 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / December 2004WSE405: A satisfactory subset of policy assertions that could be enforced for the outgoing message could not be found.
Hello, I am trying to implement a Security Between my Web Site and my Web Service using WSE2.0 using Policy. I Followed the example in HOL-WSE02 and It works greate. Now when I try to use the same exact Procedure/steps on my own web - webservice I keep on getting the following error. WSE405: A satisfactory subset of policy assertions that could be enforced for the outgoing message could not be found. I looked on Google etc.. and I can not find any thing that can help The only thing I found is to make sure I have the following on the client side, and I do. Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text, txtPassword.Text, PasswordOption.SendPlainText) PolicyEnforcementSecurityTokenCache.GlobalCache.Clear() PolicyEnforcementSecurityTokenCache.GlobalCache.Add(oToken) I have No idea what to do next. Can anyone please help Thank you, Sql > Hello, > [quoted text clipped - 21 lines] > I have No idea what to do next. > Can anyone please help The problem seems to be that what you are trying to send out does not match any of the policies associated with the endpoint. The trick, of course is in figuring out why the match fails. WSE 2 does have a tool designed for this purpose. Turn on policy tracing with the following config file entry inside microsoft.web.services2 tag: <diagnostics> <policyTrace enabled="true" input="receivePolicy.webinfo" output="sendPolicy.webinfo"/> </diagnostics> Then run the client and look for sendPolicy.webinfo file (note that you may need to adjust permissions if the client is a web application). The trace file contains a trace of the policy matching process and this should give you a hint as to why it fails. Regards, Sami Hello SQLAgentman, Check if the endpoint you're trying to hit matches the one in policy, even the case! HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com > Hello, > [quoted text clipped - 24 lines] > > Sql Sami, I attempted to use the trace, but I am not getting anthing. You are right, this is a web application. How do I deal with permissions ( no trace files found anywhere, so they are not created at all ???) Dilip, I double checked that my endpoint matches exactly, including the case Thank you all for any help, I am still having the same problem. Sql > Hello SQLAgentman, > Check if the endpoint you're trying to hit matches the one in policy, [quoted text clipped - 25 lines] > > client side, and I do. > > Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text > > , > > txtPassword.Text, PasswordOption.SendPlainText) [quoted text clipped - 5 lines] > > > > Sql Hello SQLAgentman, Give ASPNET/SYSTEM (depending on the OS) user write permissions to the virtual directory using IIS mmc, that should solve yr logging problem. HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com > Sami, > [quoted text clipped - 51 lines] >>> Thank you, >>> Sql Hello SQLAgentman, Could you post the policy xml fragment. My guess is that on the server side you have a policy to sign/encrypt using username token. If you do you would need to add the username token to the policy enforcement cache, in the global.asax ApplicationStart event handler, similar to what you did on the client side, ... Quote " >>> Dim oToken As New > Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text [quoted text clipped - 4 lines] >>> PolicyEnforcementSecurityTokenCache.GlobalCache.Add(oToken) >>> I have No idea what to do next. " except add a config based/ hardcoded username and password for hte username token. HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com > Sami, > [quoted text clipped - 51 lines] >>> Thank you, >>> Sql First: Thank you. Here is my policyCache.config on the client side: Then the Server Side, please see below. I am using Win XP with SP2, running both the client and the server on Localhost I had no idea that I have to add the token to both the client and the server side to the cach.!!??. I have hardcoded the username and password but no luck. I ran the sample HOL and it works just fine. <?xml version="1.0" encoding="utf-8"?> <policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy"> <mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy"> <!--The following policy describes the policy requirements for all services who do not have a mapping in this file.--> <defaultEndpoint> <defaultOperation> <request policy="#Sign-Username-Encrypt-X.509" /> <response policy="#Sign-X.509-Encrypt-Username" /> <fault policy="" /> </defaultOperation> </defaultEndpoint> </mappings> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"> <wsp:Policy wsu:Id="Sign-Username-Encrypt-X.509"> <!--MessagePredicate is used to require headers. This assertion should be used along with the Integrity assertion when the presence of the signed element is required. NOTE: this assertion does not do anything for enforcement (send-side) policy.--> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()</wsp:MessagePredicate> <!--The Integrity assertion is used to ensure that the message is signed with Username. Many Web services will also use the token for authorization, such as by using the <wse:Role> claim or specific Username claims.--> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <!--The SecurityToken element within the TokenInfo element describes which token type must be used for Signing.--> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType> <wssp:Claims> <wse:Parent> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1 .0#UsernameToken</wssp:TokenType> </wssp:SecurityToken> </wse:Parent> </wssp:Claims> </wssp:SecurityToken> </wssp:TokenInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts> </wssp:Integrity> <!