Re: Why am I getting WSE2008: KerberosToken is expected but not present in the security header of the incoming message.
- From: "Howard Hoffman" <HowardH@xxxxxxxxxxxxxxxx>
- Date: Mon, 17 Apr 2006 18:49:43 -0400
Pablo --
I'm using the Policy attribute on both Client and Server.
Here's my client code:
[Microsoft.Web.Services3.Policy("AuthorizationPolicy")]
partial class ImageServiceWse :
Microsoft.Web.Services3.WebServicesClientProtocol
{
}
and policy config:
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<extensions>
<extension name="kerberosSecurity"
type="Microsoft.Web.Services3.Design.KerberosAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="kerberos"
type="Microsoft.Web.Services3.Design.KerberosTokenProvider,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="AuthorizationPolicy">
<kerberosSecurity establishSecurityContext="false"
requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false"
ttlInSeconds="300">
<token>
<!-- By default this sample does not work until you have changed the
TargetMachineName value -->
<!-- Change the TargetMachineName value to the machine name with the Web
Service e.g. targetPrincipal="host/server1" -->
<kerberos targetPrincipal="host/PAISDEV2"
impersonationLevel="Identification" />
</token>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
</policies>
Here's my server policy config:
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<extensions>
<extension name="kerberosSecurity"
type="Microsoft.Web.Services3.Design.KerberosAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="AuthorizationPolicy">
<kerberosSecurity establishSecurityContext="false"
requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false"
ttlInSeconds="300">
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
</policies>
Thanks in advance,
Howard
"Pablo Cibraro" <pcibraro@xxxxxxxxxxx> wrote in message
news:%23XH6f4kYGHA.2208@xxxxxxxxxxxxxxxxxxxxxxx
Hi Howard,
Did you configure the Web service and the proxy to use the WSE policy
(Kerberos) ?. (Calling the method setPolicy or using the attribute
"Policy").
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
"Howard Hoffman" <HowardH@xxxxxxxxxxxxxxxx> wrote in message
news:edr03liYGHA.3832@xxxxxxxxxxxxxxxxxxxxxxx
I'm working with a WSE3 client and WSE3 server. I'm getting the above
error when my client tries to call a Web Service method on the server.
Debugging the problem, I tried using the QuickStart WSSecurityKerberos
Policy sample. When I use the QuickStart sample everything works just
fine (both client and server applications are running on the same Windows
2003 R2 Server machine -- a 64-bit machine w/ 4 Intel Xeon 2.8GHz
processors, w/ 4GB of RAM).
However, when I take the identical wse3policy.config settings from client
and server (each) and put them into a 2nd application on that same
machine (also with client app and server app running on same box), the
output processing of the client includes
Wse2PiplelinePolicy+LegacyFilterWrapper.
I'm thinking that this is the crux of the problem, but I do not know how
to fix it.
When turn detailed tracing on and look at the client-side
OutputTrace.webinfo in my application, indeed I do *not* see any Kerberos
info. Here is a partial paste of that trace:
<outputMessage utc="4/17/2006 1:24:46 PM"
messageId="urn:uuid:3daeb0fb-49f3-4c17-bb87-4bfca210c00b">
<processingStep description="Unprocessed message">
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
<soap:Body>
<ImagingFolioStore
xmlns="urn:digimarc.com:ImageServer:WebServices">
<folio xmlns="urn:digimarc.com:imaging">
...
</folio>
</ImagingFolioStore>
</soap:Body>
</soap:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolicy+LegacyFilterWrapper"
/>
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolicy+LegacyFilterWrapper"
/>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolicy+LegacyFilterWrapper"
/>
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolicy+LegacyFilterWrapper"
/>
<processingStep description="Processed message">
On the other hand, here is the OutputTrace.webinfo from the
WSSecurityKerberos Policy sample. Note that it contains Kerberos
processing:
<outputMessage utc="4/14/2006 9:10:54 PM"
messageId="urn:uuid:e3e4d2ca-e4fe-4362-87a5-11d5898886c6">
<processingStep description="Unprocessed message">
<soap:Envelope
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";>
<soap:Body>
<StockQuoteRequest
xmlns="http://stockservice.contoso.com/wse/samples/2005/10";>
<symbols>
<Symbol>FABRIKAM</Symbol>
<Symbol>CONTOSO</Symbol>
</symbols>
</StockQuoteRequest>
</soap:Body>
</soap:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.KerberosAssertion+ClientOutputFilter" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Design.KerberosAssertion+ClientOutputFilter" />
<processingStep description="Processed message">
Why the differences? How do I fix?
Howard Hoffman
.
- Follow-Ups:
- References:
- Prev by Date: Re: Where does the client certificate come from?
- Next by Date: Re: WSE 3.0 Installtion issue in VS2005
- Previous by thread: Re: Why am I getting WSE2008: KerberosToken is expected but not present in the security header of the incoming message.
- Next by thread: Re: Why am I getting WSE2008: KerberosToken is expected but not present in the security header of the incoming message.
- Index(es):
Relevant Pages
|
