WSE 2.0 - The security token could not be authenticated or authori

D

David M. Young

I posted this to microsoft.public.dotnet.framework.webservices.enhancements a few days ago, but I'm not getting any helpful responses. I hope someone can help.

Here's my code for the Web Service (SimpleWseServer.ServicesMain.asmx)
[WebMethod]
public string HelloWorld(string username)
{
SoapContext ctxt = RequestSoapContext.Current;
foreach(SecurityToken token in ctxt.Security.Tokens)
{
if(token is UsernameToken)
{
UsernameToken user = (UsernameToken)token;
if(user.Username==username)
{
if(user.Principal.IsInRole(System.Net.Dns.GetHostName() + @"\Kings"))
return "Hello, King " + username;
return "Hello, " + username;
}
}
}
return "Hello, Liar";
}

Here the client code (it's a button click event in a WindowsForm)
private void btn_login_Click(object sender, System.EventArgs e)
{
string username = txt_username.Text;
string password = txt_password.Text;
SimpleWseClient.localhost.ServicesMainWse proxy = new
SimpleWseClient.localhost.ServicesMainWse();
proxy.Url = "http://localhost/SimpleWseServer/ServicesMain.asmx";
proxy.RequestSoapContext.Security.Tokens.Add(new UsernameToken(username,
password, PasswordOption.SendPlainText));
txt_response.Text = proxy.HelloWorld(username);
}

Here's the exception stack:
Additional information: Microsoft.Web.Services2.Security.SecurityFault: The
security token could not be authenticated or authorized
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUserFail
ed(UsernameToken token)
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser(Usern
ameToken token)
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.AuthenticateTok
en(UsernameToken token)
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(Sec
urityToken securityToken)
at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurity
Token(XmlElement element)
at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml
(XmlElement element)
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnve
lope envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
verMessage message)

I can't figure out why Windows Authentication is failing? I've enable tracing on both the input and output. The input shows the correct username and password being passed.

The account I'm using is a local account and the group is local as well. I can log in locally with that same username/password combination. I've tried using the following for the username ( username and LOCALMACHINE\username). I've even used my domain login and all receive the same error. I've used the RunAs command to launch other applications as this user and that works.

I also downloaded the Hand-On-Lab (HOLDEVL34: WSE 2.0 Security and Policy) and have tried the supplied "SecureInvoiceA" exercises, but those give the same error as above.

I'd like to move on to implementing my own UsernameTokenManager, but can concieve of doing so until this simple (so it seems) solution can be made to work.

Any help is appreciated.
 
D

dm_dal

Finally got a resolution.

On Win2k you have to grant "Act as part of operating system" in local
policies to the ASPNET account for this to work.

David

David M. Young said:
I posted this to
Click to expand...
microsoft.public.dotnet.framework.webservices.enhancements a few days ago,
but I'm not getting any helpful responses. I hope someone can help.
Here's my code for the Web Service (SimpleWseServer.ServicesMain.asmx)
[WebMethod]
public string HelloWorld(string username)
{
SoapContext ctxt = RequestSoapContext.Current;
foreach(SecurityToken token in ctxt.Security.Tokens)
{
if(token is UsernameToken)
{
UsernameToken user = (UsernameToken)token;
if(user.Username==username)
{
if(user.Principal.IsInRole(System.Net.Dns.GetHostName() + @"\Kings"))
return "Hello, King " + username;
return "Hello, " + username;
}
}
}
return "Hello, Liar";
}

Here the client code (it's a button click event in a WindowsForm)
private void btn_login_Click(object sender, System.EventArgs e)
{
string username = txt_username.Text;
string password = txt_password.Text;
SimpleWseClient.localhost.ServicesMainWse proxy = new
SimpleWseClient.localhost.ServicesMainWse();
proxy.Url = "http://localhost/SimpleWseServer/ServicesMain.asmx";
proxy.RequestSoapContext.Security.Tokens.Add(new UsernameToken(username,
password, PasswordOption.SendPlainText));
txt_response.Text = proxy.HelloWorld(username);
}

Here's the exception stack:
Additional information: Microsoft.Web.Services2.Security.SecurityFault: The
security token could not be authenticated or authorized
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUserFail
ed(UsernameToken token)
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser(Usern
ameToken token)
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.AuthenticateTok
en(UsernameToken token)
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(Sec
urityToken securityToken)
at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurity
Token(XmlElement element)
at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml
(XmlElement element)
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at
Click to expand...
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnve
lope envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
verMessage message)

