I have a WCF service hosted in my local IIS and I'm trying to access it from my windows application. The binding uses the authentication mode as 'IssuedTokenOverTransport'
I have another service hosted in the same IIS which issues a SAML token. Windows application first calls this service, takes the SAML token issued by this service and uses the same token to call the WCF service.
There is no problem in getting the SAML token. But when WCF service is called with the same SAML token, I get the 'SecurityAccessDenied' exception : 'At least one security token in the message could not be validated.'
Can someone help me t get rid of this issue? I want to access service over HTTPS.
The problem was with the server certificate. In web.config, the server certificate was configured with the certificateValidationMode="PeerTrust". This was expecting this server certificate in the ‘Trusted People’ store and it was not available there. When I copied it there, the problem got resolved !
Related
I'm trying to consume a Java Web Service from third party, so i dont have any control over it. I have a pfx file which is password protected, and i installed it in my development box.
This is the code i'm using:
var proxy = new MyServiceReference.WsaaServerBeanService();
var result = proxy.login("test");
I'm getting System.Net.Sockets.SocketError.TimedOut exception when invoking the login web method. The first thing that come to my mind is an authentication issue. Apart from installing the pfx, do i need to send some other info to the web server to authenticate?
System.Net.Sockets.SocketError.TimedOut
Does not indicate an authentication issue, it indicates that you either are not able to contact the remote web service endpoint, or you are and the service is taking too long to respond. Make sure you can actually hit the endpoint from your machine via telnet, a web browser etc...
Authentication failures will usually return immediately.
I have a aspnetcompatibility=true WCF service (http binding) in the same domain of my Asp.Net website.
I want to make a call from my Asp.Net server side code to the WCF service.
I have tried to make a web request to http://testDomain/mySite/services/mySvc.svc but got the login page instead.
Is there a way to call the wcf service from the same domain asp.net site so that the service knows to not authenticate again?
Note: I use IIS7, and I'm open to change by binding as long as I can make a call to it w/o authentication. I'm hoping to host the svc in IIS.
Try to enable windows authentication in IIS for your hosted service and disable anonymous authentication (if it is enabled). Besides, pass security credentials (domain credentials perhaps in your case) from the client to the service.
The request failed with HTTP status 401: Unauthorized.
When I test in the browser it works, but when I call it from another application I don't have access. What to do? The application where the webservice is using windows authentication. It's propably there the problem is, I suppose!
I solved it:
They are on the same domain but not on the same application. I pass
the authentication with the webservice call:
cm.Credentials = System.Net.CredentialCache.DefaultCredentials;
Windows Authentication for a web service provides some challenges; the web service would need to be on the same domain for that to work I believe, so that it could use the user's credentials.
Do you have to use windows credentials? Using a ticketing system, which requires the user to first login through another web service method, can work just as well.
I recently created a web service which all worked fine until I moved it from my local PC to our development server. I now get a HTTP status 401: Access Denied message when I try to connect from a small test website. I googled around and found the following code:
SoiisdevJobService.JobsService jService = new SoiisdevJobService.JobsService();
jService.Credentials = System.Net.CredentialCache.DefaultCredentials;
And it now works, but I'm not sure what this code actually does. Can someone explain it to me? I'm using IIS 6, Windows auth, and in my config I've set the auth mode to Windows and to deny non-authed users. In my small test app I've set the same in my config.
Why do I need to provide the code above? I expected this to just work.
It is because you have turned off access for non-authenticated users. See the quote below from the Microsoft website (http://support.microsoft.com/kb/811318/EN-US):
When Anonymous access authentication is turned off for the Web service
application, all the caller applications must provide the credentials
before making any request. By default, the Web service client proxy
does not inherit the credentials of the security context where the Web
service client application is running.
I have a web application (say app1) which is hosted in a IIS server virtual directory.
This web application needs Integrated Windows Authentication for its functioning.
I need to integrate this web application with another product which does not use supply me windows credentials.
This application sends me an http request in a specific format.
I need to validate the request and redirect it to app1 with valid windows credentials so that it logs in smoothly.
I have created another application for this purpose
This is hosted on a separate virtual directory.
It has IIS anonymous and asp.net anonymous authentication enabled.
the pseudo code is as follows :
app2
parse request
if request sucessful
get windows credentials
get identity using credentials
reponse.redirect(app1.aspx)
But app1 authentication fails, IE asks me for credentials again.
Ideally IE should not ask me for credentials.
What would be the security context sent in the request to app1.
How can I trace the authentication failure at iis and asp.net?
To do this you need a trust relationship between the domains.
The response.redirect just sends a response back to the browser which then makes a request for the page in the redirect. So the identity is the identity of the browser.