|
|
You're in the
dotnet web services enhancements
group:CustomUsernameTokenManager
dotnet web services enhancements:
Hi,
I have implemented a custom UsernameTokenManager to validate user credentials against a SQL Server Database : This CustomUsernameTokenManager throws an ApplicationException if the login/pass supplied in the SOAP request can't be verified. If I test and then see the events log, I saw that : - On the server hand, I have two exceptions : 1) An error occured processing an outgoing fault response. Details of the error causing the processing failure: System.InvalidOperationException: Send security filter on the server could not retrieve the operation protection requirements from the operation state. Ã Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security) Ã Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope envelope) Ã Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope envelope) Ã Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope outputEnvelope) 2) System.ApplicationException: WSE841: An error occured processing an outgoing fault response. ---> System.Web.Services.Protocols.SoapHeaderException: Microsoft.Web.Services3.Security.SecurityFault: The security token could not be authenticated or authorized ---> System.ApplicationException: Incorrect password... - On the client side, I have an exception of type "Microsoft.Web.Services3.ResponseProcessingException", that says "WSE910: An error happened during the processing of a response message, and you can find the error in the inner exception. You can also find the response message in the Response property." Infact I was waiting for a SoapException in the client side, like what I have when I throw an exception in a WebMethod. So I don't understand what's wrong with my CustomUsernameTokenManager...
Hi Nicolas,
There is nothing wrong with your Custom token manager, the problem is in WSE since it does not throw "friendly" exceptions as we expect. Regards, Pablo Cibraro http://weblogs.asp.net/cibrax "Nicolas Mousson" <NicolasMousson@discussions.microsoft.com> wrote in message news:99652118-1AEB-4E71-9F34-982486000A69@microsoft.com... [quoted text, click to view] > Hi, > > I have implemented a custom UsernameTokenManager to validate user > credentials against a SQL Server Database : This > CustomUsernameTokenManager > throws an ApplicationException if the login/pass supplied in the SOAP > request > can't be verified. > > If I test and then see the events log, I saw that : > > - On the server hand, I have two exceptions : > > 1) An error occured processing an outgoing fault response. > > Details of the error causing the processing failure: > System.InvalidOperationException: Send security filter on the server could > not retrieve the operation protection requirements from the operation > state. > à > Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope > envelope, Security security) > à > Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope > envelope) > à Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope > envelope) > à > Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope > outputEnvelope) > > 2) System.ApplicationException: WSE841: An error occured processing an > outgoing fault response. ---> > System.Web.Services.Protocols.SoapHeaderException: > Microsoft.Web.Services3.Security.SecurityFault: The security token could > not > be authenticated or authorized ---> System.ApplicationException: Incorrect > password... > > - On the client side, I have an exception of type > "Microsoft.Web.Services3.ResponseProcessingException", that says "WSE910: > An > error happened during the processing of a response message, and you can > find > the error in the inner exception. You can also find the response message > in > the Response property." > > > Infact I was waiting for a SoapException in the client side, like what I > have when I throw an exception in a WebMethod. So I don't understand > what's > wrong with my CustomUsernameTokenManager... > > Nicolas
In order to have "clean" exceptions thrown when user is not authenticated,
I've made the following : 1) In the CustomUsernameTokenManager, I instanciate a GenericPrincipal like this : protected override string AuthenticateToken(UsernameToken token) { ... GenericIdentity identity = authenticationError ? new GenericIdentity(String.Empty) : new GenericIdentity(token.Username); token.Principal = new GenericPrincipal(identity, null); return token.Password; ... } 2) Then in each WebMethod of my WebServices, I check if the user is autenticated : [WebMethod] public void MyWebMethod() { // Authentication check if (!RequestSoapContext.Current.IdentityToken.Principal.Identity.IsAuthenticated) throw new ApplicationException("Authentication error"); ... } Nicolas [quoted text, click to view] "Pablo Cibraro [MVP]" wrote:
> Hi Nicolas, > > There is nothing wrong with your Custom token manager, the problem is in WSE > since it does not throw "friendly" exceptions as we expect. > > > Regards, > Pablo Cibraro > http://weblogs.asp.net/cibrax > > "Nicolas Mousson" <NicolasMousson@discussions.microsoft.com> wrote in > message news:99652118-1AEB-4E71-9F34-982486000A69@microsoft.com... > > Hi, > > > > I have implemented a custom UsernameTokenManager to validate user > > credentials against a SQL Server Database : This > > CustomUsernameTokenManager > > throws an ApplicationException if the login/pass supplied in the SOAP > > request > > can't be verified. > > > > If I test and then see the events log, I saw that : > > > > - On the server hand, I have two exceptions : > > > > 1) An error occured processing an outgoing fault response. > > > > Details of the error causing the processing failure: > > System.InvalidOperationException: Send security filter on the server could > > not retrieve the operation protection requirements from the operation > > state. > > Ã > > Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope > > envelope, Security security) > > Ã > > Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope > > envelope) > > Ã Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope > > envelope) > > Ã > > Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope > > outputEnvelope) > > > > 2) System.ApplicationException: WSE841: An error occured processing an > > outgoing fault response. ---> > > System.Web.Services.Protocols.SoapHeaderException: > > Microsoft.Web.Services3.Security.SecurityFault: The security token could > > not > > be authenticated or authorized ---> System.ApplicationException: Incorrect > > password... > > > > - On the client side, I have an exception of type > > "Microsoft.Web.Services3.ResponseProcessingException", that says "WSE910: > > An > > error happened during the processing of a response message, and you can > > find > > the error in the inner exception. You can also find the response message > > in > > the Response property." > > > > > > Infact I was waiting for a SoapException in the client side, like what I > > have when I throw an exception in a WebMethod. So I don't understand > > what's > > wrong with my CustomUsernameTokenManager... > > > > Nicolas > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |