 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / February 2006WSE 3 security exceptions
Hi, I am using WSE 3 and I am using usernameForCertificateSecurity. I have added my custom UsernameTokenManager to provide password for the user. My question is I want to get notofication from the WSE runtime if username authentication fails. eg user has entered wrong password. So instead WSE throws exception and returns SoapException to the client I want to return some user friendly message to the client eg Invalid username/password. Is there any hook where I can intercept all exceptions thrown by WSE Thanks KDV Hi KDV, You have two options to intercept exceptions in the scenario that you described. 1. Develop a custom UsernameTokenManager and override the AuthenticateToken method to catch the exceptions. 2. Develop a custom SoapFilter to catch the exceptions. This option also requires a custom Policy assertion that returns the soap filter as a service output filter. I can give you more details if you want. Regards, Pablo Cibraro http://weblogs.asp.net/cibrax > Hi, > [quoted text clipped - 10 lines] > > KDV Could you please send me more information or point me to the resource for more information. Thanks KDV > Hi KDV, > You have two options to intercept exceptions in the scenario that you [quoted text clipped - 26 lines] > > > > KDV please send me ,too and i also have an other question. how can i configure a Custom UsernameTokenManager. you said copy the attached file "CustomUsernameTokenManager.cs" to the "App_Code" in the other subject. but i didn't find it ,could you send me? > Hi KDV, > You have two options to intercept exceptions in the scenario that you [quoted text clipped - 26 lines] > > > > KDV Hi KDV, Code for the custom username token manager: public class CustomUsernameTokenManager : UsernameTokenManager { /// <summary> /// Constructs an instance of this security token manager. /// </summary> public CustomUsernameTokenManager() { } /// <summary> /// Constructs an instance of this security token manager. /// </summary> /// <param name="nodes">An XmlNodeList containing XML elements from a configuration file.</param> public CustomUsernameTokenManager(XmlNodeList nodes) : base(nodes) { } protected override string AuthenticateToken(UsernameToken token) { //Return the user password return "MyPassword"; } public override void VerifyToken(SecurityToken token) { try { base.VerifyToken(token); } catch (Exception e) { //Do something throw e; } } } Code for the custom assertion: public class MyAssertion : Microsoft.Web.Services3.Design.PolicyAssertion { public override Microsoft.Web.Services3.SoapFilter CreateClientInputFilter(Microsoft.Web.Services3.Design.FilterCreationContext context) { return null; } public override Microsoft.Web.Services3.SoapFilter CreateClientOutputFilter(Microsoft.Web.Services3.Design.FilterCreationContext context) { return new MyFilter(); } public override Microsoft.Web.Services3.SoapFilter CreateServiceInputFilter(Microsoft.Web.Services3.Design.FilterCreationContext context) { return null; } public override Microsoft.Web.Services3.SoapFilter CreateServiceOutputFilter(Microsoft.Web.Services3.Design.FilterCreationContext context) { return new MyFilter(); } public override void ReadXml(XmlReader reader, System.Collections.Generic.IDictionary<string, Type> extensions) { reader.ReadStartElement("customAssertion"); if (!isEmpty) reader.ReadEndElement(); } public override void WriteXml(XmlWriter writer) { writer.WriteStartElement("customAssertion"); writer.WriteEndElement(); } protected class MyFilter : Microsoft.Web.Services3.SoapFilter { public override Microsoft.Web.Services3.SoapFilterResult ProcessMessage(Microsoft.Web.Services3.SoapEnvelope envelope) { if (envelope.Fault is System.Web.Services.Protocols.SoapException) { throw new Exception("My friendly exception"); } return Microsoft.Web.Services3.SoapFilterResult.Continue; } } } Policy Configuration for the custom assertion: <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy"> <extensions> <extension name="customAssertion" type="MyAssertion"/> </extensions> <policy name="Policy"> <customAssertion/> <!--Security assertion--> </policy> I hope this can help you Regards, Pablo Cibraro http://weblogs.asp.net/cibrax > please send me ,too > and i also have an other question. how can i configure a Custom [quoted text clipped - 38 lines] >> > >> > KDV Thanks Pablo. The Usernametokenmanager code will help what I wanted to acheive. I will try that code first. At this moment I just wanted to know only if user is validated or not In custom assertion I think I have to parse SoapException to figure out what kind of error it is reporting (Because I don't want WSE error message to float to the client) Still don't know how to figure out what kind of error WSE is reporting (eg invalid username/password, encryption algorithm mismatch or something else??) Thanks once again KDV > Hi KDV, > [quoted text clipped - 163 lines] > >> > > >> > KDV I am having trouble using customusernametokenmanager. I can throw SoapException from with VerifyToken method but I do not get that exception on client side. WSE somehow changes it and rethrows a ResponseException. But in the trace file I can see the fault string which I put in the SoapException. Where I am making a mistake > Thanks Pablo. The Usernametokenmanager code will help what I wanted to > acheive. I will try that code first. At this moment I just wanted to know [quoted text clipped - 176 lines] > > >> > > > >> > KDV Yes, you are right. WSE always throws a SoapException to the client and you can't avoid that behavior. The custom assertion solves that problem but you will have to configure it on the client side, which is not a good solution for this case :(. Regards, Pablo. >I am having trouble using customusernametokenmanager. I can throw > SoapException from with VerifyToken method but I do not get that exception [quoted text clipped - 198 lines] >> > >> > >> > >> > KDV The problem is that on the client side WSE eats up SoapException. I could not get it but I get ResponseProcessingException which comes from the proxy. And further this exception is not derived from SoapException(Neither the inner Exception is of type SoapException). Is there any way I can see SoapException on the client side without implementing custom assertion. Actually I want to see the message which I put in the SoapException object on the server. Thanks KDV > Yes, you are right. > WSE always throws a SoapException to the client and you can't avoid that [quoted text clipped - 207 lines] > >> > >> > > >> > >> > KDV In the wse settings, there is an option on the diagnostics page to "send detailed error information". If you have this set to true, then the you should get much better information in the client's trace file when the exception is thrown. > The problem is that on the client side WSE eats up SoapException. I could > not [quoted text clipped - 235 lines] >> >> > >> > >> >> > >> > KDV Thanks. I will try that. But if I can get some how SoapException type coming from the server then I will be able to solve this. I do not want to add custom assertion for just to figure out exception. Thanks KDV > In the wse settings, there is an option on the diagnostics page to "send > detailed error information". If you have this set to true, then the you [quoted text clipped - 240 lines] > >> >> > >> > > >> >> > >> > KDV I did test with detailed error turned on. It shows the fault string same what I put in the SoapException on server. But this does not solve my problem. I want to catch this error string/exception in the code. Thanks KDV > Thanks. I will try that. But if I can get some how SoapException type coming > from the server then I will be able to solve this. I do not want to add [quoted text clipped - 247 lines] > > >> >> > >> > > > >> >> > >> > KDV Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.