It is "looks easy" task cant be done by myself. I have a WCF service which should be protected by username and password credential and stay in session mode.
So, here is the part of interface with Activation function.
<ServiceContract(SessionMode:=SessionMode.Required, ProtectionLevel:= ProtectionLevel.EncryptAndSign)>
Public Interface ServiceS
<OperationContract()>
Function Activation(A As String) As String
End Interface
Background Class
Public Class Service1
Implements ServiceS
Function Activation(A As String) As String Implement ServiceS.Activation
Return "Hello, " & A & "!"
End Function
End Class
Next is a web.config.
<services>
<service name="MyServiceS.Service1" behaviorConfiguration="MyBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="MyBinding" contract="MyServiceS.ServiceS" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="MyBinding" useDefaultWebProxy="false">
<security mode="Message" />
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MyBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="https" binding="wsHttpBinding"/>
<add scheme="http" binding="wsHttpBinding"/>
</protocolMapping>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
Client side code.
Dim wcfTest As New MyService.ServiceSClient
wcfTest.ClientCredentials.Windows.ClientCredential.UserName = "Name"
wcfTest.ClientCredentials.Windows.ClientCredential.Password = "Password"
Dim Reply as String = wcfTest.Activation("Alex")
What do I expect? I need my WPF application connect to my service and pass username and password. If they are correct, user can access to Activation function, if not - session should be closed. So, I passed login and password to service but have no idea, how to check it. Should it be the part of interface or background class or else?
I saw tons of examples in Internet but most of them about other things.
Recommendation of using of ASP. I don't need ASP. This service should be pure WCF.
Using certificate. I don't need any certificates. It's should be only username and password verification.
Roles. No roles needed. Only username and password verification.
basicHttpBinding. No, only wsHttpBinding.
.Net 3.5 or 4.5. Many solutions addressed to .Net 3.5. I'm using 4.0 (used to use 4.5 but there new technology has been integrated and practically no complete examples).
If you know how to keep session by checking only username and password only with wsHttpBinding only with WCF only with 4.0, please, advice. Or say, why it's impossible if it so. Thaks alot!
You should first set the client credentialtype to UserName like below.
<wsHttpBinding>
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
Then you can implement a custom user name & password validator like in this article and implement authentication.
Related
I have a WCF endpoint that exposes a API with a basicHttpBinding. This biding is set to use security mode TransportWithMessageCredentialand UserName for clientCredentialType.
Because security is implemented at message level, at the WCF, the IIS needs to allow anonymous access. And so, wsdl can be obtain without providing any credentials.
How to force authentication to get the service metadata?
Here the current service configuration looks like (from web.config)
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="secure">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="secure" name="someProject.MyService">
<endpoint binding="basicHttpBinding" contract="someProject.IService" bindingConfiguration="secure" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="secure">
<serviceMetadata httpsGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I try the obvious, to set a specific binding for the metatada, by using service behavior configuration:
<behavior name="secure">
<serviceMetadata httpsGetEnabled="true" httpsGetBinding="basicHttpBinding" httpsGetBindingConfiguration="transportSecure" />
</behavior>
//and add the new binding
<basicHttpBinding>
<binding name="transportSecure">
<security mode="Transport">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
But it is not supported. It throws this:
MessageVersion 'Soap11 (http://schemas.xmlsoap.org/soap/envelope/)
AddressingNone
(http://schemas.microsoft.com/ws/2005/05/addressing/none)' is not
supported in this scenario. Only MessageVersion 'EnvelopeNone
(http://schemas.microsoft.com/ws/2005/05/envelope/none) AddressingNone
(http://schemas.microsoft.com/ws/2005/05/addressing/none)' is
supported.
I don't understand this error or how to get around it.
Normally we will not disclose our metadata in the production environment,But if you want to enable metadata, we can use https binding to protect the metadata.
1.Configure a port with an appropriate X.509 certificate. The certificate must come from a trusted authority, and it must have an intended use of "Service Authorization." You must use the HttpCfg.exe tool to attach the certificate to the port.
