Username and Password

06-03-2007

Hi

I have a very basic WCF service over basicHttpBinding with SSL. I can send
a request and have the service send back the response - that works.

I need to send with the request a user name and password. In the proxy code
if I the following:

using (MessageProcessor messageProcessor = new MessageProcessor()) {
messageProcessor.Credentials = new
NetworkCredential("hello", "world");
messageProcessor.ProcessMessage("tester");
}

I'm having troubles pulling out the credentials information in the service
method (ProcessMessage). Any ideas?

Craig

06-03-2007

What security mode does this use?

I don't know if it is the same, but for TransportWithMessageCredential
I use following:

Under WCF, there should be a ClientCredentials.UserName property
[denotes the security-mode], with subproperties of UserName and
Password.

The WCF service will need to designate a UserNamePasswordValidator
(verifies passwords) and possibly an IAuthorizationPolicy (provides
role membership information).

In configuration, you'll need something like:

<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="UserName"
negotiateServiceCredential="false" establishSecurityContext="false"/>
</security>



<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="Custom" cacheLogonTokens="true"

customUserNamePasswordValidatorType="MyValidatorClass,
MyValidatorAssembly [long version]"/>
<windowsAuthentication allowAnonymousLogons="false"/>
</serviceCredentials>
<serviceAuthorization
impersonateCallerForAllOperations="false"
principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="MyPolicyClass, MyPolicyAssembly [long
version]" />
</authorizationPolicies>
</serviceAuthorization>

The validator would look something like:

internal sealed class TokenValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string
password)
{
...
}
}

Any use?

Marc

06-03-2007

Hi Marc

Thanks for the reply.

This was my configuration on the server-side:

<bindings>
<basicHttpBinding>
<binding name="basicHttpBindingConfiguration">
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>

My client is not a WCF client and will use the WSDL of the service. I have
yet to find an example of https and custom user name password credentials for
a non-WCF client. If you have one I'd be most gratful.

Craig

"Marc Gravell" wrote:

> What security mode does this use?
>
> I don't know if it is the same, but for TransportWithMessageCredential
> I use following:
>
> Under WCF, there should be a ClientCredentials.UserName property
> [denotes the security-mode], with subproperties of UserName and
> Password.
>
> The WCF service will need to designate a UserNamePasswordValidator
> (verifies passwords) and possibly an IAuthorizationPolicy (provides
> role membership information).
>
> In configuration, you'll need something like:
>
> <security mode="TransportWithMessageCredential">
> <transport clientCredentialType="None"/>
> <message clientCredentialType="UserName"
> negotiateServiceCredential="false" establishSecurityContext="false"/>
> </security>
>
> 
>
> <serviceCredentials>
> <userNameAuthentication
> userNamePasswordValidationMode="Custom" cacheLogonTokens="true"
>
> customUserNamePasswordValidatorType="MyValidatorClass,
> MyValidatorAssembly [long version]"/>
> <windowsAuthentication allowAnonymousLogons="false"/>
> </serviceCredentials>
> <serviceAuthorization
> impersonateCallerForAllOperations="false"
> principalPermissionMode="Custom">
> <authorizationPolicies>
> <add policyType="MyPolicyClass, MyPolicyAssembly [long
> version]" />
> </authorizationPolicies>
> </serviceAuthorization>
>
> The validator would look something like:
>
> internal sealed class TokenValidator : UserNamePasswordValidator
> {
> public override void Validate(string userName, string
> password)
> {
> ...
> }
> }
>
>
> Any use?
>
> Marc
>
>

06-04-2007

> If you have one I'd be most gratful.
Ah, no; sorry

[throws it open to the floor...]

