WSE: UserNameTokenManaer not invoked when client doesn't pass userNameToken

N

nsyforce

How come the authenticateToken method does not get invoked when a
client calling the web service does not attach a userNameToken to the
header? This seems like a security flaw. Is there something you need
to do to the web service for the authenticate method to be invoked
under such a scenario? Is there a KB article that I have not been
able to find?

For the example I have, if a caller of the web service attaches a
usernameToken, the authenticateToken method on my userNameTokenManager
gets invoked. IF they don't attach it to the header, they call the
function on the web service successfully as the userNameTokenManager
is never invoked.

(I am using WSE 2.0 SP3)

Thank you in advance.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top