 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / August 2004how to remove the timestamp in WSE2
hi, i'm trying to do a completely time-insensitive implementation of username tokens with WSE2. i've had real difficulty trying to remove the timestamp filter. i got a tip about how to do it in WSE1: SoapInputFilterCollection defaultInputFilters = WebServicesConfiguration.FilterConfiguration.InputFilters; defaultInputFilters.Remove(typeof(TimestampInputFilter)); but this doesn't seem to translate well to WSE2. so i need to remove timestamp checking because some of the client clocks may be ahead of the server by a large amount of time and this causes an exception: "At least one timestamp has expired". my web.config and policyCache.config files are below. thanks for any advice tim ************************************************ <microsoft.web.services2> <messaging> <maxRequestLength>256000</maxRequestLength> </messaging> <diagnostics> <detailedErrors enabled="false" /> </diagnostics> <security> <x509 allowTestRoot="true" allowRevocationUrlRetrieval="false" verifyTrust="true" /> <securityTokenManager type="CustomUsernameTokenManager, WebForms" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" qname="wsse:UsernameToken" /> <defaultTtlInSeconds>60</defaultTtlInSeconds> <timeToleranceInSeconds>120</timeToleranceInSeconds> </security> <policy> <cache name="policyCache.config" /> </policy> </microsoft.web.services2> ************************************************ policyCache.config file: <?xml version="1.0"?> <policyDocument xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns="http://schemas.microsoft.com/wse/2003/06/Policy"> <mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy"> <endpoint uri="http://shuttle/appUpdater.asmx"> <defaultOperation> <request policy="" /> <response policy="" /> <fault policy="" /> </defaultOperation> </endpoint> <defaultEndpoint> <defaultOperation> <request policy="#username-token-signed" /> <response policy="" /> <fault policy="" /> </defaultOperation> </defaultEndpoint> </mappings> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsp:Policy wsu:Id="username-token-signed" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part"> wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) </wsp:MessagePredicate> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1 .0#UsernameToken</wssp:TokenType> <wssp:Claims> <wssp:UsePassword wsp:Usage="wsp:Required" /> </wssp:Claims> </SecurityToken> </wssp:TokenInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part"> wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) </wssp:MessageParts> </wssp:Integrity> </wsp:Policy> </policies> </policyDocument> \\ email: tim at mackey dot ie // \\ blog: http://tim.mackey.ie // 67d0ebfec70e8db3 Timestamp filter was gone. Timestamp header is a part of Security header, so it is handled by SecurityFilter. So if you have clock synchronization problem, you can increase the timeToleranceInSeconds. Because you seem not care about the clock difference between sender and receiver. thanks Byron KIM hi, i'm trying to do a completely time-insensitive implementation of username tokens with WSE2. i've had real difficulty trying to remove the timestamp filter. i got a tip about how to do it in WSE1: SoapInputFilterCollection defaultInputFilters = WebServicesConfiguration.FilterConfiguration.InputFilters; defaultInputFilters.Remove(typeof(TimestampInputFilter)); but this doesn't seem to translate well to WSE2. so i need to remove timestamp checking because some of the client clocks may be ahead of the server by a large amount of time and this causes an exception: "At least one timestamp has expired". my web.config and policyCache.config files are below. thanks for any advice tim ************************************************ <microsoft.web.services2> <messaging> <maxRequestLength>256000</maxRequestLength> </messaging> <diagnostics> <detailedErrors enabled="false" /> </diagnostics> <security> <x509 allowTestRoot="true" allowRevocationUrlRetrieval="false" verifyTrust="true" /> <securityTokenManager type="CustomUsernameTokenManager, WebForms" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd" qname="wsse:UsernameToken" /> <defaultTtlInSeconds>60</defaultTtlInSeconds> <timeToleranceInSeconds>120</timeToleranceInSeconds> </security> <policy> <cache name="policyCache.config" /> </policy> </microsoft.web.services2> ************************************************ policyCache.config file: <?xml version="1.0"?> <policyDocument xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns="http://schemas.microsoft.com/wse/2003/06/Policy"> <mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy"> <endpoint uri="http://shuttle/appUpdater.asmx"> <defaultOperation> <request policy="" /> <response policy="" /> <fault policy="" /> </defaultOperation> </endpoint> <defaultEndpoint> <defaultOperation> <request policy="#username-token-signed" /> <response policy="" /> <fault policy="" /> </defaultOperation> </defaultEndpoint> </mappings> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"> <wsp:Policy wsu:Id="username-token-signed" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part"> wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) </wsp:MessagePredicate> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-user name-token-profile-1.0#UsernameToken</wssp:TokenType> <wssp:Claims> <wssp:UsePassword wsp:Usage="wsp:Required" /> </wssp:Claims> </SecurityToken> </wssp:TokenInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part"> wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) </wssp:MessageParts> </wssp:Integrity> </wsp:Policy> </policies> </policyDocument> \\ email: tim at mackey dot ie // \\ blog: http://tim.mackey.ie // 67d0ebfec70e8db3 I have the same clock synchronization problem in my distributed application. I am wondering if I need to put the time zone difference into consideration when I set the timeToleranceInSeconds? (My clients are in different time zone. They all access the web service in the east coast.) Also, I come across this scenario from the WSE 2.0 Service Pack 1 Readme document under the Known Issues section. It said I could set the lifetime of the issued token without sending in the creation time. By doing that, the timing related errors would be avoided. > Timestamp filter was gone. Timestamp header is a part of Security header, so > it is handled by SecurityFilter. [quoted text clipped - 157 lines] > \\ blog: http://tim.mackey.ie // > 67d0ebfec70e8db3 No different timezone does not require you to adjust any settings since WSE Timestamps are stored in the UTC format s you shouldn't get any issues with different timezones. See WSE settings tool (Visual Studio). You can set the default TTL. But as mentioned you can also increase the timeToleranceInSeconds to adjust for machine time differences. > I have the same clock synchronization problem in my distributed application. > I am wondering if I need to put the time zone difference into consideration [quoted text clipped - 54 lines] > > > > <securityTokenManager type="CustomUsernameTokenManager, WebForms" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri > > ty-secext-1.0.xsd" > > [quoted text clipped - 55 lines] > > > > <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit > > y-utility-1.0.xsd"> > > [quoted text clipped - 16 lines] > > > > <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-user > > name-token-profile-1.0#UsernameToken</wssp:TokenType> > > [quoted text clipped - 27 lines] > > \\ blog: http://tim.mackey.ie // > > 67d0ebfec70e8db3 Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.