and sure enough I found:

<section name="basicAuthentication" overrideModeDefault="Deny" />

followed by

<basicAuthentication enabled="false" />

further down

I've changed these to <section name="basicAuthentication" overrideModeDefault="Allow" />

and tried to enable in my web.config...no dice :(

Community
  • 1
  • 1
MattC
  • 3,984
  • 1
  • 33
  • 49
  • not a direct answer, but MS has now released an IIS7 [version](http://www.microsoft.com/downloads/en/details.aspx?FamilyID=abc59783-89de-4adc-b770-0a720bb21deb) to be used specifically on a dev station. this version works much better than the small server that comes with VS, in the sense that is much closer to what the app will eventually run on. maybe if you set it up it will be easier to configure as required. [usefull post](http://weblogs.asp.net/scottgu/archive/2010/06/28/introducing-iis-express.aspx) – Menahem Apr 07 '11 at 12:44
  • Yes, IISExpress 7.5 with the VS2010 SP1 integration features. I'm using that already. – MattC Apr 07 '11 at 12:50
  • noticed in the link you provided (3 part thing) that the transport credential is set to `None`, and its explained that WCF isnt doing the auth, but the IIS httpmodule is. can you give it a try ? – Menahem Apr 07 '11 at 13:07
  • Yes, unfortunately that also returns the same error. I'm just not sure I know if iisexpress is running in the way the code was originally intended to work. In fact I'm not sure this code works at all! – MattC Apr 07 '11 at 13:18
  • seen [this one](http://stackoverflow.com/questions/1931414/wcf-the-http-request-is-unauthorized-with-client-authentication-scheme-basic) ? – Menahem Apr 07 '11 at 13:44
  • Yeah, read that :) I think this might be it. http://plainoldstan.blogspot.com/2008/07/avoid-http-401-roundtrip-with-adding.html">WCF avoids round trip – MattC Apr 07 '11 at 14:02
  • Ugh...IISExpress's applicationhost.config has this also: – MattC Apr 07 '11 at 14:38
  • well, at least we got to learn about the roundtrip optimization. can you edit to show the resolution up in hte question ? might help someone else – Menahem Apr 07 '11 at 14:56
  • I'll add for sure but this has exposed a different issue :( – MattC Apr 07 '11 at 15:22

1 Answers1

-2

You need to use WSHttpBinding.

There is a complete sample here.

Aliostad
  • 80,612
  • 21
  • 160
  • 208
  • Unfortunately, I require non-WCF platforms to be able to access using SOAP 1.1 so basicHttpBinding it is. – MattC Apr 07 '11 at 12:51