Error using WS-Security

Hi Guys

I am getting the following error while implementing authentication using
WS-security.

"Microsoft.Web.Services2.Security.SecurityFaul t: The security token could
not be authenticated or authorized ---> System.Exception: WSE565: The
password provided the SecurityTokenManager does not match the one on the
incoming token. at
Microsoft.Web.Services2.Security.Tokens.UsernameTo kenManager.VerifyPlainText
Password(UsernameToken token, String authenticatedPassword) at
Microsoft.Web.Services2.Security.Tokens.UsernameTo kenManager.VerifyPassword(
UsernameToken token, String authenticatedPassword) at
Microsoft.Web.Services2.Security.Tokens.UsernameTo kenManager.VerifyToken(Sec
urityToken securityToken) at
Microsoft.Web.Services2.Security.Tokens.SecurityTo kenManager.LoadXmlSecurity
Token(XmlElement element) --- End of inner exception stack trace --- at
Microsoft.Web.Services2.Security.Tokens.SecurityTo kenManager.LoadXmlSecurity
Token(XmlElement element) at
Microsoft.Web.Services2.Security.Tokens.SecurityTo kenManager.GetTokenFromXml
(XmlElement element) at
Microsoft.Web.Services2.Security.Security.LoadToke n(XmlElement element,
SecurityConfiguration configuration, Int32& tokenCount) at
Microsoft.Web.Services2.Security.Security.LoadXml( XmlElement element) at
Microsoft.Web.Services2.Security.SecurityInputFilt er.ProcessMessage(SoapEnve
lope envelope) at
Microsoft.Web.Services2.Pipeline.ProcessInputMessa ge(SoapEnvelope envelope)
at
Microsoft.Web.Services2.WebServicesExtension.Befor eDeserializeServer(SoapSer
verMessage message) "


The class i am using for authentication :
-------------------------------------------------------------------------
using System;
using Microsoft.Web.Services2.Security.Tokens;

namespace WSEAuthService
{

/// <summary>
/// Summary description for AuthUserToken.
/// </summary>

public class AuthUserToken : UsernameTokenManager
{
public AuthUserToken()
{

//// TODO: Add constructor logic here//

}


protected override string AuthenticateToken(UsernameToken token)
{
if(IsblnUserAuthenticated(token.Username,token.Pas sword))
return "Authenticated !! Proceed ....";
else
return "Invalid login....";
}


private bool IsblnUserAuthenticated(string vstrUserId,string vstrPassword)
{
if(vstrUserId=="ashish" && vstrPassword=="gupta")
return true;
else
return false;
}
}

}

--------------------------------------------------------------------------

The web service

---------------------------------------------------------------------------

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security.Tokens;

namespace WSEAuthService
{

/// <summary>

/// Summary description for Service1.

/// </summary>

public class AuthService : System.Web.Services.WebService
{
public AuthUserToken AuthUserTokenObj;
public AuthService()
{
//CODEGEN: This call is required by the ASP.NET Web Services Designer
InitializeComponent();
}



[WebMethod]

public string GetMessage()
{
return "This is my message";
}

}

}


---------------------------------------------------------------------------

Web service client
-----------------------------

UsernameToken UsernameTokenObj=new
UsernameToken(txtUserId.Text,txtPassword.Text,Pass wordOption.SendPlainText )
;

MyWSEServices.AuthServiceWse AuthServiceWseObj=new
MyWSEServices.AuthServiceWse();

AuthServiceWseObj.RequestSoapContext.Security.Toke ns.Add(UsernameTokenObj);

lblStatus.Text=AuthServiceWseObj.GetMessage();
------------------------------



Plz help ...
Regards
Ashish

re: Error using WS-Security

Isn't AuthenticateToken supposed to return the password? (Not some
random string.)

I can't reference a URL or document, but it seems to ring a bell off the
top of my head. It's also how my custom UsernameTokenManager is configured.

-Ben

[color=blue]
> protected override string AuthenticateToken(UsernameToken token)
> {
> if(IsblnUserAuthenticated(token.Username,token.Pas sword))
> return "Authenticated !! Proceed ....";
> else
> return "Invalid login....";
> }[/color]


--
to reply, remove .s.p.a.m. from email

re: Error using WS-Security

Yes, AuthenticateToken must return the user's password. If the password
returned by this method doesn't match the password contained in the
token, the authentication fails.

re: Error using WS-Security

protected override string AuthenticateToken(UsernameToken token)[color=blue]
> {
> if(IsblnUserAuthenticated(token.Username,token.Pas sword))
> return "Authenticated !! Proceed ....";
> else
> return "Invalid login....";
> }[/color]

So how to modify the above method so tht i can implement authentication
with WS-Security?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

re: Error using WS-Security

ashish gupta wrote:[color=blue]
>
> protected override string AuthenticateToken(UsernameToken token)
>[color=green]
>>{
>>if(IsblnUserAuthenticated(token.Username,token.P assword))
>>return "Authenticated !! Proceed ....";
>>else
>>return "Invalid login....";
>>}[/color]
>
>
> So how to modify the above method so tht i can implement authentication
> with WS-Security?
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it![/color]

I guess something like this:

protected override string AuthenticateToken(UsernameToken token)
{
if (IsblnUserAuthenticated(token.Username, token.Password))
return token.Password;
else
return "Invalid";
}

--
to reply, remove .s.p.a.m. from email