|
|
You're in the
dotnet web services enhancements
group:Kerberos Authentication and WSE 3.0
dotnet web services enhancements:
WSE 3.0 I have a hello world service protected by a Kerberos policy file using WSE 3.0 tool Based on some recommendations I have done the following 1) Change ASPNET account to run under SYSTEM in machine.config 2) Given Permission "Act as Part of Operating System" for ASPNET account On my ASP.NET 2.0 CLIENT app i write the following lines Dim svProxy As New localhost.ServiceWse Dim strTargetPrincipalName As String = "host/" + System.Net.Dns.GetHostName Dim tok As New Microsoft.Web.Services3.Security.Tokens.KerberosToken(strTargetPrincipalName) svProxy.SetClientCredential(tok) Response.Write(svProxy.HelloWorld) I get the following error. I have absolutely no idea to fix this, i have tried so many things but nothing did the trick, any help would be highly appreciated. Error Details ***************** Exception Details: System.Web.Services.Protocols.SoapHeaderException: System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapHeaderException: Microsoft.Web.Services3.Security.SecurityFault: SecurityContextToken is expected but not present in the security header of the incoming message. at Microsoft.Web.Services3.Security.SecureConversationServiceReceiveSecurityFilter.ValidateSecureConversationMessageSecurity(SoapEnvelope envelope, Security security, MessageProtectionRequirements request) at Microsoft.Web.Services3.Security.SecureConversationServiceReceiveSecurityFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security) at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope) at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message) at System.Web.Services.Protocols.SoapServerProtocol.Initialize() at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing) --- End of inner exception stack trace --- --- End of inner exception stack trace --- Thanks in Advance Murali
Ram,
It looks like you are not sending the security token correctly. The following link should help http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/wss_ch3_impmlskerb_wse30.asp Using the system user is not a good idea.I recommend you read the security link http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetAP05.asp Hope this will help. [quoted text, click to view] RAMMURALY wrote:
> Hi I have been trying hard to get the kerberos authentication work with > WSE 3.0 > > I have a hello world service protected by a Kerberos policy file using > WSE 3.0 tool > > Based on some recommendations I have done the following > > 1) Change ASPNET account to run under SYSTEM in machine.config > 2) Given Permission "Act as Part of Operating System" for ASPNET > account > > On my ASP.NET 2.0 CLIENT app i write the following lines > > Dim svProxy As New localhost.ServiceWse > Dim strTargetPrincipalName As String = "host/" + > System.Net.Dns.GetHostName > Dim tok As New > Microsoft.Web.Services3.Security.Tokens.KerberosToken(strTargetPrincipalName) > svProxy.SetClientCredential(tok) > Response.Write(svProxy.HelloWorld) > > I get the following error. I have absolutely no idea to fix this, i > have tried so many things but nothing did the trick, any help would be > highly appreciated. > > Error Details > ***************** > > Exception Details: System.Web.Services.Protocols.SoapHeaderException: > System.Web.Services.Protocols.SoapHeaderException: Server unavailable, > please try later ---> System.ApplicationException: WSE841: An error > occured processing an outgoing fault response. ---> > System.Web.Services.Protocols.SoapHeaderException: > Microsoft.Web.Services3.Security.SecurityFault: SecurityContextToken is > expected but not present in the security header of the incoming > message. > at > Microsoft.Web.Services3.Security.SecureConversationServiceReceiveSecurityFilter.ValidateSecureConversationMessageSecurity(SoapEnvelope > envelope, Security security, MessageProtectionRequirements request) > at > Microsoft.Web.Services3.Security.SecureConversationServiceReceiveSecurityFilter.ValidateMessageSecurity(SoapEnvelope > envelope, Security security) > at > Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope > envelope) > at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope > envelope) > at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope > requestEnvelope) > at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage > message) > at System.Web.Services.Protocols.SoapServerProtocol.Initialize() > at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type > type, HttpContext context, HttpRequest request, HttpResponse response, > Boolean& abortProcessing) > --- End of inner exception stack trace --- > --- End of inner exception stack trace --- > > > Thanks in Advance > Murali
Hi Many thanks,
I have followed the pattern article. I am testing this on a windows xp box 1) I created a domain account with suggested privileges 2) I have changed the processmodel section to run under this account 3) I have created a arbitrary SPN in my domain controller for the account But the WSE 841 refuses to go away. This is a proof of concept application and i am unable to get past this for more than 48 hours!!! System.Web.Services.Protocols.SoapHeaderException: System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapHeaderException: Microsoft.Web.Services3.Security.SecurityFault: SecurityContextToken is expected but not present in the security header of the incoming message. at Microsoft.Web.Services3.Security.SecureConversationServiceReceiveSecurityFilter.ValidateSecureConversationMessageSecurity(SoapEnvelope envelope, Security security, MessageProtectionRequirements request) at Microsoft.Web.Services3.Security.SecureConversationServiceReceiveSecurityFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security) at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope) at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope) at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message) at System.Web.Services.Protocols.SoapServerProtocol.Initialize() at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)
Read this article.
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=216041&SiteID=1 Let me know if this helps.
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |