Simple Security Question
- I have a service that I have designed for message security. The current working production version uses an X509 to accomplish this. Using WCF this was a relatively simple feat.
At the time when we first deployed this service there was only one user and a set of operations that were built for that user. Now we are expanding the service to multiple users. The new user should not have access to the methods the previous user had access to. Because of this new requirement, using X509 to simply secure the message is not enough security anymore.
Now I need to implement a UN/PW system so that I can provide role-based access to the different operations available. I have been pounding the pavement on this for several hours and *thought* I had it, but I can't get passed a very generic and vague error message: " System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: An error occurred when verifying security for the message.."
My intention is to use the default ASP.Net membership provider to authenticate people. I have the following binding definition now:
Code Snippet<bindings><wsHttpBinding>
<binding name="UserNameWS">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
I simply changed the line "clientCredentialType="None"" to clientCredentialType="UserName". I also worked to configure the ASP.Net membership provider.
My assumption (and that's all it is at this point) is that since I have that membership provider as my default and I have the clientCredentialType set to UserName that WCF will use the membership provider to authenticate the user upon receipt of a new message. I don't know if that assumption is right or if more configuration needs to be done first or if what I want is even possible. I can't find anything online that will tell me I can do it this way exactly.
In the interest of being complete, here is how I am providing the client credentials on the client side.
Code Snippetservice.ClientCredentials.UserName.UserName = "user";
service.ClientCredentials.UserName.Password = "password";
回答
- Thanks for your help, I found the problem and it was a dumb one. I was using integrated security on the connection string for the database so the problem simply was it couldn't connect to the db to authenticate my credentials. I changed this and it is all working now.
Thanks again!
すべての返信
- bump
Are you using a certificate or SSL? This errro indicates taht you should be using one of these to protect the data.
- Thanks for your help, I found the problem and it was a dumb one. I was using integrated security on the connection string for the database so the problem simply was it couldn't connect to the db to authenticate my credentials. I changed this and it is all working now.
Thanks again! - Glad it was something simple and that you could find it on your own! This would have been difficult to diagnose over teh forums.
- I have the same problem now, but I dont understand what you meen by "i changed this"?
What exactly did you change to get this working? - Hi Dan, do you know what he changed to get this working?
The OP was using integrated security on his connection string. The account that the service was running as didn;t have access to the database. "I changed this" means he either granted access to the database for the account or he changed to use SQL logins (providing a userid and password in the connection string)
Richard Blewett, thinktecture - http://www.dotnetconsult.co.uk/weblog2
Twitter: richardblewett- 回答の候補に設定Richard BlewettMVP, モデレータ2009年5月6日 11:28
- ah! Thank you Richard
