Re: Usernametoken can't beused inweb services that are invoked bywebcl

telling from your stacktrace, you still use the built-in username token manager which can only handle windows accounts - you have to register your own in web.config

<microsoft.web.services2>
<security>
<securityTokenManager
type=
"MyUsernameTokenManager, MyUsernameTokenManager"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; qname="wsse:UsernameToken" />
</security>
</microsoft.web.services2>


---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

This is my Web service Client. The filename is MathService.apsx. I use
web client to invoke my web service.The coding is below:

Public Class Math Inherits System.Web.UI.Page Dim obj As New LoginForm
Public Token As UsernameToken = Nothing Private Sub cmdAdd_Click(ByVal
sender As System.Object, ByVal e As System.EventArgs) Handles
cmdAdd.Click

Dim aa As String Dim bb As String

aa = "hcti" bb = "ching123"

Dim proxy As New SimpleMathWse

Token = New UsernameToken(aa, bb, PasswordOption.SendPlainText)
proxy.RequestSoapContext.Security.Tokens.Add(Token) Dim iOp1 As
Integer Dim iOp2 As Integer Dim iResult As Integer

iOp1 = CInt(txtOperand1.Text) iOp2 = CInt(txtOperand2.Text)

iResult = proxy.Add(iOp1, iOp2) txtResults.Text = iResult.ToString()
End Sub End Class

This is my web service file SimpleMath.asmx <WebMethod()> _ Public
Function Add(ByVal x As Integer, ByVal y As Integer) As Integer Dim
tok As UsernameToken =
WseSecurityHelpers.GetUsernameToken(RequestSoapContext.Current)

If Not tok.Principal.IsInRole("Allow") Then Throw New
Exception("Access Denied") End If Add = x + y End Function

This is the WSESecurityHelper file I used in my web service.

Public Class WseSecurityHelpers

Public Shared Function GetUsernameToken(ByVal context As SoapContext)
As UsernameToken

If context Is Nothing Then Throw New Exception("Only SOAP requests are
permitted.") End If

If context.Security.Tokens.Count = 0 Then Throw New
SoapException("Missing security token", SoapException.ClientFaultCode)
Else Dim tok As UsernameToken For Each tok In context.Security.Tokens
Return tok Next tok Throw New Exception("UsernameToken not supplied")
End If

End Function

End Class

Public Class MyUsernameTokenManager Inherits UsernameTokenManager

Protected Overrides Function AuthenticateToken(ByVal token _ As
UsernameToken) As String

Dim roles As New ArrayList Dim result As Integer

Dim myConnection As SqlConnection

' Grab encrypted connection string from web.config myConnection = New
SqlConnection(ConfigurationSettings.AppSettings("cnn"))

myConnection.Open()

Dim sqlComm As New SqlCommand sqlComm.Connection = myConnection

sqlComm.CommandText = "SELECT ID FROM WSUser WHERE Username = '" &
token.Username & "' and Password = '" & token.Password & "'" result =
CInt(sqlComm.ExecuteScalar())

result = 1

If result > 0 Then

roles.Add("Allow") token.Principal = New GenericPrincipal(New
GenericIdentity(token.Username), roles.ToArray(GetType(String)))

Else MyBase.AuthenticateToken(token)

End If

Return token.Password

End Function 'AuthenticateToken End Class

I got advice from Mr Bromberg on the SQL commands in my post
previously and have coded it. Is it correct? Then i use web client to
invoke the web service. But I always get this error as stated below.
Please do help me.I really stuck with this problem for 2 months. I
tried by using windows application and without using database and it
works fine. But my boss wants to use database n use web client.
How???????? I'm going to go crazy. Everyday I do for 2 months n read
and ask in forum but no solution to my error. Please help needed
urgently before I go crazy and have to be admitted in a mental
hospital.

Server Error in '/UserValidation' Application.
________________________________________
Microsoft.Web.Services2.Security.SecurityFault: The security token
could not be authenticated or authorized at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUs
erFailed(UsernameToken token) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser
(UsernameToken token) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.Authentic
ateToken(UsernameToken token) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyTok
en(SecurityToken securityToken) at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSe
curityToken(XmlElement element) at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenF
romXml(XmlElement element) at
Microsoft.Web.Services2.Security.Security.LoadToken(XmlElement
element, SecurityConfiguration configuration, Int32& tokenCount) at
Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(So
apEnvelope envelope) at
Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope) at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(S
oapServerMessage message) Description: An unhandled exception occurred
during the execution of the current web request. Please review the
stack trace for more information about the error and where it
originated in the code.

Exception Details: System.Web.Services.Protocols.SoapHeaderException:
Microsoft.Web.Services2.Security.SecurityFault: The security token
could not be authenticated or authorized at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUs
erFailed(UsernameToken token) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser
(UsernameToken token) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.Authentic
ateToken(UsernameToken token) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyTok
en(SecurityToken securityToken) at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSe
curityToken(XmlElement element) at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenF
romXml(XmlElement element) at
Microsoft.Web.Services2.Security.Security.LoadToken(XmlElement
element, SecurityConfiguration configuration, Int32& tokenCount) at
Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(So
apEnvelope envelope) at
Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope) at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(S
oapServerMessage message)

Source Error:

Line 40:
<System.Web.Services.Protocols.SoapDocumentMethodAttribute("http://tem
puri.org/Math/SimpleMath/Add",
RequestNamespace:="http://tempuri.org/Math/SimpleMath";,
ResponseNamespace:="http://tempuri.org/Math/SimpleMath";,
Use:=System.Web.Services.Description.SoapBindingUse.Literal,
ParameterStyle:=System.Web.Services.Protocols.SoapParameterStyle.Wrapp
ed)> _ Line 41: Public Function Add(ByVal x As Integer, ByVal y As
Integer) As Integer Line 42: Dim results() As Object =
Me.Invoke("Add", New Object() {x, y}) Line 43: Return
CType(results(0),Integer) Line 44: End Function

Source File: C:\Inetpub\wwwroot\UserValidation\Web
References\localhost\Reference.vb Line: 42

Stack Trace:

[SoapHeaderException: Microsoft.Web.Services2.Security.SecurityFault:
The security token could not be authenticated or authorized at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.OnLogonUs
erFailed(UsernameToken token) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.LogonUser
(UsernameToken token) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.Authentic
ateToken(UsernameToken token) at
Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyTok
en(SecurityToken securityToken) at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSe
curityToken(XmlElement element) at
Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenF
romXml(XmlElement element) at
Microsoft.Web.Services2.Security.Security.LoadToken(XmlElement
element, SecurityConfiguration configuration, Int32& tokenCount) at
Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element)
at
Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(So
apEnvelope envelope) at
Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope
envelope) at
Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(S
oapServerMessage message)]
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(Soap
ClientMessage message, WebResponse response, Stream responseStream,
Boolean asyncCall)
System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
UserValidation.localhost.SimpleMathWse.Add(Int32 x, Int32 y) in
C:\Inetpub\wwwroot\UserValidation\Web
References\localhost\Reference.vb:42
UserValidation.Math.cmdAdd_Click(Object sender, EventArgs e) in
C:\Inetpub\wwwroot\UserValidation\MathService.aspx.vb:74
System.Web.UI.WebControls.Button.OnClick(EventArgs e)
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.R
aisePostBackEvent(String eventArgument)
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler
sourceControl, String eventArgument)
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
System.Web.UI.Page.ProcessRequestMain()



.