Arghhhh...My client (WSE3) attempts to receive a token from a STS server running WSE2. But WSE3 is using newer versions of the Oasis specs

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Ste - 05 Jan 2006 22:30 GMT

My client (WSE3) attempts to receive a token from a STS server running WSE2.
But WSE3 is using newer versions of the Oasis specs.

The Soap action header for the WSE3 call has a newer version of the Oasis
Issuer request endpoint. eg The SoapAction points to version
01/2005/Issue.rts instead of 02/2004/Issue.rts [unfortunately i havent got
the exact header to hand]

Can i force WSE3 to use the WSE2 equivalent tokens, urn's etc..? I am only
using WSE3 because all my applications have been upgraded to .NET2 with
Visual Studio 2005 and WSE2 is not supported on .Net2

Can anyone please help me?

Thanks

Reply to this Message

Pablo Cibraro - 06 Jan 2006 18:51 GMT

Hi Ste,
WSE 2 is still supported in NET 2.0 and you can use side by side with WSE
3.0.
Are you using a custom STS implemented by you ?
If the answer is yes, you can do something like this:

1. Add a method with the soap action header for WSE 2.0, for example:

[SoapMethod("01/2005/Issue")]
public virtual RSTR IssueTokenForWSE2(RST request)
{

RSTR response = IssueSecurityTokenRequest(request);

// set the response action here
ResponseSoapContext.Current.Addressing.Action = "01/2005/Issue";

return response;
}

As you can see, this method makes a call to the protected method
"IssueSecurityTokenRequest" where the token is created.

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

> My client (WSE3) attempts to receive a token from a STS server running
> WSE2. But WSE3 is using newer versions of the Oasis specs.
[quoted text clipped - 11 lines]
>
> Thanks

Reply to this Message

Ste - 06 Jan 2006 22:57 GMT

Pablo,

Thanks for the reply.. much appreciated!

My client is connecting to a custom STS server.. i have no access to the
server source - it is a govt server implementing the msoft GSO offering,

The only thing "custom" about my STS server is that it returns its own
"tokens" in its xml format. I create standard Oasis username tokens, in the
format below ... How can i tell WSE3 to use this usernametoken format? not
the new 2005 oasis version?

<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-c80775e7-b8dc-46d4-9312-dbfa65a2b6e9">
    <wsse:Username>513FDQ37JILL</wsse:Username>
    <wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1
.0#PasswordDigest">
        6MVcBZAS0SQpitXrRsXntcbugHw=
    </wsse:Password>
    <wsse:Nonce>C1CRDaeRoqFSrjjMdh3TIA==</wsse:Nonce>
    <wsu:Created>2004-06-28T13:00:32Z</wsu:Created>
</wsse:UsernameToken>

I have reverted all my code back to WSE2 and with a bit of "fiddling" i now
have WSE2 working with .NET2 and VS2005... is this a recommended approach?

Below is an example of my WSE2 and WSE3 code, however i cannot see where
your
example using [SoapMethod("01/2005/Issue")] would fit in,

The WSE2 code to do this looks similar to :- [ seeWSE2
CustomXmlSecurityToken example ]
MyClass : SecurityTokenServiceClient
{
public const string TokenServiceAppliesTo =
"urn:XXX-System-Services:external:1.0.0:XXXWebServices";
public const string TokenType =
"urn:XXX-System-Services:external:1.1.1:mytoken#mytoken";
SecurityToken token = UsernameToken(user, passwd);

AppliesTo appliesto = new AppliesTo(TokenServiceAppliesTo);
RequestSecurityToken rst = RequestSecurityToken(TokenType, token,
appliesto);
RequestSecurityTokenResponse rstr = this.IssueSecurityToken(rst);
return rstr.RequestedSecurityToken.SecurityToken as MySecurityToken;
}

Using WSE3
MyClass : SecurityTokenServiceClient
{
public const string TokenServiceAppliesTo =
"urn:XXX-System-Services:external:1.0.0:XXXWebServices";
public const string TokenType =
"urn:XXX-System-Services:external:1.1.1:mytoken#mytoken";

AppliesTo appliesto = new AppliesTo(TokenServiceAppliesTo);
RequestSecurityToken rst = RequestSecurityToken(TokenType)
rst.AppliesTo = appliesTo

// add the username token
UsernameForCertificateAssertion assertion = new
UsernameForCertificateAssertion();
assertion.UsernameTokenProvider = new UsernameTokenProvider(username,
"BadPassword");

Policy policy = new Policy();
policy.Assertions.Add(assertion);
rst.SetPolicy ( policy )

RequestSecurityTokenResponse rstr = this.IssueSecurityToken(rst);
return rstr.RequestedSecurityToken.SecurityToken as MySecurityToken;
}

> Hi Ste,
> WSE 2 is still supported in NET 2.0 and you can use side by side with WSE
[quoted text clipped - 40 lines]
>>
>> Thanks

Reply to this Message

Pablo Cibraro - 09 Jan 2006 13:30 GMT

Hi Ste,
My sample goes in the Custom STS server but in this case you are not lucky
since you don't have access to that code.
If you want to use a different UsernameToken format, then you will have to
do something like this:

1. Write a custom UsernameToken class
2. Write a custom UsernamenameTokenManager, which knows how to serialize and
deserialize the custom UsernameTokenManager
3. Register the custom UsernameTokenManager in the client application
(Adding a setting in the configuration file).

<microsoft.web.services3>
<security>
<securityTokenManager>
<add type="MyLibrary.CustomUsernameTokenManager, MyAssembly"
namespace="Your Namespace" localName="UsernameToken"/>
</securityTokenManager>
</security>
</microsoft.web.services3>

In this case, WSE 2.0 is working fine, so I recommend you to use that
version. WSE 3.0 is usefull if you are planning to move to Indigo.

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

> Pablo,
>
[quoted text clipped - 116 lines]
>>>
>>> Thanks

Reply to this Message

Arghhhh...My client (WSE3) attempts to receive a token from a STS server running WSE2. But WSE3 is using newer versions of the Oasis specs

Free Magazines