Re: New User Encrypting Username Token Issue

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Julie Lerman (jlermanATNOSPAMPLEASEthedatafarm.com)
Date: 10/07/04 

Date: Wed, 6 Oct 2004 20:37:32 -0400

okay but...the real issue here is that you are attempting to encrypt the
user name token. Just as an experiment, comment out that line and try to run
your code. I'm trying to understand the reason that you are inserting this
code so that I can try to help you understand how to accomplish whatever
goal you are trying to achieve by doing this.

Glad to hear that you did the labs. They're great, aren't they? It was
really like having Aaron sit right next to me walking me through it (except
for the part that I couldn't ask questions like my favorite one: "WHY?") <g>

julie

"Dan" <Dan@discussions.microsoft.com> wrote in message
news:BA8BCC8B-9ED2-4907-AB40-38C2D8DA8488@microsoft.com...
> Julie,
>
> Thanks for the response,
>
> The line of code to encrypt the username came right out of the hands on
lab
> documentation. The only change was to reflect my variables names.
>
> I didn't include all of the code: rather the code that I added that broke
> the system. In this case it was attempt to encrypt the unsername token and
> then the function on the service that now breaks when it attempts to
retrieve
> it.
>
> I am adding the tokens to the token collection first, just as your
response
> suggests.
>
> Thanks!
>
> Dan
>
>
> "Julie Lerman" wrote:
>
> > Dan-
> >
> > I am also still learning, but why are you encrypting the username token
as
> > data? (Could just be something I don't know about but it looks awfully
fishy
> > to me...)
> >
> > Is there other code here we are not seeing? Such as
> > .... security.tokens.add(token)
> > ....security.tokens.add(tokenX)
> >
> > All of the tokens you want to use to create elements with need to be
added
> > into the tokens collection.
> >
> > Your getusername token function looks in this tokens collection for the
> > username token.
> >
> > Then encrypteddata element is a completely separate process.
> >
> > If this is, in fact, where you are going awry, and you have some time..I
> > highly recommend the hands on lab that is at
> > msdn.microsoft.com/webservices/building/wse to walk you through the
basics
> > of how these things fit together.
> >
> > Good luck.
> >
> > julie lerman
> >
> > "Dan" <Dan@discussions.microsoft.com> wrote in message
> > news:3C199D03-EFBC-4E08-9803-56BF5D5642A2@microsoft.com...
> > > All,
> > >
> > > I am having an issue encrypting the username token using WSE 2.0 and a
> > X509
> > > Certificate. I get an Invalid Cast Message.
> > >
> > > Here is the client code
> > >
> > > //Encrypt The Data
> > > s1.RequestSoapContext.Security.Elements.Add( new EncryptedData(
> > tokenX ) );
> > > s1.RequestSoapContext.Security.Elements.Add( new EncryptedData(
tokenX,
> > > string.Format( "#{0}", token.Id ) ) );
> > >
> > > In this case tokenX is the X509Cert and token is my username token
> > >
> > > On the server I attempt to retrieve the username token so that I can
then
> > > validate they are a member of a local group. The code for doing that
is:
> > >
> > > public static UsernameToken GetUsernameToken(SoapContext context)
> > > {
> > >
> > > //Determine If A Security Token Was Included With The Message
> > > if (context.Security.Tokens.Count > 0)
> > > {
> > >
> > > //Loop Until A Username Token Is Found - Since Only A Single Token Is
> > > Anticipate Return That Token
> > > foreach ( UsernameToken tok in context.Security.Tokens )
> > > {
> > >
> > > //Should Only Be One Username Token So Return The First One return
tok;
> > >
> > > }
> > >
> > > //If Method Makes It Here Then No Username Tokens Were Found - Raise
> > Exception
> > > throw new Exception("UsernameToken not supplied");
> > >
> > > }
> > >
> > > else
> > > {
> > > throw new Exception("UsernameToken not supplied");
> > > }
> > >
> > > }
> > >
> > > Through the process of elimination I know the Service is blowing up
when
> > it
> > > invokes this method in an attempt to retireve this value.
> > >
> > > The whole thing worked just fine until I attempted to encrypt the
username
> > > token. Once that was added it fell apart.
> > >
> > > Any ideas would be appreciated. Thanks!
> > >
> > > Dan
> >
> >
> >

Relevant Pages

  • Re: Encrypting the response
    ... encrypt the response with the token that was used to sign the request. ... You should encrypt the response with the token that was used to encrypt the ... encrypting tokens in separate functions. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: exception " Private Key is not available" when runnig the sample "AsymmetricEncr
    ... The context has a tokens collection AND an elements collection which work ... > to encrypt the request, the sender in the samples encrypt the message with ... > portion of the sample server certificate is provided in the file "Server ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: WSE 2.0 SP2: UsernameTokens must be encrypted to request SCT?
    ... William Stacey, MVP ... > The SecurityTokenServiceClient class will now automatically encrypt any ... > Username tokens included in a request. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Encrypt/Decrypt Username Password using Public Key
    ... Our requirements are that we have to encrypt the user name and the ... WSE has all the mechanics for creating tokens based on username/password ... - and if you run over SSL that's totally fine. ...
    (microsoft.public.dotnet.security)
  • Re: New User Encrypting Username Token Issue
    ... The line of code to encrypt the username came right out of the hands on lab ... I am adding the tokens to the token collection first, ...
    (microsoft.public.dotnet.framework.webservices.enhancements)