Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / November 2005

Tip: Looking for answers? Try searching our database.

UsernameToken without nonce and creation time with WSE 2.0

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Mfenetre - 03 Nov 2005 10:32 GMT
Hello all,

I use WSE 2.0 SP3 and everything works fine with the creation and
validation of UsernameTokens with WSE.

But now my architecture has been changed and this is a non-WSE client
which creates the UsernameToken. Unfortunately it's not able to produce
a nonce and a creation time in the UsernameToken.

According to the UsernameToken profile from the OASIS
(http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1
.0.pdf),
it shouldn't be a problem because they are optional.

But if I send a UsernameToken without a nonce and a creation time to a
WSE protected server, I get this error :

WSE567: The incoming Username token must contain both a nonce and a
creation time for the replay detection feature.

Does someone know how to prevent Microsoft WSE to produce an error if
no nonce or creation time is available in a UsernameToken ?

Thanks in adance,
Regards,
Mfenetre.
Reply to this Message
Naeem S. - 22 Nov 2005 15:28 GMT
I came across this same problem with a ASP web service client.

I am using a custom username token, within this class I overrided the
'DetectReplay' method. Within this function I simply did nothing. Using this
approach means you will loose the ability to detect a message that is being
repeatedly fired at the web service.

protected override void DetectReplay(UsernameToken token)
{
    //do nothing
}

I hope that makes sense.

> Hello all,
>
[quoted text clipped - 21 lines]
> Regards,
> Mfenetre.
Reply to this Message
Naeem S. - 22 Nov 2005 15:29 GMT
I came across this same problem with a ASP web service client.

I am using a custom username token, within this class I overrided the
'DetectReplay' method. Within this function I simply did nothing. Using this
approach means you will loose the ability to detect a message that is being
repeatedly fired at the web service.

protected override void DetectReplay(UsernameToken token)
{
    //do nothing
}

I hope that makes sense.

> Hello all,
>
[quoted text clipped - 21 lines]
> Regards,
> Mfenetre.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.