Error using WS-Security

[Ashish]

Hi Guys

I am getting the following error while implementing authentication using WS-security.

"Microsoft.Web.Services2.Security.SecurityFault: The security token could not be authenticated or authorized ---> System.Exception: WSE565: The password provided the SecurityTokenManager does not match the one on the incoming token. at Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyPlainTextPassword(UsernameToken token, String authenticatedPassword) at Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyPassword(UsernameToken token, String authenticatedPassword) at Microsoft.Web.Services2.Security.Tokens.UsernameTokenManager.VerifyToken(SecurityToken securityToken) at Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurityToken(XmlElement element) --- End of inner exception stack trace --- at Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.LoadXmlSecurityToken(XmlElement element) at Microsoft.Web.Services2.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element) at Microsoft.Web.Services2.Security.Security.LoadToken(XmlElement element, SecurityConfiguration configuration, Int32& tokenCount) at Microsoft.Web.Services2.Security.Security.LoadXml(XmlElement element) at Microsoft.Web.Services2.Security.SecurityInputFilter.ProcessMessage(SoapEnvelope envelope) at Microsoft.Web.Services2.Pipeline.ProcessInputMessage(SoapEnvelope envelope) at Microsoft.Web.Services2.WebServicesExtension.BeforeDeserializeServer(SoapServerMessage message) "


The class i am using for authentication :
-------------------------------------------------------------------------
using System;
using Microsoft.Web.Services2.Security.Tokens;

namespace WSEAuthService
{

/// <summary>
/// Summary description for AuthUserToken.
/// </summary>

public class AuthUserToken : UsernameTokenManager
{
public AuthUserToken()
{

//// TODO: Add constructor logic here//

}


protected override string AuthenticateToken(UsernameToken token)
{
if(IsblnUserAuthenticated(token.Username,token.Password))
return "Authenticated !! Proceed ....";
else
return "Invalid login....";
}


private bool IsblnUserAuthenticated(string vstrUserId,string vstrPassword)
{
if(vstrUserId=="ashish" && vstrPassword=="gupta")
return true;
else
return false;
}
}

}

--------------------------------------------------------------------------

The web service

---------------------------------------------------------------------------

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Web;
using System.Web.Services;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security.Tokens;

namespace WSEAuthService
{

/// <summary>

/// Summary description for Service1.

/// </summary>

public class AuthService : System.Web.Services.WebService
{
public AuthUserToken AuthUserTokenObj;
public AuthService()
{
//CODEGEN: This call is required by the ASP.NET Web Services Designer
InitializeComponent();
}



[WebMethod]

public string GetMessage()
{
return "This is my message";
}

}

}


---------------------------------------------------------------------------

Web service client
-----------------------------

UsernameToken UsernameTokenObj=new UsernameToken(txtUserId.Text,txtPassword.Text,PasswordOption.SendPlainText );

MyWSEServices.AuthServiceWse AuthServiceWseObj=new MyWSEServices.AuthServiceWse();

AuthServiceWseObj.RequestSoapContext.Security.Tokens.Add(UsernameTokenObj);

lblStatus.Text=AuthServiceWseObj.GetMessage();
------------------------------



Plz help ...
Regards
Ashish

--
Ashish Gupta
Senior Software Executive
Globsyn Technologies
T +91-33-23573610-14
M +91.98314.58752

 

[Guest]

AuthenticateToken(UsernameToken token) should return the actual password, not
any other confirming string (unless that is your password.. ). For
implementations where the custom password-check does not actually return the
password, like bool IsPasswdCorrect(string password), you could just return
token.Password if the check returns true.