Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Jan 21, 2011 02:38 PM by gekka
Jan 19, 2011 02:12 PM|LINK
I have a problem with custom authentication over https. What I need is a secure channel and authenitcation on message level. I got it working quite well, but my custom validator never gets called when I send a message to the web service using SoapUI. The
service is called, however the Validate method in the custom validator is never called. The validator is available for the runtime, I have checked by misspelling the type in customUserNamePasswordValidatorType which caused an exception saying it could not
find type when I accessed the WSDL.
Here's my config:
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" negotiateServiceCredential="true" establishSecurityContext="false"/>
<service behaviorConfiguration="SalesAppBehaviour" name="SalesApp.SalesApp">
<endpoint address="/SalesApp" binding="wsHttpBinding"
bindingConfiguration="SalesAppBinding" name="SalesApp" contract="SalesApp.ISalesApp">
<endpoint contract="SalesApp.ISalesApp" binding="mexHttpsBinding" address="mex" />
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Can anyone please help?
Geir Morten Hagen
Jan 21, 2011 03:36 AM|LINK
I believe you hosted your web application on IIS, in this case, the basic authentication is handled by IIS, and customUsernamePasswordValidator never get called.
A solution is to use TransportWithMessageCredential security, and set message credential to "UserName".
Jan 21, 2011 02:36 PM|LINK
Hi and thank you for your answer.
I tried changing security mode to TransportWithMessageCredential and keeping the message credential type as UserName, but this time I get the below SOAP error:
An error occurred when verifying security for the message.
And the trace gives me:
Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for
security and the client is not using security.
This happens when I use SoapUI and include username and password in my message. If I consume the web service from a WCF application, I get the same result. I also tried to disable Basic Authentication in IIS7, but still the same errors described above. I
am using a self-signed certificate for SSL, could this maybe be a problem? The certificate is valid though..
Any more input would be highly appreciated :)
Jan 21, 2011 02:38 PM|LINK
Nevermind, solved it right now! An issue with SoapUI actually... Is my face red? :D
Anyway, thanks for help :)