Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / September 2006

Tip: Looking for answers? Try searching our database.

WSE 3.0 UsernameToken exception

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Nicolas Mousson - 18 Sep 2006 17:23 GMT
I'm trying to secure my WS with the usernameForCertificateSecurity turnkey
assertion. I configured the client and the server according to the Web
Service Security Patterns and practices.

When I test my application, I always have the same error (seen in the events
logs) :
System.Web.Services.Protocols.SoapHeaderException:
Microsoft.Web.Services3.Security.SecurityFault: The security token could not
be authenticated or authorized
  at
Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.OnLogonUserFailed(UsernameToken token)
  at
Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.AuthenticateToken(UsernameToken token)
  at
Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.VerifyToken(SecurityToken token)
  ...

On the server hand, I have a CustomUsernameTokenManager to validate
credentials against a SQL Server database. I have verified that this custom
UsernameTokenManager is instanciated at run-time : it's OK. But the overriden
method "AuthenticateToken" is never called... and the error says "The
security token could not be authenticated or authorized"...

Any idea ?

Thanks
Reply to this Message
Pablo Cibraro [MVP] - 19 Sep 2006 15:12 GMT
Hi,

At first glance, it seems like you did not configure the custom
UsernameToken manager in the configuration file.
Do you have something like this in your configuration file ?

<microsoft.web.services3>
   <security>
     <securityTokenManager>
       <add type="CustomUsernameTokenManager, MyAssembly"
namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
localName="UsernameToken" />
     </securityTokenManager>
   </security>
 </microsoft.web.services3>

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

> I'm trying to secure my WS with the usernameForCertificateSecurity turnkey
> assertion. I configured the client and the server according to the Web
[quoted text clipped - 29 lines]
>
> Thanks
Reply to this Message
Nicolas Mousson - 19 Sep 2006 17:37 GMT
Hi Pablo,

Yes, I have had this configuration in my configuration file.
Infact, I have re-generated the different configuration files according to
the WS 3.0 documentation. And now it works ! Maybe I forgot something the
first time...

Thanks,
Nicolas

> Hi,
>
[quoted text clipped - 49 lines]
> >
> > Thanks
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.