Problem using WebClient to consume protected WCF REST (8-ActiveRestClientFederation)

Oct 1, 2013 at 3:29 AM
Edited Oct 1, 2013 at 3:33 AM

I have tried to follow the samples in Part 8 - ActiveRestClientFederation to secure my WCF REST Service (hosted in IIS). However, I have few differences:
  • I acquire a SAML2 Token from my custom STS, then simple attach it into Authorization header of the request. Then on the server-side, I use Saml2SecurityTokenHandler to validate the token.
  • My WCF REST service is still running under .NET 3.5 (ASP.NET 2.0), no UrlRouting is applied
  • My WCF REST service implements multiple contracts (with multiple endpoints)
I use a simple console application to test the WCF REST service locally. When using ChannelFactory together with client wcf configuration, everything is okay.

The problem comes when I want to use WebClient to test the service. I always get the Unauthorized response.
using (WebClient client = new WebClient())
    client.BaseAddress = "https://localhost/myservice/service.svc";
    client.UseDefaultCredentials = false;
    client.Headers.Add("Content-Type", "application/xml");
    client.Encoding = Encoding.UTF8;
    client.Headers.Add("Authorization", "Bearer " + HttpUtility.HtmlEncode((token as GenericXmlSecurityToken).TokenXml.OuterXml));
        string response = client.DownloadString("service.svc/sampleuri?lang=en");
        Console.WriteLine("Response: " + response);
    catch (Exception ex)
More information I have noticed:
  • In both case using ChannelFactory and WebClient, the request Uri received at the service was https://my_computer_name/myservice/service.svc/sampleuri?lang=en. It seems that localhost was replaced with my_computer_name
  • When using ChannelFactory, service can map the above request Uri with implement operation, and then executes the operation accordingly.
  • When using WebClient, service CANNOT map the above request Uri with any operation. And somehow the request was always temporarily redirected to https://localhost/myservice/service.svc/sampleuri/?lang=en (Response 307) . And after redirection, the Authorization header in the original request was lost. And another strange thing is a slash was added right before query parameters in the Uri (sampleuri?lang=en --> sampleuri/?lang=en).
  • The message I got from the service when using WebClient is:
There is no operation listening for https://my_computer_name/myservice/service.svc/sampleuri?lang=en, but there is an operation listening for https://localhost/myservice/service.svc/sampleuri/?lang=en, so you are being redirected there.
Please advise me how to trace down the real problem and fix it.

Oct 1, 2013 at 4:39 AM
Hi again,

I have just found out the reason of that issue. There is confusion between one of service endpoint and the test Uri. It works fine now with WebClient.

Sorry to bother you guys.
Marked as answer by duyph on 10/10/2013 at 4:10 AM