Re: New User Encrypting Username Token Issue

From: Dan (Dan_at_discussions.microsoft.com)
Date: 10/06/04

• Next message: hazz: "Re: trying to extend a custom authentication system."
• Previous message: john: "Re: wse 2.0"
• In reply to: Julie Lerman: "Re: New User Encrypting Username Token Issue"
• Next in thread: Julie Lerman: "Re: New User Encrypting Username Token Issue"
• Reply: Julie Lerman: "Re: New User Encrypting Username Token Issue"
• Reply: Hervey Wilson [MSFT]: "Re: New User Encrypting Username Token Issue"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 6 Oct 2004 13:21:02 -0700

Julie,

Thanks for the response,

The line of code to encrypt the username came right out of the hands on lab
documentation. The only change was to reflect my variables names.

I didn't include all of the code: rather the code that I added that broke
the system. In this case it was attempt to encrypt the unsername token and
then the function on the service that now breaks when it attempts to retrieve
it.

I am adding the tokens to the token collection first, just as your response
suggests.

Thanks!

Dan

"Julie Lerman" wrote:

> Dan-
>
> I am also still learning, but why are you encrypting the username token as
> data? (Could just be something I don't know about but it looks awfully fishy
> to me...)
>
> Is there other code here we are not seeing? Such as
> .... security.tokens.add(token)
> ....security.tokens.add(tokenX)
>
> All of the tokens you want to use to create elements with need to be added
> into the tokens collection.
>
> Your getusername token function looks in this tokens collection for the
> username token.
>
> Then encrypteddata element is a completely separate process.
>
> If this is, in fact, where you are going awry, and you have some time..I
> highly recommend the hands on lab that is at
> msdn.microsoft.com/webservices/building/wse to walk you through the basics
> of how these things fit together.
>
> Good luck.
>
> julie lerman
>
> "Dan" <Dan@discussions.microsoft.com> wrote in message
> news:3C199D03-EFBC-4E08-9803-56BF5D5642A2@microsoft.com...
> > All,
> >
> > I am having an issue encrypting the username token using WSE 2.0 and a
> X509
> > Certificate. I get an Invalid Cast Message.
> >
> > Here is the client code
> >
> > //Encrypt The Data
> > s1.RequestSoapContext.Security.Elements.Add( new EncryptedData(
> tokenX ) );
> > s1.RequestSoapContext.Security.Elements.Add( new EncryptedData( tokenX,
> > string.Format( "#{0}", token.Id ) ) );
> >
> > In this case tokenX is the X509Cert and token is my username token
> >
> > On the server I attempt to retrieve the username token so that I can then
> > validate they are a member of a local group. The code for doing that is:
> >
> > public static UsernameToken GetUsernameToken(SoapContext context)
> > {
> >
> > //Determine If A Security Token Was Included With The Message
> > if (context.Security.Tokens.Count > 0)
> > {
> >
> > //Loop Until A Username Token Is Found - Since Only A Single Token Is
> > Anticipate Return That Token
> > foreach ( UsernameToken tok in context.Security.Tokens )
> > {
> >
> > //Should Only Be One Username Token So Return The First One return tok;
> >
> > }
> >
> > //If Method Makes It Here Then No Username Tokens Were Found - Raise
> Exception
> > throw new Exception("UsernameToken not supplied");
> >
> > }
> >
> > else
> > {
> > throw new Exception("UsernameToken not supplied");
> > }
> >
> > }
> >
> > Through the process of elimination I know the Service is blowing up when
> it
> > invokes this method in an attempt to retireve this value.
> >
> > The whole thing worked just fine until I attempted to encrypt the username
> > token. Once that was added it fell apart.
> >
> > Any ideas would be appreciated. Thanks!
> >
> > Dan
>
>
>

---

• Next message: hazz: "Re: trying to extend a custom authentication system."
• Previous message: john: "Re: wse 2.0"
• In reply to: Julie Lerman: "Re: New User Encrypting Username Token Issue"
• Next in thread: Julie Lerman: "Re: New User Encrypting Username Token Issue"
• Reply: Julie Lerman: "Re: New User Encrypting Username Token Issue"
• Reply: Hervey Wilson [MSFT]: "Re: New User Encrypting Username Token Issue"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: WSE 2.0 SP2: UsernameTokens must be encrypted to request SCT? ... William Stacey, MVP ... > The SecurityTokenServiceClient class will now automatically encrypt any ... > Username tokens included in a request. ... (microsoft.public.dotnet.framework.webservices.enhancements) WSE402: The message does not conform to the policy it was mapped t ... WSE 2 SP3 webservice that is requiring client side certs and username tokens: ... The message does not conform to the policy it was mapped to. ... expression, SoapEnvelope message, EndpointReference endpoint, String action, ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: Authentication using UsernameToken and PasswordOption.SendNone ... > username token that is in hte signature. ... > sent in the tokens collection and see that it doesn't have a password and ... Using two DerivedKeyTokens, one to sign and one to encrypt, strengthens ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: CustomXmlSecurityToken > For WS-Trust ... Look at the secureConversation sample which does use a username token. ... > miserably as the Server responds with a SoapFault with a "Server NOT ... > tokens. ... > I noticed that the RST is NOT sent with an Entropy element ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: WSE 2.0 - The security token could not be authenticated or authorized ... I understand that the Windows Authentication is failing. ... username, localmachine\username but both fail to authenticate. ... > service side WSE tries to validate the tokens in the request. ... (microsoft.public.dotnet.framework.webservices.enhancements)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)