0

I'm kind of confused about setting up standard authentication for my SSL protected service. I have tried the HTTP header way, but that's non standard, and WS-I is important for me. It is possible to set up the Authentication Token to be Username on method level. This is the resulted BindingPolicy in the WSIT XML:

<wsp:Policy wsu:Id="DataStoreWSPortBindingPolicy">
    <wsp:ExactlyOne>
        <wsp:All>
            <wsam:Addressing wsp:Optional="false"/>
            <sp:TransportBinding>
                <wsp:Policy>
                    <sp:TransportToken>
                        <wsp:Policy>
                            <sp:HttpsToken RequireClientCertificate="false"/>
                        </wsp:Policy>
                    </sp:TransportToken>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Lax/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic128/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                </wsp:Policy>
            </sp:TransportBinding>
            <sp:Wss10/>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="DataStoreWSPortBinding_hello_Input_Policy">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SupportingTokens>
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                            <sp:WssUsernameToken10/>
                        </wsp:Policy>
                    </sp:UsernameToken>
                </wsp:Policy>
            </sp:SupportingTokens>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>

SvcUtil warnings:

<!--    WsdlImporter encountered unrecognized policy assertions in ServiceDescription 'http://webServices/':    -->
          <!--    <wsdl:binding name='DataStoreWSPortBinding'>    -->
          <!--        <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">..</sp:SupportingTokens>    -->

I want to set credentials in the WCF client via ClientCredentials and then authenticate on the service side via database. What are the steps to achieve that?

Daniel Szalay
  • 4,041
  • 12
  • 57
  • 103

1 Answers1

1

If you want to have standard way on transport level why don't you use HTTP Basic authentication? That is the common standardized authentication mechanism for HTTP protocol and it works with web services as well.

The error you got is most probably because of SupportingTokens assertion. Even it is correct assertion WCF doesn't support it. Try to use SignedSupportingTokens or SignedEncryptedSupportingTokens. If you are not able to modify your service to produce such WSDL you can even try to modify the WSDL you got manually.

What you meant by WS-I? There are multiple WS-I standards and some of them don't expect policies at all - just plain SOAP services where headers are described in WSDL directly.

Daniel Szalay
  • 4,041
  • 12
  • 57
  • 103
Ladislav Mrnka
  • 360,892
  • 59
  • 660
  • 670
  • Thanks for showing me the way to go. Well it was inappropriate to use the term 'WS-I' here, but I meant that I want to maximize interoperability by implementing the 'most' standard way possible. I expected something that I can set up at the service level, but instead I will have to set HTTP Basic Authentication on the server. Also I'm using an Object Database, so I will have to make a custom realm for GlassFish in order to get it working. It's kind of an overhead in development for a feature this simple. – Daniel Szalay Oct 04 '11 at 21:54