Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / February 2006

Tip: Looking for answers? Try searching our database.

performance using UsernameTokenWithDatabase

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Kevin - 13 Feb 2006 02:53 GMT
Hi,everybody

look below code in page 119 of Web Service Security
Scenarios, Patterns, and Implementation Guidance
for Web Services Enhancements (WSE) 3.0:

protected override string AuthenticateToken( UsernameToken token )
{
bool validCredentials = Membership.ValidateUser(token.Username,
token.Password);
if (!validCredentials)
{
throw new ApplicationException(Resources.Messages.AuthenticationError);
}
GenericIdentity identity = new GenericIdentity(token.Username);
GenericPrincipal principal = new GenericPrincipal(identity,
Roles.GetRolesForUser(token.Username));
token.Principal = principal;
return token.Password;
}

Do invoke AuthenticateToken method for each request?if yes,that have any
performance problem?

Because I wonder this thing,so I do that:

protected override string AuthenticateToken(UsernameToken token)
   {
     if (token.PasswordOption != PasswordOption.SendPlainText)
       throw new ArgumentException("token is only SendPlainText");
     string password = token.Password;
     Microsoft.Practices.EnterpriseLibrary.Security.IToken cacheToken =
new MyCacheToken(token.Username);
     IPrincipal principal=
Microsoft.Practices.EnterpriseLibrary.Security.ISecurityCacheProvider.Ge
tPrincipal(cacheToken);
     if (principal == null)
     {
       bool isAuth = Membership.ValidateUser(token.Username, password);
       if (isAuth)
       {
         principal= MyPrincipal.Create(cacheToken);
       }
       else
       {
         this.OnLogonUserFailed(token);
       }
     }
     token.Principal = principal;
     return password;
   }

My code is right?
Reply to this Message
Pablo Cibraro - 13 Feb 2006 14:24 GMT
Hi Kevin,
You are right, the AuthenticateToken method is invoked for each request if
that request contains an UsernameToken.
In my opinion, the best approach in this case is to use SecureConversation.
When SecureConversation is enabled, the token negotiation happens once
compared to other turn-key scenarios where the negotiation is done for each
message. (As a result, the method AuthenticateToken is only called the first
time).

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

> Hi,everybody
>
[quoted text clipped - 49 lines]
>
> My code is right?
Reply to this Message
Kevin - 22 Feb 2006 09:43 GMT
But I do each invoke,I always create a proxy instance.
SecureConversation is only for one proxy instance,not for new instance.

> Hi Kevin,
> You are right, the AuthenticateToken method is invoked for each
[quoted text clipped - 9 lines]
> http://weblogs.asp.net/cibrax
> http://www.lagash.com
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.