The HTTP request is unauthorized with client authentication scheme ‘Basic’. The authentication header received from the server was ‘Basic realm=”SAP HANA Cloud Platform”‘.

In my line of work I quite often find myself connecting to Web Services to consume data, usually by SOAP or RESTful based services. They both have the good and bad points, the good points are that SOAP based exchanges usually come with a nice description of the contracts in the form of a WSDL file. However anything .net can be quite picky about how it digests these end points while a malformed or in-complete wsdl will quite happily be used by SoapUI or similar test suite, .net will struggle. Case in point if your bindings aren’t setup correctly, if you are not sure about the non-clemanture of WSDL files I suggest this as an old but good article to get you started.

I was getting the above error because I was not declaring my bindings properly, they weren’t mentioned at all in the WSDL so I suppose Visual Studio was behaving as expected, if they were they would have probably been declared in the app.config, I don’t like doing it there if I can help it though and prefer to do it programmatically. So, what I had to do was create bindings and past them with the configuration…..Something like this:

                Uri Address = new Uri("https://deadendpoint.com/pain");
                EndpointAddress EndPointAddr = new EndpointAddress(Address);
                //Create your binding this normally Basic for SOAP
                BasicHttpBinding Binding = new BasicHttpBinding();
                //If you have authenticate with HTTPS with username password we need to set Transport and Message Credential
                Binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
                Binding.Security.Mode = BasicHttpSecurityMode.Transport;
                Binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
                //Instantiate Client with our binding and URI
                autoCreatedProxyClassClient ProxyClient = new autoCreatedProxyClassClient(Binding, EndPointAddr);
                //Specify Username-credential credentials
                ProxyClient.ClientCredentials.UserName.UserName = myUsername;
                ProxyClient.ClientCredentials.UserName.Password = myPassword;
                //Add request to field
                ProxyRequest.ProxyRequestField = ProxyDTRequest;

Logging for the FIM/MIM Web Services connector and config tool

There is so much information out there about setting up logging and none of it I could get to work, so to that end here is the definitive list of how to get logging working. Please note the difference between logging the Web Services Configuration tool and the Web Services connector itself….

To enable ETW logging for connector, please follow the below steps:

Case 1: When “Run this Management agent in a separate process” checkbox is checked.

Add the below section after the </configSections> tag in dllhost.exe.config file.
File Path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\dllhost.exe.config


&lt;system.diagnostics&gt;


    &lt;sources&gt;


        &lt;source name="ConnectorsLog" switchValue="Verbose"&gt;


            &lt;listeners&gt;


                &lt;add initializeData="ConnectorsLog" type="System.Diagnostics.EventLogTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="ConnectorsLogListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, Callstack" /&gt;


            &lt;/listeners&gt;


        &lt;/source&gt;


    &lt;/sources&gt;


&lt;/system.diagnostics&gt;



Case 2: When “Run this Management agent in a separate process” checkbox is not checked.

Add the below section inside the <system.diagnostics>/<sources> section in miiserver.exe.config file.
File Path: C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Bin\miiserver.exe.config

Note: There are two <system.diagnostics> sections in miiserver.exe.config file. Please make sure to add the below section under <system.diagnostics> section which appears first.



<source name="ConnectorsLog" switchValue="Verbose">


    <listeners>


        <add initializeData="ConnectorsLog" type="System.Diagnostics.EventLogTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="ConnectorsLogListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, Callstack" />


    </listeners>


</source>


To enable ETW logging for WS Config tool, please follow the below steps(new method):

Log level is resolved from the tool’s config file WSConfigTool.exe.config which is located under C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\UIShell\Web Service Configuration:

Initially after installing the tool the below section is commented out so user needs to uncomment this section as shown below:

 



<!--Uncomment system.diagnostics section to enable the event viewer logging for the WS Config tool, other listeners can also be added like TextWriterTraceListener, XmlWriterTraceListener etc.-->


<system.diagnostics>


  <sources>


    <source name="WSConfigToolLog" switchValue="Verbose">


      <listeners>


        <add initializeData="WSConfigToolLog" type="System.Diagnostics.EventLogTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" name="WSConfigToolLogListener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, Callstack, ProcessId, ThreadId" />


      </listeners>


    </source>


  </sources>


</system.diagnostics>

 

If you don’t see the section above in the WsConfgTool.exe.config file it means you are working with an older version of WS Connector so in this case please follow the steps below:

Web Service Configuration Tool Logging(old method)

By default, Web Service Configuration Tool logging is disabled. In order to turn ON logging, one should perform following operation:

1.     Open file FIM_INSTALL_DIR\Synchronization Service\ UIShell\Web Service Configuration\ WSConfigTool.exe.config

2.     Goto the “LoggingLevel” section and change the value to 2 or 3.

Logging level section:

<setting name=”LoggingLevel” serializeAs=”String”>

<value>0</value>

</setting>

3.     The different logging values represent the following:

a.     Value 2 – High logging – High important events (e.g. Exceptions) are logged.

b.    Value 3 – Verbose logging – All the activities performed are logged.

c.     Any other value than the above represents logging disabled.

4.     Save the changes.

Log file is written to folder:  C:\ProgramData\WebServiceConfigTool

Log file name: WebServiceConfigTool.log

After you have enabled the connector logging, please follow these steps :

  1. Clear the Application log.
  2. Creating a new connector Copy all the logs in a separate file Clear the logs.

 

If you get the error “The configuration section cannot contain a CDATA or text element” then try removing all the spaces in the xml pasted and re-insert them. White spaces from the web turn out to be not so white sometimes……

WordPress Appliance - Powered by TurnKey Linux