WSE3 Credentials

Discussion in 'ASP .Net Web Services' started by Euphilos, Feb 14, 2006.

  1. Euphilos

    Euphilos Guest

    Hello,

    I'm trying to use WSE 3 in a web service for authentication and
    authorization.

    I've created a custom UsernameTokenManager overriding VerifyToken to
    validate the token against the database and setting the token principal to a
    generic principal with all the needed information.

    This goes ok, but when I'm trying to find out which user is currently
    authenticated, in the web method, using
    RequestSoapContext.Current.Credentials.UltimateReceiver.GetClientToken(Of
    UsernameToken)().Principal, GetClientToken returns nothing (causing a null
    reference exception).

    The code above is used in the hands-on lab for WSE3 security, and seems to
    work there. I guess I could set the thread principal in VerifyToken, but the
    code above seemed the recommended way to go.

    Thank you for your help,

    Euphilos
     
    Euphilos, Feb 14, 2006
    #1
    1. Advertising

  2. Hi Euphilos,

    Welcome to the MSDN newsgroup.

    From your description, I understand you're building a custom
    UsernameTokenManager for your ASP.NET webservice which uses WSE 3.0 to
    secure the messages. Also, you create some custom GenericPrinciple
    instances in the custom UsernameTokenManager's verifytoken method and
    assign them to the current SoapRequestContext. However, in webmethod code,
    you find that the
    RequestSoapContext.Current.Credentials.UltimateReceiver.GetClientToken can
    not return the custom principal you assigned and report null reference
    exception, correct?

    I've also performed some tests in my local environment and did find some
    similiar problem. Actually, the null reference exception occurs when I
    configure the webservice application to use username over certificate (sign
    and encrypt message) assertion. If do not sign and encrypte the message(use
    transport layer security), the UltimateReceiver.GetClientToken can return
    the correct value.

    Would you please also test the two conditions and let me know whether you
    get the same result? Meanwhile, I'll do some further research on this and
    will update you if I get any new information.

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Steven Cheng[MSFT], Feb 15, 2006
    #2
    1. Advertising

  3. Hi Euphilos,

    After some further research and discussing with some other WSE guys. The
    behavior you encounter is the expected one if you've turned on the
    "establishSecurityContext"? e.g:

    <usernameForCertificateSecurity establishSecurityContext="true"


    If this is the case, since the WSE runtime will cache the security context
    token, it won't attach the token at the
    RequestSoapContext.Current.Credentials.UltimateReceiver in each request.
    Instead, we can use the following code to retrieve the security token:

    SecurityContextToken sct =
    RequestSoapContext.Current.Credentials.GetSecurityContextToken();

    string username = sct.Principal.Identity.Name;


    Hope this helps.

    Regards,

    Steven Cheng
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
     
    Steven Cheng[MSFT], Feb 20, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ben
    Replies:
    1
    Views:
    518
  2. Florian Harbich
    Replies:
    0
    Views:
    159
    Florian Harbich
    Jan 26, 2006
  3. Asaf

    WSE3 & Error WSE910?

    Asaf, Apr 3, 2006, in forum: ASP .Net Web Services
    Replies:
    7
    Views:
    672
    Steven Cheng[MSFT]
    Apr 7, 2006
  4. Wse3.0 Error

    , May 2, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    183
  5. WSE3.0 in medium trust error!

    , Sep 5, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    136
Loading...

Share This Page