.net - Send username and password in clear text to web service over HTTP -


i have vb.net (2008) console application consumes web service. started writing using old/legacy (pre-wcf) technology of importing wsdl wsdl.exe (or "add web service" in visual studio), creates classes based on system.web.services.protocols.soaphttpclientprotocol. however, realized not best way (thanks john saunders' comments in previous question -- how serialized xml of object passed web service?).

so, i've got code converted on wcf (using "add service reference", creates classes based on system.servicemodel.clientbase); , works more or less same, except 1 key point: security.

the web service consuming written in java; , while both (me, , team developed web service) work same company, don't have control on how publish , expose web service. requirement pass username & password (basic http authentication) on http, not https. know that's not secure way it; that's battle can't fight right now.

this worked fine using old way. if try wcf setting in app.config:

<security mode="transport">     <transport clientcredentialtype="basic" /> </security>

... , setting username , password in code this:

oserviceclient.clientcredentials.username.username = "someusername" oserviceclient.clientcredentials.username.password = "somepassword"

i have exception politely thrown @ me:

system.argumentexception: provided uri scheme 'http' invalid; expected 'https'. parameter name: via

so sucks; , searching stackoverflow , other sites not turn in way of getting around in .net 3.5. found thing thought might promising (http://webservices20.blogspot.com/2008/11/introducing-wcf-clearusernamebinding.html); however, looks solution requires config changes on both service side , client side. , mentioned, don't have control on server side of this.

is there way accomplish using wcf-based client? or need give , go old way?

edit: seem having success this:

<security mode="transportcredentialonly">     <transport clientcredentialtype="basic" />     <message clientcredentialtype="username" /> </security>

but security mode (transportcredentialonly) doesn't seem referenced in microsoft articles / tutorials. barking right tree?

the solution, in case, turned out setting security mode "transportcredentialonly", this:

<security mode="transportcredentialonly">     <transport clientcredentialtype="basic" proxycredentialtype="none"         realm="" />     <message clientcredentialtype="username" algorithmsuite="default" /> </security>

credit evgenyl prompting me open research other security modes; in end, "transportcredentialonly" rather "message" did trick.


Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

from android trying send image class of data, iis webservice. (c#) the problem 400 bad request . the image being encoded base64 . , placed json rest of class elements. my guess base64 not valid inside json. server not understand it. if set string "" , post accepted fine. so question is, how make base64 valid within json array? ( tried url.encode no success). or how should send image android webservice? gson gson = new gson(); string json = gson.tojson(record); // record has param { string base64photo } how big image? i'm pretty sure surpassing iis json size limit (default 4 mb). check http://geekswithblogs.net/frankw/archive/2008/08/05/how-to-configure-maxjsonlength-in-asp.net-ajax-applications.aspx or http://www.webtrenches.com/post.cfm/iis7-file-upload-size-limits good luck!
Read more

jquery - Fancybox - apply a function to several elements -

this source code below posted cristiano g. carvalho in answer question: calling fancybox gallery other link made user. <div class="details_gallery"> <a href="#" class="manualfancybox">manual call fancybox</a> <div class="details_gallery_min"> <a rel="details" href="max/1.jpg" class="fancybox"><img src="min/1.jpg" alt="" /></a> <a rel="details" href="max/2.jpg" class="fancybox"><img src="min/2.jpg" alt="" /></a> <a rel="details" href="max/3.jpg" class="fancybox"><img src="min/3.jpg" alt="" /></a> <a rel="details" href="max/4.jpg" class="fancybox"><img src="min/4.jpg" alt="" /></a> </div> </div> <script> $(document).read
Read more

An easy way to program an Android keyboard layout app -

i program android app replaces standard keyboard 1 one-hand optimized coffee++ keyboard layout. what special problems have face in progress? guess such project go deep android core, cause keyboard such essential thing. is wise start android developer tools (adt)—eclipse plugin described in this tutorial ? or there better way achieve goal? i new android programming, firm in php, mysql , javascript , use eclipse php i guess such project go deep android core, cause keyboard such essential thing. no. can create inputmethodservice implementation of keyboard. there sample soft keyboard in android sdk installation (if chose download sample code sdk manager), , there open source input methods floating around well, such hacker's keyboard. inputmethodservice distributed part of ordinary android application, , user can elect activate input method if user chooses. is wise start android developer tools (adt)—eclipse plugin described in tutorial? that fine s
Read more