I've asked this question in the VB .net forum and was told I should ask here. My company is going to be validating some info over the internet with another company. The documentation given to me by the company we will be contacting says: "Using an XML-based application with SOAP technol...more >>

how to use CustomerUsernameToken to AuthenticateToken if the client send a password where PasswordOption.SendHashed. in the Service: protected override string AuthenticateToken(UsernameToken token) { Note: I can't use toke.password get the password } How can i get the token.password...more >>

I have a web serice built which works fine when I did testing on my local machine. It also works fine when accessed from different machine within my private network. I asked a friend of mine to access it from his machine. He can access it and works for few seconds then a following problem occu...more >>

Hi I have been trying hard to get the kerberos authentication work with WSE 3.0 I have a hello world service protected by a Kerberos policy file using WSE 3.0 tool Based on some recommendations I have done the following 1) Change ASPNET account to run under SYSTEM in machine.config 2) ...more >>

Am I right in assuming that ws-transaction has not yet been implemented in MS WSE as of version 3.0 ? If so, does anybody have a timescale for when we can expect this? Thanks....more >>

Hi, Can some one provide a sample of how to make use of WS reliable messaging. I am using WSE3.0 and .net 2.0 Do I have to configure some thing ? What code if any needs to be written to be able make use of WS-relibale messaging? Thanks Sounu ...more >>

I have created certificates with the following commands: makecert -cy authority -r -n "CN=Foo.CA" -sr localmachine -ss "Trust" makecert -cy end -n "CN=Foo.Server.1" -sky exchange -sk "Foo.Server.1 SK" -ss "My" -sr localmachine -in "Foo.CA" -ir localmachine -is "Trust" makecert -cy end -n "CN=...more >>

hi everybody, When sending a response from a WSE enable web service to a WSS4J client I keep receiving "The signature verification failed" from the client. i use usernametoken with password hashed. I have read several posts stating that any modifications to the signature may cause this to o...more >>

Hello, I am using WSE2.0 and windows authentication user token I would like to encrypt the user name and password as in Dim oToken as new Microsoft.Web.Services2.Security.Tokens.UsernameToken("myusername","myPassword", PasswordOption.SendPlainText) I am NOT talking about the PasswordOp...more >>

I'm trying to interop with a service provider's web service. They are currently requesting that messages be signed with an X509 certificate. The reference request notes the following Canonicalization algorithm: <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010...more >>

Using VS2005 and have WSE 3.0 installed yet the Setting tool option is not available. The Add-In manager in VS2005 says that the WSE Settings 3.0 is started yet I do not get the appropriate content menus....more >>

I am using an XML security gateway to dynamically add a SAML authentication token to the SOAP header as the message arrives. The difference b/w the way the gateway adds it and the way the STS QuickStart does it is that the gateway adds it to the SOAP header OUTSIDE the ws-security element, whil...more >>

Can somebody tell me if there is a way to send an attachment from WSE3 using mtom but receive the confirmation in a non-MTOM message? I know this can be done in AXIS2 (java) but not sure how to accomplish it in Wse3. I looked up the "Server Mode" setting in the Wse3 properties, but it says ...more >>

Hello, I want to restrict access to an ASP.NET web service using a WS-Security Username and password. I'm *not* using SSL, ceretificates, Kerberos, Windows accounts, or anything of the kind. I simply want to 1) detect whether or not the <wsse:UsernameToken> element is present. If not, au...more >>

I just wanna use Customer UsernameToken to verify the username in my SQL Server ,how can I do this?...more >>

Hi, I am using WSE 3 and I am using usernameForCertificateSecurity. I have added my custom UsernameTokenManager to provide password for the user. My question is I want to get notofication from the WSE runtime if username authentication fails. eg user has entered wrong password. So in...more >>

i was design Web service, how to implement the security with the system'role not using any certification...more >>