2.Create a new instance of the ServiceMetadataBehavior class.
3.Set the HttpsGetEnabled property of the ServiceMetadataBehavior class to true.
4.Set the HttpsGetUrl property to an appropriate URL. Note that if you specify an absolute address, the URL must begin with the scheme https://. If you specify a relative address, you must supply an HTTPS base address for your service host. If this property is not set, the default address is "", or directly at the HTTPS base address for the service.
5.Add the instance to the behaviors collection that the Behaviors property of the ServiceDescription class returns, as shown in the following code.
ServiceMetadataBehavior sb = new ServiceMetadataBehavior();
sb.HttpsGetEnabled = true;
sb.HttpsGetUrl = new Uri("https://myMachineName:8036/myEndpoint");
myServiceHost.Description.Behaviors.Add(sb);
myServiceHost.Open();
This is authentication enabled on WCF, you can also enable windows authentication on IIS, both methods can protect metadata.
But in the production environment, I do not recommend that you enable metadata, because this will lead to the risk of metadata leakage.The call of WCF service can also be called through the channel factory. In this case, we can call WCF service without knowing the metadata of the server.
For more information on how to protect metadata, you can refer to this link:
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-secure-metadata-endpoints?redirectedfrom=MSDN
I have a silverlight application with wcf service self hosted in it.When I publish the the application with service on iis7 on windows server 2008,I cant see any data from service in my application(Service is not getting called).While debugging application I can see the data coming from servcie(sql server table data).Also when I publish the same application on my local system i.e. IIS-7 on windows7,I am able to access the service and data,on any system in network as well as on system where it is published.
I have made all the possible setting on iis7 which I found and also url for service is correct everywhere(dynamically generated),as I have published it successfully on iis 7 in windows 7 ,only the application is not accessing wcf when published on iis in windows server.
Also I have gone through all posts available here,but found no exact solution.
Settings for iis 7 and wcf i have done are
-aspnet_iisreg.exe(installed)
-all required setting in windows features turn on and off.
-on iis,all permissions are set for required user.
-Setting are done in mime type and handler mapping.
-I can browse successfully the wcf service with no error,and the same url is used while calling service from application.
Here is a piece of my code,where I am generating service endpoint url dynamically.
Try
busyIndicator.IsBusy = True
mService.Endpoint.Address = New EndpointAddress(DynamicEndpointHelper.ResolveEndpointUrl(mService.Endpoint.Address.Uri.ToString(),
App.Current.Host.Source.ToString()))
mService.GetProjectNamesAsync()
Catch ex As Exception
MessageBox.Show(ex.Message)
End Try
End Sub
Public Class DynamicEndpointHelper
' Put the development server site URL including the trailing slash
' This should be same as what's set in the Dropthings web project's
' ' properties as the URL of the site in development server
Private Const BaseUrl As String = "http://localhost:1632/"
Public Shared Function ResolveEndpointUrl(endpointUrl As String, xapPath As String) As String
Dim baseUrl__1 As String = xapPath.Substring(0, xapPath.IndexOf("ClientBin"))
Dim relativeEndpointUrl As String = endpointUrl.Substring(BaseUrl.Length)
Dim dynamicEndpointUrl As String = baseUrl__1 & relativeEndpointUrl
Return dynamicEndpointUrl
End Function
End Class
web.config part:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="testing.Web.Service1.basicHttpBinding" >
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="testing.Web.Service1">
<endpoint address="" binding="basicHttpBinding" contract="testing.Web.Service1" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
ServiceReference.ClientConfig part
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_Service1" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:1632/Service1.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_Service1" contract="sr_service1.Service1"
name="BasicHttpBinding_Service1" />
</client>
</system.serviceModel>
</configuration>
The endpoint address the sivlerlight application is trying to call is defined in the ServiceReference.clientconfig as: http://localhost:1632/Service1.svc. I assume that is not the actual deployed address you want to use. See this article for how to dynamically assign the service endpoint address.
