11

While trying to connect to the Core Service I get the following error:

The HTTP request was forbidden with client authentication scheme 'Anonymous'

The Tridion environment is configured with SSO from SiteMinder.

Here's my code:

public static ICoreService2010 GetTridionClient()
{
    var binding = new BasicHttpBinding()
    {
        Name = "BasicHttpBinding_TridionCoreService",
        CloseTimeout = new TimeSpan(0, 1, 0),
        OpenTimeout = new TimeSpan(0, 1, 0),
        ReceiveTimeout = new TimeSpan(0, 10, 0),
        SendTimeout = new TimeSpan(0, 1, 0),
        AllowCookies = false,
        BypassProxyOnLocal = false,
        HostNameComparisonMode = HostNameComparisonMode.StrongWildcard,
        MaxBufferSize = 4194304, // 4MB
        MaxBufferPoolSize = 4194304,
        MaxReceivedMessageSize = 4194304,
        MessageEncoding = WSMessageEncoding.Text,
        TextEncoding = System.Text.Encoding.UTF8,
        TransferMode = TransferMode.Buffered,
        UseDefaultWebProxy = true,
        ReaderQuotas = new System.Xml.XmlDictionaryReaderQuotas()
        {
            MaxDepth = 32,
            MaxStringContentLength = 4194304, // 4MB
            MaxArrayLength = 4194304,
            MaxBytesPerRead = 4194304,
            MaxNameTableCharCount = 16384
        },
        Security = new BasicHttpSecurity()
        {
            Mode = BasicHttpSecurityMode.TransportCredentialOnly,
            Transport = new HttpTransportSecurity()
            {
                ClientCredentialType = HttpClientCredentialType.None,
            },
            Message = new BasicHttpMessageSecurity()
            {
                ClientCredentialType = BasicHttpMessageCredentialType.UserName
            }
        }
    };

    string hostname = ConfigurationManager.AppSettings["TridionUrl"];
    string username = ConfigurationManager.AppSettings["TridionUsername"];

    hostname = string.Format("{0}{1}{2}", 
                              hostname.StartsWith("http") ? "" : "http://",
                              hostname, 
                              hostname.EndsWith("/") ? "" : "/");
    var endpoint = new EndpointAddress(hostname +
                              "/webservices/CoreService.svc/basicHttp_2010");
    var factory = new ChannelFactory<ICoreService2010>(binding, endpoint);
    factory.Credentials.UserName.UserName = username;

    return factory.CreateChannel();
}

Does anybody have experience of interacting with the Core Service with an authentication type other than Windows?

UPDATE:

I now get the error:

The HTTP request was forbidden with client authentication scheme 'Basic'.

What clientCredentialType should be used in the /webservices/web.config for the bindings?

When I uncomment the SsoAgentHttpModule in the /webservies/web.config we get a 500 error on the webservice, so SDL told us to leave this commented out.

I take it that this module is required for the CoreService to authenticate with authentication scheme 'Basic'?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • You do not need to uncomment SsoAgentHttpModule in /webservices/web.config as you have uncommented it in the root config and it is propogated for the whole website. Are you sure you are connecting to proper (SSO url)? – Andrey Marchuk Mar 14 '12 at 10:32

1 Answers1

6

There are 2 problems with your code:

  1. You have set authentiction to anonymous on the server and assumed that same should be set on the client, but it's not the case. You have also enabled LDAP SSO module on the server that kicks in as soon as you turn the anonymous authentication on. On the client side it will look like plain basic authentication, so you client security code should be like this:

    Security = new BasicHttpSecurity() 
    { 
        Mode = BasicHttpSecurityMode.TransportCredentialOnly, 
        Transport = new HttpTransportSecurity() 
        { 
            ClientCredentialType = HttpClientCredentialType.Basic, 
        }
    }

  2. You have set username, but not password, so:

    factory.Credentials.UserName.UserName = username;
factory.Credentials.UserName.Password = password;

Also, keep in mind that you might need to specify User Name Qualifier (SSO by default) when setting user, like SSO\user

This should move you a step closer, if you will still have problems - please update your question with recent exception.

Andrey Marchuk
  • 13,301
  • 2
  • 36
  • 52
  • 3
    Thanks for the help, I have updated the question with the exception we now get. –  Mar 14 '12 at 10:26
  • Hi user978511, could you visit the Tridion StackExchange proposal when you have a minute please? http://area51.stackexchange.com/proposals/38335/tridion We believe the commitment score requires visits from time to time and so is not including you in "users with > 200 rep" figure. Thanks! – Rob Stevenson-Leggett Apr 11 '12 at 07:12