Error using WS-Security

  • Thread starter Thread starter Ashish
  • Start date Start date
A

Ashish

Hi Guys

I am getting the following error while implementing authentication using
WS-security.

"Microsoft.Web.Services2.Security.SecurityFault: The security token could
not be authenticated or authorized ---> System.Exception: WSE565: The
password provided the SecurityTokenManager does not match the one on the
incoming token. at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyPlainText
Password(UsernameToken token, String authenticatedPassword) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyPassword(
UsernameToken token, String authenticatedPassword) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(Sec
urityToken securityToken) at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurity
Token(XmlElement element) --- End of inner exception stack trace --- at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurity
Token(XmlElement element) at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml
(XmlElement element) at
Microsoft.Web.Services2.Security.Security.LoadToken(XmlElement element,
SecurityConfiguration configuration, Int32& tokenCount) at
Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element) at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnve
lope envelope) at
Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
verMessage message) "


The class i am using for authentication :
-------------------------------------------------------------------------
using System;
using Microsoft.Web.Services2.Security.Tokens;

namespace WSEAuthService
{

/// <summary>
/// Summary description for AuthUserToken.
/// </summary>

public class AuthUserToken : UsernameTokenManager
{
public AuthUserToken()
{

//// TODO: Add constructor logic here//

}


protected override string AuthenticateToken(UsernameToken token)
{
if(IsblnUserAuthenticated(token.Username,token.Password))
return "Authenticated !! Proceed ....";
else
return "Invalid login....";
}


private bool IsblnUserAuthenticated(string vstrUserId,string vstrPassword)
{
if(vstrUserId=="ashish" && vstrPassword=="gupta")
return true;
else
return false;
}
}

}

--------------------------------------------------------------------------

The web service

---------------------------------------------------------------------------

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security.Tokens;

namespace WSEAuthService
{

/// <summary>

/// Summary description for Service1.

/// </summary>

public class AuthService : System.Web.Services.WebService
{
public AuthUserToken AuthUserTokenObj;
public AuthService()
{
//CODEGEN: This call is required by the ASP.NET Web Services Designer
InitializeComponent();
}



[WebMethod]

public string GetMessage()
{
return "This is my message";
}

}

}


---------------------------------------------------------------------------

Web service client
-----------------------------

UsernameToken UsernameTokenObj=new
UsernameToken(txtUserId.Text,txtPassword.Text,PasswordOption.SendPlainText )
;

MyWSEServices.AuthServiceWse AuthServiceWseObj=new
MyWSEServices.AuthServiceWse();

AuthServiceWseObj.RequestSoapContext.Security.Tokens.Add(UsernameTokenObj);

lblStatus.Text=AuthServiceWseObj.GetMessage();
------------------------------



Plz help ...
Regards
Ashish
 
Isn't AuthenticateToken supposed to return the password? (Not some
random string.)

I can't reference a URL or document, but it seems to ring a bell off the
top of my head. It's also how my custom UsernameTokenManager is configured.

-Ben
 
Yes, AuthenticateToken must return the user's password. If the password
returned by this method doesn't match the password contained in the
token, the authentication fails.
 
protected override string AuthenticateToken(UsernameToken token)
{
if(IsblnUserAuthenticated(token.Username,token.Password))
return "Authenticated !! Proceed ....";
else
return "Invalid login....";
}
Click to expand...

So how to modify the above method so tht i can implement authentication
with WS-Security?
 
ashish said:
protected override string AuthenticateToken(UsernameToken token)



So how to modify the above method so tht i can implement authentication
with WS-Security?
Click to expand...

I guess something like this:

protected override string AuthenticateToken(UsernameToken token)
{
if (IsblnUserAuthenticated(token.Username, token.Password))
return token.Password;
else
return "Invalid";
}
 
Back
Top