I am currently using the following methodology to implement security on my .NET-built web service.

http://www.rassoc.com/gregr/weblog/2002/06/26/web-services-security-http-basic-authentication-without-active-directory/

I have fashioned my web.config according to the instructions, and I have changed the IIS settings on the server to correspond, also.


If I click on my web service URL link, I will be challenged for the user/password. Give it one of the credentials from users.xml and it will succeed. The WSDL test page will show in the browser. Type in some garbage credentials and it will fail, which is what we want.

However, I have not been able to verify this correct behavior from a .NET client test program. I have been told that others have successfully reached it from Java frameworks.
When invoking my web service in .NET client code, how do I pass in the credentials that correspond to users.xml (which I will replace with database table validation eventually)?



Something like the following has been tried and does not work:

        Dim myCredentials As New NetworkCredential("", "", "")
        myCredentials.Domain = "XXXXXXX\xxxx"
        myCredentials.UserName = "testabc"
        myCredentials.Password = "pswabc"

        ' Create a WebRequest with the specified URL. 
        Dim myWebRequest As WebRequest = WebRequest.Create("https://test.blah-blah.com/Order/OrderReceiver.asmx")
        myWebRequest.Credentials = myCredentials

        Dim myWebResponse As WebResponse = myWebRequest.GetResponse()

The following also does not work, as the proxy class does not expose a credentials method:
servProxy3.Credentials = new NetworkCredential(“greg”,”password”);

Thanks, any help would be appreciated.