Re: UsernameTokenManager.AuthenticateUser

From: "Phil Lee" <phil.lee@xxxxxxxxxxxxxxxxx>
Date: Tue, 10 Jan 2006 13:23:04 -0000

Luke,

I have managed to sort out my problems - partially a bug on my part, but
this is what my understanding is now:

Using WSE3 username over certificate and implementing:

class MyUsernameTokenManager : UsernameTokenManager
{
string AuthenticateToken(...) {}
}

If <usernameForCertificateSecurity establishSecurityContext="false" .. />
then AuthenticateToken is called for every web service method call.
The client only has to do
proxy.SetClientCredential( new UsernameToken( "new name", "new
password" ) );
to change the user credentials.

If however <usernameForCertificateSecurity establishSecurityContext="true"
.../>
then AuthenticateToken is only called once.
This is fair enough because a security context is established and cached (I
think).
However now the client has to invalidate the security context somehow. This
works
proxy.SetPolicy("ClientPolicy");
proxy.SetClientCredential( new UsernameToken( "new name", "new
password" ) );

or this
proxy = new Proxy();
proxy.SetPolicy("ClientPolicy");
proxy.SetClientCredential( new UsernameToken( "new name", "new
password" ) );

I would have expected SetClientCredential to have been sufficient.

Regards
Phil Lee

"Luke Zhang [MSFT]" <lukezhan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:GEifg9cFGHA.1236@xxxxxxxxxxxxxxxxxxxxxxxx
> Hello,
>
> Did you say UsernameTokenManager.AuthenticateToken Method in WSE 3.0?
>
> Luke

.

References:
- UsernameTokenManager.AuthenticateUser
  - From: Phil Lee
- RE: UsernameTokenManager.AuthenticateUser
  - From: Luke Zhang [MSFT]

Prev by Date: RE: UsernameTokenManager.AuthenticateUser
Next by Date: Re: UsernameTokenManager.AuthenticateUser
Previous by thread: RE: UsernameTokenManager.AuthenticateUser
Next by thread: Re: UsernameTokenManager.AuthenticateUser
Index(es):
- Date
- Thread

Relevant Pages

SOCKS on debian etch: should i use dante?
... I'd like to run a SOCKS proxy on my etch box so I can easily configure firefox or others services to have an unlimited access to the internet while I'm behind restricted firewall. ... I want to restrict use with username and password not from a specific IP, so I can really connect from everywhere. ... # The server will bind to the address 10.1.1.1, port 1080 and will only ...
(Debian-User)
Re: Win2003 IAS CRPs attribute manipulations == MS-CHAPv2 login failures.
... The computation of the Peer-Challenge uses the username as one of its ... This would explain why the MYDOMAIN\ find/replace set works, ... AUTH cannot validate the peer ... On PROXY create a remote server group that points to AUTH ...
(microsoft.public.internet.radius)
Re: Firewall Newbie Help (PS)
... I don't mind logging into the server, and from Win2K to Win 2K AS isn't a ... > You will only need a proxy if you *want* to access your files from the ... > anywhere on your local network. ... > didn't require the same username and password authentication to allow ...
(comp.security.firewalls)
Re: bypassing employer s proxy to surf anonymously
... The trick is it knows how to speak http proxy languange. ... like squid, demand a username and password, then a specific string to ... Download FREE whitepaper on how a managed service can ...
(Pen-Test)
Re: [SLE] Proxy
... My username is user@domain.com but in the yast proxy settings you ... one thing I am not really shure about is the username thing. ... Do you mean you can't use a WinDos AD domain style username or did you try to ... there are separate fields for username and password. ...
(SuSE)