CODEWITHSUNDEEP
c#web-serviceswcfsoapws-security
Nuno
Nuno

Reputation: 81

How to consume a web service with WS Security in c# setting credentials at run-time?

I'm developing a WCF project using C# and I need to consume a web service with ws-security. Problem is I will only know the credentials to use at run time immediatly before consuming the web service, so I can't really use the webconfig file to setup the soap header security section.

My webconfig file looks like this: 

<?xml version="1.0"?>
<configuration>    
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.6.1" />
    <httpRuntime targetFramework="4.6.1"/>
  </system.web>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="GuiaAcompanhamentoImplServiceSoapBinding1" maxReceivedMessageSize="1000000" useDefaultWebProxy="false">
          <security mode="Transport">
            <transport clientCredentialType="None" proxyCredentialType="None" realm="" />            
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="https://qualsiliamb.apambiente.pt/egar/services/GuiaAcompanhamentoWs/v2"
        binding="basicHttpBinding" bindingConfiguration="GuiaAcompanhamentoImplServiceSoapBinding1"
        contract="APAeGARv2.GuiaAcompanhamentoWs" name="GuiaAcompanhamentoWsPort1" >
        <headers>
          <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <wsse:UsernameToken>
              <wsse:Username>XXXXXXXXXX</wsse:Username>
              <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXXXXXXXX</wsse:Password>
            </wsse:UsernameToken>
          </wsse:Security>
        </headers>
      </endpoint>    
    </client>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <protocolMapping>
        <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>    
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
    <!--
        To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.
      -->
    <directoryBrowse enabled="true"/>    
  </system.webServer>    
</configuration>

My C# code looks like this:

public string egAnularGuia2(string token, string nifInterveniente, string idUser, int idInstalacao, int idPda, string idMatricula, string numeroGuia, string codigoVerificacao, string Observacoes)
{
    APAeGARv2.GuiaAcompanhamentoWsClient ws = new APAeGARv2.GuiaAcompanhamentoWsClient();

    // I'd like to insert credencials for ws-security here, but don't know how

    APAeGARv2.anularGuiaInput inp = new APAeGARv2.anularGuiaInput();
    inp.tokenCertificacao = tokenCertificacao;
    inp.nifInterveniente = nifInterveniente;
    inp.idGuia = new APAeGARv2.identificadorGuia();
    inp.idGuia.numeroGuia = numeroGuia;
    inp.idGuia.codigoVerificacao = codigoVerificacao;
    inp.observacoes = Observacoes;

    APAeGARv2.anularGuiaOutput outp = new APAeGARv2.anularGuiaOutput();

    try
    {
        outp = ws.anularGuia(inp);
    }
    catch (Exception Erro)
    {
        outp.result = ErroOutput2(outp.result, Erro);
    }

    return SerializeOutput(outp);
}

Using this method works very well. But as I've mentioned I'm limited to the credentials I set up in the webconfig file at design-time.

My question is: How can I change my C# code to be able to change credentials at run-time?

Thanks!

Upvotes: 2

Views: 8950

Answers (1)

Nuno
Nuno

Reputation: 81

After a bit of research and asking a few coleagues someone came up with a solution which I tested and works well:

    public string egAnularGuia2(string token, string nifInterveniente, string idUser, int idInstalacao, int idPda, string idMatricula, string numeroGuia, string codigoVerificacao, string Observacoes)
    {
        EndpointAddress address = new EndpointAddress("https://qualsiliamb.apambiente.pt/egar/services/GuiaAcompanhamentoWs/v2");
        BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
        CustomBinding customBinding = new CustomBinding(binding);
        SecurityBindingElement element = customBinding.Elements.Find<SecurityBindingElement>();
        element.IncludeTimestamp = false;
        APAeGARv2.GuiaAcompanhamentoWsClient ws = new APAeGARv2.GuiaAcompanhamentoWsClient(customBinding, address);
        ws.ClientCredentials.UserName.UserName = "XXXXXXXXX";
        ws.ClientCredentials.UserName.Password = "XXXXXXXXX";
        APAeGARv2.GuiaAcompanhamentoWsClient ws = new APAeGARv2.GuiaAcompanhamentoWsClient();

        // the rest remains the same...
    }

Upvotes: 3

Related Questions