WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,

Hello all,
I'm attempting to learn how to use WSE 3.0 with Visual Studio 2005.
I've read a lot of material about WSE 3.0 and I've started to grasp how
this libarary works.

Although, much closer than I was a few days ago I'm not in at a point
where I believe everything is configured properly, but since my
solution isn't working it must not be. I really could use some help....

My using:
Visual Studio 2005,
WSE 3.0
usernameOverTransportSecurity
A custom UsernameTokenManager. (I want to authenticate against an
existing database)

In the UsernameTokenManager i've derived a class and have overridden
the AuthenticateToken method. I'm still developing the method and have
not "finished it." On my validCreditials variable, I've simply set it
to true. Which should allow me to authenticate any user that I throw at
it. (Please note, I've put this code in a separate project with it's
own namespace.)

Below is my code:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
protected override string AuthenticateToken( UsernameToken token )
{
System.Diagnostics.Debug.WriteLine( "Starting:
RmsTokenManager.AuthenticateToken(...)" );

string userName = token.Username;
string sPassword = token.Password;

bool validCreditials = true; // Validate creditionals with some
method. (SQL Wrapper and stored proc.)

if (!validCreditials)
{
System.Diagnostics.Debug.WriteLine( "Auth Failed.
RmsTokenManager.AuthenticateToken(...)" );
OnLogonUserFailed( token );
}
else
{
System.Diagnostics.Debug.WriteLine( "Auth succeeded.
RmsTokenManager.AuthenticateToken(...)" );
GenericIdentity oIdentity = new GenericIdentity( token.Username
);
GenericPrincipal oPrincipal = new GenericPrincipal( oIdentity,
new string[] { "User" } );

token.Principal = oPrincipal;
}

//
// Return token.Password like the base (overriden function)
return token.Password;
}
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


For my Web.Config file, for my web serivce I have:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
<!--
START: Configuration for the WSE.
-->
<microsoft.web.services3>
<policy fileName="wse3policyCache.config" />
<security>
<securityTokenManager>
<!-- <clear /> -->
<add localName="UsernameToken"
type="MicroTek.ImageVerification.Security.RmsTokenManager,
MicroTek.ImageVerification.Security"
namespace="http://docs.oasisopen.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
/>
</securityTokenManager>
</security>
<diagnostics>
<trace enabled="true" input="InputTrace.webinfo"
output="OutputTrace.webinfo" />
<detailedErrors enabled="true" />
</diagnostics>
</microsoft.web.services3>
<!--
END: Configruation for the WSE.
-->
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


For my Policy file, for the web service I have:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<extensions>
<extension name="usernameOverTransportSecurity"
type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="Policy1">
<authorization>
<allow role="User" />
<deny role="*" />
</authorization>
<usernameOverTransportSecurity />
<!--
<requireActionHeader />
-->
</policy>
</policies>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




Now for the client. The client is to be a smart client application.
(Windows Forms). I had the client application working against the web
service without any WSE. It was working great. But, I needed the
security so I added WSE in to the mix.

The configuration for the client application:
I use a proxy to wrap the generated proxy. The "proxy" class simply
performs authentication tasks and allows me to pass the web service
variable around to different parts of my program. I can't post the
entire part of the program because there would be too much code. But
the initialization of the web service is:


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
//
// Class fields.
private string sUrl;
private localhost.ServiceWse _WebServiceWse;
private string sUserName;
private string sPassword;

public WebServiceProxy( string psWebServiceURL, string psUserName,
string psPassword )
: this()
{
if (psWebServiceURL.Length == 0 || psUserName.Length == 0 ||
psPassword.Length == 0 )
{
throw new ApplicationException( "psWebServiceURL can not be a
blank string!" );
}

sUrl = psWebServiceURL;
sUserName = psUserName;
sPassword = psPassword;

_WebServiceWse = new
MicroTek.ImageVerification.localhost.ServiceWse();
_WebServiceWse.Url = sUrl;
_WebServiceWse.UseDefaultCredentials = false;

_WebServiceWse.PreAuthenticate = true;
SetWebServiceUserToken();
_WebServiceWse.SetPolicy( "Policy1" );
}

private void SetWebServiceUserToken()
{
if (sUserName == null)
{
throw new ArgumentNullException( "UserName" );
}
if (sPassword == null)
{
throw new ArgumentNullException( "Password" );
}

