Re: WSE 2.0 time fault while authentication.
- From: "Pablo Cibraro [MVP]" <pcibraro@xxxxxxxxxxx>
- Date: Tue, 5 Sep 2006 10:11:18 -0400
Hi,
There are two thing that you can use to avoid the timestamp problems:
1. Disable the replayDetection feature for the username tokens.
<microsoft.web.services3>
<security>
<securityTokenManager>
<add
type="Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35"
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
localName="UsernameToken" >
<replayDetection enabled="false"/>
</add>
</securityTokenManager>
</security>
</microsoft.web.services3>
2. Increase the timeToleranceInSeconds setting. The timeToleranceInSeconds
section defines a user supplied time buffer when WSE is comparing current
time against creation time for post dated and expiration time for past time.
It is usually the time skew between client and server machine. Default is
five minutes.
<microsoft.web.services3>
<security>
<timeToleranceInSeconds value="insert the time tolerance for
timestamp checking" />
</security>
</microsoft.web.services3>
I hope one of these can help you with your problem.
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
<ajay.mahale@xxxxxxxxx> wrote in message
news:1156749127.819976.160980@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All,
I have a webservice which is consumed by clients the world over.I
needed some authentication for creating user specific views of the data
being accessed.I decided to use wse 2.0 UserToken custom authentication
(using a SqlServer Database).On the dev environment this worked like a
charm.
The moment i deployed this to a staging server located at a different
timezone than the calling client it started throwing the following
exception :
Microsoft.Web.Services2.Security.SecurityFault: An error was discovered
processing the <Security> header ---> System.Exception: Creation time
in the
timestamp can not be in the future.
--- End of inner exception stack trace ---
at Microsoft.Web.Services2.Security.Utility.Timestamp.CheckValid()
at
Microsoft.Web.Services2.Security.Utility.Timestamp.LoadXml(XmlElement
element)
at
Microsoft.Web.Services2.Security.Utility.Timestamp..ctor(XmlElement
element)
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement
element)
at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage
message)
After searching a bit i realised that it's been caused because the WSE
extensions use the timestamp and a nonce to provide further protection
from token replication by an attacker.
And only solution is to syncronize the client and server clocks.
Syncing the client and server clocks is an impossibility in my case.
Is there any other solution to this ?
Is there any way of disabling the clock comparisons from happening ?
Can anyone point me to an alternate way of solving the aforementioned
case if WSE 2.0 cant help me?
Thanks
Regards,
Ajay.
.
- Prev by Date: WSE 3 + Long Running Request = Timeout
- Next by Date: Re: Verisign certificate cannot be used with WSE3 configuration tool.
- Previous by thread: WSE 3 + Long Running Request = Timeout
- Next by thread: Re: Verisign certificate cannot be used with WSE3 configuration tool.
- Index(es):
Relevant Pages
|