--The Confidentiality assertion is used to ensure that the SOAP Body is encrypted.--> <wssp:Confidentiality wsp:Usage="wsp:Required"> <wssp:KeyInfo> <!--The SecurityToken element within the KeyInfo element describes which token type must be used for Encryption.--> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>CN=Root Agency</wssp:TokenIssuer> <wssp:Claims> <!--By specifying the SubjectName claim, the policy system can look for a certificate with this subject name in the certificate store indicated in the application's configuration, such as LocalMachine or CurrentUser. The WSE X.509 Certificate Tool is useful for finding the correct values for this field.--> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wssp:KeyInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts> </wssp:Confidentiality> </wsp:Policy> <wsp:Policy wsu:Id="Sign-X.509-Encrypt-Username"> <!--MessagePredicate is used to require headers. This assertion should be used along with the Integrity assertion when the presence of the signed element is required. NOTE: this assertion does not do anything for enforcement (send-side) policy.--> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()</wsp:MessagePredicate> <!--The Integrity assertion is used to ensure that the message is signed with X.509. Many Web services will also use the token for authorization, such as by using the <wse:Role> claim or specific X.509 claims.--> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <!--The SecurityToken element within the TokenInfo element describes which token type must be used for Signing.--> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>CN=Root Agency</wssp:TokenIssuer> <wssp:Claims> <!--By specifying the SubjectName claim, the policy system can look for a certificate with this subject name in the certificate store indicated in the application's configuration, such as LocalMachine or CurrentUser. The WSE X.509 Certificate Tool is useful for finding the correct values for this field.--> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wssp:TokenInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts> </wssp:Integrity> <!--The Confidentiality assertion is used to ensure that the SOAP Body is encrypted.--> <wssp:Confidentiality wsp:Usage="wsp:Required"> <wssp:KeyInfo> <!--The SecurityToken element within the KeyInfo element describes which token type must be used for Encryption.--> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType> <wssp:Claims> <wse:Parent> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1 .0#UsernameToken</wssp:TokenType> </wssp:SecurityToken> </wse:Parent> </wssp:Claims> </wssp:SecurityToken> </wssp:KeyInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts> </wssp:Confidentiality> </wsp:Policy> </policies> </policyDocument> -----------------------------------Server Side policyCache.config-------------- <?xml version="1.0" encoding="utf-8"?> <policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy"> <mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy"> <!--The following policy describes the policy requirements for the service: http://localhost/MyWebServices/MySecurity.asmx .--> <endpoint uri="http://localhost/MyWebServices/MySecurity.asmx"> <defaultOperation> <request policy="#Sign-Username-Encrypt-X.509" /> <response policy="#Sign-X.509-Encrypt-Username" /> <fault policy="" /> </defaultOperation> </endpoint> <endpoint uri="http://localhost/MyWebServices/MyWSXYZ.asmx"> <defaultOperation> <request policy="#Sign-Username-Encrypt-X.509-1" /> <response policy="#Sign-X.509-Encrypt-Username-1" /> <fault policy="" /> </defaultOperation> </endpoint> </mappings> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"> <wsp:Policy wsu:Id="Sign-Username-Encrypt-X.509"> <!--MessagePredicate is used to require headers. This assertion should be used along with the Integrity assertion when the presence of the signed element is required. NOTE: this assertion does not do anything for enforcement (send-side) policy.--> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()</wsp:MessagePredicate> <!--The Integrity assertion is used to ensure that the message is signed with Username. Many Web services will also use the token for authorization, such as by using the <wse:Role> claim or specific Username claims.--> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <!--The SecurityToken element within the TokenInfo element describes which token type must be used for Signing.--> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType> <wssp:Claims> <wse:Parent> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1 .0#UsernameToken</wssp:TokenType> <wssp:Claims> <!--By specifying the Role, the policy system can verify that the token contains a specific role, such as "Admin". Roles can be groups a user is a member of, or they can be customized for each token.--> <wse:Role value="CONTRACT6\User" /> </wssp:Claims> </wssp:SecurityToken> </wse:Parent> </wssp:Claims> </wssp:SecurityToken> </wssp:TokenInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts> </wssp:Integrity> <!--The Confidentiality assertion is used to ensure that the SOAP Body is encrypted.--> <wssp:Confidentiality wsp:Usage="wsp:Required"> <wssp:KeyInfo> <!--The SecurityToken element within the KeyInfo element describes which token type must be used for Encryption.--> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>CN=Root Agency</wssp:TokenIssuer> <wssp:Claims> <!