 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / December 2005WSE 3.0; Kerberos Token; An invalid security token was provided.
Hi I am using WSE 3.0 and .NET Framework 2.0/VS.NET 2005; When I use the Kerberos Token; the following exception is thrown. "An invalid security token was provided...... unknown user name or bad password" Following are the code/configuration details. Can some one please point out what I am doing wrong. Client App.config ------------------ <?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <section name="microsoft.web.services3" type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > <section name="KerberosClient.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" /> </sectionGroup> </configSections> <microsoft.web.services3> <diagnostics> <trace enabled="true" input="InputTrace.webinfo" output="OutputTrace.webinfo" /> </diagnostics> <policy fileName="wse3policyCache.config" /> </microsoft.web.services3> <applicationSettings> <KerberosClient.Properties.Settings> <setting name="KerberosClient_localhost_KerberosTokenWebService" serializeAs="String"> <value>http://localhost:1226/KerberosService/KerberosTokenWebService.asmx</value> </setting> </KerberosClient.Properties.Settings> </applicationSettings> </configuration> Client wse3policyCache.config ------------------------------ <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy"> <extensions> <extension name="kerberosSecurity" type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </extensions> <policy name="ClientPolicy"> <kerberosSecurity establishSecurityContext="false" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300"> <protection> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> </protection> </kerberosSecurity> <requireActionHeader /> </policy> </policies> Client Code ------ private void Form1_Load(object sender, EventArgs e) { try { string targetPrincipalName = "host/" + System.Net.Dns.GetHostName(); //string targetPrincipalName = "host/machine@domain.co.in";// this also doesn't work KerberosToken kerberosToken = new KerberosToken(targetPrincipalName); KerberosTokenWebServiceWse kerberosTokenWebServiceWse = new KerberosTokenWebServiceWse(); kerberosTokenWebServiceWse.SetPolicy("ClientPolicy"); kerberosTokenWebServiceWse.SetClientCredential<KerberosToken>(kerberosToken); kerberosTokenWebServiceWse.RequestSoapContext.Security.Tokens.Add(kerberosToken); kerberosTokenWebServiceWse.RequestSoapContext.Security.Elements.Add(new MessageSignature(kerberosToken)); MessageBox.Show(kerberosTokenWebServiceWse.HelloWorld().ToString()); } catch (ResponseProcessingException ex) { // throws : An invalid security token was provided...... unknown user name or bad password exception MessageBox.Show(ex.Response.InnerText); } catch (Exception ex) { MessageBox.Show(ex.Message + "\r\n\r\n\r\n Inner Exception : \r\n" + ex.InnerException); } } Service wse3policyCache.config ------------------------------- <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy"> <extensions> <extension name="kerberosSecurity" type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </extensions> <policy name="ServicePolicy"> <kerberosSecurity establishSecurityContext="false" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300"> <protection> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> </protection> </kerberosSecurity> <requireActionHeader /> </policy> </policies> I don't know; it depends! But if you get the problem when trying to construct the kerberos token, it may be related to whether that particular client is trusted for delegation (provided you are running inside an AD, otherwise kerberos just won't work). More on the subject of delegation may be found in many places, but here is one from MSDN Magazine: http://msdn.microsoft.com/msdnmag/issues/05/09/SecurityBriefs Niels http://blog.flensted-jensen.com > Hi > I am using WSE 3.0 and .NET Framework 2.0/VS.NET 2005; [quoted text clipped - 152 lines] > > Hi, Thanks for the link. I will go thru it. The error still persists. The inner exception is "Security requirements are not satisfied because the security header is not present in the incoming message." The responseProcessingException.Response.InnerText is An invalid security token was provided...... unknown user name or bad password What does this mean? I have already added the below in the config file : <webServices> <soapServerProtocolFactory type="Microsoft.Web.Services3.WseProtocolFactory, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </webServices> The problem has been solved. We need to convert the service from “file based website” (vs.NET 2005 feature) to an IIS configured virtual directory. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.