I have a WCF service which would like to support basicHttpBinding and webHttpBinding. When the client successfully login, server will generate a token for client to pass to server on all the request make later. Question is how the client can pass the token to server? I don't want to add an extra parameter on every web method to hold the token.
Typically, the best way to do something like this is passing such "meta-information" in a WCF header. You can easily create a message inspector to extend WCF (it's really not that scary and hard to do!) which would inject the token into every outgoing request from the client, and retrieve it from the header and validate it on the server side.
There are a number of pretty good blog post out there showing you how to create a message inspector:
Richard Hallgren's WCF postings
Writing a WCF message inspector
Automatic Culture Flowing with WCF by using Custom Behaviour
Check out the two relevant interfaces to implement:
IClientMessageInspector on the client side, which has a BeforeSendRequest and AfterReceiveReply message to implement
IDispatchMessageInspector on the server side, which has a AfterReceiveRequest and BeforeSendReply method to implement
Related
Here is what I would like to do.
1. Service hosted in WCF
2. Client calls asking for a payload of messages
3. Service returns payload of messages and waits for client to respond
3.A. Client returns 200 (OK) status or something confirming messages received.
3.B. Client returns bad error status stating to not delete the messages on server.
4. Depending on 3.A or 3.B Service will take appropriate action.
I would like to do this by doing something like extending IDispatcher and writing extension methods. VS creating another service and having the client call that service to signal which messages it received. Unless that's best practices.
Thanks in advanced.
If acting on HTTP status codes is a requirement then WCF is probably not what you want to use. WCF was created to be able to write transport independent code so the bindings could be changed purely through configuration; no code changes required. The HTTP request handling is buried so deeply into HTTP-based bindings that you're better off using something like the OpenRasta framework to implement your HTTP (REST) style service. It is a very HTTP request aware framework.
Otherwise, look at this wsDualHttpBinding intro to accomplish something similar through the application API level.
Is there any way to enforce that a method call in soap based wcf is called as an HTTP get? I'm not sure if this would be handled on the client or server side. We wanted to have the wcf call process as a get vs. post for cacheability, etc.
I'm also not sure how to monitor a wcf service to determine if calls are doing gets or posts (or if it always does one or the other). Can I use fiddler for this?
I would imagine I could use a restful wcf service to wrap the call, but I wasn't sure if there was a way to do it straight in a soap based service.
Out of the box WCF functionality does not support SOAP HTTP GET. But WCF is extensible so you can try to develop custom binding (with cutom channel or behavior) supporting this feature.
Caching is supported in WCF 4 REST services. REST services allow all basic HTTP methods.
You can use Fiddler to monitor the gets and posts.
Check out this post about calling a WCF service with an HTTP GET.
I am writing WCF service that uses wsHttpBinding binding, which is not hosted in IIS but in Windows Service. I want to have a Login(user,pass) method in service, which will give a ticket to the client if the user is valid.
Can anyone help me to understand how to implement ticket base authentication in WCF? Is there any standard mechanism or I have to implement my own? I also want to store other data for each user in the in the service as well.
I found the solution, I don't know are there any standard mechanisms or not, but the post here helps me to solve the problem...
http://blogs.microsoft.co.il/blogs/bursteg/archive/2006/04/23/141.aspx
I just return ticket from login method if the user is valied, and send that token with the message header in every call, which can be checked in other service call
I'm connecting to a webservice using WCF. I can authenticate on the server correctly, send my request, and get a signed response back.
The only thing is that the body of the response isn't encrypted. Ok, I'm fine with that. It's not my service and not my call how they do things, I'm just writing a client.
The issue is that WCF keeps giving me a MessageSecurityException stating that the'Body' required part of the response message wasn't encrypted. Where in my app.config can I specify that I couldn't give two flying craps that it isn't encrypted and it should be let through and read?
For the record, I'm using customBinding.
The protection level (which defaults to "EncryptAndSign" in WCF) is set on the service contract, e.g. your interface that defines the service methods:
[ServiceContract(Name="YourServiceContract",
Namespace="http://www.yourdomain.com/2009/09/WCF",
ProtectionLevel=ProtectionLevel.None)]
public interface IYourService
{
string SayHello(string inputString);
}
You can set it to "ProtectionLevel.EncryptAndSign" (which is the default), "Sign" or "None".
However, you cannot set it to be one thing for the request and another for the response - the protection level applies to both directions of your WCF communication.
Check out the Fundamentals of WCF Security which explains these topics (this one in particular on page 2).
Marc
There is a way to send a secured message and permit the response to be unsecured. However it requires a hotfix you need to request from Microsoft technical support. This has saved me when workign with a goverment service that required recured requests but send unsecured faults back. See here for more information on the hotfix.
I want to invoke a wcf service for testing on the http layer. I do not want to add a service reference and create a proxy and invoke. I want to create a new web test(VSTS) which sends a http request to the service and posts(Http post) the request in http body as an xml.
I have service metadata, with which I can see the datacontracts, but the wsdl:operation has only the operation name, wsdl:input is just blank.
On the Contary, an asmx service will have the soap request in the metadata which can be copied as the http request body, with the parameters replaced.
How to build a wcf service xml body from scratch just by looking at the service metadata (no access to the service logs as well), have got just the end point.
It is something like
<root>
<element1>element1</element1>
<element2>element2</element2>
</root>
But, how to find out this, root has to be some thing like
<FunctionRequest xmlns=""http://schemas...."" xmlns:i=""http://www.w3.org/2001/XMLSchema-instance"">
(tested for a local service and worked)
Now, without having access to service logs(svctraceviewer logs), not able to add a service reference, not able to use svcutil.exe(certificate based service), just only with metadata - wsdl, is there a way to find out the request that is to be sent to service?
Well, you will have to create proxy - either statically by adding a service reference or running svcutil on your service metadata, or you can construct it dynamically totally in code, if you wish.
In that case, you'd have to have your service contract (ISomethingService) at hand, and check out the ChannelFactory < ISomethingService > () concept - that should get you started.
Marc
Yes you can, but you have to do a little work first.
Build the service client by running svcutil.exe on the wsdl/xsd metadata. This will generate a c# with your service and data contract objects. Compile that to an assembly using csc.exe.
See the soap envelope body you can create a request object and manually serialize it with data contract serializer. Or you can host the assembly in WcfSvcHost.exe and add wcf logging to the config file. In either case you will only have the correct xml for the body, and even that might be wrong if the real service uses xml serializer instead of data contract serializer.
The next part is the hard part because you need to know the security model for the real service. If it only uses certificates for SSL and server identification, you should be able to send the xml using WebClient. But if it uses mutual certs and/or security tokens, you pretty much have to create a channelfactory by hand with the right bindings.