I am looking for a sample code on using GetInputBehavior or GetOutputBehavior method on Pipeline class. I saw the WSE 3.0 help documentation but it does not have sample except the buit in SecureConversationClientSendSecurityFilter which has one, but that does not tell me how to im...more >>

I installed WSE 3.0 and then tried Hands-on Lab: WSE3.0 Security. A problem: i am supposed to import Client Private.pfx and Server Private.pfx from the folder WSE\v3.0\Samples\Sample Test Certificates\, but this last folder doesn't exist. Any tips? Did I miss something? Thanks alot for...more >>

hello, i would like to implement a secure web service based on the active directory, without using HTTPS / SSL, using the Kerberos mechanism. As documentation mentions - Checking "Windows Integrated" & attaching CredentialCache.DefaultCredentails to the web service will suffice (will use th...more >>

Hi, I make a simple "Hello World" Web service that works fine :) I implement to the project (Client and Server) WSE 3.0 MutualCertificate11 capabilities and it works fine too. I test with/without policy file and in mixed mode (file and code), with client side and server side x509 certificat...more >>

Hi, In one of my WSE 2.0 application, i used to set the securiy headers as shown in the following code. securityDoc.DocumentElement is a XML element. envelope.Context.Security.LoadXml(securityDoc.DocumentElement); As envelope.Context.Security has been depricated in WSE3.0, how can i a...more >>

I have written a simple WEB servcie that I call from a VB app using .net2 and WSE3 The app works perfect with the quickstart certificate I generated by running setup in the samples on my workstation. I have the WEb service running in IE on my xp pro workstation and exported the certific...more >>

I am Signing a SOAP Message by Using a User Name and Password and encrypting it with the x.509 certificate. I have a web service and a vp app that connects to the web servcie. Exactly which certificate do I need to get from Verisign to make this work on a production WEB server. the code...more >>

I have a strange problem with username tokens. I've been able to use them when the default userNameTokenManager is in play (with Windows security). As soon as I add in my own customer manager, I get UsernameToken is expected but not present in the security header of the incoming message. ...more >>

Hi There are two parts: web service and test app that called a method of the web service. Diagnostics trace is enabled but I can't find trace files on webserver:( I'm using WSE 2.0. any ideas? Thanks Inna Stetsyak aka InK_ ...more >>

Hi, I use WSE 2.0 and everything works ok. But I tried to create another client application which dos not use the UsernameToken it calls the WebService directly. This application also works without authentication! Why? I suppose that some king of access error should appear but it does not ...more >>

Hi, I have a scenario as follow: The client application is Windows form which is using bunch of DLLs (.NET) also. One of the dll provides access to the web service. If I put WSE configuration settings in the DLL (Say MyDLL.DLL.Config) config file then the Client exe (Say MyApp.Exe) do...more >>

I've been reading up on perimeter service routers in the WSE 3.0 docs. It seems to me that a PSR, which normally would reside in a DMZ, is not the place to do message validation because the message must be decrypted to perform the validation. Presumably you would want to validation in a secure...more >>

i had posted this in the general webservices , but think this location may be a better place, so sorry for the 'cross post', but it is a different week. am having problems setting the 'credentials' to call a webservice.. i have the WSDL and successfully have created a proxy , and the right...more >>

I am working on a project, the SSL is a requirement, so given the SSL is the mandate, does it make any sense to apply any WSE 3.0 (Security) on top of SSL? Thanks in advance. John ...more >>

Hi, We are trying to develop a STS for InfoCard. Our server is based on a CLR ..NET but it is not using a complete Framework. I have to process the message at a HttpHandler level! Which is quite low level. I receive a Soap message with a RequestSecurity element that contains a BinaryExc...more >>

Hi,everybody look below code in page 119 of Web Service Security Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0: protected override string AuthenticateToken( UsernameToken token ) { bool validCredentials = Membership.ValidateUser(token.Userna...more >>

I find one unanswered question in this newsgroup but nothing else about this error. When my client is windows xp and server is the same, I don't get this. When my client is windows xp and server is Win2003, I don't get this. But when the client is Windows 2000 and server is Win2003, I DO get ...more >>

