 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / June 2005Webservice Security Header error
The Web Service has been implemented using WS-Security so it expects a Username/Password token (with PasswordOption.SendHashed option). I've built this using MS WSE 2.0 SP3 in VS.NET. I've also created a Windows Form application which acts as a client to the webservice. The WS resides (network domain is, say, testinginternal.com) on e.g. http://mytest.testinginternal.com/testservice/summary.asmx, this is the URL used to create a web reference for the client. Before deploying the webservice it resided on my local machine (network domain for local machine is different, say, developerinternal.com), I tested it here using the local URL (http://localhost/testservice/summary.asmx) as the web reference. Everything works fine when using locally. Now when I call one of the web service functions (on the WS server), supplying my username and password, from my client (on my machine), the call fails with the error "An error was discovered processing the <Security> header". If I move my client, to the server holding the web service, and call the WS function again supplying my username and password, it works. Any suggestions/solutions would be helpful. Thanks You are probably having a problem with the times on the two boxes Its probably differing more than 5 minutes. So WSE things its a replay attack. > The Web Service has been implemented using > WS-Security so it expects a Username/Password [quoted text clipped - 25 lines] > > Thanks  SignatureHTH Regards, Dilip Krishnan MCAD, MCSD.net dilip.krishnan AT apdiya DOT com Thanks for the quick response Dilip. What happens if we install this windows-based test application to a client company and they try to call the web service through the internet. Will they see the same issue if their desktops' time is off by more than 5 minutes? Do they have to sync up their time with the time of our server? Thanks. > You are probably having a problem with the times on the two boxes Its > probably differing more than 5 minutes. So WSE things its a replay attack. [quoted text clipped - 28 lines] > > > > Thanks Syncing the times on both machines fixed the issue. Like I asked in my other question, What happens if we install this windows-based test application to a machine in client company and they try to call the web service through the internet. Will they see the same issue if their desktops' time is off by more than 5 minutes than our server time? Do they have to sync up their time with the time of our server? Thank you very much. > The Web Service has been implemented using > WS-Security so it expects a Username/Password [quoted text clipped - 25 lines] > > Thanks Unfortunately yes! However, it has to only be the same UTC. So for example different time zones would have the same universal time. You'll have a problem only if the timezones varied by more than 5 mins > Syncing the times on both machines fixed the issue. Like I asked in my other > question, What happens if we install this windows-based test application to a [quoted text clipped - 35 lines] >> >>Thanks SignatureHTH Regards, Dilip Krishnan MCAD, MCSD.net dilip.krishnan AT apdiya DOT com Hi whould this not make using username/password ... useless? If I where to develop a webservice and deploy clients "around the world" I could never count on the clients to be using a NTP server and therefor being within 5 min. correct? Is it safe to use WSE anyways - if I compile my clientprogram and start sending it to people will it work without them needing to install WSE - will it be "all in a box"? regards Jan > Unfortunately yes! However, it has to only be the same UTC. So for example > different time zones would have the same universal time. You'll have a > problem only if the timezones varied by more than 5 mins You can also specify a tolerance that you willing to accept on the Webservice in the web.config <security> <timeToleranceInSeconds>1800</timeToleranceInSeconds> </security> > Unfortunately yes! However, it has to only be the same UTC. So for > example different time zones would have the same universal time. You'll [quoted text clipped - 39 lines] > >> > >>Thanks Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.