Re: who can give me a e.g using Customer UsernameToken
- From: "Alan" <Alan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 22 Feb 2006 06:31:28 -0800
sorry, I am just a beginner in WSE
after i follow your step my wse3policyCache.config is
....
<policy name="MyClientPolicy">
<usernameOverTransportSecurity />
<usernameForCertificateSecurity establishSecurityContext="false"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
ttlInSeconds="300">
<serviceToken>
<x509 storeLocation="CurrentUser" storeName="AddressBook"
findValue="CN=WSE2QuickStartServer" findType="FindBySubjectDistinguishedName"
/>
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
</policy>
.....
and the Web.config
.....
<microsoft.web.services3>
<diagnostics>
<trace enabled="true" input="InputTrace.webinfo"
output="OutputTrace.webinfo" />
</diagnostics>
<tokenIssuer>
<statefulSecurityContextToken enabled="true" />
</tokenIssuer>
<security>
<securityTokenManager>
<add
type="Microsoft.Web.Services3.QuickStart.CustomUsernameTokenManager"
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; localName="UsernameToken" />
</securityTokenManager>
<x509 allowTestRoot="true" />
</security>
<policy fileName="wse3policyCache.config" />
</microsoft.web.services3>
.....
then i get a fault:
<faultstring>Microsoft.Web.Services3.Security.SecurityFault: Security
requirements are not satisfied because the security header is not present in
the incoming message.
at
Microsoft.Web.Services3.Design.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
......
how can i do? help me please
"Pablo Cibraro" wrote:
Yes, it is right. Then, you have to configure a policy assertion and your.
CustomUsernameTokenManager for the service.
The Policy should look like this (UsernameOverTransport):
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<policy name="MyServicePolicy">
<usernameOverTransportSecurity />
</policy>
</policies>
Configuration for the custom username token manager (Web.config):
<microsoft.web.services3>
<security>
<securityTokenManager>
<add
type="Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35"
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
localName="UsernameToken" />
</securityTokenManager>
</security>
<policy fileName="wse3policyCache.config" />
</microsoft.web.services3>
Finally, you have to assign the policy to your service:
[Policy("MyServicePolicy")]
public class MyWebService : WebService
{
//Web service code
}
Does this answer your question ?.
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
"Alan" <Alan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4A2D8FB4-8C4B-450C-BABA-0D052349C3C3@xxxxxxxxxxxxxxxx
Pablo ,
if i wanna not direct authentication, what should i do?
I just take a try write a customerUserNameTokenManager base on the demo
of Hands-on WSE3.0 "Security\CS\Basic\Part3" . I want to authorize the
user
from the client through the username and check it's role in my own App.
so, the CustomUsernameTokenManager.cs is:
public class CustomUsernameTokenManager : UsernameTokenManager
{
/// <summary>
/// Constructs an instance of this security token manager.
/// </summary>
public CustomUsernameTokenManager()
{
}
protected override string AuthenticateToken( UsernameToken token )
{
bool valid = MyApp.ValidateUser(token.Username, token.Password);
if (!valid)
{
throw new ApplicationException("Invalid user");
}
...
return token.Password;
}
}
is it right?
can you give me a demo about it , especialy the policy config, thanks
"Pablo Cibraro" wrote:
Hi Alan,
The WSSP project in GDN contains some samples that show how to do that.
http://www.gotdotnet.com/codegallery/codegallery.aspx?id=67f659f6-9457-4860-80ff-0535dffed5e6
Take a look the sample called "DirectAuthentication - Database".
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
"Alan" <Alan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9B4ACB78-9B10-4722-B5DC-B076DB22FDAF@xxxxxxxxxxxxxxxx
I just wanna use Customer UsernameToken to verify the username in my SQL
Server ,how can I do this?
- Follow-Ups:
- Re: who can give me a e.g using Customer UsernameToken
- From: Pablo Cibraro
- Re: who can give me a e.g using Customer UsernameToken
- References:
- Re: who can give me a e.g using Customer UsernameToken
- From: Pablo Cibraro
- Re: who can give me a e.g using Customer UsernameToken
- From: Pablo Cibraro
- Re: who can give me a e.g using Customer UsernameToken
- Prev by Date: Re: WSE 3 security exceptions
- Next by Date: Re: who can give me a e.g using Customer UsernameToken
- Previous by thread: Re: who can give me a e.g using Customer UsernameToken
- Next by thread: Re: who can give me a e.g using Customer UsernameToken
- Index(es):
Relevant Pages
|
Loading