I can't figure out why Windows Authentication is failing? I've enable
Click to expand...
tracing on both the input and output. The input shows the correct username
and password being passed.
The account I'm using is a local account and the group is local as well.
Click to expand...
I can log in locally with that same username/password combination. I've
tried using the following for the username ( username and
LOCALMACHINE\username). I've even used my domain login and all receive the
same error. I've used the RunAs command to launch other applications as
this user and that works.
I also downloaded the Hand-On-Lab (HOLDEVL34: WSE 2.0 Security and Policy)
Click to expand...
and have tried the supplied "SecureInvoiceA" exercises, but those give the
same error as above.
I'd like to move on to implementing my own UsernameTokenManager, but can
Click to expand...
concieve of doing so until this simple (so it seems) solution can be made to
work.
 
P

P

And of course you have to restart IIS afterward. Local security
settings will not take affect (even though it said so) until IIS got
re-started.

Pam
dm_dal said:
Finally got a resolution.

On Win2k you have to grant "Act as part of operating system" in local
policies to the ASPNET account for this to work.

David

David M. Young said:
I posted this to
Click to expand...
microsoft.public.dotnet.framework.webservices.enhancements a few days ago,
but I'm not getting any helpful responses. I hope someone can help.
Here's my code for the Web Service (SimpleWseServer.ServicesMain.asmx)
[WebMethod]
public string HelloWorld(string username)
{
SoapContext ctxt = RequestSoapContext.Current;
foreach(SecurityToken token in ctxt.Security.Tokens)
{
if(token is UsernameToken)
{
UsernameToken user = (UsernameToken)token;
if(user.Username==username)
{
if(user.Principal.IsInRole(System.Net.Dns.GetHostName() + @"\Kings"))
return "Hello, King " + username;
return "Hello, " + username;
}
}
} return "Hello, Liar";
}

Here the client code (it's a button click event in a WindowsForm)
private void btn_login_Click(object sender, System.EventArgs e)
{
string username = txt_username.Text;
string password = txt_password.Text;
SimpleWseClient.localhost.ServicesMainWse proxy = new
SimpleWseClient.localhost.ServicesMainWse();
proxy.Url = "http://localhost/SimpleWseServer/ServicesMain.asmx";
proxy.RequestSoapContext.Security.Tokens.Add(new UsernameToken(username,
password, PasswordOption.SendPlainText));
txt_response.Text = proxy.HelloWorld(username);
}

Here's the exception stack:
Additional information: Microsoft.Web.Services2.Security.SecurityFault: The
security token could not be authenticated or authorized
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUserFail
ed(UsernameToken token)
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser(Usern
ameToken token)
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.AuthenticateTok
en(UsernameToken token)
at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(Sec
urityToken securityToken)
at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurity
Token(XmlElement element)
at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml
(XmlElement element)
at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at
Click to expand...
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnve
lope envelope)
at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
verMessage message)

I can't figure out why Windows Authentication is failing? I've enable
Click to expand...
tracing on both the input and output. The input shows the correct username
and password being passed.
The account I'm using is a local account and the group is local as well.
Click to expand...
I can log in locally with that same username/password combination. I've
tried using the following for the username ( username and
LOCALMACHINE\username). I've even used my domain login and all receive the
same error. I've used the RunAs command to launch other applications as
this user and that works.
I also downloaded the Hand-On-Lab (HOLDEVL34: WSE 2.0 Security and Policy)
Click to expand...
and have tried the supplied "SecureInvoiceA" exercises, but those give the
same error as above.
I'd like to move on to implementing my own UsernameTokenManager, but can
Click to expand...
concieve of doing so until this simple (so it seems) solution can be made to
work.
Any help is appreciated.
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WSE 2.0 - Message Expired 2
WSE 2.0 is not invoking AuthenticateToken on my userNameTokenManager 2
PDA WSE 2 & OpenNetCF 0
Error using WS-Security 1
WSE 2.0 SP3 DIME client error: Response is not well-formed XML. ---> System.Xml.XmlException: Root e 2
Secuirty context token in webfarm sample 0
Access Denied using Windows Authentication. WSE 2.0 2
Access Denied using Windows Authentication. WSE 2.0 0

Members online

Total: 24 (members: 2, guests: 22)
Robots: 467

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,053
Latest member
BrodieSola

Latest Threads

Top