Authentication from EAI webMethods to WCF web services

Authentication from EAI webMethods to WCF web services

Overview

The integration between EAI webMethods and WCF web services need to have an authentication to prevent unauthorized access of the WCF web services.

Implementing Security in WCF

When working with WCF or Web services, securing communication between the client and the service is very important.  Transfer security is concerned with guaranteeing the integrity and confidentiality of WCF service messages as they flow from application to application across the network. In WCF, transfer security is also responsible for providing authentication. 

WCF service should have a basicHttpBinding with transport security. When using transport security, the user credentials and claims are passed by using the transport layer. Transport security is used to provide point-to-point security between the two endpoints (service and client)

By default, basicHttpBinding does not support any security, so you will need to configure the binding to use transport security. This is a good option when you want to support interoperability with non-WCF or non-Windows clients.

Transport level security provides

• ·         Authentication of the sender.
• ·         Authentication of the service.
• ·         Message integrity
• ·         Message confidentiality.
• ·         Replay of message detection.

Figure 1 : Transport Security

Creating web service in EAI Web methods

1.       Set up the WCF service with Basic Authentication in the service config file as mentioned above.

2.       If hosted in IIS, make sure that the Directory security has Basic Authentication enabled. To do this in IIS 6, type inetmgr in the run command. Open IIS. Browse to WCF service virtual directory and right click and select properties. On the Directory Security tab, click on Edit button of Authentication and access control. Select Basic authentication and click OK.

Figure 2 : Enable Basic Authentication

To do this in IIS7,  type inetmgr in the run command. Open IIS. Browse to WCF service virtual directory. Double click on Authentication icon under Security Section. Enable only the basic authentication.

Figure 3: Enable Basic Authentication

3. Browse to the wsdl of WCF service in browser. On the login prompt, enter a valid AD user account and password. Save the WCF service in a local folder as .svc file

4.       Open IIS again and turn off basic authentication and turn on Anonymous authentication.

5.       Open the WCF service config file and remove the following lines

6.       Open Webmethods Developer to create the web service descriptor

7.       Right click on the folder where the web service descriptor needs to be created and select Newà All Choices

Figure 4: Webmethods Developer – Create web service descriptor

8.      Select the Web Service Descriptor option and click next

Figure 5: Webmethods Developer – Create web service descriptor

9.       Select web service descriptor as consumer and click Next

Figure 6: Webmethods Developer – Create web service descriptor

10.   Enter the name of the service and click Next

Figure 7: Webmethods Developer – Create web service descriptor

 11.   Browse to the svc file saved in step 3 and click on finish.

Figure 8: Webmethods Developer – Create web service descriptor

The service is now created in webMethods

12.   Open IIS again and turn on basic authentication and turn off Anonymous authentication.

13.   Open the WCF service config file and add the following lines wherever it is removed from the basicHttpBinding 

14.   Go to the EAI webMethods service call and pass in the user credentials in the transport authentication as below

Figure 9 : Webmethods developer – Pass Authentication details

Now the authentication is established between EAI and WCF to have the basicHttpBinding with transport security using Basic Authentication.