 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / May 2006How do I access UsernameToken from Web Service
Hello. I'm currently trying to upgrade some web serviecs from .NET 1.1 & WSE 2.0 to .NET 2.0 & WSE 3.0. We are doing our user authentication in the WS and in WSE 2.0 we did this by looping through the tokens in RequestSoapContext.Current.Security.Tokens. Since SoapContext.Security is obsolete in WSE 3.0 I'm trying to do this some other way but I can not figure out how to access the username tokens. I have tried RequestSoapContext.Current.IdentityToken but for some reason this is always null. Any ideas someone? Best regards Jonas Hi Jonas, In what part of the code are you calling to this line RequestSoapContext.Current.IdentityToken ?. If you are using this line in a webmethod, it should have the security token unless the web service is not secure. Regards, Pablo Cibraro http://weblogs.asp.net/cibrax > Hello. > I'm currently trying to upgrade some web serviecs from .NET 1.1 & WSE [quoted text clipped - 10 lines] > Best regards > Jonas Hi Pablo, The following code reproduces my problem. In the WSE settings I have enabled WSE and Web Service Enhancements Soap Protocol Factory, and I have setup to use my own UsernameTokenManager. public class MyUsernameTokenManager : Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager { public MyUsernameTokenManager() { } protected override string AuthenticateToken(Microsoft.Web.Services3.Security.Tokens.UsernameToken token) { return token.Password; } } [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class Service : System.Web.Services.WebService { public Service() { } [WebMethod] public string TestMethod() { if (RequestSoapContext.Current == null) return "RequestSoapContext.Current is null"; if (RequestSoapContext.Current.IdentityToken == null) return "RequestSoapContext.Current.IdentityToken is null"; UsernameToken token = RequestSoapContext.Current.IdentityToken as UsernameToken; return token.Username + "_" + token.Password; } } Hi Jonas, You forgot to configure a WSE policy for the web service and therefore it is not secure and you can not get the username token. You should have something like this: [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [Policy("MySecurityPolicy")] //Added line public class Service : System.Web.Services.WebService { public Service() { } [WebMethod] public string TestMethod() { if (RequestSoapContext.Current == null) return "RequestSoapContext.Current is null"; if (RequestSoapContext.Current.IdentityToken == null) return "RequestSoapContext.Current.IdentityToken is null"; UsernameToken token = RequestSoapContext.Current.IdentityToken as UsernameToken; return token.Username + "_" + token.Password; } } Regards, Pablo Cibraro > Hi Pablo, > [quoted text clipped - 40 lines] > } > } Hi Pablo, I tried to add a policy like you said and configured it like this - Secure service application - Client Authentication method: Username - No Authorization - Enable WS-Security 1.1 Extensions - Protection order: None (rely on transport protection) Now my service generates the follwing error: <soap:Fault> <faultcode xmlns:q0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xs d">q0:Security</faultcode> <faultstring> Microsoft.Web.Services3.Security.SecurityFault: Header http://schemas.xmlsoap.org/ws/2004/08/addressing:Action for ultimate recipient is required but not present in the message. at Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion.RequireSoapHeaderFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope) at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message) at System.Web.Services.Protocols.SoapServerProtocol.Initialize() at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response) at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing) </faultstring> <faultactor>http://localhost:2420/WebService/Service.asmx</faultactor> </soap:Fault> After reading the error message I guess I am missing a header or something in my request, but I dont know how to fix it. This is what the request looks like: <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <UsernameToken> <Username>MyUsername</Username> <Password>MyPassword</Password> </UsernameToken> </Security> </soap:Header> <soap:Body> <TestMethod xmlns="http://tempuri.org/" /> </soap:Body> </soap:Envelope> Best regards, Jonas Samuelsson It's saying that the request should look more like this: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <soap:Header> <wsa:Action>http://tempuri.org/TestMethod</wsa:Action> <wsa:MessageID>urn:uuid:8987a5c2-c0cb-44c2-8075-8dc9ab908e82</wsa:MessageID> <wsa:ReplyTo> <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address> </wsa:ReplyTo> <wsa:To>http://localhost:2953/WebSite11/Service.asmx</wsa:To> <wsse:Security soap:mustUnderstand="1"> <wsu:Timestamp wsu:Id="Timestamp-6e702643-7d5c-465e-b4c1-0ce54a69759f"> <wsu:Created>2006-05-23T22:04:33Z</wsu:Created> <wsu:Expires>2006-05-23T22:09:33Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-7b0310d7-1422-429f-b33c-fa58b63a4cfc"> <wsse:Username>demouser</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1 .0#PasswordText">pass@word1</wsse:Password> <wsse:Nonce>cWpyhsbnu79kYDaG4+XgVw==</wsse:Nonce> <wsu:Created>2006-05-23T22:04:33Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soap:Header> <soap:Body> <TestMethod xmlns="http://tempuri.org/" /> </soap:Body> </soap:Envelope> What SOAP stack are you using as a client? > Hi Pablo, > [quoted text clipped - 61 lines] > Best regards, > Jonas Samuelsson Hi Kirk, This does not look good from my point of view as I would prefer if our external customers using this web service didn't have to make any changes to their apps (or at least keep the changes to a minimum). Anyway, when I test my service I am using an application I got from Senior Developer Evangelist Johan Lindfors (he has blogged about this tool at http://blogs.msdn.com/johanl/articles/251846.aspx). Hi Pablo, The following code reproduces my problem. In the WSE settings I have enabled WSE and Web Service Enhancements Soap Protocol Factory, and I have setup to use my own UsernameTokenManager. public class MyUsernameTokenManager : Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager { public MyUsernameTokenManager() { } protected override string AuthenticateToken(Microsoft.Web.Services3.Security.Tokens.UsernameToken token) { return token.Password; } } [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class Service : System.Web.Services.WebService { public Service() { } [WebMethod] public string TestMethod() { if (RequestSoapContext.Current == null) return "RequestSoapContext.Current is null"; if (RequestSoapContext.Current.IdentityToken == null) return "RequestSoapContext.Current.IdentityToken is null"; UsernameToken token = RequestSoapContext.Current.IdentityToken as UsernameToken; return token.Username + "_" + token.Password; } Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.