Re: WSE 2.0 Custom Authentication

• Previous message: Roman Kiss [MVP]: "[ANN] soap.msmq transport"
• In reply to: Greg: "Re: WSE 2.0 Custom Authentication"
• Next in thread: Jag: "Re: WSE 2.0 Custom Authentication"
• Messages sorted by: [ date ] [ thread ]

Date: 22 Jun 2004 20:26:31 -0700

Hi Greg,
Thanks for you reply. Are you looking at the sample that installs with
wse 2.0 in the install folder and not the HOLDEVL34 - Security.doc? I
ask this as the CustomXmlSecTokencode sample has no class deriving
from UsernameTokenManager (override AuthenticateToken) method. I might
be missing something. This sample that I am referring to has a custom
implementation of a XmlToken.

What I am looking at doing is providing a token that can hold
information related to lockout policies and password policies of a
user account.

Regards
Jagdeep

"Greg" <na> wrote in message news:<u$$mwHFWEHA.4048@TK2MSFTNGP12.phx.gbl>...
> Hi Jag, thanks for the reply. I ended up getting it working, I just overrode
> the AuthenticateToken method. I found the most difficulty in configuring
> the web.config :) I was trying to do it manually and kept running into
> problems. Unfortunately a lot of the documentation doesn't explain what the
> settings are for in the web.config very well (at least not what I was
> looking at). I ended up using the visual studio add-in tool to configure it
> and everything has worked. Also, I had to update the web references several
> times.
>
> My user authentication method is as follows:
>
> protected override string AuthenticateToken(UsernameToken token)
> {
>
> ClassLib.User User; // My custom user class
>
> string sConnString = Utilities.ReadAppSettings("AdminConnectionString");
> User = new ClassLib.User(sConnString);
>
> // Queries Db to see if userId is valid
> if(User.GetUserAuthentication(token.Username, token.Password) >0)
> {
> return token.Password;
> }
> else
> {
> return "";
> }
> }
>
> One thing that I don't like about this is that it has to authenticate the
> user each time, which means a trip to the db each time. I may end up
> creating a hash table to store all the authenticated users and search that
> before querying the db. The only downside there is if a user changes a
> password (or user is deleted), I will have to make sure the hash table is
> updated accordingly.
>
>
> ----- Original Message -----
> From: "Jag" <jagdeepsahdeva@hotmail.com>
> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
> Sent: Monday, June 21, 2004 8:15 PM
> Subject: Re: WSE 2.0 Custom Authentication
>
>
> > Hi Greg
> >
> > I am trying to do a similar implementation. You can have a look at the
> > CustomXmlSecTokencode sample (check under the WSE 2.0 install directory).
> I
> > have had no luck getting the sample to work. You may see some of my
> posting
> > but I am still waiting for some help. Thats all I can help with.
> >
> > Regards
> > Jagdeep
> >
> > "Greg" <na> wrote in message
> news:%23zgR4M6VEHA.1952@TK2MSFTNGP12.phx.gbl...
> > > I would like to implement custom authentication using WSE 2.0 . I have
> > > downloaded the HOL but all the examples seem to use a windows
> authentication
> > > system which is not possible for me.
> > >
> > > My thought would be to override the "AuthenticateToken" method (similar
> to
> > > what is in the WebSecurityHelper.cs example), perform a database query,
> etc.
> > > However, I'm guessing I would still have to get a valid token in order
> for
> > > this to be useful (though the method just returns a string, so I'm not
> > > sure-- still trying to get my head wrapped around it). Has anyone
> attempted
> > > something like this? Am I heading in the right direction?
> > >
> > > Thanks,
> > > Greg
> > >
> > >
> >
> >

• Previous message: Roman Kiss [MVP]: "[ANN] soap.msmq transport"
• In reply to: Greg: "Re: WSE 2.0 Custom Authentication"
• Next in thread: Jag: "Re: WSE 2.0 Custom Authentication"
• Messages sorted by: [ date ] [ thread ]