Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / July 2005

Tip: Looking for answers? Try searching our database.

SoapReceiver pipeline ignores security token exceptions

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
ep - 18 Jul 2005 13:58 GMT
I have a server application which has been using WSE 2.0 and custom security
tokens.  We needed to change one of the asmx webservices to a SoapService.
Now when the incoming security token is invalid, our SecurityTokenManager
correctly throws an exception.  The problem is that this exception is
ignored, and the soapservice gets a soapenvelope with encrypted data, which
it can't understand.  Further, the fault thrown back is based on invalid
data (encrypted) being received at the soapservice, instead of the proper
security fault which would allow re-establishing a session.

So, why are my security exceptions ignored?  How can I get the pipeline to
properly throw my fault?
Reply to this Message
William Stacey [MVP] - 18 Jul 2005 14:35 GMT
I would enable breaking on all exceptions and try to step through the server
side in a debug session.

Signature

William Stacey [MVP]

>I have a server application which has been using WSE 2.0 and custom
>security
[quoted text clipped - 9 lines]
> So, why are my security exceptions ignored?  How can I get the pipeline to
> properly throw my fault?
Reply to this Message
ep - 19 Jul 2005 13:57 GMT
FOUND IT!

I had already debugged and the exception was being thrown properly.  The
problem was that our client was encrypting and sending the message, and if
it got a security failure due to an expired session, it would get a new
session, copy the body of the original message into a new envelope and send
that one encrypted.   Unfortunately, we were copying the body after it was
encrypted, so on the server when we got an encrypted body we assumed the
pipeline had not processed it.

Thanks for the help.

-EP

> I would enable breaking on all exceptions and try to step through the server
> side in a debug session.
[quoted text clipped - 12 lines]
> > So, why are my security exceptions ignored?  How can I get the pipeline to
> > properly throw my fault?
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.