Hi Rob,

I think what is happening is that you are trying to get a WSE username
token security to interop with basic authentication.  This is not going to
automatically work.  Basic Auth and Windows Auth both rely on existing HTTP
request mechanisms to let IIS authenticate the user credentials supplied
against the servers AD store or local security hive.  WSE username token
authentication is an application level authentication mechanism that
requires WSE 2.0 to participate on both sides - both in the client, in in
your application's service code.  Username Tokens are not authenticated
automatically, and require that the service participate in looking up the
credentials in a private database - not related to windows.  If the
credentials match, you tell WSE that they do match by giving the WSE
infrastructure on the service side the plain text password for the
credential passed.  WSE then compares the two, and if they match, the
method call is made.

Please see the examples for WSE 2.0 username token authentication that ship
with WSE 2.0 SP1.  These should help you.

I hope this helps

Dan Rogers
Microsoft Corporation
--------------------
From: "Rob Thomson" <new@rjtt64.plus.com>
Subject: UserName token Access denied smart client
Date: Thu, 2 Dec 2004 22:29:11 -0000
Lines: 193
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0016_01C4D8BE.58DB4F10"
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Message-ID: <#wSOU6L2EHA.1264@TK2MSFTNGP12.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
NNTP-Posting-Host: rjtt64.plus.com 80.229.24.151
Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
.phx.gbl
Xref: cpmsftngxa10.phx.gbl
microsoft.public.dotnet.framework.webservices.enhancements:5012
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements

Hi
Has anyone got any pointers to the following problem Im trying to use WSE
to pass user credentials to a web service, and Im getting 404's.....Ive
bolded below to help with reading...thanks
(Environment SmartClient, calls proxy calls web service, on VS.NET 2003,
WSE2, Win2k)
I have a webservice whose anonymous is disabled and allows basic text and
windows auth. I am validating against local users and groups. Its config
file contains:
 <webServices>
        <soapExtensionTypes>
           <add type="Microsoft.Web.Services2.WebServicesExtension,
Microsoft.Web.Services2,Version=2.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35"
                  priority="1"
                  group="0"/>
        </soapExtensionTypes>
     </webServices>
My proxy inherits from  Microsoft.Web.Services2.WebServicesClientProtocol
When I call the proxy I add:
new UsernameToken("username", "password", PasswordOption.SendPlainText );
SoapContext requestContext = prox.RequestSoapContext;
requestContext.Security.Tokens.Add(userToken);
If I set the proxy.Credentials to the current user it works and dont use
the usertoken I get through, if I user the security token and the proxy
credentials then I get:
An unhandled exception of type
'System.Web.Services.Protocols.SoapHeaderException' occurred in
system.web.services.dll
Additional information: Microsoft.Web.Services2.Security.SecurityFault: The
security token could not be authenticated or authorized
  at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUserFail
ed(UsernameToken token)
  at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser(Usern
ameToken token)
  at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.AuthenticateTok
en(UsernameToken token)
  at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(Sec
urityToken securityToken)
  at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurity
Token(XmlElement element)
  at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml
(XmlElement element)
  at Microsoft.Web.Services2.Security.Security.LoadToken(XmlElement
element, SecurityConfiguration configuration, Int32& tokenCount)
  at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
  at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnve
lope envelope)
  at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
  at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
verMessage message)
Any pointers as to how to debug this or what Im doing wrong
Thanks

Hello Rob,
   Theres two aspects to what you're trying to do
1. Transport level authentication
2. Web service authentication.

The situation which you described as a working version is the transport level
authentication. WSE provides default windows authenication using username
token manager. May be you could try adding the domain qualified username
to the token manager i.e. DOMAIN\user

Regards,
Dilip Krishnan
MCAD, MCSD.net
dkrishnan at geniant dot com