I created a simple .NET WebService (it just passes back a string). How do I modify the server side (and possibly the client side) so that it also uses a username/password to validate before sending a response?
static void Main(string args)
UpdateClient client = new UpdateClient("UpdateSOAPIIS");
client.ClientCredentials.UserName.UserName = "Michael";
client.ClientCredentials.UserName.Password = "testpassword";
String response = client.GetString("New York, NY");
if (client != null) client.Close();
public virtual GetStringResponse GetString(GetStringRequest request)
return new GetStringResponse("Search Location: " + request.location);
I recommend reading Juval Lowy's excellent article Declarative WCF Security. He describes five common scenarios (intranet, internet, b2b, anonymous, no security at all) and shows what that means, how to accomplish that etc.
He even goes as far as creating declarative attributes that you can basically just put on your service declaration and be done with it.
Those security scenario should really cover at least 80%, if not 95% of your typical cases. Study them and use them! Highly recommended