I have a simple web service which is hosted inside a console application. It works, with one problem: the authentication doesn’t work properly.
My app.config is as follow:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="NewBinding0">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="Mg">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="TSOWS.UserValidator,TSOWS" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<!--<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />-->
<services >
<service name="TSOWS.TSOWS" behaviorConfiguration="Mg" >
<endpoint address="/MyAddress" binding="wsHttpBinding" contract="TSOWS.ITSOWS" />
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
<host>
<baseAddresses >
<add baseAddress="http://10.120.170.181:8181/TSOWS.svc" />
</baseAddresses>
</host>
</service >
</services>
</system.serviceModel>
and my validator is:
public class UserValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
if (!(userName == "TSOWSUser" && password == "password"))
{
throw new SecurityTokenException("Unknown Username or Password");
}
}
}
The UserValidator.Validate is never called and the web service is open and there is no need to supply any user name or password.
Any idea why this is happening?
Do I need a server certificate to be able to use authentication?
You need a certificate for this to work. If your application is intranet, use windows authentication which doesn’t need certificate but you need to define users in windows.