Re: hashed password and UsernameTokenManager
- From: "Pablo Cibraro" <pcibraro@xxxxxxxxxxx>
- Date: Tue, 3 Jan 2006 17:02:40 -0300
Hi Phil,
You have to return the original password. You will have to get it from
somewhere, e.g. a database.
WSE computes a hash with the password that you returns and then compares
that hash with the Usernametoken's hash.
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com
"Phil Lee" <phil.lee@xxxxxxxxxxxxxxxxx> wrote in message
news:Or4PeYGEGHA.1508@xxxxxxxxxxxxxxxxxxxxxxx
> Hi,
>
> I'm using WSE3 username/password over certificate - I can implement my own
> (test) UsernameTokenManager like this:
>
> public class MyUsernameTokenManager : UsernameTokenManager
> {
> ...
>
> protected override string AuthenticateToken( UsernameToken token,
> string authenticatedPassword )
> {
> // for clear text passwords
> return token.Password; // This is just for test purposes
>
>
> }
> }
>
> This works fine.
>
> If however I want to send hashed passwords using
> PasswordOption.SendHashed, what do I need to return from
> AuthenticateToken?
> Returning token.PasswordDigest.ToString() doesn't work.
>
> Regards
> Phil Lee
>
.
- Follow-Ups:
- Re: hashed password and UsernameTokenManager
- From: Steven Cheng[MSFT]
- Re: hashed password and UsernameTokenManager
- References:
- hashed password and UsernameTokenManager
- From: Phil Lee
- hashed password and UsernameTokenManager
- Prev by Date: RE: Referenced security token could not be retrieved
- Next by Date: Re: How to decrypt soap envelop at the client side
- Previous by thread: hashed password and UsernameTokenManager
- Next by thread: Re: hashed password and UsernameTokenManager
- Index(es):
Relevant Pages
|
Loading
