 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / September 2006CustomUsernameTokenManager
Hi, I have implemented a custom UsernameTokenManager to validate user credentials against a SQL Server Database : This CustomUsernameTokenManager throws an ApplicationException if the login/pass supplied in the SOAP request can't be verified. If I test and then see the events log, I saw that : - On the server hand, I have two exceptions : 1) An error occured processing an outgoing fault response. Details of the error causing the processing failure: System.InvalidOperationException: Send security filter on the server could not retrieve the operation protection requirements from the operation state. à Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security) à Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope envelope) à Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope envelope) à Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope outputEnvelope) 2) System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapHeaderException: Microsoft.Web.Services3.Security.SecurityFault: The security token could not be authenticated or authorized ---> System.ApplicationException: Incorrect password... - On the client side, I have an exception of type "Microsoft.Web.Services3.ResponseProcessingException", that says "WSE910: An error happened during the processing of a response message, and you can find the error in the inner exception. You can also find the response message in the Response property." Infact I was waiting for a SoapException in the client side, like what I have when I throw an exception in a WebMethod. So I don't understand what's wrong with my CustomUsernameTokenManager... Nicolas Hi Nicolas, There is nothing wrong with your Custom token manager, the problem is in WSE since it does not throw "friendly" exceptions as we expect. Regards, Pablo Cibraro http://weblogs.asp.net/cibrax > Hi, > [quoted text clipped - 50 lines] > > Nicolas In order to have "clean" exceptions thrown when user is not authenticated, I've made the following : 1) In the CustomUsernameTokenManager, I instanciate a GenericPrincipal like this : protected override string AuthenticateToken(UsernameToken token) { ... GenericIdentity identity = authenticationError ? new GenericIdentity(String.Empty) : new GenericIdentity(token.Username); token.Principal = new GenericPrincipal(identity, null); return token.Password; ... } 2) Then in each WebMethod of my WebServices, I check if the user is autenticated : [WebMethod] public void MyWebMethod() { // Authentication check if (!RequestSoapContext.Current.IdentityToken.Principal.Identity.IsAuthenticated) throw new ApplicationException("Authentication error"); ... } Nicolas > Hi Nicolas, > [quoted text clipped - 59 lines] > > > > Nicolas Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.