Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / November 2005

Tip: Looking for answers? Try searching our database.

Unable to load custom token manager

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
irislogic - 15 Nov 2005 04:56 GMT
I have a class "CustomAuthenitcation" which overrides the AuthenticateToken()
method and implements a db lookup for validation.The class file is included
in the web service project. I have made a web.config entry.  

*********************************************************
<securityTokenManager>
       <add type="CustomAuthentication"
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" localName="usernameToken" />
     </securityTokenManager>
*********************************************************

*********************************************************
Public Class CustomAuthentication
   Inherits UsernameTokenManager

   Public Sub New()
   End Sub 'New

   Public Sub CustomAuthentication()
       'Constructor
   End Sub

   'Protected Overrides Function AuthenticateToken(ByVal token As
Microsoft.Web.Services3.Security.Tokens.UsernameToken) As String
   '    Return "sudhir"
   '    'Return AuthenticateUserAgent(token.Username, token.Password)
   'End Function


   Public Function AuthenticateUserAgent(ByVal UserID As Integer, ByVal
Password As String) As Boolean
       Return True
   End Function

   Protected Overrides Function AuthenticateToken(ByVal token As
Microsoft.Web.Services3.Security.Tokens.UsernameToken) As String
       Return "test"
   End Function

End Class

*********************************************************

I get the following error:

*********************************************************

Description:
An error occured processing an outgoing fault response.

Details of the error causing the processing failure:
System.InvalidOperationException: Send security filter on the server could
not retrieve the operation protection requirements from the operation state.
  at
Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security)
  at
Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope envelope)
  at Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope
envelope)
  at
Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope
outputEnvelope)

The SOAP fault that was being processed follows:
<soap:Envelope xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Header>
       
<wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>
       
<wsa:MessageID>urn:uuid:3eb3c3d6-ba5d-4d2d-b69f-ca93e88a3938</wsa:MessageID>
       
<wsa:RelatesTo>urn:uuid:0ebee179-2eb9-43ee-b5e6-f14bac575453</wsa:RelatesTo>
       
<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
   </soap:Header>
   <soap:Body>
       <soap:Fault>
           <faultcode
xmlns:prefix0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xs
d">prefix0:FailedAuthentication</faultcode>
           <faultstring>System.Web.Services.Protocols.SoapHeaderException:
Microsoft.Web.Services3.Security.SecurityFault: The security token could not
be authenticated or authorized
  at
Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.OnLogonUserFailed(UsernameToken token)
  at
Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.AuthenticateToken(UsernameToken token)
  at
Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.VerifyToken(SecurityToken token)
  at
Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadXmlSecurityToken(XmlElement element)
  at
Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element)
  at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement
element, SecurityConfiguration configuration, Int32& tokenCount)
  at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
  at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
  at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
  at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
  at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope
requestEnvelope)
  at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage
message)
  at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
  at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type,
HttpContext context, HttpRequest request, HttpResponse response, Boolean&
abortProcessing)</faultstring>
           
<faultactor>http://localhost:3697/TestWSE/Service.asmx</faultactor>
       </soap:Fault>
   </soap:Body>
</soap:Envelope>

*********************************************************
Reply to this Message
Zoodor - 15 Nov 2005 09:20 GMT
I think the type attribute of the add element in your web.config is slightly
wrong.

It should look like:

<securityTokenManager>
       <add type="<FullyQualifiedNamespace>.CustomAuthentication,
<AssemblyName>"
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" localName="UsernameToken" />
</securityTokenManager>

obviously you will need to replace <FullyQualifiedNamespace> and
<AssemblyName> with the correct values for your class.

Also, I think the "usernameToken" should be "UsernameToken" (uppercase U) in
the localName attribute value, though I don't know if this is important...

HTH,

Mark

> I have a class "CustomAuthenitcation" which overrides the AuthenticateToken()
> method and implements a db lookup for validation.The class file is included
[quoted text clipped - 113 lines]
>
> *********************************************************
Reply to this Message
irislogic - 15 Nov 2005 19:16 GMT
I tried changing the usernameToken to UsernameToken. It still doesnt work

How do we get the assemly name? No DLL is created in VS 2005.

Also, I do not have a namespace for the customauthentication class and hence
believe that no namespace is required. I might be wrong.

> I think the type attribute of the add element in your web.config is slightly
> wrong.
[quoted text clipped - 134 lines]
> >
> > *********************************************************
Reply to this Message
Zoodor - 16 Nov 2005 08:40 GMT
I could be wrong, but I think the class you use as the UsernameTokenManager
needs to be compiled into an assembly (I did play around with this in WSE 2.0
and had it working this way). I would try putting the class into a new class
library project and compiling it into an assembly.

Hope this helps

> I tried changing the usernameToken to UsernameToken. It still doesnt work
>
[quoted text clipped - 141 lines]
> > >
> > > *********************************************************
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.