I've been having a difficult time getting a WCF call in Silverlight to work when using SSL. I've gotten it to a point where WCF tracing says the endpoint is listening but when my code tries to call a function on it WCF Tracing shows the error:
Failed to lookup a channel to receive an incoming message. Either the endpoint or the SOAP action was not found.
If I browse to the services URL I properly get the service page, but calling it in code it always fails. Again, this only happens on HTTPS, not before when I was using HTTP. Of course there were a number of config changes to add to use SSL. I should note that the WCF Domain Services functions work fine over SSL, just not the WCF Service. Below are my various config file sections
Web.config
<system.serviceModel>
<domainServices>
<endpoints>
<add name="OData" type="System.ServiceModel.DomainServices.Hosting.ODataEndpointFactory, System.ServiceModel.DomainServices.Hosting.OData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</endpoints>
</domainServices>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<behaviors>
<endpointBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding" maxReceivedMessageSize="20000" maxBufferSize="20000">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
<readerQuotas maxArrayLength="20000" maxStringContentLength="20000" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="PictureService">
<endpoint address="https://MyServer/AdvisorDev/PictureService.svc"
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="PictureService.IPictureService"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
ServiceReferences.ClientConfig:
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IPictureService" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://MyServer/AdvisorDev/PictureService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IPictureService"
contract="PictureService.IPictureService" name="BasicHttpBinding_IPictureService" />
</client>
</system.serviceModel>
</configuration>
Create client:
PictureService.PictureServiceClient client = new PictureService.PictureServiceClient();
I am running this on my Dev machine using VS 2012 and using IIS as my web server. IIS is using a self-signed certificate. When my site first loads I do get the "There is a problem with this website's security certificate" error, click continue, and the rest of the application runs fine again including the Domain Service calls which use a dynamically created proxy. I create my proxy for this failing WCF service using "Add Service Reference"
One of my sources for SSL is this:
http://msdn.microsoft.com/en-us/library/hh556232(v=vs.110).aspx
This is the service I implemented:
http://www.silverlightshow.net/items/Uploading-and-downloading-images-from-WCF-in-Silverlight.aspx
I appreciate all advice on this, thank you.
It turns out this error was caused by an incorrect namespace in the Service name and contract attributes in the web.config for this service.
Just in case anyone else is having this issue as well, I was receiving the same error. The fix turned out to be removing inheritance from three of my classes.
My WCF service was returning a List<MyObject> and three classes inherited from the "MyObject" class. This error was thrown when one of the inheriting classes was included in the list.
Ex:
public class MyObject
public class MyObjectTwo : MyObject
...
List<MyObject> returnList;
MyObjectTwo addingThisBreaksTheService = new MyObjectTwo();
returnList.Add(addingThisBreaksTheService);
return returnList; // Exception thrown after this statement
I am upgrading a webservice from .Net 1.1 to WCF. The client that will connect to my new web service is a webservice itself and was designed using WSE3. I have no control over that webservice and it will not be changing.
Keeping that in mind, I needed to keep the same service endpoints and security the same so I designed this WCF service using wscf.blue (wsdl first) which has been helpful. If the client comments out their X509 message encryption code, our webservices communicate nicely. However, if they leave their X509 encryption in place, they receive the message:
"The header 'Security' from the namespace 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' was not understood by the recipient of this message, causing the message to not be processed. This error typically indicates that the sender of this message has enabled a communication protocol that the receiver cannot process. Please ensure that the configuration of the client's binding is consistent with the service's binding. : at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)"
On my service, I added a message inspector to a custom endpoint behavior and the AfterReceiveRequest is fired but it never gets to the actual web service's method call.
