Re: UsernameTokenManager.AuthenticateUser

Pablo,

thanks for that.

Phil
"Pablo Cibraro" <pcibraro@xxxxxxxxxxx> wrote in message
news:uOPYomeFGHA.516@xxxxxxxxxxxxxxxxxxxxxxx
> Hi Phil,
> That happens because you are using secure session.
> When you enable this feature, WSE only authenticates the client the first
> time and then it creates a SecureContextToken that contains in some way
> the UsernameToken.
> This feature improves the performance for successive calls since the
> authentication and the key interchange is done once.
> You have two ways to clear the cache but you shouldn't be worried about
> it:
>
> 1. Create a new instance of the proxy class and assign the UsernameToken
> as client token. The SecureContextToken is only valid per proxy class.
> 2. Cancel the SecureContextToken:
>
> SecureConversationCorrelationState correlationState =
> serviceProxy.ResponseSoapContext.SessionState.Get<SecureConversationCorrelationState>("");
> SecurityContextToken sct = correlationState.Token as SecurityContextToken;
>
> sct.Cancel();
>
> Regards,
> Pablo Cibraro
> http://weblogs.asp.net/cibrax
> http://www.lagash.com
>
> "Phil Lee" <phil.lee@xxxxxxxxxxxxxxxxx> wrote in message
> news:OKW6p$TFGHA.3384@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi,
>>
>> when I implement UsernameTokerManager.AuthenticateUser it never seems to
>> be called again after successfully authenticating a client.
>>
>> I'm currently using username over certificate with secure session. I can
>> see that there's a 'ttlInSeconds=300' in the policy cache but changing
>> this to a small value has no effect.
>> Also calling SetClientCredential from the client with a new UsernameToken
>> (different username/password) doesn't cause a re-authentication. Even
>> creating a new proxy in the client doesn't seem to cause a
>> re-authentication. Only restarting the client app causes a new
>> authentication.
>>
>> I assume this is by design and that the authentication is being cached.
>> Is there a way to clear the cache? And should I be worried anyway?
>>
>> Regards
>> Phil Lee
>>
>
>


.

Relevant Pages

  • Re: clients editing information w/o authentication--advice needed
    ... I completely concur that username/password authentication is the way to go. ... SSL, while the most secure, is not essential since there's no confidential ... I will "push back" with the client and tell them they'd be better off ...
    (comp.lang.php)
  • Re: UsernameTokenManager.AuthenticateUser
    ... That happens because you are using secure session. ... WSE only authenticates the client the first ... authentication and the key interchange is done once. ... > I'm currently using username over certificate with secure session. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Wireless Pen Test
    ... The authentication for getting the ... access to the Wireless Network is through RADIUS, ... Also if your telling a client that using WPApsk is secure then you are ...
    (Pen-Test)
  • Forms and Windows Authentication
    ... secure it but was hoping to get suggestions on the feasibility of my ... I'm building a "client extranet" for my ... securable via Forms Authentication, which I already have in place, ... it is just not an option to create Windows accounts ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Windows Authentication, Single sign on and Active Directory
    ... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ...
    (microsoft.public.dotnet.framework.aspnet.security)