I have a problem with manifest configuration file..................
1. I want the client to call Integrated Windows Authentication WS throught CSF.
2. I config manifest file as below to use Persona as secondary credential as below:
<
<ParticipantName>HelloWorldParticipant</ParticipantName>
<ParticipantID>HelloWorldParticipant</ParticipantID>
<ParticipantUrl>http://localhost/HelloWorldService/Service.asmx</ParticipantUrl>
<PolicyDocument>
<Reference>ServiceParticipantPolicy</Reference>
<Include>
<SecondaryCredentialMap>
<PrimaryCredentialForTransport transportAuthenticationType="Ntlm">PassThrough</PrimaryCredentialForTransport>
</SecondaryCredentialMap>
</Include>
</PolicyDocument>
</Participant>
3. The Persona configuration as below:
<
Participant timeout="30" role="Persona" inChannelResponse="false" type="WebService"><SoapVersion>Soap12</SoapVersion>
<ParticipantName>PersonaParticipant</ParticipantName>
<ParticipantID>PersonaParticipant</ParticipantID>
<ParticipantUrl>http://localhost/IdentityManager30/IdentityManager.ashx</ParticipantUrl>
<SecurityToken>
<UsernameToken>
<Username>Chank@MyDomain</Username>
<Password>MyPassword</Password>
</UsernameToken>
</SecurityToken>
<PolicyDocument>
<Reference>PersonaParticipantPolicy</Reference>
</PolicyDocument>
</Participant>
After register the session, I tried to send message to WS. I found this error message in Window Event Log.
Unable to determine client token to use. Client token type requested was 'Microsoft.Web.Services3.Security.Tokens.UsernameToken'. The token must be provided either through policy by specifying the token in the policy assertion or through code by calling WebServicesClientProtocol.SetCredentials or using properties on the SoapContext.Credentials.
I think the type of credential required by WS is different from UsernameToken defined in Persona.
Anybody can help me to solve this problem. Thanks in advance.
Best Regards,
Chank
Security Toekn Configuration in Manifest File
smith_a
Hi Chank,
I have not tried it ever but I think is not the documented way of using the security tokens you should used the policy mapping and config. files and attach the tokens while creating the session. I have tried that way and it works you can refer the sync session sample I think that might give you an idea as to how the integrated windows security is used.
I hope that will help and you will achieve the desired.
Regards,
Venu
cgatti
Chank,
Havn't tried something like this. But I can surmise, that, its because of different type of Security you have choosen. The client and server should stick to the same Security type. i.e both should use either NTLM OR User-Name security token.
Could you check, are they both same in your case
KarlZheng
Hi Chank,
I'm not sure about the exact problem, but here are some things to check:
(a) check that the username and password specified in the persona participant are valid - I like to use the "runas" command: "runas /user:MyDomain\user calc.exe" to verify that the password is correct.
(b) check that the "ServiceParticipantPolicy" entry exists in the SessionPolicy.config file.
Thanks, Chank!!
-Rob.