If you’re using the WCF BasicHttpBinding (SOAP 1.1), WSHttpBinding (SOAP 1.2), or WebHttpBinding (RESTful) to access a web service in your .Net Core applications (.Net Framework applications do not have this problem.) you might encounter that if you set the ClientCredentialType as below
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
You can not use another transport security type like Certificate or else. Because when we set the ClientCredentialType to one certain technique it avoids other security implementations.
You might think that this is a limitation because of WCF. It is not. The binding is the limitation which is why we will be using something called CustomBinding.
Before that, I tried to add an SSL certificate to headers before sending any request to other services, But as I mentioned the service works as a single ClientCredentialType so our BasicHttpBinding is not going to work with our needs.
It’s simple, all we need to do is create a CustomBinding with the given BasicHttpBinding with Basic Authentication. Then add our Certificate option as a HttpsTransportBindingElement.
// Create BasicHttpBinding (Soap 1.1) with Basic Auth type
var basicBinding = new BasicHttpBinding();
basicBinding.Security.Mode = BasicHttpSecurityMode.Transport;
basicBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
// Create custom binding with given basic binding
var customBinding = new CustomBinding(basicBinding);
// Add Client Certificate requireation with HttpTransportBindingElement
HttpsTransportBindingElement transportBindingElement = customBinding.Elements.Find<HttpsTransportBindingElement>();
transportBindingElement.RequireClientCertificate = true;
// Create your EndpointAddress
var uri = new Uri("Your Outer Service Url");
var address = new EndpointAddress(uri);
// Create your client with your binding and address
var client = new YourSoapClient(customBinding, address);
Furthermore, in these configurations, all you need to do is set UserName and Password for Basic Authentication and set the Certificate you have created for your specific service.
// Basic Auth credentials set
client.ClientCredentials.UserName.UserName = "Basic auth username";
client.ClientCredentials.UserName.Password = "Basic auth password";
// Certificate set
var certificateBytes = "Your SSL Certificate in Byte Array";
var certificatePassword = "Your SSL Certificate Password";
var certificate = new X509Certificate2(certificateBytes, certificatePassword);
client.ClientCredentials.ClientCertificate.Certificate = certificate;
// optional
client.ChannelFactory.Credentials.ClientCertificate.Certificate = certificate;
// Open client
client.OpenAsync();
To conclude, with all of these configurations, your service should be able to send requests to outer services using both Basic Authentication and 2WaySSL.
Top comments (0)