Last post Mar 08, 2017 05:55 AM by Chris Zhao
Feb 16, 2017 02:45 AM|zentos|LINK
I have an API service layer which authenticates each service request with user name and password. (userName and password fields are expected as HTTP header fields in the service request. Both of these fields should be provided for each service invocation.)
Now I have to add this WSDL first as web refrence to my project. But I am getting all the time: "You are not authorized to access this URL"-Error.
With SoapUI I can add the fields to HTTP headers and get a result. With VS2015 unfortunately not. Is there a "work arround" for this?
Feb 16, 2017 11:20 AM|mgebhard|LINK
If I understand correctly, you crafted custom authentication/authorization at the HTTP protocol level. SOAP UI lets you modify header because SOAP UI is a debugging tool and SOAP UI would not be very good if it was not configurable. But the problem is
the user cannot do an HTTP GET on the WSDL because the custom authentication/authorization blocks the request. The service reference tool (svcutil.exe) has no idea it needs a custom header to get the WSDL. If this is a public facing service then no one will
be able to easily consume the service. IMHO, you'll need update the custom source code to accommodation HTTP GETs for the WSDL or come up with an alternative design.
You could replace your current scheme by placing the WCF service behind
basic authentication (IIS), This will cause the svcutil.exe app to prompted for a username and password.
Is there any reason why you're not using the security features that come with WCF? WCF has a rich set of features for securing messages.
Please clarify if I did not understand the issue.
Feb 16, 2017 12:20 PM|zentos|LINK
You understood it corretly (Sry for my english ;) )
Yes the problem is: that the user cannot do an HTTP GET on the WSDL because the custom authentication/authorization blocks the request.
It's a "closed" service for a product. Unfortunately I can't do any changes on the service.
My idea is to get the wsdl with SoapUI and save it localy. Add this as web refrence and change the url at the runtime (where I can add custom headers)
Mar 08, 2017 05:55 AM|Chris Zhao|LINK
An alternative design to create a WCF Rest service from scratch and adding security to the service using Basic Authentication.