WSE 2.0 - The security token could not be authenticated or authori

Discussion in 'ASP .Net Web Services' started by David M. Young, Jun 11, 2004.

  1. I posted this to microsoft.public.dotnet.framework.webservices.enhancements a few days ago, but I'm not getting any helpful responses. I hope someone can help.

    Here's my code for the Web Service (SimpleWseServer.ServicesMain.asmx)
    [WebMethod]
    public string HelloWorld(string username)
    {
    SoapContext ctxt = RequestSoapContext.Current;
    foreach(SecurityToken token in ctxt.Security.Tokens)
    {
    if(token is UsernameToken)
    {
    UsernameToken user = (UsernameToken)token;
    if(user.Username==username)
    {
    if(user.Principal.IsInRole(System.Net.Dns.GetHostName() + @"\Kings"))
    return "Hello, King " + username;
    return "Hello, " + username;
    }
    }
    }
    return "Hello, Liar";
    }

    Here the client code (it's a button click event in a WindowsForm)
    private void btn_login_Click(object sender, System.EventArgs e)
    {
    string username = txt_username.Text;
    string password = txt_password.Text;
    SimpleWseClient.localhost.ServicesMainWse proxy = new
    SimpleWseClient.localhost.ServicesMainWse();
    proxy.Url = "http://localhost/SimpleWseServer/ServicesMain.asmx";
    proxy.RequestSoapContext.Security.Tokens.Add(new UsernameToken(username,
    password, PasswordOption.SendPlainText));
    txt_response.Text = proxy.HelloWorld(username);
    }

    Here's the exception stack:
    Additional information: Microsoft.Web.Services2.Security.SecurityFault: The
    security token could not be authenticated or authorized
    at
    Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUserFail
    ed(UsernameToken token)
    at
    Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser(Usern
    ameToken token)
    at
    Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.AuthenticateTok
    en(UsernameToken token)
    at
    Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(Sec
    urityToken securityToken)
    at
    Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurity
    Token(XmlElement element)
    at
    Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml
    (XmlElement element)
    at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
    at
    Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnve
    lope envelope)
    at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
    envelope)
    at
    Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
    verMessage message)

    I can't figure out why Windows Authentication is failing? I've enable tracing on both the input and output. The input shows the correct username and password being passed.

    The account I'm using is a local account and the group is local as well. I can log in locally with that same username/password combination. I've tried using the following for the username ( username and LOCALMACHINE\username). I've even used my domain login and all receive the same error. I've used the RunAs command to launch other applications as this user and that works.

    I also downloaded the Hand-On-Lab (HOLDEVL34: WSE 2.0 Security and Policy) and have tried the supplied "SecureInvoiceA" exercises, but those give the same error as above.

    I'd like to move on to implementing my own UsernameTokenManager, but can concieve of doing so until this simple (so it seems) solution can be made to work.

    Any help is appreciated.
     
    David M. Young, Jun 11, 2004
    #1
    1. Advertising

  2. David M. Young

    dm_dal Guest

    Finally got a resolution.

    On Win2k you have to grant "Act as part of operating system" in local
    policies to the ASPNET account for this to work.

    David

    "David M. Young" <> wrote in message
    news:...
    > I posted this to

    microsoft.public.dotnet.framework.webservices.enhancements a few days ago,
    but I'm not getting any helpful responses. I hope someone can help.
    >
    > Here's my code for the Web Service (SimpleWseServer.ServicesMain.asmx)
    > [WebMethod]
    > public string HelloWorld(string username)
    > {
    > SoapContext ctxt = RequestSoapContext.Current;
    > foreach(SecurityToken token in ctxt.Security.Tokens)
    > {
    > if(token is UsernameToken)
    > {
    > UsernameToken user = (UsernameToken)token;
    > if(user.Username==username)
    > {
    > if(user.Principal.IsInRole(System.Net.Dns.GetHostName() + @"\Kings"))
    > return "Hello, King " + username;
    > return "Hello, " + username;
    > }
    > }
    > }
    > return "Hello, Liar";
    > }
    >
    > Here the client code (it's a button click event in a WindowsForm)
    > private void btn_login_Click(object sender, System.EventArgs e)
    > {
    > string username = txt_username.Text;
    > string password = txt_password.Text;
    > SimpleWseClient.localhost.ServicesMainWse proxy = new
    > SimpleWseClient.localhost.ServicesMainWse();
    > proxy.Url = "http://localhost/SimpleWseServer/ServicesMain.asmx";
    > proxy.RequestSoapContext.Security.Tokens.Add(new UsernameToken(username,
    > password, PasswordOption.SendPlainText));
    > txt_response.Text = proxy.HelloWorld(username);
    > }
    >
    > Here's the exception stack:
    > Additional information: Microsoft.Web.Services2.Security.SecurityFault:

    The
    > security token could not be authenticated or authorized
    > at
    >

    Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUserFail
    > ed(UsernameToken token)
    > at
    >

    Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser(Usern
    > ameToken token)
    > at
    >

    Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.AuthenticateTok
    > en(UsernameToken token)
    > at
    >

    Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(Sec
    > urityToken securityToken)
    > at
    >

    Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurity
    > Token(XmlElement element)
    > at
    >

    Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml
    > (XmlElement element)
    > at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement

    element)
    > at
    >

    Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnve
    > lope envelope)
    > at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
    > envelope)
    > at
    >

    Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
    > verMessage message)
    >
    > I can't figure out why Windows Authentication is failing? I've enable

    tracing on both the input and output. The input shows the correct username
    and password being passed.
    >
    > The account I'm using is a local account and the group is local as well.

