Problems creating secure, authenticated web services usingbasicHttpBinding



I have some web services written with WCF that require secure,
authenticated sessions across internet. I initially got this working
with my own certificates and message security and credentials.
Unfortunately some of the client machines run Windows 2000 (healthcare
space), so I need a client solution that does not depend on WCF.

My approach was to use transport layer security with message
credentials. I started with a completely new ASP.NET web service
application using WCF of the server. I was able to deploy the
Service1.svc successfully on an IIS 6.0 server with a self signed
certificate. I have my own username password validator.

I then created a client to call this service. With .NET 3.5 as the
target framework this worked fine. With .NET 2.0, it's not working
and sifting through the extensive log output, it looks like the client
from 3.5 is creating a security header with a username token, and the
2.0 client is not doing that.

How can I set the appropriate security token in the 2.0 client? Is
there a better approach I could take? Suggestions and sample code
welcome. I would prefer not to install WSE on the Windows 2000
machines, but if I need to I will.

Here is the 3.5 code which sets the username credentials successfully:

sr1.Service1Client sc1 = new ModernClient.sr1.Service1Client();
sc1.ClientCredentials.UserName.UserName = "a";
sc1.ClientCredentials.UserName.Password = "b";
string s = sc1.GetData(5);

Here is the 2.0 code which doesn't work:

sr1.Service1 sc1 = new AncientClient.sr1.Service1();
sc1.Credentials = new NetworkCredential("a", "b");
string s = sc1.GetData(5, true);

Here is the relevant section of Web.config for the service:

<service name="TWP2.Service1"
<endpoint address="" binding="basicHttpBinding"
contract="TWP2.IService1" bindingConfiguration="Binding1">
<dns value="localhost"/>
<endpoint address="mex" binding="mexHttpBinding"
<binding name="Binding1">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="UserName"/>
<behavior name="TWP2.Service1Behavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/

customUserNamePasswordValidatorType="TWP2.AdminValidator,TWP2" />

My Computer