.Net, ASP.Net, C#, VB.net, SQL Server, Xml, CSS, Design Patterns related tips, tricks, code snippets, articles, links, thoughts, etc. from Binu & Subi Thayamkery.

Binu Thayamkery is a seasoned software architect with more than 13 years of experience in developing enterprise grade connected systems using Microsoft Technologies. In his current position as a lead consultant-solution architect with Prudential Financial, he is working on architecture of next generation investment reporting framework using .net 3.5/WCF/AJAX, etc. He holds a Masters Degree in Computer Science from Colorado State University. Subi Thayamkery is an experienced software developer with more than 8 years of developing various application software systems ranging from workflow automation systems to compliance management tools. She currently works as a technology consultant for Prudential Financial where she helps develop a new system for corportate governance department. She holds an Electrical Engineering degree from New Jersey Institute of Technology.

Wednesday, February 01, 2006

Accessing a Secured Web Service

My setup:
My web application uses Basic Authentication (SSL enabled). This application consumes
a web service which is under Basic Authentication as well. I am using Visual Stuio.net to develop.

Since I am using VS.Net, it is easy to start using the web service, you click on Add Web Refrerence,point it to the web service url (http://myserver/mywebservice/service.asmx). At this point VS.Net creates your proxy class in built with the mechanism to talk to your web service. You are all set,
You are ready to can access your web methods now!

Now only small challenge I faced here is around the authentication. When I initially called my web method, it threw me an HTTP Error 401:Authorization Required. Ofcourse, I was not passing any authentication credentials to the web serive (which BTW uses Basic Authentication).

So I changed my code to add these two lines,

proxy.PreAuthenticate = true;
proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;


before the actual call is made. Still no luck, why? I overlooked the fact that passing DefaultCredentials works only for NTLM and Kerberos (Windows Authentication).

Now at this point, I want to stress the importance of PreAuthenticate Property.
It is important to set this to true when dealing with a secured web service.
According to Microsoft

The proxy's PreAuthenticate property can be set to true or false.
Set it to true to supply specific authentication credentials to cause a WWW-authenticate HTTP header to be passed with the Web request. This saves the Web server denying access on the request, and performing authentication on the subsequent retry request.



So I changed my code again,

MyWebService proxy = new MyWebService();
string pwd = HttpContext.Current.Request.ServerVariables["AUTH_PASSWORD"];
string uid = HttpContext.Current.Request.ServerVariables["AUTH_USER"];
NetworkCredential nc = new NetworkCredential(uid,pwd,"mydomain");
proxy.Credentials = nc;
proxy.PreAuthenticate = true;

and make the call !

With this change it all started working, I am getting the user id and password from my application that has already authenticated the user, create a credentical and pass it to the web service.

:)
Posted by Binu Thayamkery at 2:24 PM
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Place holder for some text here!

Copyright 2008 Binu Thayamkery/Subi Thayamkery. All code snippets, samples provided AS-IS. Use at your own risk !