I have a WCF service and a client that uses that service. They use WSHttpBinding with MTOM message encoding. The client doesn’t use an app.config file, and does all of the endpoint configuration in code.
It all works rather nicely in a normal environment, however I now have some users who are attempting to connect to the service from behind an http proxy. Whenever they try to connect, they get a 407 (Proxy Authentication Required) warning.
I’ve managed to set up my own testing environment using a virtual machine with a private network that connects to a proxy, so I can simulate what they are seeing.
I’ve tried setting the system.net useDefaultCredentials property in app.config, but that doesn’t seem to have any effect. I’ve examined the packets being sent, and they don’t contain any Proxy-Authentication headers. Looking at web traffic through the proxy, they do use that header.
I’ve also tried hard coding the proxy server into the client, but that gives a “cannot connect to server” exception. Examining the packets, the client sends out 3 small ones to the proxy, none of which are an http request, and that’s it. I’m not sure what it’s doing there.
I even went so far as to add a message inspector to the client, and manually inject the required header into the requests, but that’s not showing up in the header.
I’m hitting the end of my rope here, and I really need a solution. Any ideas on what I’m missing here, or a solution?
This ( WCF Service with wsHttpBinding – Manipulating HTTP request headers ) seems promising, but I’m still stuck.
EDIT:
Here’s a portion of the code.
var binding = new WSHttpBinding();
binding.MaxReceivedMessageSize = 100000000;
binding.MessageEncoding = WSMessageEncoding.Mtom;
binding.ReaderQuotas.MaxArrayLength = 100000000;
binding.OpenTimeout = new TimeSpan(0, 2, 0);
binding.ReceiveTimeout = new TimeSpan(0, 2, 0);
binding.SendTimeout = new TimeSpan(0, 2, 0);
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.UseDefaultWebProxy = true;
// I've also tried setting this to false, and manually specifying the binding.ProxyAddress
binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Basic;
var endpointAddress = new EndpointAddress(new Uri(hostUrl));
clientProxy_ = new UpdaterServiceProxy(binding, endpointAddress);
// this behavior was the attempt to manually add the Proxy-Authentication header
//clientProxy_.Endpoint.Behaviors.Add(new MyEndpointBehavior());
clientProxy_.ClientCredentials.UserName.UserName = userName;
clientProxy_.ClientCredentials.UserName.Password = password;
clientProxy_.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode =
System.ServiceModel.Security.X509CertificateValidationMode.ChainTrust;
// do stuff...
After a lot of experimentation I’ve made some progress. It turns out that I can manually specify the proxy, and it will work.
That code appears just before I instantiate my clientProxy_. I had tried this previously, but it silently failed because I hadn’t specified the port. I still cannot get it to pick up the proxy settings specified in the Windows Internet Settings. I tried setting
proxy.Credentials = CredentialCache.DefaultNetworkCredentials;but that also seemed to have no effect.I’m also running into a problem now with the client trying to validate the service’s certificate using ChainTrust, but the requests for the chained certificates are not using the proxy settings. Since this is a more specific question, I wrote it up separately here: Certificate validation doesn't use proxy settings for chaintrust
So I’m still hoping for more help.
UPDATE:
I ended up just adding a network configuration dialog to my application so the user could specify their proxy settings. I’ve been unable to get the automatic proxy settings to work properly.