    I can log in locally with that same username/password combination. I've
    tried using the following for the username ( username and
    LOCALMACHINE\username). I've even used my domain login and all receive the
    same error. I've used the RunAs command to launch other applications as
    this user and that works.
    >
    > I also downloaded the Hand-On-Lab (HOLDEVL34: WSE 2.0 Security and Policy)

    and have tried the supplied "SecureInvoiceA" exercises, but those give the
    same error as above.
    >
    > I'd like to move on to implementing my own UsernameTokenManager, but can

    concieve of doing so until this simple (so it seems) solution can be made to
    work.
    >
    > Any help is appreciated.
     
    dm_dal, Jun 21, 2004
    #2
    1. Advertising

  3. David M. Young

    P Guest

    And of course you have to restart IIS afterward. Local security
    settings will not take affect (even though it said so) until IIS got
    re-started.

    Pam
    "dm_dal" <> wrote in message news:<#>...
    > Finally got a resolution.
    >
    > On Win2k you have to grant "Act as part of operating system" in local
    > policies to the ASPNET account for this to work.
    >
    > David
    >
    > "David M. Young" <> wrote in message
    > news:...
    > > I posted this to

    > microsoft.public.dotnet.framework.webservices.enhancements a few days ago,
    > but I'm not getting any helpful responses. I hope someone can help.
    > >
    > > Here's my code for the Web Service (SimpleWseServer.ServicesMain.asmx)
    > > [WebMethod]
    > > public string HelloWorld(string username)
    > > {
    > > SoapContext ctxt = RequestSoapContext.Current;
    > > foreach(SecurityToken token in ctxt.Security.Tokens)
    > > {
    > > if(token is UsernameToken)
    > > {
    > > UsernameToken user = (UsernameToken)token;
    > > if(user.Username==username)
    > > {
    > > if(user.Principal.IsInRole(System.Net.Dns.GetHostName() + @"\Kings"))
    > > return "Hello, King " + username;
    > > return "Hello, " + username;
    > > }
    > > }
    > > }

    > return "Hello, Liar";
    > > }
    > >
    > > Here the client code (it's a button click event in a WindowsForm)
    > > private void btn_login_Click(object sender, System.EventArgs e)
    > > {
    > > string username = txt_username.Text;
    > > string password = txt_password.Text;
    > > SimpleWseClient.localhost.ServicesMainWse proxy = new
    > > SimpleWseClient.localhost.ServicesMainWse();
    > > proxy.Url = "http://localhost/SimpleWseServer/ServicesMain.asmx";
    > > proxy.RequestSoapContext.Security.Tokens.Add(new UsernameToken(username,
    > > password, PasswordOption.SendPlainText));
    > > txt_response.Text = proxy.HelloWorld(username);
    > > }
    > >
    > > Here's the exception stack:
    > > Additional information: Microsoft.Web.Services2.Security.SecurityFault:

    > The
    > > security token could not be authenticated or authorized
    > > at
    > >

    > Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUserFail
    > > ed(UsernameToken token)
    > > at
    > >

    > Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser(Usern
    > > ameToken token)
    > > at
    > >

    > Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.AuthenticateTok
    > > en(UsernameToken token)
    > > at
    > >

    > Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(Sec
    > > urityToken securityToken)
    > > at
    > >

    > Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurity
    > > Token(XmlElement element)
    > > at
    > >

    > Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml
    > > (XmlElement element)
    > > at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement

    > element)
    > > at
    > >

    > Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnve
    > > lope envelope)
    > > at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
    > > envelope)
    > > at
    > >

    > Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapSer
    > > verMessage message)
    > >
    > > I can't figure out why Windows Authentication is failing? I've enable

    > tracing on both the input and output. The input shows the correct username
    > and password being passed.
    > >
    > > The account I'm using is a local account and the group is local as well.

    > I can log in locally with that same username/password combination. I've
    > tried using the following for the username ( username and
    > LOCALMACHINE\username). I've even used my domain login and all receive the
    > same error. I've used the RunAs command to launch other applications as
    > this user and that works.
    > >
    > > I also downloaded the Hand-On-Lab (HOLDEVL34: WSE 2.0 Security and Policy)

    > and have tried the supplied "SecureInvoiceA" exercises, but those give the
    > same error as above.
    > >
    > > I'd like to move on to implementing my own UsernameTokenManager, but can

    > concieve of doing so until this simple (so it seems) solution can be made to
    > work.
    > >
    > > Any help is appreciated.
     
    P, Jul 15, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shikari Shambu
    Replies:
    0
    Views:
    593
    Shikari Shambu
    Dec 29, 2004
  2. Cronus
    Replies:
    1
    Views:
    676
    Paul Mensonides
    Jul 15, 2004
  3. Jose Escobar

    Referenced security token could not be retrieved ERROR

    Jose Escobar, Sep 15, 2003, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    305
    Jose Escobar
    Sep 15, 2003
  4. Cyndi

    WSE - Username Token

    Cyndi, Oct 2, 2003, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    110
    Cyndi
    Oct 2, 2003
  5. Abhijit
    Replies:
    0
    Views:
    151
    Abhijit
    Apr 12, 2004
Loading...

Share This Page