How to pass current security context to web request ?

Question

0.00/5 (No votes)

See more:

I have a WCF service running as a windows service. It is running with a specific user as a security context (username@domain.com) . There is a method in it which calls a REST API web service. I wanted to pass credentials of WCF service to REST request. I tried below code but it is not working. All I am getting is Unauthorized (401) error from REST web service.

C#

Uri uri = new Uri(objM3API.URL);
ICredentials credentials = CredentialCache.DefaultCredentials;
NetworkCredential credential = credentials.GetCredential(uri, "Basic");

request.Credentials = credential;
request.Accept = "application/json";
// Get response
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
    if (response.StatusCode == HttpStatusCode.OK)
    {

So far I tried changing Authentication type when creating NetworkCredential object to "Negotiate" and "NTLM" but that did not work either. I don't want to create NetworkCredential object passing user name and password ( Request from company to use security context of the service rather than passing value directly ) .

Any help will be greatly appreciated

Posted 13-Mar-14 19:39pm

virang_21

Add a Solution

Comments

ZurdoDev 14-Mar-14 16:58pm

What kind of security/authentication does the service have? If it is Forms Authentication, for example, you'll have to do it differently.

virang_21 14-Mar-14 19:34pm

The problem is those REST eeb services are exposed by corporate ERP and there is no documentation on how to use them. You may be right that it may be using forms auth..how to do it if it is using forms auth ?

virang_21 14-Mar-14 19:39pm

The code that i posted was workingbut they made some changes to make our test ERP environment same as production and it stoped working. It is good that i find out about it before system went to prod but now i am stumped on how to authenticate user when calling web service.

ZurdoDev 14-Mar-14 19:42pm

You should ask them what they changed then.

virang_21 14-Mar-14 21:55pm

It is using Basic Authentication to validate credential. I can confirm this because when I execute REST API url directly in browser it prompts for username/password dialog. Also using Soap UI tool it is showing WWW-Authenticate Basic Realm="TEST" as a part of response header. My fear is that somehow when creating NetworkCredential object the way I did is not passing credential info to the request. Any suggestion ?

ZurdoDev 14-Mar-14 22:14pm

I just did this this week and this is what worked for me:

request.Credentials = new NetworkCredential(username, password);

You might also have to set PreAuthenticate to true on your request. Try it without at first.

virang_21 14-Mar-14 22:19pm

I don't want to create NetworkCredential object passing user name and password ( Request from company to use security context of the service rather than passing value directly ) .If I pass the way you suggested by creating network credential object by passing username/password explicitly it works. Somehow creating network credential object using current security context of the service is the issue. Is it not possible at all what I am trying to achieve ?

ZurdoDev 14-Mar-14 22:22pm

I'm not sure what you mean by "security context of service." If they have a specific way they want you to access it it seems like they should be able to tell you how.

virang_21 14-Mar-14 22:31pm

My WCF service is running with specific username user@domain.com. WCF service is self hosted windows service. This windows service is running with user@domain.com login name and password. They don't have technical knowledge of how to do it but the whole issue is not to pass username/password directly from the code but to pick up from the service security context. I need to be 100% sure before I tell them it is not possible with Basic authentication to create NetworkCredential object without explicitly passing username/password. Hope you get my point. It is getting hard to explain. Thank you for your help so far.

ZurdoDev 14-Mar-14 22:34pm

I still don't follow completely but if your call is over https (ssl) then the username and password will be encrypted automatically.

virang_21 14-Mar-14 22:38pm

This is what I mean by security context.. http://postimg.org/image/ju2m1vua1/

#duxfea@domain.com user needs to execute the REST API call. Withing TEST_API_Service (My WCF Service ) is a method called GetStatusOfWarehouse () that calls REST API. Is it possible to create NetworkCredential object that somehow pickup #duxfea@domain.com as a username and its password without passing it explicitly when calling REST API.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)