--By specifying the SubjectName claim, the policy system can look for a certificate with this subject name in the certificate store indicated in the application's configuration, such as LocalMachine or CurrentUser. The WSE X.509 Certificate Tool is useful for finding the correct values for this field.--> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wssp:KeyInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts> </wssp:Confidentiality> </wsp:Policy> <wsp:Policy wsu:Id="Sign-X.509-Encrypt-Username"> <!--MessagePredicate is used to require headers. This assertion should be used along with the Integrity assertion when the presence of the signed element is required. NOTE: this assertion does not do anything for enforcement (send-side) policy.--> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()</wsp:MessagePredicate> <!--The Integrity assertion is used to ensure that the message is signed with X.509. Many Web services will also use the token for authorization, such as by using the <wse:Role> claim or specific X.509 claims.--> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <!--The SecurityToken element within the TokenInfo element describes which token type must be used for Signing.--> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>CN=Root Agency</wssp:TokenIssuer> <wssp:Claims> <!--By specifying the SubjectName claim, the policy system can look for a certificate with this subject name in the certificate store indicated in the application's configuration, such as LocalMachine or CurrentUser. The WSE X.509 Certificate Tool is useful for finding the correct values for this field.--> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wssp:TokenInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts> </wssp:Integrity> <!--The Confidentiality assertion is used to ensure that the SOAP Body is encrypted.--> <wssp:Confidentiality wsp:Usage="wsp:Required"> <wssp:KeyInfo> <!--The SecurityToken element within the KeyInfo element describes which token type must be used for Encryption.--> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType> <wssp:Claims> <wse:Parent> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1 .0#UsernameToken</wssp:TokenType> </wssp:SecurityToken> </wse:Parent> </wssp:Claims> </wssp:SecurityToken> </wssp:KeyInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts> </wssp:Confidentiality> </wsp:Policy> <wsp:Policy wsu:Id="Sign-Username-Encrypt-X.509-1"> <!--MessagePredicate is used to require headers. This assertion should be used along with the Integrity assertion when the presence of the signed element is required. NOTE: this assertion does not do anything for enforcement (send-side) policy.--> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()</wsp:MessagePredicate> <!--The Integrity assertion is used to ensure that the message is signed with Username. Many Web services will also use the token for authorization, such as by using the <wse:Role> claim or specific Username claims.--> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <!--The SecurityToken element within the TokenInfo element describes which token type must be used for Signing.--> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType> <wssp:Claims> <wse:Parent> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1 .0#UsernameToken</wssp:TokenType> <wssp:Claims> <!--By specifying the Role, the policy system can verify that the token contains a specific role, such as "Admin". Roles can be groups a user is a member of, or they can be customized for each token.--> <wse:Role value="CONTRACT6\User" /> </wssp:Claims> </wssp:SecurityToken> </wse:Parent> </wssp:Claims> </wssp:SecurityToken> </wssp:TokenInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts> </wssp:Integrity> <!--The Confidentiality assertion is used to ensure that the SOAP Body is encrypted.--> <wssp:Confidentiality wsp:Usage="wsp:Required"> <wssp:KeyInfo> <!--The SecurityToken element within the KeyInfo element describes which token type must be used for Encryption.--> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>CN=Root Agency</wssp:TokenIssuer> <wssp:Claims> <!--By specifying the SubjectName claim, the policy system can look for a certificate with this subject name in the certificate store indicated in the application's configuration, such as LocalMachine or CurrentUser. The WSE X.509 Certificate Tool is useful for finding the correct values for this field.--> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wssp:KeyInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts> </wssp:Confidentiality> </wsp:Policy> <wsp:Policy wsu:Id="Sign-X.509-Encrypt-Username-1"> <!--MessagePredicate is used to require headers. This assertion should be used along with the Integrity assertion when the presence of the signed element is required. NOTE: this assertion does not do anything for enforcement (send-side) policy.--> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()</wsp:MessagePredicate> <!--The Integrity assertion is used to ensure that the message is signed with X.509. Many Web services will also use the token for authorization, such as by using the <wse:Role> claim or specific X.509 claims.--> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <!--The SecurityToken element within the TokenInfo element describes which token type must be used for Signing.--> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>CN=Root Agency</wssp:TokenIssuer> <wssp:Claims> <!--By specifying the SubjectName claim, the policy system can look for a certificate with this subject name in the certificate store indicated in the application's configuration, such as LocalMachine or CurrentUser. The WSE X.509 Certificate Tool is useful for finding the correct values for this field.--> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wssp:TokenInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts> </wssp:Integrity> <!