My web.config of the service is as follows
<configuration>
<appSettings>
<add key="SSLUserName" value="lgxitadmin" />
<add key="SSLPassword" value="lgxadmin$123" />
</appSettings>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="SafeServiceConf">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" proxyCredentialType="Basic"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="Ramco_LGX_interfaces.LGXService" behaviorConfiguration="metadataBehavior">
<endpoint address="" binding="" bindingConfiguration="SafeServiceConf" contract="Ramco_LGX_interfaces.ILGXService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="metadataBehavior">
<serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="Failure" messageAuthenticationAuditLevel="Failure" suppressAuditFailure="true" />
<serviceMetadata httpsGetEnabled="true" />
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<!--<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>-->
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Ramco_LGX_interfaces.CustomValidator,Ramco-LGX_interfaces" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
CustomValidator:
public class CustomValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
if (!AuthenticateUser(userName, password))
throw new SecurityTokenValidationException("Invalid Service Credentials");
else
{
// do nothing - they're good
}
}
public bool AuthenticateUser(string userName, string password)
{
if (userName != ConfigurationManager.AppSettings["SSLUserName"].ToString() || password != ConfigurationManager.AppSettings["SSLPassword"].ToString())
{
return false;
}
else
{
return true;
}
}
}
in IIS Enabled "Basic" Authentication
When i test this in SOAP UI with lgxitadmin/lgxadmin$123 credentials as configured in Config file am getting below error
Getting below error;
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<s:Fault>
<faultcode xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:InvalidSecurity</faultcode>
<faultstring xml:lang="en-AU">An error occurred when verifying security for the message.</faultstring>
</s:Fault>
</s:Body>
</s:Envelope>
Thanks in advance.
Kindly support on this
Regards
Raghu