Providing Credentials in the .NET Client

Last updated
Save as PDF

Providing Credentials in the .NET Client

Credentials consisting of a username and password are authenticated on every web service call that is provided by the Qualcomm Services Portal. The client must pass credentials in the SOAP header of the web service request.

Include the following library references:

using Microsoft.Web.Services2;

using Microsoft.Web.Services2.Security;

using Microsoft.Web.Services2.Security.Tokens;

Credentials are passed in the form of a Microsoft.Web.Services2.SoapContext containing a Microsoft.Web.Services2.Security.Tokens.UsernameToken as follows. This code can be added to the button handler prior to the call to the member function.

string sUsername = "theusername";

string sCompanyname = "thecompanyname";

string sIdentity = sUsername + "@" + sCompanyname;

string sPassword = "thepassword";

SoapContext requestContext = svc.RequestSoapContext;

UsernameToken userToken = new UsernameToken(sIdentity, sPassword, PasswordOption.SendPlainText);

requestContext.Security.Tokens.Clear();

requestContext.Security.Tokens.Add(userToken);

Note that the user identity is actually a valid username concatenated with your company account name as you are known to the Qualcomm Services Portal delimited with an "@". A username must be qualified with a company name in order to make the identity be unique.
The sample above hard codes the company, username and password. Your application will probably accept this information from a user or determine it in some other way.

You must clear and add the security token to the context for each web service method that is executed. This means that you can set up the context and the token once in your code but you have to invoke this code on each method call.

requestContext.Security.Tokens.Clear();

requestContext.Security.Tokens.Add(userToken);

// invoke the web service method

WSE 3.0 and Visual Studio 2005 Warnings

Using the SoapContext approach descibed above with .NET Framework 2.0, WSE 3.0 and Visual Studio 2005 will result in the following warning;

Microsoft.Web.Services3.SoapContext.Security' is obsolete: 'SoapContext.Security is obsolete. Consider deriving from SendSecurityFilter or ReceiveSecurityFilter and creating a custom policy assertion that generates these filters.

WSE 3.0 provides new .NET turnkey security policy assertions.
AnonymousOverCertificateSecurity (symmetric keys)
CertificateMutualAuthenticationProfile (X.509 Certs on both sides)
MutualCertificateSecurity (same except WS-Security 1.1 compatible (encrypted SOAP headers))
UsernameOverTransportSecurity (this is what works with the Services Portal, it relies on SSL to protect credentials)
UsernameOverCertificateSecurity (crypto inherent to the exchange)
KerberosSecurity (cool for windows, default logon credentials provide SSO and no PKI required)

Substituting the following code will make the warnings go away. This is probably a massive oversimplification of what you should really be doing and I don't like that I can't explicitly set the PasswordOption to SendPlainText, however, it does function.

using Microsoft.Web.Services3.Design;

...

// Instantiate the WSDL class

qtWS = new QTWebSvcsServiceWse();

...

string sUsername = "theusername";

string sCompanyname = "thecompanyname";

string sIdentity = sUsername + "@" + sCompanyname;

string sPassword = "thepassword";

UsernameOverTransportAssertion assertion = new UsernameOverTransportAssertion();

UsernameTokenProvider tokenProvider = new UsernameTokenProvider(sIdentity, sPassword);

// Not settable but defaults to SendPlainText

// tokenProvider.GetToken().PasswordOption = PasswordOption.SendPlainText;

assertion.UsernameTokenProvider = tokenProvider;

Policy policy = new Policy();

policy.Assertions.Add(assertion);

qtWS.SetPolicy(policy);

This article is of interest.

Display the Vehicle Information