C# – Connect to a WCF service (.svc) via a proxy (with username / password)

cwcfwcf-security

I've created a WCF service. I call it like this:

ServiceClient client = new ServiceClient ();
client.MyMethod();

So far so good on my machine.

Now I've deployed it in our DMZ (whatever that is), and I can call it via an outside URL (so the request from my machine goes out to the Internet and then goes to our datacenter).

But, we connect via a proxy to the Internet. I am not sure how that works, but I have to enter a proxy server in the connections, LAN settings section of Internet Explorer if I want to visit the Stack Overflow site.

When I don't change the code, I get this error:

The remote server returned an
unexpected response: (407) Proxy
Authentication Required ( The ISA
Server requires authorization to
fulfill the request. Access to the Web
Proxy filter is denied. ).

After googling, I found this code, but it leaves me with the same error.

  var b = client.Endpoint.Binding as System.ServiceModel.WSHttpBinding;
            b.ProxyAddress = new Uri("http://OURADDRESS.intern:8080");     
            b.BypassProxyOnLocal = false;     
            b.UseDefaultWebProxy = false;
            client.ClientCredentials.UserName.UserName = @"DOMAIN\USERNAME";
            client.ClientCredentials.UserName.Password = "myverysecretpassword";

Best Answer

In such a case, using the default proxy should be enough:

<configuration>
  <system.net>
    <defaultProxy useDefaultCredentials="true" />
  </system.net>
  ...
</configuration>

In your binding, you must only ensure using the default proxy (should be enabled by default):

b.UseDefaultWebProxy = true;

In case of manually setting credentials, I believe that your proxy expect Windows credentials and because of that this should be used:

client.ClientCredentials.Windows.ClientCredential.UserName = @"DOMAIN\USERNAME";
client.ClientCredentials.Windows.ClientCredential.Password = "myverysecretpassword";

Related Solutions

REST / SOAP endpoints for a WCF service

You can expose the service in two different endpoints. the SOAP one can use the binding that support SOAP e.g. basicHttpBinding, the RESTful one can use the webHttpBinding. I assume your REST service will be in JSON, in that case, you need to configure the two endpoints with the following behaviour configuration

<endpointBehaviors>
  <behavior name="jsonBehavior">
    <enableWebScript/>
  </behavior>
</endpointBehaviors>

An example of endpoint configuration in your scenario is

<services>
  <service name="TestService">
    <endpoint address="soap" binding="basicHttpBinding" contract="ITestService"/>
    <endpoint address="json" binding="webHttpBinding"  behaviorConfiguration="jsonBehavior" contract="ITestService"/>
  </service>
</services>

so, the service will be available at

Apply [WebGet] to the operation contract to make it RESTful. e.g.

public interface ITestService
{
   [OperationContract]
   [WebGet]
   string HelloWorld(string text)
}

Note, if the REST service is not in JSON, parameters of the operations can not contain complex type.

Reply to the post for SOAP and RESTful POX(XML)

For plain old XML as return format, this is an example that would work both for SOAP and XML.

[ServiceContract(Namespace = "http://test")]
public interface ITestService
{
    [OperationContract]
    [WebGet(UriTemplate = "accounts/{id}")]
    Account[] GetAccount(string id);
}

POX behavior for REST Plain Old XML

<behavior name="poxBehavior">
  <webHttp/>
</behavior>

Endpoints

<services>
  <service name="TestService">
    <endpoint address="soap" binding="basicHttpBinding" contract="ITestService"/>
    <endpoint address="xml" binding="webHttpBinding"  behaviorConfiguration="poxBehavior" contract="ITestService"/>
  </service>
</services>

Service will be available at

REST request try it in browser,

http://www.example.com/xml/accounts/A123

SOAP request client endpoint configuration for SOAP service after adding the service reference,

  <client>
    <endpoint address="http://www.example.com/soap" binding="basicHttpBinding"
      contract="ITestService" name="BasicHttpBinding_ITestService" />
  </client>

in C#

TestServiceClient client = new TestServiceClient();
client.GetAccount("A123");

Another way of doing it is to expose two different service contract and each one with specific configuration. This may generate some duplicates at code level, however at the end of the day, you want to make it working.

C# – Validate a username and password against Active Directory

If you work on .NET 3.5 or newer, you can use the System.DirectoryServices.AccountManagement namespace and easily verify your credentials:

// create a "principal context" - e.g. your domain (could be machine, too)
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials("myuser", "mypassword");
}

It's simple, it's reliable, it's 100% C# managed code on your end - what more can you ask for? :-)

Read all about it here:

Update:

As outlined in this other SO question (and its answers), there is an issue with this call possibly returning True for old passwords of a user. Just be aware of this behavior and don't be too surprised if this happens :-) (thanks to @MikeGledhill for pointing this out!)

Best Answer

Related Solutions

REST / SOAP endpoints for a WCF service

Reply to the post for SOAP and RESTful POX(XML)

C# – Validate a username and password against Active Directory

Related Topic