Re: caching the UsernameToken

From: "Sujith" <sujithvijayan@xxxxxxxxx>
Date: 27 Feb 2007 06:58:01 -0800

On Feb 26, 5:57 am, Dysard <Dys...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

I did something stupid before and my token is now being cached properly.
Problem solved :)

"Dysard" wrote:

I have exactly the same requirement, except I'm authenticating using LDAP.
Help on this would be great. I also have statefulSecurityContextToken
enabled, but it calls the authentication code at every request.

"Dan Fergus" wrote:

Okay, MSE 3 wotks fine, custom UsernameTokenManager is working, all is happy
here, except...

I don;t want to validate against the SQL db for everycall. I want to cache
the tokens for a time. So, since theUsernameTokenhas an IsExpired property
I thought that it might be what I wanted. Well, if it is I'm missing
something.

I added this to my web.config;
<tokenIssuer>
<statefulSecurityContextToken enabled="true" />
<ttlInSeconds value="300" />
</tokenIssuer>

but that isn't it. I can't find much useful about the SecurityContectToken.

So I now do this...
UsernameTokentkn = base.TokenCache[token.Username] asUsernameToken;

// if it is expired, clear ait from teh cache and set to null
if (tkn != null && tkn.IsExpired)
{
this.RemoveSecurityTokenFromCache(token);
tkn = null;
}

this.CacheSecurityToken(token);

which caches my token but it never expires. I could add code that checked
the tokens CreatedDate against the current datetime and expire it myself, but
is there a system built in way to do this?

--
Dan Fergus
Compact Framework MVP- Hide quoted text -

- Show quoted text -

Dysard,

Can you pls let me know what you did to resolve this issue?
I have the same requirement of authenticating against LDAP.
I am using a custom Authenticator which derives from UsernameToken and
overrides the AuthenticateToken method.
But i dont want each method call to be suthenticated against LDAP.This
will effect performance drastically.
If we could cache the token and then access it and validate the
username in the token for rest of the call this issue could be
resolved.

Kind Regards,
Sujith

.

Prev by Date: Wse call just not being made when part of a domain
Next by Date: WSE3 unable to DeSerialise ByteArrays on properties?
Previous by thread: Wse call just not being made when part of a domain
Next by thread: WSE3 unable to DeSerialise ByteArrays on properties?
Index(es):
- Date
- Thread

Relevant Pages

Re: WSE 2.0 - The security token could not be authenticated or authorized
... I understand that the Windows Authentication is failing. ... username, localmachine\username but both fail to authenticate. ... > service side WSE tries to validate the tokens in the request. ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: RSA SecureID on Solaris
... Your tokens are provided with a floppy disk which contains an encrypted ... In fact it depends of the agent and the type of the token. ... SecurID PINPAD and Software SecurID where Pincode is given to ... some of them use securID authentication to ...
(Focus-SUN)
Re: WSE 2.0 Custom Authentication
... you may want to look at the Security Context Token (SCT) that is ... ;)) that relates to WS-SecureConversation. ... Symmetric Key Tokens are used ... > My user authentication method is as follows: ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: electronic-ID and key-generation
... basically electronic-ID is authentication. ... chips supposedly are used in tokens to allow verification of the token ... for instance, x9.84 standard for biometrics ...
(sci.crypt)
[Full-disclosure] Re: RSA SecurID SID800 Token vulnerable by design
... 2-factor authentication is not a way to protect against malware. ... login once and the browser will take care of rest. ... of the whole process) marked that OTP as used. ... I think these tokens offer excellent means for authentication. ...
(Full-Disclosure)