UsernameToken _unt = new UsernameToken( sUserName, sPassword,
PasswordOption.SendPlainText );
_WebServiceWse.SetClientCredential( _unt );
}

public bool ValidateImage( int piReservationID, string psImageGUID,
string psClientSpecs )
{
psClientSpecs = HttpUtility.HtmlEncode( psClientSpecs );
return _WebServiceWse.ValidateImage( piReservationID,
psImageGUID, psClientSpecs );
}
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Once initialized, I can call any web service method from the
WebServiceProxy instance. My client configuration is as follows:

app.config:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
<microsoft.web.services3>
<policy fileName="wse3policyCache.config" />
<diagnostics>
<trace enabled="true" input="InputTrace.webinfo"
output="OutputTrace.webinfo" />
<detailedErrors enabled="true" />
</diagnostics>
</microsoft.web.services3>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Policy:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>
<extensions>
<extension name="usernameOverTransportSecurity"
type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="Policy1">
<!--
Need to use SSL here for message Integrity, Confidentiality and
security.
-->
<usernameOverTransportSecurity />
</policy>
</policies>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


NOW FOR THE ACTUAL PROBLEM. When I run this code I'm getting an
exception. The exception is as follows:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
System.Web.Services.Protocols.SoapHeaderException was unhandled
Message="Microsoft.Web.Services3.Security.SecurityFault:
UsernameToken is expected but not present in the security header of the
incoming message.\r\n at
Microsoft.Web.Services3.Design.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope
envelope, Security security)\r\n at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope
envelope)\r\n at
Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)\r\n at
Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope
requestEnvelope)\r\n at
Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage
message)\r\n at
System.Web.Services.Protocols.SoapServerProtocol.Initialize()\r\n at
System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type,
HttpContext context, HttpRequest request, HttpResponse response,
Boolean& abortProcessing)"
Source="System.Web.Services"
Actor="http://localhost:1346/WSImgVer/Service.asmx";
Lang=""
Node="http://localhost:1346/WSImgVer/Service.asmx";
Role=""
StackTrace:
at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage
message, WebResponse response, Stream responseStream, Boolean
asyncCall)
at
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at
MicroTek.ImageVerification.localhost.ServiceWse.ZipCodeSearch(String
psZipCode) in C:\MicroTek
(Net2.0)\ImageVerification\ImageVerification\Web
References\localhost\Reference.cs:line 127
at
MicroTek.ImageVerification.Proxy.WebServiceProxy.ZipCodeSearch(String
psZipCode) in C:\MicroTek
(Net2.0)\ImageVerification\ImageVerification\WebServiceProxy.cs:line 87
at MicroTek.ImageVerification.Controls.ucFacilityList.FillList()
in C:\MicroTek
(Net2.0)\ImageVerification\ImageVerification\Controls\ucFacilityList.cs:line
47
at
MicroTek.ImageVerification.Controls.ucFacilityList.set_sZipCode(String
value) in C:\MicroTek
(Net2.0)\ImageVerification\ImageVerification\Controls\ucFacilityList.cs:line
81
at MicroTek.ImageVerification.frmMain2.ChangeStepView() in
C:\MicroTek
(Net2.0)\ImageVerification\ImageVerification\frmMain2.cs:line 199
at MicroTek.ImageVerification.frmMain2.btnNext_Click(Object
sender, EventArgs e) in C:\MicroTek
(Net2.0)\ImageVerification\ImageVerification\frmMain2.cs:line 73
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m,
MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at
System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at
System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr
hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
at
System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)
at
System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(Int32
dwComponentID, Int32 reason, Int32 pvLoopData)
at
System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32
reason, ApplicationContext context)
at
System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32
reason, ApplicationContext context)
at System.Windows.Forms.Application.Run(Form mainForm)
at MicroTek.ImageVerification.Program.Main() in C:\MicroTek
(Net2.0)\ImageVerification\ImageVerification\Program.cs:line 17
at System.AppDomain.nExecuteAssembly(Assembly assembly, String[]
args)
at System.Runtime.Hosting.ManifestRunner.Run(Boolean
checkAptModel)
at System.Runtime.Hosting.ManifestRunner.ExecuteAsAssembly()
at
System.Runtime.Hosting.ApplicationActivator.CreateInstance(ActivationContext
activationContext, String[] activationCustomData)
at
System.Runtime.Hosting.ApplicationActivator.CreateInstance(ActivationContext
activationContext)
at
Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssemblyDebugInZone()
at System.Threading.ThreadHelper.ThreadStart_Context(Object
state)
at System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Thank you for reading all this and thank you for any help you (all of
you can provide) I realize this that this is a lot of info but I wanted
to be as detailed as possible so that this problem can be found
quickly. Again thank you and if you need any more info feel free to
ask. I'm desperate to get this problem solved. It is driving me
insane...

Thank you again!
Frank V.
JawzX01[.at.]gmail.com
http://www.TheOpenSourceU.com

.