Click here to Skip to main content
15,065,328 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Hi all,
So here's the deal, I'm trying to set up a WCF service which needs support for SOAP 1.2 and Basic Authentication (username + password, which must be validated against a custom database). The service will be consumed by a third party over the internet.
I'm using Visual Studio 2015 with .NET 4.6.1.

So as far as I understand I need a wsHttpBinding (which supports SOAP 1.2).
Then I need to set up some way to validate the username + password, which can be done by inheriting from System.ServiceModel.UserNamePasswordValidator.

And now for the tricky part, configuration...
<!-- ... Stuff ... -->
  <userNameAuthentication userNamePasswordValidationMode="Custom"
                          customUserNamePasswordValidatorType="MyProject.CustomUsernamePasswordValidator, MyProject"/>

<!-- ... More stuff ... -->
  <add binding="wsHttpBinding" scheme="http" bindingConfiguration="wsHttpBinding" />
    <!-- For HTTP support (testing only) -->
    <binding name="wsHttpBinding">
      <security mode="Transport">
        <transport clientCredentialType="Basic" />
<!-- ... Even more stuff ... -->
The problem is, as soon as I set up security mode Transport with clientCredentialType Basic I need SSL and a (self-)signed certificate. The only way I can find to disable this is by using basicHttpBinding and clientCredentialType TransportCredentialOnly, but that only supports SOAP 1.1.

Of course I could create a self-signed certificate, but I really don't want that for testing purposes (the next programmer on this project will need it, everyone will always needs it, which raises the bar for maintenance, etc.).

So my question: can I have SOAP 1.2 with Basic Authentication and plain HTTP (no S)?


What I have tried:

I've searched the entire internet, and I've tried just about any configuration possible.
Updated 29-Mar-16 22:24pm

1 solution

Alright, so I found my biggest problem. It's rather stupid.
I was missing the services configuration...
  <service name="MyProject">
    <endpoint address="" binding="wsHttpBinding" contract="MyProject.IMyService" bindingconfiguration="BasicAuthentication"></endpoint>
I remember that used to be generated in earlier versions of WCF.
Anyway, with that in place I was able to fix it.

Having Basic Authentication without HTTPS is impossible, but I was able to get it working by just ignoring the certificates in my code:
using (ServiceApiClient client = new ServiceApiClient())
    ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback((sender, cert, chain, error) => true);

    client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
    // ...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900