Wednesday, September 03, 2008

WCF SSL Password Negotiation Errors

Ok, I'm using WCF to try to connect to a basic webservice hosted on a coldfustion server. The webservice that I'm connecting to communicates over https and expects a username and password. So, after bumping around and doing some research, I was able to come up with this.

Again, sorry about the code display. If you select and copy/paste the code will be much more readable.

First, in your config file (or in code I guess, my example is a config file), replace whatever was automatically generated for your security setting in your binding when you added the service with the following.

  <security mode="Transport">
transport clientCredentialType="Basic" />

Next, you have to pass the username and password to the webservice. This I did in code, you can probably put the username and password in your config file somewhere as well. Here is a sample page_load method I did for a web page to do a test of the webservice.

Here are the namespaces that I referenced as well.

using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Net.Security;
using System.Net;
using System.Security.Cryptography.X509Certificates;
protected void Page_Load ( object sender, EventArgs e )
//ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback ( customXertificateValidation );
TheService.proxyname t = new TheService.proxyname ();
t.ClientCredentials.UserName.UserName =
t.ClientCredentials.UserName.Password =
t.Open ();
Response.Write(t.SomeMethod (
"123456789", 123 ));

catch ( System.Exception ex )
Response.Write ( ex.ToString () );

t.Close ();

Lastly, if you don't have the root certificate setup, uncomment out the ServicePointManager line and add the following method. This will override any sort of certificate goofiness on your end.

private static bool customXertificateValidation ( object sender,
X509Certificate cert, X509Chain chain,
SslPolicyErrors error )
return true;

And walla! You should be able to connect. Hope this helps someone.

No comments: