We have OSB services that are currently secured with a username and a password. I get a 401 unauthorized when attempting to generate a service proxy using svcutil. I know you need to set up a svcutil.exe.config file but I cannot find any examples except for one that passes a certificate.
Dows anyone know how to send a username and password using svcutil?
I don't think you can do that.
What you can do in this case is either connect to that address in a browser and just download and save the WSDL file to your local disk and call svcutil.exe on that local copy - or ask the publisher of that webservice to either give you an URL which doesn't require authentication, or to simply send you the relevant WSDL and possibly XSD files so you can create a client side proxy for that service.
You can't authenticate in svcutil, but you can set up credentials in Windows for the target machine. Go to your account management page, then to your stored credentials. Add a new entry with the target hostname and credentials. After this, you can use svcutil with the URL.
Try this. This should work with any web page requiring username and password.
svcutil http://user:password#someurl?wsdl
Related
I'm making a proxy service in OSB 12c and I'm going to a legacy that implements user and password authentication. From SoapUI I can send that info from "Properties" fields, but I don't know how to send that from OSB. I guess it could be sent from Business Service file but not sure. I searched on google but I found info about how to implement usr and psw on my proxy service, but not how to send that info to a external WSDL.
I'm getting 401 error from legacy when I try to consume the WSDL through SB console. Thanks.
I'm not sure if there are existing policies that can do this in 12c. Atleast in 11g there weren't.
You have to manually create and add the HTTP header that make outgoing basic authentication possible.
Wiki about basic authentication header: https://en.wikipedia.org/wiki/Basic_access_authentication#Client_side
In OSB you can add this by using the 'Transport Header' step on the outbound request.
How it looks in OSB:
The best way to use basic authentication is by using the owsm policy instead of manipulating transport header.
I have a web service hosted in IIS 7 that is to be called from a WCF client that runs in a different domain.
Currently, the wsHTTP binding has been configured using default settings. When the call is made the service complains that the client couldn't be authenticated (Message : The request for security token could not be satisfied because authentication failed.). I guess this is because it's trying to use windows authentication and the clients ID cannot be validated against the AD server of the service.
What's the best way to get around this? Can the service be configured to run under the ID of a local account? How best to check the call has come from authorised client? I'd rather avoid certificate generation and management if possible. Ideally, I'd authenticate the client by username / password by then have the service operate under it's own local ID - to gain access to resources on the service server.
Any advise gratefully received.
Thanks
Rob.
You can use user name and password but your service should use certificate if you don't want to send user name and password in plain text. Your option is either:
HTTPS with user name and password in message
Message security with user name and password in message
Both requires certificate.
Here's a good tutorial that I used to do just that.
http://www.codeproject.com/KB/WCF/wcf_https_usernameauth.aspx?msg=3527563#xx3527563xx
I want to let remote administrators (with local or domain credentials) control my Windows service via a WCF TCP binding. To do this, I need to authenticate the remote user as an administrator. I can check the principal user/roles, but I don't know how to prompt the remote user for the correct user details/token.
This is related to my previous question on Restricting WCF TCP endpoint to Administrators. Instead of adding [PrincipalPermission(SecurityAction.Demand, Role = "Administrator")] to my restricted service method and catching a SecurityException, it seems I can check for it with:
if (!System.Threading.Thread.CurrentPrincipal.IsInRole("Administrators"))
return MethodResult.AccessDenied;
// haven't tested if it's the service thread or the remote user yet.
How do I prompt the remote user for Windows authentication if a Access Denied result was returned so I can reinitiate the connection as a different principal?
Of course, the change would need to be effected on the remote user's client application. Perhaps there is a cleaner WCF way to do it?
Edit: Searching for ".net impersonation" led me to this on CodeProject. Haven't had a chance to look, but this may be the way to go.
You need to pass in the user's credentials with your WCF call. Normally the client application just "captures" the currently running user's credentials. Alternatively you can specify a username and password explicitly. So you could prompt the user for an alternative set of credentials if you wish.
Either way, the client app needs to prompt the user. Your WCF call should return an error (code or exception) upon authorization failure and your client should capture that return and display a prompt to the user and retry with the new credentials. WCF by itself cannot handle prompting the user.
Here is an article on various means of passing credentials:
http://blogs.msdn.com/b/sonuarora/archive/2007/04/21/setting-client-credentials.aspx
Assuming this is hosted in IIS you need to turn off anonymouse authentication in the IIS Manager. This should force the user to login to the machine using a Windows account. You may also need to enable ASP.NET Impersonation.
Here is how you can prompt the user using the standard windows dialog using pInvoke How to show authentication dialog in C# .Net 3.5 SP1
I currently need to access an API that is set up in an staging environment on an Apache web server but the web server throws up a username/password dialog when browsing to the API url. Unfortunately I do not have access or control over the behavior of this web server.
Is it possible to programmatically send the username and password to an Apache web server?
You have ran into Basic Access Authentication. You just need to pass the username and password as part of the URL:
http://username:password#url.com/page.html
Use the following:
http://user:pass#domain.tld/path
Have you tried sending the Authorization header incorporating the base-64-encoded credentials as part of the HTTP request as described in the linked Wikipedia article?
I'm trying to connect with a webservice that's in a password protected host, i.e. you must enter user+pass to access the remote WSDL.
The key word there is "trying", I have a client made by WSDL2JAVA that works ok if the service is unprotected, but I can't find how to add the login to that code.
To clarify, it's not the webservice who demands authentication, but the site itself. I'm testing with a secured realm in a tomcat server, but I'm lookin for a platform independent solution.
Has anybody been able to do this?
I've found a solution:
First create a HttpClient object and authenticate it, as explained here. Then without closing that connection, connect with the webservice as usual.
And that's it. I'm not sure why that works, I think that the java process saves the connection cookie or something like that.