How to force soap header authentication for my scenario?

Question

The problem is: I need to connect to a soap web service; generated by java code; using ASP.Net client via C# through MS Visual Studio 2013.

Try 1, The usual way:

I have added a web service reference using the wsdl and by assigning the credentials like:

Credentials.Username.Username = "test";
Credentials.Password.Password = "test";

When executing, the following exception is being encountered:

                      The login information is missing!

Try 2:

I have searched for similar problems like:

how-to-go-from-wsdl-soap-request-envelope-in-c-sharp

Dynamic-Proxy-Creation-Using-C-Emit

c# - Client to send SOAP request and received response

I had chosen to generate a proxy class using the wsdl tool, then added the header attribute, but I have found the following note from Microsoft:

Note: If the Web service defines the member variables representing the SOAP headers of type SoapHeader or SoapUnknownHeader instead of a class deriving from SoapHeader, a proxy class will not have any information about that SOAP header.

Try 3: I have tried to change the service model in the client web.config:

  <bindings>
      <basicHttpBinding>
        <binding name="CallingCardServicePortBinding">
          <security mode="TransportWithMessageCredential" >
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>

Then added the credentials like the first try, but the following error appears:

MustUnderstand headers:[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood 

So, now I don't know what to do ! I have no control over the web service and I need to build a client that understands it.

Help Please!

The Soap Request template is the following:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="...">
   <soapenv:Header>
    <credentials>
        <userName>someUserName</userName>
        <password>somePassword</password>
     </credentials> 
   </soapenv:Header>
   <soapenv:Body>
      <ser:someRequest>
         .......
         .......
         .......
      </ser:someRequest>

Answer 1

If the destination web service uses authentication, then just ASMX won't do, since it is not aware of authentication, encryption etc. You have 2 options:

1. Use Microsoft WSE: http://www.microsoft.com/en-us/download/details.aspx?id=14089

this is nothing but an extension of ASMX which makes it Security/Encryption aware. (and some other features) technically, you'll be adding a reference to the WSE DLL and your Soap Proxy will extend from the WSE SOAP Client instead of the System one.

once you do that, the proxy class will have additional username/password properties that you can use to authenticate properly.

set the properties and see the outgoing request using fiddler. if the header is not what you want (because of namespaces etc.), then you can write a custom outgoing message inspector and modify the soap request nicely.

1. The other option (preferred) is to use WCF.

ASMX and WSE are older than WCF. WCF tries to bring all the web service nuances under one roof. if you get a WCF service reference, it (svcutil.exe) will automatically create the proxy class and the right bindings for you. (mostly custom)

once you do that, try setting the user name and password.

if that doesn't work, (i have frequently struggled to generate the right soap header for remote java based services that require username/password authentication), you can define a static header chunk in the web.config/app.config, that'll be sent as part of every request.

e.g.

<client>
 <endpoint>
  <headers>
    <credentials>
        <userName>someUserName</userName>
        <password>somePassword</password>
     </credentials> 
  </headers>
 </endpoint>
</client>