I'm assuming my web.config needs changed but I do not know what to change it to so that a legacy WSE3 web service will understand. Any ideas will be helpful:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehaviorUnsecure">
<serviceCredentials>
<serviceCertificate storeLocation="LocalMachine" x509FindType="FindByThumbprint" findValue="xx 11 bb xx as bd ef ag r2 xx xx xx xx xx xx 12 34 56 78 90"/>
</serviceCredentials>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="TestContextEndpointBehavior">
<TestContextEndpointBehaviorExtensionElement />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="WebSoap" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyWebservice.MyNamespace.WebSoap" behaviorConfiguration="ServiceBehaviorUnsecure">
<endpoint address="http://localhost:6380/WebSoap.svc" behaviorConfiguration="TestContextEndpointBehavior"
binding="basicHttpBinding" bindingConfiguration="WebSoap"
contract="IWebSoap" />
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
</service>
</services>
<extensions>
<behaviorExtensions>
<add name="TestContextEndpointBehaviorExtensionElement"
type="MyWebService.TestContextEndpointBehaviorExtensionElement, MyLibrary, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
</behaviorExtensions>
</extensions>
</system.serviceModel>
</configuration>
**Edit**
I was able to get a portion of code from the client as to what they were doing to connect to secure the soap headers in the old web service. I also found a web page that is suppose to help but it leaves more questions. It states to select the authentication mode. One option is AnonymousForCertificate and another Mutual Certificate. If you select one of those options on the page to view, it leads you to the enumeration type and one that seems possible is CertificateOverTransport. I'm not if any one of these three would help. For example, we're using SSL so CertificateOverTransport seems viable but it says that it expects X.509 version 3 certificate. How am I suppose to know what version of X509? Maybe the code below will help you help me:
public bool EncryptAndSignMessage(string sSigningMachine, string sEncryptingMachine, ref SoapContext scSoapContext)
{
//sSigningMachine is the WSE client's machine name and sEncryptingMachine is my WCF's IIS server machine.
//For breavity, removed code to get byHasCodeSigning and byHashCodeEncrypting values. These are essentially the thumprints for the WSE's server's certificate and my WCF's server certificate.
X509SecurityToken securityTokenForSigning = this.GetSecurityTokenForSigning(byHashCodeSigning);
X509SecurityToken securityTokenForEncrypting = this.GetSecurityTokenForEncrypting(byHashCodeEncryption);
// SPECIFY TIME-TO-LIVE (TTL) FOR SOAP MESSAGE TO MINIMIZE RISK OF SOMEONE INTERCEPTING AND REPLAYING IT
scSoapContext.Security.Timestamp.TtlInSeconds = 60;
// ADD THE CLIENT'S X.509 CERTIFICATES TO THE WS-SECURITY SOAP HEADER
scSoapContext.Security.Tokens.Add(securityTokenForSigning);
scSoapContext.Security.Tokens.Add(securityTokenForEncrypting);
// CREATE NEW INSTANCE OF THE MESSAGE SIGNATURE CLASS AND ADD THE DIGITAL SIGNATURE TO THE WS-SECURITY SOAP HEADER
MessageSignature sig = new MessageSignature(securityTokenForSigning);
scSoapContext.Security.Elements.Add(sig);
// CREATE NEW INSTANCE OF THE ENCRYPTED DATA CLASS AND ADD THE SECURITY TOKEN FOR ENCRYPTING TO THE WS-SECURITY SOAP HEADER
EncryptedData enc = new EncryptedData(securityTokenForEncrypting);
scSoapContext.Security.Elements.Add(enc);
return true;
}
}
I have searched and searched and I cannot find a solution. It seems like it would be relatively common to run into this... WCF REST service over https. When I add the service reference all of the proxy classes are correct and I can create the objects defined in the service, call the services, etc. However, I can't create a configured client with the proxy's client classes. I have to explicity create the bindings, behaviors, and endpoints and add them to the client. FOr example, what I should be able to do, based on all of my research is:
ServiceClient = new ServiceClient();
And be off and running. However, what I have to do is:
WebHttpBinding serviceBinding = new WebHttpBinding(WebHttpSecurityMode.Transport);
serviceBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
EndpointAddress endPointAddress
= new EndpointAddress(<endpointaddress>);
// Create Service Client
ServiceClient = new ServiceClient(serviceBinding, endPointAddress);
// Add Web Behavior to the EndPoint
