Windows Authentication and web services with WSE 2.0

R

Ryan Taylor

Hello.

I haven't received a response in the general microsoft.public.webservices
forum so I thought I would try this here. Does anyone have a solution to the
following issue?

I am trying to develop a secure web service with VB.NET and WSE 2.0. I am
running the ASP.NET client and the ASP.NET web services on the same machine.
The box is a Windows XP machine with SP 2 installed. The .NET Framework is
version 1.1. I have modified the username attribute in the processModel tag
of the machine.config file to be "system" and restarted IIS. My web.config
file has <authentication mode="Windows" /> and <identity impersonate="true"
/>

At this moment in time I am trying to retrieve the logged in user (windows
authentication) in my web service calls and I would like to encrypt the soap
message.

Currently the application works when I access the site like so,

http://localhost/mapviewer/home.aspx from IE only.

If I access the site via localhost with firefox or
http://mywebsite/mapviewer/home.aspx from IE or firefox I receive the
following error on the line:

Dim sectok = New KerberosToken(targetprincipalname) ' this is the line that
fails

"Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.

Exception Details: System.Security.SecurityException: The Kerberos
credential handle could not be acquired. The AcquireCredentialsHandle call
returned the following error code: The parameter is incorrect."

Does anyone have any idea what might be the problem?

Here is my code:
' Client
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load

Dim kerbToken As KerberosToken = GetSecurityToken()

Dim proxy As New CTDEP.FIS.MapViewer.MapServices.DumbServiceWse
Dim rsc As SoapContext = proxy.RequestSoapContext
rsc.Security.Timestamp.TtlInSeconds = 60
rsc.Security.Tokens.Add(kerbToken)
rsc.Security.Elements.Add(New EncryptedData(kerbToken))

txtUser.Text = proxy.Hello()

End Sub

Private Function GetSecurityToken() As KerberosToken

Dim remotehost As String = "http://prometheus.stgeorgeconsulting.com"
Dim remoteDomain As String = "SGCI_HOME"
Dim remotehostname As String = System.Net.Dns.GetHostName()

If Not remotehost Is Nothing And remotehost.Length > 0 Then
remotehostname = (New Uri(remotehost)).Host
End If

Dim targetprincipalname As String = ""
If remoteDomain Is Nothing Or remoteDomain.Length = 0 Then
targetprincipalname = "host/" & remotehostname
Else
targetprincipalname = "host/" & remotehostname & "@" & remoteDomain
End If

Dim sectok = New KerberosToken(targetprincipalname)
GetSecurityToken = sectok

End Function

' Web Service
<WebMethod()> _
Public Function Hello() As String

Dim sctxt As SoapContext = RequestSoapContext.Current
If sctxt Is Nothing Then
Hello = "This did not work"
End If

Dim tok As SecurityToken
For Each tok In sctxt.Security.Tokens
If TypeOf tok Is KerberosToken Then
Dim user As KerberosToken = tok
Hello = tok.Principal.Identity.Name
End If
Next

End Function
 
P

Prakash M

Hi,

Try to create a default network credential instead of supplying kerbose
credential object. Hope, this may solve the problem.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top