Re: How to generate username or kerberos tokens automatically

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Hervey Wilson [MSFT] (herveyw.nospam_at_nospam.microsoft.com)
Date: 09/28/04

• Next message: Hervey Wilson [MSFT]: "Re: Signing/Encrypting with kerberos token or usernametoken"
• Previous message: Hervey Wilson [MSFT]: "Re: X509 Certificate encryption problem"
• In reply to: IP: "RE: How to generate username or kerberos tokens automatically"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 27 Sep 2004 22:23:38 -0700

IP wrote:
> P.S. - I am trying to have the tokens generated without explicitly writing
> any code. I assume that is what the autoIssueSecurityContextToken setting
> does.
>
> Thanks again,
> IP
>
> "IP" wrote:
>
>
>>How can I generate username or kerberos tokens automatically?
>>
>>I have the following configuration in my app.config:
>> <microsoft.web.services2>
>> <policy>
>> <cache name="../../policyCache.config" />
>> </policy>
>> <diagnostics/>
>> <tokenIssuer>
>> <autoIssueSecurityContextToken enabled="true" />
>> </tokenIssuer>
>> </microsoft.web.services2>
>>
>>However, if I don't add the token explicitly in my code, the web service
>>call fails.
>>
>>Thanks in advance,
>>IP

No, it's not what autoIssueSecurityContextToken does. This is a
receiver-side setting that enables WS-SecureConversation for all
services in the current app domain. Issuing a SecurityContextToken still
requires that the client present a valid base token, for example either
UsernameToken or KerberosToken.

At the client, UsernameTokens cannot be generated automatically since
they require a password value. KerberosTokens can be generated
automatically if you configure the policy file for the client correctly.
  There should be examples of this in the samples for the product.

-- 
This posting is provided "AS IS", with no warranties, and confers no rights.

---

• Next message: Hervey Wilson [MSFT]: "Re: Signing/Encrypting with kerberos token or usernametoken"
• Previous message: Hervey Wilson [MSFT]: "Re: X509 Certificate encryption problem"
• In reply to: IP: "RE: How to generate username or kerberos tokens automatically"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages KDC_ERR_S_PRINCIPAL_UNKNOWN ... This error is generated by the Kerberos KDC when someone ... tries to log on with a username which is not valid in the ... Kerberos Realm. ... > Client Realm: ... (microsoft.public.win2000.security) Re: Security model advice, please help!! ... (Kerberos and Username). ... use the kerberos policy to consume the service (Using the current windows ... WSE includes a sample to configure different turn-key assertions for the ... (microsoft.public.dotnet.framework.webservices.enhancements) Kerberos requesting services and tickets using wrong username - he ... Now when I log into my PC with MY username, ... DC's security event log is showing that the kerberos service tickets are ... Shouldnt kerberos ONLY request tickets and services using the currently ... (microsoft.public.win2000.security) Kerberos requesting services using wrong user.... ... Now when I log into my PC with MY username, ... DC's security event log is showing that the kerberos service tickets are ... Shouldnt kerberos ONLY request tickets and services using the currently ... (microsoft.public.win2000.security) Kerberos using wrong username to request tickets and services. ... Now when I log into my PC with MY username, ... DC's security event log is showing that the kerberos service tickets are ... Shouldnt kerberos ONLY request tickets and services using the currently ... (microsoft.public.win2000.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.webservices.enhancements  > 2004-09