WebHttpBehavior webHttpBehavior = new WebHttpBehavior();
ServiceClient.Endpoint.Behaviors.Add(webHttpBehavior);
// Set up the request to POST with a wrapped request
WebInvokeAttribute postAttribute = new WebInvokeAttribute();
postAttribute.Method = "POST";
postAttribute.BodyStyle = WebMessageBodyStyle.WrappedRequest;
ServiceClient.Endpoint.Contract.Operations.Find(<operationname>).Behaviors.Add(postAttribute);
In order to mimic the service configuration:
<behaviors>
<endpointBehaviors>
<behavior name="AspNetAjaxBehaviorXml">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="AuthenticationServicesBehavior">
<serviceMetadata httpsGetEnabled="true" policyVersion="Policy15" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="LoggingServicesBehavior">
<serviceMetadata httpsGetEnabled="true" policyVersion="Policy15" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="True" />
<bindings>
<webHttpBinding>
<binding name="WebSslBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="AuthenticationServicesBehavior"
name="AuthenticationServices">
<endpoint address="authenticate" behaviorConfiguration="AspNetAjaxBehaviorXml"
binding="webHttpBinding" bindingConfiguration="WebSslBinding"
name="AuthenticationEndPoint" bindingNamespace="<mynamespace>"
contract="IService" />
</service>
The "Add Service Reference" is giving me this:
<bindings>
<customBinding>
<binding name="AuthenticationEndPoint">
<!-- WsdlImporter encountered unrecognized policy assertions in ServiceDescription 'EchoAppsServices': -->
<!-- <wsdl:binding name='AuthenticationEndPoint'> -->
<!-- <sp:HttpsToken xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">..</sp:HttpsToken> -->
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap12" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
</binding>
</customBinding>
</bindings>
<client>
<endpoint binding="customBinding" bindingConfiguration="AuthenticationEndPoint"
contract="AuthenticationService"
name="AuthenticationEndPoint" />
</client>
I believe my inability to create a default client that works out of the box is related to the problem with WsdlImporter. I get a similar error when I use svcutil:
Warning: The following Policy Assertions were not Imported:
XPath://wsdl:definitions[#targetNamespace='<mynamespace>']/wsdl:binding[#na
me='AuthenticationEndPoint']
Assertions:
<sp:HttpsToken xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolic
y'>..</sp:HttpsToken>
I'm sure it has something to do with my self signed cert, but I can't get makecert to give me a functioning cert with a CA that doesn't cause my IIS to crash.
Environment details:
VS2008
XP 64bit
.NET 3.5
IIS6
Thanks in advance for any help...
If you want to create client proxy classes, why would you use webHttpBinding. Why not just use wsHttpBinding?
The whole point of webHttpBinding was so that you could use standard Http toolkits like HttpWebRequest and Microsoft.Http.HttpClient on the client to access the service.
Not sure if that's just a typo - but your code and config don't match.
See in your code:
serviceBinding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Windows;
but in your config:
<webHttpBinding>
<binding name="WebSslBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
In code, you set your HttpClientCredentialType to Windows (integrated Windows authentication), but in config, you set it to None.
Try changing your config to use Windows as well:
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
and try again.
If you don't get any better results : why not just update the client config manually, after the import? The WSDL importer is known to have hiccups here and there, and most often, just using your brain and manual config adaption can solve the problem. You basically just need to copy the <endpointBehaviors> and the <bindings> sections into your client side config and define a <client> section which references the appropriate endpoint - that's pretty much all.
You bring up a good point, but I started down this road to make a RESTful web service that can be called either from the client or the server. I can call it from both right now just the way it is but I have to explicitly configure the server side. This is unacceptable because this application will be deployed to multiple end users and it's easier to change a configuration file than it is to patch. I know that I could create multiple endpoints, but I would much rather only have to maintain one per service.
Thank you for your reply.