WSE: UserNameTokenManaer not invoked when client doesn't pass userNameToken

Discussion in 'ASP .Net Web Services' started by nsyforce@aol.com, Jun 5, 2007.

  1. Guest

    How come the authenticateToken method does not get invoked when a
    client calling the web service does not attach a userNameToken to the
    header? This seems like a security flaw. Is there something you need
    to do to the web service for the authenticate method to be invoked
    under such a scenario? Is there a KB article that I have not been
    able to find?

    For the example I have, if a caller of the web service attaches a
    usernameToken, the authenticateToken method on my userNameTokenManager
    gets invoked. IF they don't attach it to the header, they call the
    function on the web service successfully as the userNameTokenManager
    is never invoked.

    (I am using WSE 2.0 SP3)

    Thank you in advance.
    , Jun 5, 2007
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andre
    Replies:
    0
    Views:
    444
    Andre
    Jan 21, 2005
  2. ishekara
    Replies:
    2
    Views:
    491
    Eric Sosman
    Jun 23, 2004
  3. Nedu N

    Usernametoken requirement in the policy file

    Nedu N, Feb 10, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    206
    [MSFT]
    Feb 11, 2004
  4. Asfar

    UsernameToken Sample

    Asfar, Sep 14, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    124
    Asfar
    Sep 14, 2006
  5. APA

    SOAP UserNameToken

    APA, Sep 17, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    125
Loading...

Share This Page