Re: who can give me a e.g using Customer UsernameToken

Hi Alan,

The error is happening because you are using different policies on the
client and the service.

You should use the policies below on the client and the service

Client (wse3policyCache.config )

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<policy name="ClientPolicy">
<usernameOverTransportSecurity />
</policy>
</policies>

Service (wse3policyCache.config )

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<policy name="ServicePolicy">
<usernameOverTransportSecurity />
</policy>
</policies>

Your web.config file is ok.

Remember to assign the policy in the service and the proxy by means of the
"Policy" attribute.

Code for the client application:

UsernameToken token = new UsernameToken("MyUser", "MyPass");
WsProxy proxy = new WsProxy();

proxy.SetPolicy("ClientPolicy");
proxy.SetClientCredential(token);

proxy.SomeMethod();

Code for the service

[Policy("ServicePolicy")]
public class MyService : WebService
{
[WebMethod()]
public void SomeMethod()
{
}
}

Regards,
Pablo.

"Alan" <Alan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6871E719-A4C2-44D8-9D3C-542A05AA8945@xxxxxxxxxxxxxxxx
sorry, I am just a beginner in WSE
after i follow your step my wse3policyCache.config is
...
<policy name="MyClientPolicy">
<usernameOverTransportSecurity />
<usernameForCertificateSecurity establishSecurityContext="false"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
ttlInSeconds="300">
<serviceToken>
<x509 storeLocation="CurrentUser" storeName="AddressBook"
findValue="CN=WSE2QuickStartServer"
findType="FindBySubjectDistinguishedName"
/>
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
</policy>
....
and the Web.config
....
<microsoft.web.services3>
<diagnostics>
<trace enabled="true" input="InputTrace.webinfo"
output="OutputTrace.webinfo" />
</diagnostics>
<tokenIssuer>
<statefulSecurityContextToken enabled="true" />
</tokenIssuer>
<security>
<securityTokenManager>
<add
type="Microsoft.Web.Services3.QuickStart.CustomUsernameTokenManager"
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
localName="UsernameToken" />
</securityTokenManager>

<x509 allowTestRoot="true" />
</security>
<policy fileName="wse3policyCache.config" />
</microsoft.web.services3>
....
then i get a fault:
<faultstring>Microsoft.Web.Services3.Security.SecurityFault: Security
requirements are not satisfied because the security header is not present
in
the incoming message.
at
Microsoft.Web.Services3.Design.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope
envelope, Security security)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope
envelope)
.....
how can i do? help me please
"Pablo Cibraro" wrote:

Yes, it is right. Then, you have to configure a policy assertion and your
CustomUsernameTokenManager for the service.

The Policy should look like this (UsernameOverTransport):

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<policy name="MyServicePolicy">
<usernameOverTransportSecurity />
</policy>
</policies>

Configuration for the custom username token manager (Web.config):

<microsoft.web.services3>
<security>
<securityTokenManager>
<add
type="Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35"
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
localName="UsernameToken" />
</securityTokenManager>
</security>
<policy fileName="wse3policyCache.config" />
</microsoft.web.services3>

Finally, you have to assign the policy to your service:

[Policy("MyServicePolicy")]
public class MyWebService : WebService
{
//Web service code
}

Does this answer your question ?.

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

"Alan" <Alan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4A2D8FB4-8C4B-450C-BABA-0D052349C3C3@xxxxxxxxxxxxxxxx
Pablo ,
if i wanna not direct authentication, what should i do?
I just take a try write a customerUserNameTokenManager base on the
demo
of Hands-on WSE3.0 "Security\CS\Basic\Part3" . I want to authorize the
user
from the client through the username and check it's role in my own
App.
so, the CustomUsernameTokenManager.cs is:
public class CustomUsernameTokenManager : UsernameTokenManager
{
/// <summary>
/// Constructs an instance of this security token manager.
/// </summary>
public CustomUsernameTokenManager()
{
}
protected override string AuthenticateToken( UsernameToken token )
{
bool valid = MyApp.ValidateUser(token.Username, token.Password);
if (!valid)
{
throw new ApplicationException("Invalid user");
}
...
return token.Password;
}
}

is it right?
can you give me a demo about it , especialy the policy config, thanks
"Pablo Cibraro" wrote:

Hi Alan,

The WSSP project in GDN contains some samples that show how to do
that.
http://www.gotdotnet.com/codegallery/codegallery.aspx?id=67f659f6-9457-4860-80ff-0535dffed5e6
Take a look the sample called "DirectAuthentication - Database".

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

"Alan" <Alan@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9B4ACB78-9B10-4722-B5DC-B076DB22FDAF@xxxxxxxxxxxxxxxx
I just wanna use Customer UsernameToken to verify the username in my
SQL
Server ,how can I do this?








.

Relevant Pages