 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / April 2005Duplicate kerberos2 tokens in subsequent web service requests
Hi, I have a web page that needs to make three web service requests. Initially I thought I might be able to create an instance of the proxy, sign it with a kerberos2 token and then make the three requests. It doesn't like that presumably because I'm using the same kerberos token for multiple requests (correct me if I'm wrong). Then I thought I would use the same proxy instance and just clear the security tokens between calls and create a new kerberos token and add it. It seems that when I do this I still get duplicate tokens. By this I mean that when I look at the output trace, the second request's BinarySecurityToken element has the same ID as the first. I even get this problem if I set the variable used to hold the reference to the proxy class to null and then create a new proxy object between service calls??? However, if I create three completely seperate instances of the web service proxy and sign each one seperately with its own kerberos token, all is well and the IDs of the BinarySecurityToken elements in the subsequent requests are different. Can anyone explain what is going on here? I don't really want to have to create a new instance of the proxy class for each call if I can avoid it because it has some headers which need setting up and seems like a waste of code. Why is it that I cannot use the same object and just replace the kerberos token for each request? Thanks in advance... Julian. Hi Julian, 1. You cannot reuse the same Kerberos2 token for more than 1 request. This is because the SSPI layer in Windows has replay detection logic to prevent you from doing that. You have to create a new instance of a kerberos token every single time you want to send a request. Note, this is not the same with other token types like UsernameToken and X509, where you can just create one instance and keep resuing that same token. 2. You do *NOT* have to create a proxy every single time. You can use the same proxy. However, when you do, please clear the proxy.RequestSoapContext.Security.Tokens collection and proxy.RequestSoapContext.Security.Elements collection. If you don't then the old token remains in these collections. 3. Why do you need separate ID's for the binary security token. The fact that you are getting the same token id is really wierd, but on the other hand if they were the same token, since you are dealing with Kerberos2 you would have received an error. Since you're not receiving an error, that means that it is a different token. Please let me know if this still does not answer your questions. Sidd [MSFT] > Hi, > [quoted text clipped - 29 lines] > > Julian. Hello Julian, Since in the first case you are using the same instance of the proxy you only need to sign it ONCE. and call the 3 methods just as it is. You are having duplicate tokens because you are signing the message multiple times (possibly 3 times). This is because the soap context has multiple MessageSignature elements in it HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com > Hi, > [quoted text clipped - 29 lines] > > Julian. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.