06-03-2007	#1 (permalink)
Craig Guest Posts: n/a	Username and Password Hi I have a very basic WCF service over basicHttpBinding with SSL. I can send a request and have the service send back the response - that works. I need to send with the request a user name and password. In the proxy code if I the following: using (MessageProcessor messageProcessor = new MessageProcessor()) { messageProcessor.Credentials = new NetworkCredential("hello", "world"); messageProcessor.ProcessMessage("tester"); } I'm having troubles pulling out the credentials information in the service method (ProcessMessage). Any ideas? Craig
Craig Guest Posts: n/a

06-03-2007	#2 (permalink)
Marc Gravell Guest Posts: n/a	Re: Username and Password What security mode does this use? I don't know if it is the same, but for TransportWithMessageCredential I use following: Under WCF, there should be a ClientCredentials.UserName property [denotes the security-mode], with subproperties of UserName and Password. The WCF service will need to designate a UserNamePasswordValidator (verifies passwords) and possibly an IAuthorizationPolicy (provides role membership information). In configuration, you'll need something like: <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None"/> <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="false"/> </security> <!--snip--> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="Custom" cacheLogonTokens="true" customUserNamePasswordValidatorType="MyValidatorClass, MyValidatorAssembly [long version]"/> <windowsAuthentication allowAnonymousLogons="false"/> </serviceCredentials> <serviceAuthorization impersonateCallerForAllOperations="false" principalPermissionMode="Custom"> <authorizationPolicies> <add policyType="MyPolicyClass, MyPolicyAssembly [long version]" /> </authorizationPolicies> </serviceAuthorization> The validator would look something like: internal sealed class TokenValidator : UserNamePasswordValidator { public override void Validate(string userName, string password) { ... } } Any use? Marc
Marc Gravell Guest Posts: n/a

06-03-2007	#3 (permalink)
Craig Guest Posts: n/a	Re: Username and Password Hi Marc Thanks for the reply. This was my configuration on the server-side: <bindings> <basicHttpBinding> <binding name="basicHttpBindingConfiguration"> <security mode="Transport"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> My client is not a WCF client and will use the WSDL of the service. I have yet to find an example of https and custom user name password credentials for a non-WCF client. If you have one I'd be most gratful. Craig "Marc Gravell" wrote: > What security mode does this use? > > I don't know if it is the same, but for TransportWithMessageCredential > I use following: > > Under WCF, there should be a ClientCredentials.UserName property > [denotes the security-mode], with subproperties of UserName and > Password. > > The WCF service will need to designate a UserNamePasswordValidator > (verifies passwords) and possibly an IAuthorizationPolicy (provides > role membership information). > > In configuration, you'll need something like: > > <security mode="TransportWithMessageCredential"> > <transport clientCredentialType="None"/> > <message clientCredentialType="UserName" > negotiateServiceCredential="false" establishSecurityContext="false"/> > </security> > > <!--snip--> > > <serviceCredentials> > <userNameAuthentication > userNamePasswordValidationMode="Custom" cacheLogonTokens="true" > > customUserNamePasswordValidatorType="MyValidatorClass, > MyValidatorAssembly [long version]"/> > <windowsAuthentication allowAnonymousLogons="false"/> > </serviceCredentials> > <serviceAuthorization > impersonateCallerForAllOperations="false" > principalPermissionMode="Custom"> > <authorizationPolicies> > <add policyType="MyPolicyClass, MyPolicyAssembly [long > version]" /> > </authorizationPolicies> > </serviceAuthorization> > > The validator would look something like: > > internal sealed class TokenValidator : UserNamePasswordValidator > { > public override void Validate(string userName, string > password) > { > ... > } > } > > > Any use? > > Marc > >
Craig Guest Posts: n/a

06-04-2007	#4 (permalink)
Marc Gravell Guest Posts: n/a	Re: Username and Password > If you have one I'd be most gratful. Ah, no; sorry [throws it open to the floor...]
Marc Gravell Guest Posts: n/a

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
username and password	loki	Vista mail	0	03-13-2008 10:09 AM
backup to a network drive is asking for username and password...whatusername and password?	Lisa Hetherington	Vista General	7	02-04-2008 09:35 AM
username and password	Denise Martell	Vista mail	3	01-08-2008 02:15 PM
Username and Password	Gudmund Liebach Nielsen	Vista mail	20	10-11-2007 01:19 PM
username and password	rachelle	Vista mail	2	09-27-2007 01:25 AM