--The Confidentiality assertion is used to ensure that the SOAP Body is encrypted.--> <wssp:Confidentiality wsp:Usage="wsp:Required"> <wssp:KeyInfo> <!--The SecurityToken element within the KeyInfo element describes which token type must be used for Encryption.--> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</wssp:TokenType> <wssp:Claims> <wse:Parent> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1 .0#UsernameToken</wssp:TokenType> </wssp:SecurityToken> </wse:Parent> </wssp:Claims> </wssp:SecurityToken> </wssp:KeyInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wssp:MessageParts> </wssp:Confidentiality> </wsp:Policy> </policies> </policyDocument> > Hello SQLAgentman, > Could you post the policy xml fragment. My guess is that on the server [quoted text clipped - 4 lines] > " > >>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text > >>> , > >>> txtPassword.Text, PasswordOption.SendPlainText) [quoted text clipped - 58 lines] > >>> client side, and I do. > >>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text > >>> , > >>> txtPassword.Text, PasswordOption.SendPlainText) [quoted text clipped - 4 lines] > >>> Thank you, > >>> Sql Hello SQLAgentman, Could be one of 2 reasons. The error is coming from the response policy (enforcement error). Either the policy could not be enforced because it couldnt find the username token (the client din't send one!) Or most likely the case. The key identifier doesnt match with the certificate. <wssp:Integrity .... ... <wssp:Claims> <!--By specifying the SubjectName claim, the policy system can look for a certificate with this subject name in the certificate store indicated in the application's configuration, such as LocalMachine or CurrentUser. The WSE X.509 Certificate Tool is useful for finding the correct values for this field.--> <wssp:SubjectName MatchType="wssp:Exact">C=US,.....</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">Check this!!</wssp:X509Extension> </wssp:Claims> .. Open up the x509 certificate tool and copy the key identifier value from the cert (in localcomputer) That should solve the problem HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com > First: Thank you. > [quoted text clipped - 919 lines] >>>>> Thank you, >>>>> Sql Dilip, I went to the WSE X.509 Certificate Tool, <Location = Local Computer> <Store Name = Personal> Checked the "Windows Key Identifier (Base64 Encoded) and it is exactly the same. here is a copy and past: bBwPfItvKp3b6TNDq+14qs58VJQ= from the tool I am still getting the same thing. I created , said before, as test Web App and a Web Service with "Hello World Method" but still getting the same error. WSE405 I have no Idea what to do next.?? Thank you for your help, I appreciate it. Sql > Hello SQLAgentman, > Could be one of 2 reasons. The error is coming from the response policy [quoted text clipped - 50 lines] > > </mappings> > > <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > ecurity-utility-1.0.xsd" > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > > xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > > xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > security-secext-1.0.xsd" > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"> [quoted text clipped - 16 lines] > > describes which token type must be used for Signing.--> > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > wssp:TokenType> > > <wssp:Claims> > > <wse:Parent> > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > [quoted text clipped - 35 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > [quoted text clipped - 18 lines] > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > n> > > [quoted text clipped - 5 lines] > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > p:MessageParts> > > [quoted text clipped - 25 lines] > > > > authorization, such as by using the <wse:Role> claim or specific X.509 > > claims.--> > > [quoted text clipped - 7 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > [quoted text clipped - 18 lines] > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > n> > > [quoted text clipped - 31 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > wssp:TokenType> > > <wssp:Claims> > > <wse:Parent> > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > [quoted text clipped - 9 lines] > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > p:MessageParts> > > [quoted text clipped - 31 lines] > > </mappings> > > <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > ecurity-utility-1.0.xsd" > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > > xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > > xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > security-secext-1.0.xsd" > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"> [quoted text clipped - 16 lines] > > describes which token type must be used for Signing.--> > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > wssp:TokenType> > > <wssp:Claims> > > <wse:Parent> > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > [quoted text clipped - 50 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > [quoted text clipped - 18 lines] > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > n> > > [quoted text clipped - 5 lines] > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > p:MessageParts> > > [quoted text clipped - 25 lines] > > > > authorization, such as by using the <wse:Role> claim or specific X.509 > > claims.--> > > [quoted text clipped - 7 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > [quoted text clipped - 18 lines] > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > n> > > [quoted text clipped - 31 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > wssp:TokenType> > > <wssp:Claims> > > <wse:Parent> > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > [quoted text clipped - 9 lines] > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > p:MessageParts> > > [quoted text clipped - 37 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > wssp:TokenType> > > <wssp:Claims> > > <wse:Parent> > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > [quoted text clipped - 50 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > [quoted text clipped - 18 lines] > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > n> > > [quoted text clipped - 5 lines] > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > p:MessageParts> > > [quoted text clipped - 25 lines] > > > > authorization, such as by using the <wse:Role> claim or specific X.509 > > claims.--> > > [quoted text clipped - 7 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > [quoted text clipped - 18 lines] > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > n> > > [quoted text clipped - 31 lines] > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > wssp:TokenType> > > <wssp:Claims> > > <wse:Parent> > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > [quoted text clipped - 9 lines] > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > p:MessageParts> > > [quoted text clipped - 25 lines] > >> " > >>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text > >>>>> , > >>>>> txtPassword.Text, PasswordOption.SendPlainText) [quoted text clipped - 74 lines] > >>>>> client side, and I do. > >>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text > >>>>> , > >>>>> txtPassword.Text, PasswordOption.SendPlainText) [quoted text clipped - 4 lines] > >>>>> Thank you, > >>>>> Sql Forgot to say: I added, on the Web Service side in the Application on Start event handler in Globla.asax, the following: Dim oToken as new UsernameToken("joe","1a2b3cKUJH",PasswordOption.SendPlainText) PolicyEnforcementSecurityTokenCache.GlobalCache.Clear() ' with/without PolicyEnforcementSecurityTokenCache.GlobalCache.Add(oToken) Did not help. Thank you, Sql. > Dilip, > [quoted text clipped - 80 lines] > > > </mappings> > > > <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > > ecurity-utility-1.0.xsd" > > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > > > xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > > > xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > > security-secext-1.0.xsd" > > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"> [quoted text clipped - 17 lines] > > > describes which token type must be used for Signing.--> > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 35 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 5 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 39 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 31 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 9 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 14 lines] > > > xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy"> > > > <!--The following policy describes the policy requirements for the > > > service: http://localhost/MyWebServices/MySecurity.asmx .--> > > > <endpoint uri="http://localhost/MyWebServices/MySecurity.asmx"> [quoted text clipped - 13 lines] > > > </mappings> > > > <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > > ecurity-utility-1.0.xsd" > > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > > > xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > > > xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > > security-secext-1.0.xsd" > > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"> [quoted text clipped - 17 lines] > > > describes which token type must be used for Signing.--> > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 51 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 5 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 39 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 31 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 9 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 38 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 51 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 5 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 39 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 31 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 9 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 28 lines] > > >> " > > >>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text > > >>>>> , > > >>>>> txtPassword.Text, PasswordOption.SendPlainText) [quoted text clipped - 75 lines] > > >>>>> client side, and I do. > > >>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text > > >>>>> , > > >>>>> txtPassword.Text, PasswordOption.SendPlainText) [quoted text clipped - 4 lines] > > >>>>> Thank you, > > >>>>> Sql Forgot to say: I added, on the Web Service side in the Application on Start event handler in Globla.asax, the following: Dim oToken as new UsernameToken("joe","1a2b3cKUJH",PasswordOption.SendPlainText) PolicyEnforcementSecurityTokenCache.GlobalCache.Clear() ' with/without PolicyEnforcementSecurityTokenCache.GlobalCache.Add(oToken) Did not help. Thank you, Sql. Forgot to say: I added, on the Web Service side in the Application on Start event handler in Globla.asax, the following: Dim oToken as new UsernameToken("joe","1a2b3cKUJH",PasswordOption.SendPlainText) PolicyEnforcementSecurityTokenCache.GlobalCache.Clear() ' with/without PolicyEnforcementSecurityTokenCache.GlobalCache.Add(oToken) Did not help. Thank you, Sql. > Dilip, > [quoted text clipped - 80 lines] > > > </mappings> > > > <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > > ecurity-utility-1.0.xsd" > > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > > > xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > > > xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > > security-secext-1.0.xsd" > > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"> [quoted text clipped - 17 lines] > > > describes which token type must be used for Signing.--> > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 35 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 5 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 39 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 31 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 9 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 14 lines] > > > xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy"> > > > <!--The following policy describes the policy requirements for the > > > service: http://localhost/MyWebServices/MySecurity.asmx .--> > > > <endpoint uri="http://localhost/MyWebServices/MySecurity.asmx"> [quoted text clipped - 13 lines] > > > </mappings> > > > <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wss > > > ecurity-utility-1.0.xsd" > > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > > > xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > > > xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > > > security-secext-1.0.xsd" > > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"> [quoted text clipped - 17 lines] > > > describes which token type must be used for Signing.--> > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 51 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 5 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 39 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 31 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 9 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 38 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 51 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 5 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 39 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-x509-token-profile-1.0#X509v3</wssp:TokenType> > > > [quoted text clipped - 20 lines] > > > > > > <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensio > > > n> > > > [quoted text clipped - 31 lines] > > > > > > <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk</ > > > wssp:TokenType> > > > <wssp:Claims> > > > <wse:Parent> > > > <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-ws > > > s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > > > [quoted text clipped - 9 lines] > > > > > > <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wss > > > p:MessageParts> > > > [quoted text clipped - 28 lines] > > >> " > > >>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text > > >>>>> , > > >>>>> txtPassword.Text, PasswordOption.SendPlainText) [quoted text clipped - 75 lines] > > >>>>> client side, and I do. > > >>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Text > > >>>>> , > > >>>>> txtPassword.Text, PasswordOption.SendPlainText) [quoted text clipped - 4 lines] > > >>>>> Thank you, > > >>>>> Sql Hello Dilip, Am out of ideas :) just a couple more things you could try 1. Check if the subject name is the same 2. Check in the web.config what your certificate store is <x509 allowTestRoot="true" storeLocation="LocalMachine" allowRevocationUrlRetrieval="false" /> Check if it is in the same location as you expect. 3. Check if ASPNET user has permissions to read and see the certificate HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com > Hello SQLAgentman, > Could be one of 2 reasons. The error is coming from the response [quoted text clipped - 979 lines] >>>>>> Thank you, >>>>>> Sql Dilip, 1. Subject Name is the same, Verified 2. Yes allowTestRoot="true" storeLocation="LocalMachine" allowRevocationUrlRetrieval="false" although I used the Wizard and it did not add the last one. I added everything manually also, 3. Yes ASPNET has permissions to see the Certificate. Still it does not work. Still getting WSE405 Error. I wonder if I can send you, or anyone the test projects that I have, they are very very small to be tested on another machine. I am going insane. Thank you for trying so hard, I really appreciate it I recreated the test projects from scratch before I might do it again, and see I checked on both sides the client side (Web) and the Server side ( Web Service) Thanks for all your help Sql > Hello Dilip, > Am out of ideas :) just a couple more things you could try [quoted text clipped - 73 lines] > >> </mappings> > >> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > >> s > >> ecurity-utility-1.0.xsd" > >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > >> xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > >> xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w > >> s > >> security-secext-1.0.xsd" [quoted text clipped - 18 lines] > >> describes which token type must be used for Signing.--> > >> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >> / > >> wssp:TokenType> > >> <wssp:Claims> > >> <wse:Parent> > >> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s > >> s-username-token-profile-1.0#UsernameToken</wssp:TokenType> [quoted text clipped - 35 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >> [quoted text clipped - 18 lines] > >> > >> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >> o n> > >> [quoted text clipped - 5 lines] > >> > >> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >> s p:MessageParts> > >> [quoted text clipped - 39 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >> [quoted text clipped - 18 lines] > >> > >> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >> o n> > >> [quoted text clipped - 31 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >> / > >> wssp:TokenType> > >> <wssp:Claims> > >> <wse:Parent> > >> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s > >> s-username-token-profile-1.0#UsernameToken</wssp:TokenType> [quoted text clipped - 9 lines] > >> > >> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >> s p:MessageParts> > >> [quoted text clipped - 31 lines] > >> </mappings> > >> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > >> s > >> ecurity-utility-1.0.xsd" > >> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > >> xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > >> xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w > >> s > >> security-secext-1.0.xsd" [quoted text clipped - 18 lines] > >> describes which token type must be used for Signing.--> > >> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >> / > >> wssp:TokenType> > >> <wssp:Claims> > >> <wse:Parent> > >> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s > >> s-username-token-profile-1.0#UsernameToken</wssp:TokenType> [quoted text clipped - 51 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >> [quoted text clipped - 18 lines] > >> > >> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >> o n> > >> [quoted text clipped - 5 lines] > >> > >> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >> s p:MessageParts> > >> [quoted text clipped - 39 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >> [quoted text clipped - 18 lines] > >> > >> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >> o n> > >> [quoted text clipped - 31 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >> / > >> wssp:TokenType> > >> <wssp:Claims> > >> <wse:Parent> > >> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s > >> s-username-token-profile-1.0#UsernameToken</wssp:TokenType> [quoted text clipped - 9 lines] > >> > >> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >> s p:MessageParts> > >> [quoted text clipped - 38 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >> / > >> wssp:TokenType> > >> <wssp:Claims> > >> <wse:Parent> > >> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s > >> s-username-token-profile-1.0#UsernameToken</wssp:TokenType> [quoted text clipped - 51 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >> [quoted text clipped - 18 lines] > >> > >> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >> o n> > >> [quoted text clipped - 5 lines] > >> > >> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >> s p:MessageParts> > >> [quoted text clipped - 39 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >> [quoted text clipped - 18 lines] > >> > >> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >> o n> > >> [quoted text clipped - 31 lines] > >> > >> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >> / > >> wssp:TokenType> > >> <wssp:Claims> > >> <wse:Parent> > >> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >> s > >> s-username-token-profile-1.0#UsernameToken</wssp:TokenType> [quoted text clipped - 9 lines] > >> > >> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >> s p:MessageParts> > >> [quoted text clipped - 26 lines] > >>> " > >>>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Tex > >> t > >> [quoted text clipped - 76 lines] > >>>>>> client side, and I do. > >>>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Tex > >> t > >> [quoted text clipped - 6 lines] > >>>>>> Thank you, > >>>>>> Sql Hello SQLAgentman, Also try the dianostics option for tracing the request and the policy HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com > Dilip, > [quoted text clipped - 1148 lines] >>>>>>>> Thank you, >>>>>>>> Sql Dilip, For some reason the diagnostics trace is not creating the files. So it is not working for me. May be this is the main problem. What can I do to get some diagnoistics. I make sure that ASPNET can read and Write. Is there any other trick that you know? Sql > Hello SQLAgentman, > Also try the dianostics option for tracing the request and the policy [quoted text clipped - 122 lines] > >>>> </mappings> > >>>> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > >>>> s > >>>> ecurity-utility-1.0.xsd" > >>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > >>>> xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > >>>> xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w > >>>> s > >>>> security-secext-1.0.xsd" [quoted text clipped - 8 lines] > >>>> anything for enforcement (send-side) policy.--> > >>>> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:To) wsp:Header(wsa:Action) > > wsp:Header(wsa:MessageID) [quoted text clipped - 11 lines] > >>>> describes which token type must be used for Signing.--> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >>>> / > >>>> wssp:TokenType> > >>>> <wssp:Claims> > >>>> <wse:Parent> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > >>>> </wssp:SecurityToken> [quoted text clipped - 8 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) > >>>> [quoted text clipped - 21 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >>>> [quoted text clipped - 19 lines] > >>>> > >>>> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> > >>>> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >>>> o n> > >>>> [quoted text clipped - 5 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >>>> s p:MessageParts> > >>>> [quoted text clipped - 17 lines] > >>>> > >>>> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:To) wsp:Header(wsa:Action) > >>>> [quoted text clipped - 20 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >>>> [quoted text clipped - 19 lines] > >>>> > >>>> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> > >>>> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >>>> o n> > >>>> [quoted text clipped - 5 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) > >>>> [quoted text clipped - 21 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >>>> / > >>>> wssp:TokenType> > >>>> <wssp:Claims> > >>>> <wse:Parent> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > >>>> </wssp:SecurityToken> [quoted text clipped - 8 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >>>> s p:MessageParts> > >>>> [quoted text clipped - 14 lines] > >>>> xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy"> > >>>> <!