Azure Api Management, WCF Service and Authentication

Yvonne Arnoldus 121 Reputation points
2020-10-02T11:41:52.363+00:00

Hi,

Summary of my environment:
* WCF service is NOT hosted on Azure but on our Development environment which is reachable just fine over the internet.
* I created the Soap to Rest in Azure API Management by importing the ?singleWSDL of the WCF without any other settings just the defaults.
* And selected the basicHttpBinding because wsHttpBinding doesn't work according to this documentation (https://learn.microsoft.com/en-us/azure/api-management/api-management-api-import-restrictions#-wsdl )
* Haven't made any updates to the generated policy.

I'm try to convert an old SOAP WCF through Azure Api Management to a Rest service.

When I use this binding for my WCF service:

I got everything working fine.

But this means there is no security on the WCF service. So I have upgraded to a very simple authentication scheme username/password by using binding:

But I can't get this to work with Azure APIM I keep getting this error

x-powered-by: ASP.NET  
{  
    "error": {  
        "code": "a:InvalidSecurity",  
        "message": "An error occurred when verifying security for the message."  
    }  
}  

I did many google searches on how this should be done but haven't found any.

I have added: \

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,650 questions
{count} votes

Accepted answer
  1. Yvonne Arnoldus 121 Reputation points
    2020-10-04T14:13:49.28+00:00

    Hi,

    Thank you for you input.

    Could not make it work with Postman, so I did some digging and found my problem.

    <basicHttpBinding>
        <!-- HTTPS and credentials enabled. -->
        <binding name="Production">
            <security mode="TransportWithMessageCredential">
                <message clientCredentialType="UserName" />
            </security>     
        </binding>
    </basicHttpBinding>
    

    Should be

    <basicHttpBinding>
        <!-- HTTPS and credentials enabled. -->
        <binding name="Production">
            <security mode="Transport">
                <transport clientCredentialType="Basic" />
            </security>         
        </binding>
    </basicHttpBinding>
    

    And now it works..

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful