Explaination of SecurityContextToken -- dotnet web services enhancements

dotnet web services enhancements : Explaination of SecurityContextToken

WSE_Developer
8/19/2004 3:03:02 PM

I really need some help on this, folks. I'm having trouble wrapping my head
around an SCT. I'm attempting to create a simple example of using Username
Tokens and SCT's without an STS. I am verifying the username token through
the UsernameToken manager on the first call to the server, and want to send
back an SCT in the first response, to be used in all subsequent calls. Right
now, all i'm doing is instantiating a new SCT and passing in the verified
Username token into the constructor, then stuffing this SCT back into the
response. Is this it? I'm getting tripped up thinking that some keys need
to be generated.

Lucien
8/20/2004 12:55:55 PM

Why are you not using the STS? It will work with the username token (see
sample). If really don't want to use that code you can (re)create your own
code (and make sure you have the same level of security supported by the SCT
client).

[quoted text, click to view]

Jeffrey Hasan
8/23/2004 10:28:41 AM

Your description sounds fine for the initial work that must be done to
generate the SCT. So I actually don't see what your "trouble" is :) When you
say "stuffing" the SCT in the response, do you mean you're returning an
instantiated SCT? That's really all you need to do on the first return, but
then of course you need to start using the SCT for all subsequent requests
and responses.

Jeffrey Hasan, MCSD
President, Bluestone Partners, Inc.
-----------------------------------------------
Author of: Expert SOA in C# Using WSE 2.0 (APress, 2004)
http://www.bluestonepartners.com/soa.aspx

[quoted text, click to view]

Got something to say? Click here to post a reply to this thread.

Don't see what you're looking for? Try a search.

View other messages about dotnet web services enhancements

home · blog · groups

Questions? Comments? Contact the dn