Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / September 2004

Tip: Looking for answers? Try searching our database.

How can UsernameTokenManager know what Web Service method is being invoked?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Paul Linhardt - 29 Sep 2004 01:07 GMT
I have implemented a UsernameTokenManager so that a user may attach an
account name and hashed password to his Soap requests.

If the user has forgotten his password, I want him to be able to click
on a button on the logon screen that will e-mail him his password.

I have a method called dbEmailPassword() in my web service, but my
user can't call it because he needs a valid UsernameToken to call it.
I could move the method into another web service that doesn't require
UsernameTokens, but that's not really what I want to do.

I thought I could modify my AuthenticateToken() method in my
UsernameTokenManager to check to see if the method call was to my
dbEmailPassword() method.  In only that case, AuthenticateToken()
would return the user's zip-code (or the answer to user's password
hint) rather than his password so that my dbEmailPassword() method
could be called without generating a SoapHeader Fault.

But I can't figure out how AuthenticateToken() can get the name of the
method that is being invoked.  I can't find it in the SoapRequest
Context.

My questions are:

(1) How can UsernameTokenManager determine which web service method is
being invoked?

(2) Is there a better way to indicate that a specific method in a web
service does not require password verification (e.g. with a policy?).

thanks in advance,
Paul Linhardt
Reply to this Message
Julie Lerman - 29 Sep 2004 03:27 GMT
Paul -

I don't happen to know of an OO way, but you can definitely get at the
webmethod that was called via the context as it is in the soap body.

If you don't know how to work with xmldocs (I have certainly never mastered
that chore..), you can get at it from the context object...
context.envelope.body
you can see it in innerxml and outerxml, but you still have to do some work.
I'd be VERY curious to see if there is something in the namespace to get at
this becuase today I also had to extract a webmethod from one webservice and
create a separate web service for a different policy.

Hope this helps. I don't know if this will get you that info 100% of the
time though but it's worth digging into.

julie lerman
> I have implemented a UsernameTokenManager so that a user may attach an
> account name and hashed password to his Soap requests.
[quoted text clipped - 28 lines]
> thanks in advance,
> Paul Linhardt
Reply to this Message
Hervey Wilson [MSFT] - 29 Sep 2004 06:02 GMT
> I have implemented a UsernameTokenManager so that a user may attach an
> account name and hashed password to his Soap requests.
[quoted text clipped - 28 lines]
> thanks in advance,
> Paul Linhardt

(1) RequestSoapContext.Current.Addressing.To has the name of the target
service (i.e. it's URI), RequestSoapContext.Current.Addressing.Action
has the action (equivalent to method) that the message is destined for.

(2) You can apply policies at the global level (default policy), per
service and per action (effectively the method level). Using the action
level should allow you to define a policy for a specific action such
that it doesn't require signatures, tokens, etc. Check the documentation
for more details.

Signature

This posting is provided "AS IS", with no warranties, and confers no rights.

Reply to this Message
Paul Linhardt - 30 Sep 2004 02:31 GMT
Hervey (& Julie),

Thanks for pointing me in the right direction and saving me a lot of
time.

Since using Policies seemed like the more general solution, I
implemented that and it solved my problem.  I did have a little
difficulty finding a straight-forward explanation of policies until I
found this article:

Web Services Enhancements 2.0 Support for WS-Policy
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/wse2
wspolicy.asp

I didn't bother trying to use
RequestSoapContext.Current.Addressing.Action to access the the method
name as I originally planned since the other solution was more
general, but it's good to know for future reference.

thanks,
-Paul

> > I have implemented a UsernameTokenManager so that a user may attach an
> > account name and hashed password to his Soap requests.
[quoted text clipped - 38 lines]
> that it doesn't require signatures, tokens, etc. Check the documentation
> for more details.
Reply to this Message

 Rate this thread:







Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.