Hello,
I have a question about username/password manage card while I'm testing a sts sample.
I'm trying to check the password using AuthorizationContext in WsTrustResponder.cs.
Is this the right way to do that
Is there someone to show me the example code
Thanks.
how to check password in sts sample
Mehdi Mahdloo
- I replaced the <behaviors> part as you specified it in app.config of the Simple STS code
- I added a class file in visual studio to the Simple STS project with the following content:
using System;
using
System.Collections.Generic;using
System.Text;using
System.IdentityModel.Selectors;namespace
Microsoft.ServiceModel.Samples.SecurityTokenService{
class MyUsernamePasswordValidator : UserNamePasswordValidator{
public override void Validate(string userName, string password){
if (userName != password) throw new InvalidOperationException("bad password");}
}
}
I get the following error after entering credentials when prompted : Your data could not be retrieved from the managed card provider. Check your network connection, and verify that you have supplied the correct authentication credentials.
What am I doing wrong
The following are 2 dumps from eventlog:
There was a failure making a WS-Trust exchange with an external application. Could not retrieve token from identity provider.
Inner Exception: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
Inner Exception: At least one security token in the message could not be validated.
Additional Information:
Microsoft.InfoCards.TrustExchangeException: Could not retrieve token from identity provider. ---> System.ServiceModel.Security.MessageSecurityException: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail. ---> System.ServiceModel.FaultException: At least one security token in the message could not be validated.
--- End of inner exception stack trace ---
Server stack trace:
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.InfoCards.RemoteTokenFactory.ISts.ProcessRequestSecurityToken(Message rstMessage)
at Microsoft.InfoCards.RemoteTokenFactory.ProduceToken(InfoCard card, TokenCreationParameter parameter, TokenFactoryCredential credential, InfoCardPolicy policy, Boolean discloseOptional)
--- End of inner exception stack trace ---
A token could not be created. Identity provider requested for an unsupported authentication type.
Additional Information:
at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
at System.Environment.get_StackTrace()
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
at Microsoft.InfoCards.InfoCardServiceClientCredentials.InfoCardServiceClientCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement tokenRequirement)
at System.ServiceModel.Security.SecurityProtocol.AddSupportingTokenProviders(SupportingTokenParameters supportingTokenParameters, Boolean isOptional, IList`1 providerSpecList)
at System.ServiceModel.Security.SecurityProtocol.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecurityProtocol.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.InfoCards.RemoteTokenFactory.ISts.ProcessRequestSecurityToken(Message rstMessage)
at Microsoft.InfoCards.RemoteTokenFactory.ProduceToken(InfoCard card, TokenCreationParameter parameter, TokenFactoryCredential credential, InfoCardPolicy policy, Boolean discloseOptional)
at Microsoft.InfoCards.TokenFactoryBase.CreateToken(InfoCard infoCard, TokenFactoryCredential credential, InfoCardPolicy policy, Boolean discloseOptional)
at Microsoft.InfoCards.GetTokenRequest.CreateSecurityToken(TokenFactoryCredential credential, Boolean discloseOptional)
at Microsoft.InfoCards.BeginCreateSecurityTokenRequest.AsyncExecute(AsyncParams asyncParam)
at Microsoft.InfoCards.UIAgentAsyncBeginRequest.AsyncEntry(Object state)
at System.ServiceModel.Diagnostics.Utility.WaitThunk.UnhandledExceptionFrame(Object state)
at System.Threading._ThreadPoolWaitCallback.WaitCallback_Context(Object state)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object state)
rzeineh
The default is to use Windows auth (i.e. you just use a Windows username and password).
If you want to use something else you need to override UserNamePasswordValidator. e.g.
<behaviors>
<serviceBehaviors>
<behavior name="SampleSecurityTokenServiceBehavior">
<serviceMetadata />
<serviceCredentials>
<userNameAuthentication customUserNamePasswordValidatorType="Microsoft.ServiceModel.Samples.SecurityTokenService.MyUsernamePasswordValidator, SampleSecurityTokenService" userNamePasswordValidationMode="Custom" />
<issuedTokenAuthentication allowUntrustedRsaIssuers="true"/>
<serviceCertificate findValue="www.fabrikam.com"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
namespace Microsoft.ServiceModel.Samples.SecurityTokenService
{
class MyUsernamePasswordValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (userName != password)
throw new InvalidOperationException("bad password");
}
}
}
Richard Carmel
You need to implement a Username/Password validator. I think I have some sample code I can post.
<be back soon>
g
Garrett Serack | Program Manager |Federated Identity Team | Microsoft Corporation
blog:http://blogs.msdn.com/garretts
pnp