How to modify the HTTP Header for a WebService in .NET 2.0

[utnemisis51]

Hi,

I'm trying to include some user credentials for accessing a remote
webservice. The remote location requires that I use Basic
authentication, which means, from browsing around, I need to include
the user name and password in the HTTP header, but I'm not quite sure
how to access the HTTP header that is sent with the webservice soap
message request.

Can anyone help?

Thanks in Advance.

Kevin

 

[John Timney \( MVP \)]

You should be able to pass a NetworkCredential object to the webservice
proxy that uses the specified user name, password, and domain and pass this
with the request to the remote webservice. This would be added to the
outbound header when the request is made.

Have a read of this for an example.

http://support.microsoft.com/kb/811318/EN-US/

 

[UT-BadBoy]

I tried your suggestion, which I have used in the past to pass
credentials. In this instance, I'm needing to send the credentials via
the HTTP headers, not part of the soap headers. According to RFC 2617,
the HTTP header should include "Authorization: Basic uidassword"
format. Using the trace built into IIS I looked at the incomming
request to the webservice to locate the header information and check if
any credentials that I set was found within the header, but could not
find any.

this is the information in the HTTP header:

Headers Collection
Name Value
Connection Keep-Alive
Content-Length 4068
Content-Type text/xml; charset=utf-8
Expect 100-continue
Host localhost
User-Agent Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
Protocol 2.0.50727.42)
VsDebuggerCausalityData
uIDPowZg+yq+Zv9BnmiKUtX0pxsBAAAANneykaH6Wky4N0BqGyE1RI8QHDH3KGRPmY2NJ9d7/egACAAA

SOAPAction "http://tempuri.org/GetVersion"

-----------------------------------------------------------------

Here's a snippet of what code i used to set the network credentials.

System.Net.NetworkCredential cred = new
System.Net.NetworkCredential("user", "user");
System.Net.CredentialCache cache = new
System.Net.CredentialCache();
cache.Add(new Uri("www.webservice.asmx"), "Basic",
cred);
webService.Credentials = cache;

Am I going about this the wrong way?

Thanks.

 

[John Timney \( MVP \)]

Specifically for SOAP headers .NET lets you derive from the soap header
class to pass authentication if the network credentials cant cut it. I've
never tried it but it might be just what your after.

Theres a simple example of it here in the quickstart:
http://samples.gotdotnet.com/quickstart/aspplus/doc/secureservices.aspx

and another worth reading at Code Project
http://www.codeproject.com/cs/webservices/authforwebservices.asp

Hope that helps

 

[UT-BadBoy]

Hi John,

Thanks for the two links. They definately provided me with more
information about the soap headers and how you can use the soap headers
to place additional information for webservice requests. But
unfortunately, the third party webservices that we are using require
that we place the authentication strings within the
HTTP Headers. Is there a way to implement this within the webservice
or is this something I need to configure IIS to do when sending out
requests?

Thanks again.

 

[UT-BadBoy]

Hi John,

Thanks for the two links. They definately provided me with alot of
information about the webservice soap headers but it seems in my
situation that I need access to the HTTP Headers.
The third pary webservices that we will use requires that we place the
authentication credentials within the HTTP header's Authentication
section.
Is this some sort of configuration that I can set within the IIS?

Thanks.

 

[John Timney \( MVP \)]

The authentication property preauthenticate=true on your wsdl proxy should
force the authentication headers into the http stack as opposed to the soap
stack. I suspect this is what your actually after as it handles 401 status
codes and deals with an http challenge during the actual request, thus
authenticating the call at the http header level.

http://msdn2.microsoft.com/en-us/li...tocols.webclientprotocol.preauthenticate.aspx

Another MVP - Peter Bromberg has an excellent article on pre-authenticating
web service requets and security. You should read it.
http://www.eggheadcafe.com/articles/20051104.asp

If this isn't what your looking for then you need to get a working example
from the web service owner and base your solution on that.

Hope I have helped!.

Regards

John Timney
Microsoft MVP

 

[erics44]

Hi
I know this is a very old thread but did it get a solution?

I am having the same issue?

Thanks in advance