--The following policy describes the policy requirements for the > >>>> service: http://localhost/MyWebServices/MySecurity.asmx .--> > >>>> <endpoint uri="http://localhost/MyWebServices/MySecurity.asmx"> [quoted text clipped - 13 lines] > >>>> </mappings> > >>>> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-ws > >>>> s > >>>> ecurity-utility-1.0.xsd" > >>>> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" > >>>> xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" > >>>> xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-w > >>>> s > >>>> security-secext-1.0.xsd" [quoted text clipped - 8 lines] > >>>> anything for enforcement (send-side) policy.--> > >>>> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:To) wsp:Header(wsa:Action) > > wsp:Header(wsa:MessageID) [quoted text clipped - 11 lines] > >>>> describes which token type must be used for Signing.--> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >>>> / > >>>> wssp:TokenType> > >>>> <wssp:Claims> > >>>> <wse:Parent> > >>>> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > >>>> <wssp:Claims> [quoted text clipped - 24 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) > >>>> [quoted text clipped - 21 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >>>> [quoted text clipped - 19 lines] > >>>> > >>>> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> > >>>> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >>>> o n> > >>>> [quoted text clipped - 5 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >>>> s p:MessageParts> > >>>> [quoted text clipped - 17 lines] > >>>> > >>>> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:To) wsp:Header(wsa:Action) > >>>> [quoted text clipped - 20 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >>>> [quoted text clipped - 19 lines] > >>>> > >>>> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> > >>>> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >>>> o n> > >>>> [quoted text clipped - 5 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) > >>>> [quoted text clipped - 21 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >>>> / > >>>> wssp:TokenType> > >>>> <wssp:Claims> > >>>> <wse:Parent> > >>>> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > >>>> </wssp:SecurityToken> [quoted text clipped - 8 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >>>> s p:MessageParts> > >>>> [quoted text clipped - 17 lines] > >>>> > >>>> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:To) wsp:Header(wsa:Action) > >>>> [quoted text clipped - 21 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >>>> / > >>>> wssp:TokenType> > >>>> <wssp:Claims> > >>>> <wse:Parent> > >>>> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > >>>> <wssp:Claims> [quoted text clipped - 24 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) > >>>> [quoted text clipped - 21 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >>>> [quoted text clipped - 19 lines] > >>>> > >>>> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> > >>>> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >>>> o n> > >>>> [quoted text clipped - 5 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >>>> s p:MessageParts> > >>>> [quoted text clipped - 17 lines] > >>>> > >>>> <wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:To) wsp:Header(wsa:Action) > >>>> [quoted text clipped - 20 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-x509-token-profile-1.0#X509v3</wssp:TokenType> > >>>> [quoted text clipped - 19 lines] > >>>> > >>>> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> > >>>> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extensi > >>>> o n> > >>>> [quoted text clipped - 5 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() > >>>> wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) > >>>> [quoted text clipped - 21 lines] > >>>> > >>>> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk< > >>>> / > >>>> wssp:TokenType> > >>>> <wssp:Claims> > >>>> <wse:Parent> > >>>> <wssp:SecurityToken wse:IdentityToken="true"> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-w > >>>> s s-username-token-profile-1.0#UsernameToken</wssp:TokenType> > >>>> </wssp:SecurityToken> [quoted text clipped - 8 lines] > >>>> > >>>> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</ws > >>>> s p:MessageParts> > >>>> [quoted text clipped - 30 lines] > >>>>> " > >>>>>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Tex > >>>> t > >>>> [quoted text clipped - 81 lines] > >>>>>>>> client side, and I do. > >>>>>>>> Dim oToken As New Microsoft.Web.Services2.Security.Tokens.UsernameToken(txtUserName.Tex > >>>> t > >>>> [quoted text clipped - 6 lines] > >>>>>>>> Thank you, > >>>>>>>> Sql Dilip, After allowing the "everyone" group to write I got some trace info. ( I don't Understand what it means, did not like the token???) SendPolicy.webinfo Contains: ************************************ <log xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasi |
Enable EMail Alerts
Start New Thread
Reply to this Message