How to: Specify Channel Security Credentials

The Windows Communication Foundation (WCF) Service Moniker allows COM applications to call WCF services. Most WCF services require the client to specify credentials for authentication and authorization. When calling a WCF service from a WCF client, you can specify these credentials in managed code or in an application configuration file. When calling a WCF service from a COM application, you can use the IChannelCredentials interface to specify credentials. This topic will illustrate various ways to specify credentials using the IChannelCredentials interface.

ms735113.note(en-us,VS.85).gifNote:
IChannelCredentials is an IDispatch-based interface and you will not get IntelliSense functionality in the Visual Studio environment.

This article will use the WCF service defined in the Message Security Sample.

To specify a client certificate

  1. Run the Setup.bat file in the Message Security directory to create and install the required test certificates.

  2. Open the Message Security project.

  3. Add [ServiceBehavior(Namespace=``http://Microsoft.ServiceModel.Samples``)] to the ICalculator interface definition.

  4. Add bindingNamespace=``http://Microsoft.ServiceModel.Samples to the endpoint tag in the App.config for the service.

  5. Build the Message Security Sample and run Service.exe. Use Internet Explorer and browse to the service's URI (https://localhost:8000/ServiceModelSamples/Service) to ensure that the service is working.

  6. Open Visual Basic 6.0 and create a new Standard .exe file. Add a button to the form and double-click the button to add the following code to the Click handler:

        monString = "service:mexAddress=https://localhost:8000/ServiceModelSamples/Service?wsdl"
        monString = monString + ", address=https://localhost:8000/ServiceModelSamples/Service"
        monString = monString + ", contract=ICalculator, contractNamespace=http://Microsoft.ServiceModel.Samples"
        monString = monString + ", binding=BasicHttpBinding_ICalculator, bindingNamespace=http://Microsoft.ServiceModel.Samples"
    
        Set monikerProxy = GetObject(monString)
    
        'Set the Service Certificate.
     monikerProxy.ChannelCredentials.SetServiceCertificateAuthentication "CurrentUser", "NoCheck", "PeerOrChainTrust"
    monikerProxy.ChannelCredentials.SetDefaultServiceCertificateFromStore "CurrentUser", "TrustedPeople", "FindBySubjectName", "localhost"
    
        'Set the Client Certificate.
        monikerProxy.ChannelCredentials.SetClientCertificateFromStoreByName "CN=client.com", "CurrentUser", "My"
        MsgBox monikerProxy.Add(3, 4)
    
  7. Run the Visual Basic application and verify the results.

    The Visual Basic application will display a message box with the result from calling Add(3, 4). SetClientCertificateFromFile or SetClientCertificateFromStoreByName can also be used in place of SetClientCertificateFromStore to set the Client Certificate:

    monikerProxy.ChannelCredentials.SetClientCertificateFromFile "C:\MyClientCert.pfx", "password", "DefaultKeySet"
    
ms735113.note(en-us,VS.85).gifNote:
For this call to work, the client certificate needs to be trusted on the machine the client is running on.

ms735113.note(en-us,VS.85).gifNote:
If the moniker is malformed or if the service is unavailable, the call to GetObject will return an error saying "Invalid Syntax." If you receive this error, make sure the moniker you are using is correct and the service is available.

To specify user name and password

  1. Modify the Service App.config file to use the wsHttpBinding. This is required for user name and password validation:

    <endpoint address=""
              binding="wsHttpBinding"
              bindingNamespace="http://Microsoft.ServiceModel.Samples" 
              bindingConfiguration="Binding1" 
              contract="Microsoft.ServiceModel.Samples.ICalculator" />
    
  2. Set the clientCredentialType to UserName:

    <bindings>
      <wsHttpBinding>
        <binding name="Binding1" >
          <security mode="Message">
             <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    
  3. Open Visual Basic 6.0 and create a new Standard .exe file. Add a button to the form and double-click the button to add the following code to the Click handler:

        monString = "service:mexAddress=https://localhost:8000/ServiceModelSamples/Service?wsdl"
        monString = monString + ", address=https://localhost:8000/ServiceModelSamples/Service"
        monString = monString + ", contract=ICalculator, contractNamespace=http://Microsoft.ServiceModel.Samples"
        monString = monString + ", binding=WSHttpBinding_ICalculator, bindingNamespace=http://Microsoft.ServiceModel.Samples"
    
        Set monikerProxy = GetObject(monString)
    
        monikerProxy.ChannelCredentials.SetServiceCertificateAuthentication "CurrentUser", "NoCheck", "PeerOrChainTrust"
        monikerProxy.ChannelCredentials.SetUserNameCredential "username", "password"
    
        MsgBox monikerProxy.Add(3, 4)
    
  4. Run the Visual Basic application and verify the results. The Visual Basic application will display a message box with the result from calling Add(3, 4).

    ms735113.note(en-us,VS.85).gifNote:
    The binding specified in the service moniker in this sample has been changed to WSHttpBinding_ICalculator. Also note that you must supply a valid user name and password in the call to SetUserNameCredential.

To specify Windows Credentials

  1. Set clientCredentialType to Windows in the Service App.config file:

    <bindings>
      <wsHttpBinding>
        <binding name="Binding1" >
          <security mode="Message">
            <message clientCredentialType="Windows"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    
  2. Open Visual Basic 6.0 and create a new Standard .exe file. Add a button to the form and double-click the button to add the following code to the Click handler:

        monString = "service:mexAddress=https://localhost:8000/ServiceModelSamples/Service?wsdl"
        monString = monString + ", address=https://localhost:8000/ServiceModelSamples/Service"
        monString = monString + ", contract=ICalculator, contractNamespace=http://Microsoft.ServiceModel.Samples"
        monString = monString + ", binding=WSHttpBinding_ICalculator, bindingNamespace=http://Microsoft.ServiceModel.Samples"
        monString = monString + ", upnidentity=domain\userID"
    
        Set monikerProxy = GetObject(monString)
         monikerProxy.ChannelCredentials.SetWindowsCredential "domain", "userID", "password", 1, True
    
        MsgBox monikerProxy.Add(3, 4)
    
  3. Run the Visual Basic application and verify the results. The Visual Basic application will display a message box with the result from calling Add(3, 4).

    ms735113.note(en-us,VS.85).gifNote:
    You must replace "domain", "userID", and "password" with valid values.

To specify an issue token

  1. Issue tokens are used only for applications using federated security. For more information about federated security, see Federation and Issued Tokens and Federation Sample.

    The following Visual Basic code example illustrates how to call the SetIssuedToken method:

        monString = "service:mexAddress=https://localhost:8000/ServiceModelSamples/Service?wsdl"
        monString = monString + ", address=https://localhost:8000/SomeService/Service"
        monString = monString + ", contract=ICalculator, contractNamespace=http://SomeService.Samples"
        monString = monString + ", binding=WSHttpBinding_ISomeContract, bindingNamespace=http://SomeService.Samples"
    
        Set monikerProxy = GetObject(monString)
    monikerProxy.SetIssuedToken("http://somemachine/sts", "bindingType", "binding")
    

    For more information about the parameters for this method, see SetIssuedToken.

See Also

Tasks

How to: Configure Credentials on a Federation Service
How to: Create a Federated Client

Concepts

Federation
Message Security in WCF
Bindings and Security


© 2007 Microsoft Corporation. All rights reserved.
Build Date: 2009-08-07