UsernameTokenManager.AuthenticateUser

From: "Phil Lee" <phil.lee@xxxxxxxxxxxxxxxxx>
Date: Mon, 9 Jan 2006 17:12:34 -0000

Hi,

when I implement UsernameTokerManager.AuthenticateUser it never seems to be
called again after successfully authenticating a client.

I'm currently using username over certificate with secure session. I can
see that there's a 'ttlInSeconds=300' in the policy cache but changing this
to a small value has no effect.
Also calling SetClientCredential from the client with a new UsernameToken
(different username/password) doesn't cause a re-authentication. Even
creating a new proxy in the client doesn't seem to cause a
re-authentication. Only restarting the client app causes a new
authentication.

I assume this is by design and that the authentication is being cached. Is
there a way to clear the cache? And should I be worried anyway?

Regards
Phil Lee

.

Follow-Ups:
- Re: UsernameTokenManager.AuthenticateUser
  - From: Pablo Cibraro
- RE: UsernameTokenManager.AuthenticateUser
  - From: Luke Zhang [MSFT]

Prev by Date: soap:Body not encrypted - wse 3.0
Next by Date: Re: Calling a thirdparty Web service fails with Http error 401: Unauthorized
Previous by thread: soap:Body not encrypted - wse 3.0
Next by thread: RE: UsernameTokenManager.AuthenticateUser
Index(es):
- Date
- Thread

Relevant Pages

Re: Smartcard authentication in a multi-tier application
... side where the user enters the username and password and on the server ... implementation as we need the domain username and password of the PIN- ... since SC authentication on the Windows client results in a Kerberos ... bootstrapped a secure authentication mechanism using Kerb and PKInit ...
(microsoft.public.platformsdk.security)
Re: UsernameTokenManager.AuthenticateUser
... That happens because you are using secure session. ... WSE only authenticates the client the first ... authentication and the key interchange is done once. ... > I'm currently using username over certificate with secure session. ...
(microsoft.public.dotnet.framework.webservices.enhancements)
RE: Internet Authentication
... the domain which has access to the internet through the ISA server. ... client tries to connect to the Internet via the ISA server, ... it will prompt for a username and a password, at that case the user can ... authentication to computers which are NOT attached to the domain? ...
(microsoft.public.isa.clients)
Re: How to log out when in windows authentication?
... The client caches the username and password based on the realm that the ... I'm not quite sure if this applies only to Basic authentication or Windows ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Windows Authentication, Single sign on and Active Directory
... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ...
(microsoft.public.dotnet.framework.aspnet.security)