Hi@all

I ve got a strange problem with my custom security token. I ve added
the token to the security elements and a messagesignature with the same
token as described in the WSE 2.0 documentation.

I derived a class from SecurityTokenServiceClient to communicate with
my STS. Here is a snippet from where i try to get the requested
security token

public void TryGetToken()
{
 // the request for a security token
 RequestSecurityToken rst;

 rst = new RequestSecurityToken(
 "http://updates.dvo.at/tokens/LiveUpdateToken#LiveUpdateToken",  //
requested type
 "http://localhost/LiveUpdateTokenService/TokenService.ashx"); // my
STS

 //custom XML token based on the XML token from the CustomXMLToken
Service. I 've added some extra field which i need to validate

 LiveUpdateRequestToken f = new LiveUpdateRequestToken("Patrick",
"Brunmayr", "hansi", "1000");

 this.RequestSoapContext.Security.Tokens.Add( f );  // Add the token
to the security elements
 this.RequestSoapContext.Security.Elements.Add( new
MessageSignature(f)); // add a signature to sign the request

 base.IssueSecurityToken(rst); // call the STS and try to get the
security token
}

When i call base.IssueSecurityToken(rst) i alwasy get this
SoapExcpetion

<soap:Fault>
<faultcode
xmlns:code="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xs
d">code:SecurityTokenUnavailable</faultcode>
<faultstring>Microsoft.Web.Services2.Security.SecurityFault: Referenced
security token could not be retrieved
at Microsoft.Web.Services2.Security.MessageSignature.CheckSignature()
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement
element)
at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.Messaging.SoapReceiver.FilterMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.Messaging.SoapReceiver.ProcessMessage(SoapEnvelope
message)</faultstring>
<faultactor>http://localhost/LiveUpdateTokenService/TokenService.ashx</faultactor>
</soap:Fault>

But i don't understand this beacuse my token is present in the Soap
header. Here the SoapMessage from the trace

<soap:Envelope
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>
<wsa:Action
wsu:Id="Id-3d8b7914-b86d-471a-8f97-1893b99530ef">http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue</wsa:Action>
<wsa:MessageID
wsu:Id="Id-512d289f-2425-4bc2-8cab-f2e78c5677ba">uuid:e80f2392-728a-41d9-8c8a-73ed2aae3f90</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-be1ddfa6-4905-439a-be09-9fc46a9ab710">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To
wsu:Id="Id-1e50cadc-6083-4c0b-a091-2e55a91059a6">http://localhost/LiveUpdateTokenService/TokenService.ashx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-b189d2ef-e3e5-4f3c-b724-45d41d31c76e">
<wsu:Created>2006-01-03T10:15:57Z</wsu:Created>
<wsu:Expires>2006-01-03T10:20:57Z</wsu:Expires>
</wsu:Timestamp>

// here is my token

<dvo:LiveUpdateRequestToken
wsu:Id="SecurityToken-489fdbb5-d56e-44e1-9890-a308657f047f"
xmlns:dvo="http://updates.dvo.at/tokens/LiveUpdateRequestToken">
<dvo:CreatedAt>2006-01-03T10:15:56Z</dvo:CreatedAt>
<dvo:ExpiresAt>2006-01-03T18:15:56Z</dvo:ExpiresAt>
<dvo:Email>????????</dvo:Email>
<dvo:Password>????????????</dvo:Password>
<dvo:WTNumber>????????</dvo:WTNumber>
<dvo:ProgrammCode>????????</dvo:ProgrammCode>
</dvo:LiveUpdateRequestToken>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
<Reference URI="#Id-3d8b7914-b86d-471a-8f97-1893b99530ef">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>tJfDGaqEs7y0Irw2oQBtjSQ+5jY=</DigestValue>
</Reference>
<Reference URI="#Id-512d289f-2425-4bc2-8cab-f2e78c5677ba">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>1At17jkhs39o9wiXHOJmh25Kwsk=</DigestValue>
</Reference>
<Reference URI="#Id-be1ddfa6-4905-439a-be09-9fc46a9ab710">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>pnlzF1vVnTwatB7NLjXkbgOzC4A=</DigestValue>
</Reference>
<Reference URI="#Id-1e50cadc-6083-4c0b-a091-2e55a91059a6">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>IzprExuvm/t4Jnsl94j/ITkP53o=</DigestValue>
</Reference>
<Reference URI="#Timestamp-b189d2ef-e3e5-4f3c-b724-45d41d31c76e">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>6QEFpK/PrJVbzLxTnUtAYKgbJ5g=</DigestValue>
</Reference>
<Reference URI="#Id-392047ac-59c7-4df7-983f-8fdd8864bc38">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>BdnuQuQFhi0IIfiUWcrtBD5QLFQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>oT+qphdjdHqOm6mhwv78nNQj7N8=</SignatureValue>

<KeyInfo>
<wsse:SecurityTokenReference>
// here is the reference to my token. This Section was added from WSE
<wsse:Reference
URI="#SecurityToken-489fdbb5-d56e-44e1-9890-a308657f047f"
ValueType="http://updates.dvo.at/tokens/LiveUpdateRequestToken#LiveUpdateRequestToken"
/>
</wsse:SecurityTokenReference>
</KeyInfo>

</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-392047ac-59c7-4df7-983f-8fdd8864bc38">
<wst:RequestSecurityToken
xmlns:wst="http://schemas.xmlsoap.org/ws/2004/04/trust">
<wst:TokenType>http://updates.dvo.at/tokens/LiveUpdateToken#LiveUpdateToken</wst:TokenType>
<wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType>
<wsp:AppliesTo
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsa:EndpointReference>
<wsa:Address>http://localhost/LiveUpdateTokenService/TokenService.ashx</wsa:Address>
</wsa:EndpointReference>
</wsp:AppliesTo>
<wst:LifeTime>
<wsu:Expires>2006-01-03T14:15:57Z</wsu:Expires>
</wst:LifeTime>
</wst:RequestSecurityToken>
</soap:Body>
</soap:Envelope>

I dont know why WSE cant find the token? Did anybode have the same
problem? Please Help me this drives my crazy

Jay