none
Service Throwing Exception on UsernameToken Sent by Client RRS feed

  • Question

  • Hi:

    I am not expert in policy. So far, using requestContext.Security to insert credentials works fine with session. However, I am experiencing an exception if my client and service communicate directly. If the client includes a usernameToken in the request header, the service (which is a WES that uses the detault policy from the template) will throw exception shown below. Similarly, if my service returns a response that includes a usernameToken in the header, the client will throw a similar exception. I did a bit search on this error and most posts are on session usernameToken error and nothing on direct client-server communication.

    In the client, the security credentials are added as follows:

    header.Security.Add(new UsernameToken(ConfigurationManager.AppSettings.Get("Administrator"),
                    ConfigurationManager.AppSettings.Get("Password"), PasswordOption.SendPlainText));


    The input trace for service is:


    - <inputMessage utc="11/30/2007 3:00:57 PM" messageId="urn:uuid:716482a8-e406-4de3-a05b-66a40ac6fba4">
    - <processingStep description="Unprocessed message">
    - <env:Envelope xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:env="http://www.w3.org/2003/05/soap-envelope">
    - <env:Header>
      <wsa:Action>http://Microsoft.Csf.Adapters.NortelWES/CreateOrganization</wsa:Action>
    - <wsa:FaultTo>
      <wsa:Address>http://atr068/EVSWESCaller/NepServicehandler.ashx</wsa:Address>
    - <wsa:ReferenceProperties>
      <CorrelationId>urn:2addc19d-bd62-48bd-90d7-a0b5b7fe9682</CorrelationId>
      </wsa:ReferenceProperties>
      </wsa:FaultTo>
    - <wsa:From>
      <wsa:Address>http://atr068/EVSWESCaller/NepServicehandler.ashx</wsa:Address>
    - <wsa:ReferenceProperties>
      <CorrelationId>urn:2addc19d-bd62-48bd-90d7-a0b5b7fe9682</CorrelationId>
      </wsa:ReferenceProperties>
      </wsa:From>
      <wsa:MessageID>urn:uuid:716482a8-e406-4de3-a05b-66a40ac6fba4</wsa:MessageID>
    - <wsa:ReplyTo>
      <wsa:Address>http://atr068/EVSWESCaller/NepServicehandler.ashx</wsa:Address>
    - <wsa:ReferenceProperties>
      <CorrelationId>urn:2addc19d-bd62-48bd-90d7-a0b5b7fe9682</CorrelationId>
      </wsa:ReferenceProperties>
      </wsa:ReplyTo>
      <wsa:To>http://atr068/EvsWes/NortelWES.ashx</wsa:To>
    - <CorrelationId>
      <string>urn:2addc19d-bd62-48bd-90d7-a0b5b7fe9682</string>
      </CorrelationId>
    - <RelatesTo>
      <string>urn:2addc19d-bd62-48bd-90d7-a0b5b7fe9682</string>
      </RelatesTo>
    - <wsseTongue Tiedecurity env:mustUnderstand="true">
    - <wsu:Timestamp wsu:Id="Timestamp-a34f42ae-05db-42ba-994e-f56c7103c527">
      <wsu:Created>2007-11-30T15:00:56Z</wsu:Created>
      <wsu:Expires>2007-11-30T15:05:56Z</wsu:Expires>
      </wsu:Timestamp>
    - <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-82641532-feec-4c82-b853-fe83b8125a14">
      <wsse:Username>administrator@BellHMC.com</wsse:Username>
      <wsseStick out tongueassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Csdem1000!</wsseStick out tongueassword>
      <wsse:Nonce>a0PfCajJ1H8dExxtcETHew==</wsse:Nonce>
      <wsu:Created>2007-11-30T15:00:56Z</wsu:Created>
      </wsse:UsernameToken>
      </wsseTongue Tiedecurity>
      </env:Header>
    - <env:Body>
    - <createOrganizationRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://Microsoft.Csf.Adapters.NortelWES/CreateOrganizationRequest.xsd">
    - 
    ......
      </createOrganizationRequest>
      </env:Body>
      </env:Envelope>
      </processingStep>
      <processingStep description="Entering SOAP filter Microsoft.Web.Services3.Security.Wse2PipelinePolicy+LegacyFilterWrapper" />
      <processingStep description="Exception thrown: The security token could not be authenticated or authorized">at Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.OnLogonUserFailed(UsernameToken token) at Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.AuthenticateToken(UsernameToken token) at Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.VerifyToken(SecurityToken token) at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadXmlSecurityToken(XmlElement element) at Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element) at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement element, SecurityConfiguration configuration, Int32& tokenCount) at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element) at Microsoft.Web.Services3.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.Security.Wse2PipelinePolicy.LegacyFilterWrapper.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope)</processingStep>
      </inputMessage>


    I'd appreciate if someone could share some hint on this.

    Thanks,
    Ying



    Friday, November 30, 2007 4:14 PM

Answers

  • Hi Rishabh:

    Thank you for the hint. I didn't connect that with actual user name I was using. Now I changed it to a real account for that PC and it worked.

    Thanks for your help,
    Ying
    Friday, November 30, 2007 7:01 PM

All replies

  • Hi Ying,

     

    The error in the trace says it all - the token which is being sent by the client is not authenticated by the service.

    I suggest you to change the username and password values to the credentials which your service policy allow.

     

    You can find this information in the authorization tags in the policy.config and / or web.config and then make sure that the user credentials which are passed from the client adhere to the service requirements.

     

    Hope this helps,

    Rishabh Kapoor

    Friday, November 30, 2007 6:12 PM
  • Hi Rishabh:

    Thank you for the hint. I didn't connect that with actual user name I was using. Now I changed it to a real account for that PC and it worked.

    Thanks for your help,
    Ying
    Friday, November 30, 2007 7:01 PM
  • Hi Ying,

     

    I am glad that your problem is resolved. But guess that you marked the wrong post as answer by mistake.

     

    Regards,

    Rishabh Kapoor

    Sunday, December 2, 2007 6:34 PM