Downgrading a service reference to a web reference in a .Net 4.0 web application

If you are trying to use a service reference in a .Net 4.0 site, but get an error message similar to the following when trying to access one of its methods…

> The HTTP request is unauthorized with client authentication scheme
> ‘Anonymous’. The authentication header received from the server was
> ‘Basic realm=”webMethods”‘.

… then the reason is that you need to pass a user name and password to the web service you are trying to connect to.

‘I’m already doing that,’ you say.

Well good, however you will also need to change your security mode to ‘Transport’ and your clientCredentialType to ‘Basic’, plus add you ‘realm’ in.

‘Done that too, it still comes back with that error message’, you reply.

This problem is caused by the fact that .Net 4.0 service references do not allow you to pass a user name and password over a non-SSL link. Security mode has to be ‘Transport’ for user credentials, and that looks for an https URL. This is a good thing, it’s more secure. But what if you have to use a web service that makes you pass a user name and password insecurely, and what if there is no way of getting the owners to change it?

Well you’ll have to use the old .Net 2.0 web reference method, which lets you do it. Assuming that you’ve already added the .Net 4.0 service reference and code to call it this is what you should do:

1) Remove the entry under the Service Reference directory (make a note of the URL!).
2) Right click the Service Reference folder, click Add Service Reference.
3) Click Advanced.
4) Click Add Web Reference, and enter your URL. Change the name to the same as the one you’ve just removed and press Add Reference.
5) Look at your web.config file. There should be an applicationSettings section at the bottom with the details of the web reference.
6) Go to the configSections area of your web.config and add the following code, substituting ‘MyNameSpace’ for your app’s web project’s namespace:

<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
      <section name="MyNameSpace.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />


7) Then go to your source code where you call the service – then change:

// .Net 4.0 service reference code
MyService.wsThings_PortTypeClient proxyServ;
proxyServ = new MyService.wsThings_PortTypeClient();
proxyServ.ClientCredentials.UserName.UserName = "User";
proxyServ.ClientCredentials.UserName.Password = "Password";


// .Net 2.0 web reference code
MyService.wsThings proxyServ;
proxyServ = new MyService.wsApplicants();
proxyServ.Credentials =  new System.Net.NetworkCredential("User", "Password");

The rest of the code calling the methods, and classes, should be the same, and you shouldn’t need to change it.

If you can persuade them to change to a secure service then do so though – there’s a reason why it is made harder to connect to an insecure one in .Net 4.0!