Highlighted
saratkumar43 Absent Member.
Absent Member.
306 views

Consuming C# WCF service from managed visual cobol winform application

I was able to execute the sample visual cobol WEB WCF service and validate its results.

I am trying to consume a C# WCF service hosted in a different domain from a winform test client managed program developed using VC 2.3.

I get error message  "The server has rejected the client credentials".

Here's my test client app config file details...

 

<client>

<endpoint address="net.tcp://servername.domain:port number/path/TestService.svc" binding="netTcpBinding" bindingConfiguration="TestService" contract="ServiceReference.ITestService" name="TestService">
<identity>
<userPrincipalName value="service account@another domain" />

</identity>
</endpoint>
</client>

 

What am i missing ? 

0 Likes
1 Reply
Micro Focus Expert
Micro Focus Expert

RE: Consuming C# WCF service from managed visual cobol winform application

This is a WCF issue, not a Micro Focus one. You'd have the same problem if your client was written in C#.

Note that it's not a WCF bug, just a feature of WCF which is working as intended but complicates service invocation. WCF wants to secure services by default, because remote service invocation is a security risk.

The server is rejecting the request because it can't authenticate the client.

As I understand it (and I'm not a WCF expert), when a client uses an identity element containing a userPrincipalName, the client will attempt to authenticate to the server with Kerberos. That will only work if the client and server share a Kerberos domain, which (again, as I understand it) for Windows generally means either they're in the same domain, or their domains are part of a federated forest.

See these StackOverflow discussions for additional information:
stackoverflow.com/.../what-purpose-does-the-wcf-client-specified-userprincipalname-serve
stackoverflow.com/.../the-server-has-rejected-the-client-credentials

The Microsoft WCF documentation:
docs.microsoft.com/.../index

goes into WCF security in great detail. From a quick review, I think you may have to use WSHttpBinding rather than NetTcpBinding to authenticate to a remote service that's not in your Kerberos domain. I'm not at all sure about that, though.

I suggest contacting the person or organization responsible for the remote service. Presumably they have dealt with this before.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.