WSE3: authentication problem

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hello,

I have a winforms application that I'm trying to get to authenticate with a
web service. So in the winforms I get the currently logged in user and set
the web services credentials like this:

UsernameToken usernameToken = new UsernameToken(Environment.UserDomainName +
@"\" + Environment.UserName, "password", PasswordOption.SendPlainText);

ws.RequestSoapContext.Credentials.SetCredentials(new
CredentialSet(usernameToken));

ws.Ping();

On the web services side, I have a custom token manager, principal and
identity:
The CustomTokenManager overrides the AuthenticateToken:

protected override string AuthenticateToken(UsernameToken userName)
{
// call the db and check the login is OK

MyPrincipal principal = new MyPrincipal(userName.Username);
userName.Principal = principal;
return userName.Password;
}

Now the problem I'm getting is that in the Ping webmethod the user is null

if (MyUser == null)
{
throw new Exception("No authenticated user");
}

Where MyUser is:
protected MyPrincipal MyUser
{
get
{
if (_myPrincipal == null)
{
SoapContext context = RequestSoapContext.Current;

if (context != null)
{
foreach (SecurityToken t in
context.Credentials.UltimateReceiver.GetClientTokens())
{
if (t.Principal != null && t.Principal is MyPrincipal)
{
_myPrincipal = (MyPrincipal) t.Principal;
break;
}
}
}
}
return _myPrincipal;
}
}

I'm probably doing something really silly but I can't seem to figure out
what I'm doing wrong. Is it on the client side when I set the credentials? Or
is it the way I'm getting the credentials on the service side?

Using the WSE3 tool I've configured the web.config to use the custom token
manager.
<securityTokenManager>
<add type="WebService.MyTokenManager"
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; localName="UsernameToken" />
</securityTokenManager>

Any help would be much appreciated.

Thanks
Sidharth
.

Relevant Pages

  • RE: WSE3: authentication problem
    ... So in the winforms I get the currently logged in user and set ... the web services credentials like this: ... protected override string AuthenticateToken(UsernameToken userName) ... Where MyUser is: ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Connection Pooling with the .NET Provider on IIS
    ... do the other databases authenticate against the ... Neither of the above would ever allow a connection to be re-used by any other user than the originator. ... I care little if it is actually changing the authentication on the fly or if the connection pool is authentication aware and blocks the connection re-use. ... to use the new web services capabilities of newer versions of 4GL. ...
    (comp.databases.informix)
  • VisualStudio 2003 question
    ... I'm relatively new to VisualStudio 2003 and have to create an application ... that uses Web Services to authenticate a user. ... Login page instantiates an object which can also be used to authenticate ... my user (Store the object in Session) ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: authentication best practices
    ... This app uses web services behind the scenes to populate sensitive ... User needs to authenticate before use ...
    (microsoft.public.dotnet.security)
  • Re: Can I get IE credentials using WSE?
    ... it is not such a good idea to create stateful web services. ... > CredentialCache.DefaultCredentials to authenticate, I get the Windows ... > on user credentials instead of the user that authenticated under IE. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)