WSE: UserNameTokenManaer not invoked when client doesn't pass userNameToken

N

nsyforce

How come the authenticateToken method does not get invoked when a
client calling the web service does not attach a userNameToken to the
header? This seems like a security flaw. Is there something you need
to do to the web service for the authenticate method to be invoked
under such a scenario? Is there a KB article that I have not been
able to find?

For the example I have, if a caller of the web service attaches a
usernameToken, the authenticateToken method on my userNameTokenManager
gets invoked. IF they don't attach it to the header, they call the
function on the web service successfully as the userNameTokenManager
is never invoked.

(I am using WSE 2.0 SP3)

Thank you in advance.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WS Security Header (WSE 2) 4
PDA WSE 2 & OpenNetCF 0
WSE 2.0 is not invoking AuthenticateToken on my userNameTokenManager 2
WSE 2.0 SP3 DIME client error: Response is not well-formed XML. ---> System.Xml.XmlException: Root e 2
Decompressed bitmap image doesn't properly render when using WinGDI 2
WSE 2 woes 0
ASP.Net not impersonating for WSE 2.0 AuthenticateToken method 0
When deployed to Heroku, python setup.py egg info did not run successfully. 1

Members online

Total: 66 (members: 1, guests: 65)
Robots: 433

Forum statistics

Threads
473,982
Messages
2,570,186
Members
46,740
Latest member
JudsonFrie

Latest Threads

Top