By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,979 Members | 951 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,979 IT Pros & Developers. It's quick & easy.

Error using WS-Security

P: n/a
Hi Guys

I am getting the following error while implementing authentication using
WS-security.

"Microsoft.Web.Services2.Security.SecurityFaul t: The security token could
not be authenticated or authorized ---> System.Exception: WSE565: The
password provided the SecurityTokenManager does not match the one on the
incoming token. at
Microsoft.Web.Services2.Security.Tokens.UsernameTo kenManager.VerifyPlainText
Password(UsernameToken token, String authenticatedPassword) at
Microsoft.Web.Services2.Security.Tokens.UsernameTo kenManager.VerifyPassword(
UsernameToken token, String authenticatedPassword) at
Microsoft.Web.Services2.Security.Tokens.UsernameTo kenManager.VerifyToken(Sec
urityToken securityToken) at
Microsoft.Web.Services2.Security.Tokens.SecurityTo kenManager.LoadXmlSecurity
Token(XmlElement element) --- End of inner exception stack trace --- at
Microsoft.Web.Services2.Security.Tokens.SecurityTo kenManager.LoadXmlSecurity
Token(XmlElement element) at
Microsoft.Web.Services2.Security.Tokens.SecurityTo kenManager.GetTokenFromXml
(XmlElement element) at
Microsoft.Web.Services2.Security.Security.LoadToke n(XmlElement element,
SecurityConfiguration configuration, Int32& tokenCount) at
Microsoft.Web.Services2.Security.Security.LoadXml( XmlElement element) at
Microsoft.Web.Services2.Security.SecurityInputFilt er.ProcessMessage(SoapEnve
lope envelope) at
Microsoft.Web.Services2.Pipeline.ProcessInputMessa ge(SoapEnvelope envelope)
at
Microsoft.Web.Services2.WebServicesExtension.Befor eDeserializeServer(SoapSer
verMessage message) "
The class i am using for authentication :
-------------------------------------------------------------------------
using System;
using Microsoft.Web.Services2.Security.Tokens;

namespace WSEAuthService
{

/// <summary>
/// Summary description for AuthUserToken.
/// </summary>

public class AuthUserToken : UsernameTokenManager
{
public AuthUserToken()
{

//// TODO: Add constructor logic here//

}
protected override string AuthenticateToken(UsernameToken token)
{
if(IsblnUserAuthenticated(token.Username,token.Pas sword))
return "Authenticated !! Proceed ....";
else
return "Invalid login....";
}
private bool IsblnUserAuthenticated(string vstrUserId,string vstrPassword)
{
if(vstrUserId=="ashish" && vstrPassword=="gupta")
return true;
else
return false;
}
}

}

--------------------------------------------------------------------------

The web service

---------------------------------------------------------------------------

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security.Tokens;

namespace WSEAuthService
{

/// <summary>

/// Summary description for Service1.

/// </summary>

public class AuthService : System.Web.Services.WebService
{
public AuthUserToken AuthUserTokenObj;
public AuthService()
{
//CODEGEN: This call is required by the ASP.NET Web Services Designer
InitializeComponent();
}

[WebMethod]

public string GetMessage()
{
return "This is my message";
}

}

}
---------------------------------------------------------------------------

Web service client
-----------------------------

UsernameToken UsernameTokenObj=new
UsernameToken(txtUserId.Text,txtPassword.Text,Pass wordOption.SendPlainText )
;

MyWSEServices.AuthServiceWse AuthServiceWseObj=new
MyWSEServices.AuthServiceWse();

AuthServiceWseObj.RequestSoapContext.Security.Toke ns.Add(UsernameTokenObj);

lblStatus.Text=AuthServiceWseObj.GetMessage();
------------------------------

Plz help ...
Regards
Ashish

Nov 16 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Isn't AuthenticateToken supposed to return the password? (Not some
random string.)

I can't reference a URL or document, but it seems to ring a bell off the
top of my head. It's also how my custom UsernameTokenManager is configured.

-Ben

protected override string AuthenticateToken(UsernameToken token)
{
if(IsblnUserAuthenticated(token.Username,token.Pas sword))
return "Authenticated !! Proceed ....";
else
return "Invalid login....";
}

--
to reply, remove .s.p.a.m. from email
Nov 16 '05 #2

P: n/a
Yes, AuthenticateToken must return the user's password. If the password
returned by this method doesn't match the password contained in the
token, the authentication fails.

Nov 16 '05 #3

P: n/a


protected override string AuthenticateToken(UsernameToken token)
{
if(IsblnUserAuthenticated(token.Username,token.Pas sword))
return "Authenticated !! Proceed ....";
else
return "Invalid login....";
}


So how to modify the above method so tht i can implement authentication
with WS-Security?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Nov 16 '05 #4

P: n/a
ashish gupta wrote:

protected override string AuthenticateToken(UsernameToken token)
{
if(IsblnUserAuthenticated(token.Username,token.P assword))
return "Authenticated !! Proceed ....";
else
return "Invalid login....";
}

So how to modify the above method so tht i can implement authentication
with WS-Security?

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!


I guess something like this:

protected override string AuthenticateToken(UsernameToken token)
{
if (IsblnUserAuthenticated(token.Username, token.Password))
return token.Password;
else
return "Invalid";
}

--
to reply, remove .s.p.a.m. from email
Nov 16 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.