WSE 2.0 is not invoking AuthenticateToken on my userNameTokenManager

N

nsyforce

About a year ago, I wrote a custom userNameTokenManger. It worked
fine then. I recently dusted it off again and using the same test
code I used a year ago, I can no longer get the AuthenticateToken
function to be invoked when attached to a web service. I've tried
rewriting with the simplest of code just to test without any luck.
I'm totally stumped. I have my assembly in the gac, so the only
difference from many code examples is that I fully qualify the name of
my assembly with versioning info in the web.xml, when compared to
other examples. My IIS settings are set on the web service to allow
anonymous, basic auth, and integrated windows auth.

My code looks like this:

using System;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security.Tokens;
using Microsoft.Web.Services2.Security;

using System.Text;
using System.Collections;
using System.Configuration;
using System.IO;

namespace JoeWSE
{
/// <summary>
/// Summary description for WSEClass.
/// </summary>
///
public class UserNameTokenJoe:UsernameTokenManager
{
protected override string AuthenticateToken(UsernameToken token)
{
//I put code here to
write to a file, and it never works.
string userName = token.Username;
string password = token.Password;

//Return some bogus thing here that doesn't match the password
//so hopefully I won't
be able to call the web service successfully
return "This should cause an authentication problem";
}
}
}

I put this in the GAC and edit my web.xml file on a 'hello world' web
service, which I'm trying to lock down with the usernameTokenManager
above, so it looks like...

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="microsoft.web.services2"
type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration,
Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</configSections>
<system.web>
<webServices>
<soapExtensionTypes>
<add type="Microsoft.Web.Services2.WebServicesExtension,
Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" priority="1" group="0" />
</soapExtensionTypes>
</webServices>
</system.web>
<microsoft.web.services2>
<security>
<securityTokenManager
type="JoeWSE.UserNameTokenJoe,JoeWSE,Version=1.0.0.0,Culture=neutral,PublicKeyToken=671e5018475725ea,Custom=null"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
wssecurity-secext-1.0.xsd" qname="wsse:UsernameToken" />
</security>
<diagnostics>
<trace enabled="true" input="C:\_tracing\WebServiceCustomTrace
\inputtrace.webinfo" output="C:\_tracing\WebServiceCustomTrace
\OutputTrace.webinfo" />
</diagnostics>
</microsoft.web.services2>
</configuration>

Another weird thing is that if I make the type attribute invalid by
changing the name to something bogus, or changing to an invalid
version number, I will get a runtime error because the assembly can't
be found. So it's being recognized at that level. But the
AuthenticateToken function just won't get invoked. The web service
will always run successfully returning "Hello World", although based
on the bogus password I'm returning in the function, I should not be
able to call it successfully.

thanks in advance for your help.
 
N

nsyforce

Does anyone have any thoughts on this? My suspicion is a security
patch may be the cause of this failing, but I can only guess at this
now.

Here's some more info:
JoeWSE is the name of my assembly.
JoeWSE is also the namespace name

Most errors I've seen on this involve incorrect web.config files. I'm
100% certain this is correct. I created a new web service and didn't
manually touch the web.config file. I used the WSE properties gui
tool to set my properties. I've also changed type name in the
web.config to make the namespace, assemblyname, and class wrong. For
each element, I received an exception stating the class could not be
loaded. When I didn't change those it worked 'successfully'. So I
know the type name is correct.

My previous example had the UsernameToken class in the GAC. I removed
it from the gac and put it in the bin directory of my webservice. I
then changed the type on the web.config file to
type="JoeWSE.UserNameTokenJoe,JoeWSE".

After looking at the examples provided with WSE, googling on other
peoples issues, and considering this code worked a year ago, I'm
convinced I am doing this correctly. The company I work for pushes
out service paks and security patches to our machines. Is there a
chance that some security patch has caused this to break.
 
N

nsyforce

I've just been able to add a big clue to the problem. When my client
application attaches a userNameToken to the soap header, the
userNameTokenManager on the web service has it's AuthenticateToken
method called as I would expect. It DOES NOT get called if the client
does not attach a userNameToken to the header. This doesn't seem
right. Has anyone heard of this or have they heard of a fix for this?

Thanks in advance
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WSE 2.0 SP3 DIME client error: Response is not well-formed XML. ---> System.Xml.XmlException: Root e 2
Problem with WSE and Win98...(MVP Replies prefered) 3
Cant connect to webservice 1
Webservice Error Message Timeout 0
WSE 2.0 - Message Expired 2
WSE 2.0 - The security token could not be authenticated or authori 2
WSE 3.0 Kerberos Security problem 0
WCF Host ASP.NET Service - WSE 3.0 Client Compatibility 0

Members online

No members online now.
Total: 46 (members: 0, guests: 46)
Robots: 452

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,055
Latest member
SlimSparkKetoACVReview

Latest Threads

Top