Re: UsernameToken and CustomUsernameTokenManager are not calling Authenticate token

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Sami Vaaraniemi (samivanospam_at_pleasejippii.fi)
Date: 01/12/05 

Date: Wed, 12 Jan 2005 16:31:57 +0200

What's with all these sudden UsernameToken problems?

Anyway, it seems that WES is using its built-in UsernameTokenManager which
tries to authenticate the credentials against a Windows account. Try
changing

    xmlns:wsse="http://tempuri.org/MyNamespace"

in the securityTokenManager tag in the service config file to

  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"

and see if it picks up your custom UsernameTokenManager.

Regards,
Sami

"Matthias" <was19@gmx.de> wrote in message
news:2cfee7ec.0501120606.278eded0@posting.google.com...
> Hi guys,
>
> I tried to follow the example for securing a webservice with a
> UsernameToken
> (http://msdn.microsoft.com/library/en-us/wse/html/cf2b92f2-2338-4af9-89c1-38fe0eab7730.asp).
> I have a class CustomUsernameTokenManager derived from
> UsernameTokenManager with a function AuthenticateToken(UsernameToken
> userName). The CustomUsernameTokenManager is registered in the
> web.config with
>
> <code from web.config>
>
> <?xml version="1.0" encoding="utf-8"?>
> <configuration>
> <configSections>
> <section name="microsoft.web.services2"
> type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration,
> Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral,
> PublicKeyToken=31bf3856ad364e35" />
> </configSections>
> <system.web>
> <webServices>
> <soapExtensionTypes>
> <add type="Microsoft.Web.Services2.WebServicesExtension,
> Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral,
> PublicKeyToken=31bf3856ad364e35" priority="1" group="0" />
> </soapExtensionTypes>
> </webServices>
> <microsoft.web.services2>
> <security>
> <securityTokenManager type="MyNamespace.CustomUsernameTokenManager,
> MyNamespace" xmlns:wsse="http://tempuri.org/MyNamespace"
> qname="wsse:UsernameToken" />
> </security>
> <diagnostics>
> <detailedErrors enabled="true" />
> <trace enabled="false" />
> </diagnostics>
> </microsoft.web.services2>
> </configuration>
>
> </code>
>
> The Client calls a webservice with the following:
>
> <code from client>
>
> UsernameToken userToken = new UsernameToken("xxx", "yyy",
> PasswordOption.SendPlainText);
> webservice.HelloServiceWse serviceProxy = new
> webservice.HelloServiceWse();
> SoapContext requestContext = serviceProxy.RequestSoapContext;
> requestContext.Security.Tokens.Add(userToken);
> MessageSignature sig = new MessageSignature(userToken);
> requestContext.Security.Elements.Add(sig);
> requestContext.Security.Timestamp.TtlInSeconds = 60;
> textBox1.Text = serviceProxy.sayHello();
>
> </code>
>
> Every time I call the webservice function an security error occurs. In
> the AuthenticateToken function I return "yyy".
>
> <code from error>
>
> 'System.Web.Services.Protocols.SoapHeaderException' occured in
> system.web.services.dll
>
> Additional information:
>
> Microsoft.Web.Services2.Security.SecurityFault: The security token
> could not be authenticated or authorized
> at
> Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUserFailed(UsernameToken
> token)
> at
> Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser(UsernameToken
> token)
> at
> Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.AuthenticateToken(UsernameToken
> token)
> at
> Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(SecurityToken
> securityToken)
> at
> Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurityToken(XmlElement
> element)
> at
> Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement
> element)
> at Microsoft.Web.Services2.Security.Security.LoadToken(XmlElement
> element, SecurityConfiguration configuration, Int32& tokenCount)
> at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement
> element)
> at
> Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope
> envelope)
> at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
> envelope)
> at
> Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage
> message)
>
> </code>
>
> I don't know why but the AuthenticateToken function is never called.
> What is wrong?

Relevant Pages

  • Re: Deployement issue, stuck bad
    ... the UsernameTokenManager in the web service can't ... authenticate the username token that you are sending attached to the ... Are you using the default UsernameTokenManager ?. ... > the methods of the webservice. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: Unable to load custom token manager
    ... >> Inherits UsernameTokenManager ... >> Public Sub CustomAuthentication() ... >> Password As String) As Boolean ... >> Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security) ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Unable to load the Custom Token Manager
    ... I am trying to implement the UsernameTokenManager in WSE 3.0 and override the ... Here is the web.config's security entry: ... But i am unable to understand what is the namespace ... Visual studio 2005). ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • UsernameToken and CustomUsernameTokenManager are not calling Authenticate token
    ... UsernameTokenManager with a function AuthenticateToken(UsernameToken ... The Client calls a webservice with the following: ... Every time I call the webservice function an security error occurs. ... I don't know why but the AuthenticateToken function is never called. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Sample code to use WSE
    ... Chris & William ... > This is a really secure way to authenticate passwords that does not require ... >>I have developed a webservice that processes payments. ... >> security to this webservice so that all requests are authenticated ...
    (microsoft.public.dotnet.framework.webservices.enhancements)