Monthly Archives: December 2014

Calling Soap web service from Desktop app with Windows Authentication

I recently had to create a small proof of concept app that calls a soap web service which must be a bit more secure than just allowing Anonymous access. The Web Service requires Windows Authentication to be enabled (NTLM as main provider) with Anonymous disabled.

Calling this web service should be straight forward as you would expect a Windows (Forms) desktop application to pass any logon details when making network related calls. Unfortunately when using Web Services the call seems to be made ‘Anonymous’ by default using the generated proxy class as created by Visual Studio. Fortunately the solution is straight forward provided you can find it on Google (or any other search engine 😉 )

Without going into the real details of how and why this work here is the solution: You have to add security details to the ‘binding configuration’ of the endpoint of the Web Reference. In short the config must look something like this:

  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
       <binding name="SomeServiceSoap">
                <strong><security mode="TransportCredentialOnly">
                  <transport clientCredentialType="Ntlm" proxyCredentialType="None"
                      realm="" />
                  <message clientCredentialType="UserName" algorithmSuite="Default" />
                </security></strong>
              </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://myserver/webservices/SomeService/SomeService.asmx"
                binding="basicHttpBinding"
                bindingConfiguration="SomeServiceSoap"
                contract="SomeServiceWS.SomeServiceSoap"
                name="SomeServiceSoap" />
    </client>
  </system.serviceModel>

The important part here is the <security> tag and its content. Like explained before on the server side Only ‘Windows Authentication’ must be enabled with the ‘NTLM’ provider as the first provider.

Possibly this can also be done through code but I haven’t tried that yet.