Hy, i am tring to setup a system using Axis as the webservice server and dual java/dotnet clients using signed SOAP messages. All worked fine when i used one certificate made with "makecert" in windows and imported both on the client and the server. Now i have to move a real like environment...more >>

Hi, I have a web service which uses WSE 3 security features. Both the client and service are WSE enabled. (Signing,encryption and encryting signature). I have two machines Windows 2000 Pro and Windows XP Home. If I run both client and service on either of the machine everything wor...more >>

I've gotten the X.509 QuickStarts working across different machines within the same LAN but now it's time to try it across an ISA Server and I'm looking for pointers. Any good docs out there? All advice welcome! Thanx, Garth...more >>

Hi! I'm supposed to generate a SOAP-message with the structure shown below. It is the initial message in the secureconversation standard. I wonder how I add the RequestSecurityToken to my SoapMessage using WSE? <?xml version="1.0" encoding="utf-8"?> <log> <soap:Envelope xmlns:w...more >>

Hi, In the application we have developed for our customer we download pictures onto the web server using a web service provided by an external source. The pictures are downloaded using Wse 2.0 and the code we use for downloading a picture looks like this: MyRegisteredWebServies.Service1W...more >>

I'm attempting to use certs in WSE 3.0 that were issued by CA running on a 2003 box. I'm only trying to use the certs for identification, not encryption. I'm not even using a secure connection between the WinForms client and the webserver. Trouble is, the WSE Wizard doesn't like those certif...more >>

I am attempting to test using X509 certificates with WSE 3.0 and have it working in my test LAN. Now I'm trying to use it between my test LAN and the server that will ultimately host the app. I used makecert to generate the certs on both the server and client boxes. Then I exported the certs...more >>

I have some questions that I have been unable to find answers to and hoping someone here can enlighten me. Q1) Can someone explain the use and retention of Tokens for use on second and third WebService Method calls. I'm wanting to Authenticate a user and assign them a token for use when ...more >>

I'm trying to implement a secure web service using the WS-Security UsernameToken. My application seems to send the usernametoken as expected however an exception is thrown at the web server end stating: An unhandled exception of type 'System.Web.Services.Protocols.SoapHeaderException' oc...more >>

Hello, I am debating whether or not to use WSE in my "ClickOnce" application. I've read through the WSE 3.0 patterns and practices document, and decided to use "Transport Layer Security Using HTTP Basic over HTTPS" as my secure webservice solution. My question is what are the benefits of...more >>

Hi, my web service security requirements are like this. the web service project will have many web services in it. some web services require windows authentication and some require authentication using a specific ID and password. For those web services which use windows authentication,...more >>

I'm using a custom UsernameTokenManager which for some reason just will not load. I've checked my webservice project's web.config many, many times and all looks OK, but I keep getting this error message which shows the standard manager being loaded - not my custom manager (see below). The cus...more >>

I'm moving a test WSE 3.0 app to a pre-production server for more extensive testing. Kerberos tokens are used as the means of authentication. The server is 2003 STD with SQL Server, VS2005 Pro, WSE 3.0 and IIS 6.0. All of this has run perfectly on two different 2003 STD test platforms. Prob ...more >>

I've implemented the SAML token service according to the STS SAML quickstart, and I've got my STS working and services secured properly. I'm curious as to how I can retrieve my principal and roles from the secured service itself. All references to principal are null, I've checked in the Identit...more >>

I am attempting to move an app from Kerberos to X.509 tokens issued by the CA running on my test domain. Prob is, the User token gives the error "Selected Certificate does not support Data Encryption." when I try to select it in the "Client Certificate" wizard window. If I try using a certif...more >>

Hi All, I have a client application that used WSE 2.0 SP3. I used SoapInputFilter class to create a custom filter and use the same in the application. I used to register this customInputFilter into the SoapInputFilterCollection, so WSE runtime can use this filter. I also had to refer to a pol...more >>