RE: Problems signing request when using Windows Authentication

From: Andrew Feldman (AndrewFeldman_at_discussions.microsoft.com)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 15:23:05 -0700

Thanks for your response, but in your sample you illustrate my problem. When
Windows Authentication is enabled on the web form, I do not have access to
the users password with which to create the UserNameToken. How can I
get/create this token such that I can pass it to a web service and have the
service perform authorization based on the same users principal?

"D.Mitchell" wrote:

> I do exactly what you are talking about Andrew. When the request is processed
> by WSE it checks the user account specified exists with the specified
> password. You can then allow or disallow the access to the guts of the web
> method based on the user account benig in a group.
>
> Hope this helps - Dominic Mitchell
>
> In the client I add a username token to the request.
>
> Dim proxy As New myWebServiceWse
>
> Dim usernameToken as usernameToken = New
> usernameToken("myUser","test123",PasswordOption.SendPlainText)
>
> proxy.RequestSoapContext.Security.Tokens.Add(usernameToken)
>
> Call proxy.myWebMethod()
>
> *** In your web method code ***
>
> Dim token As UsernameToken
> token = getUsernameToken(RequestSoapContent.Current)
>
> If token.Principal.IsInRole(Dns.GetHostName() &
> "\requiredGroupForWebMethod") Then
> Throw New SoapException("Access denied", SoapException.ServerFaultCode)
>
> Else
> 'do it
>
> End If
>
> Public Function GetUsernameTokenOfRequestAtWebService(ByVal
> requestContext As SoapContext) As UsernameToken
> Dim boolFoundUserNameToken As Boolean
>
> If IsNothing(requestContext) Then
> Throw New SoapException("Only SOAP requests are permitted.",
> SoapException.ClientFaultCode)
> End If
>
> 'when there are no tokens in the request
> If requestContext.Security.Tokens.Count = 0 Then
> Throw New SoapException("No security tokens found in the
> request.", SoapException.ClientFaultCode)
>
> 'when there are one or more security tokens in the request
> Else
>
> 'loop over the security tokens in the request
> Dim token As UsernameToken
> For Each token In requestContext.Security.Tokens
>
> 'when the token is a username token
> If TypeOf token Is UsernameToken Then
> boolFoundUserNameToken = True
> Exit For
> End If
> Next
>
> 'when found the username token in the request
> If boolFoundUserNameToken Then
> Return token
>
> 'when not found the username token in the request
> Else
> 'when get here, must not have found the required
> username token in the request
> Throw New SoapException("UsernameToken not found in
> security tokens in the request.", SoapException.ClientFaultCode)
> End If
> End If
> End Function
>
> "Andrew Feldman" wrote:
>
> > Is it possible to crate a UserNameToken on a web form using Windows
> > Authentication and have that token be authenticated on the web service
> > against a Windows account?
> >
> > I am using Windows Authentication on my Web UI layer. I would like to
> > secure my web service layer with Windows Authentication as well. I've
> > created a policy which requires the message be signed by a UserNameToken. My
> > problem is how to create such a token in the UI, when the UserNameToken
> > constructor requires a user name and password, which from my perspective has
> > all been handled by Windows and IIS. It is unacceptable to require the users
> > to reenter their info into my app in adition to any Windows/IIS popups they
> > may have received. Can I utlize the WindowsPrincipal which ASP.NET has
> > created for me in some manner?

Relevant Pages