Are you handling the WSPasswordCallback.USERNAME_TOKEN_UNKNOWN usage case in you callback handler that you use at the server side when you do plain text password?
If not, have a look at the service configuration section of the plain text password case here : http://www.wso2.net/articles/rampart/java/2006/08/15/usernametoken-auth Thanks, Ruchith On 10/12/06, Joshua Kuritzky <[EMAIL PROTECTED]> wrote:
Hi, I'm working on a creating a secure web service with Tomcat/Axis/wss4j and an associated client with .NET 1.1 and WSE2. I have a few questions: 1. Is there a tutorial available that describes accessing authenticated and encrypted wss4j web services from .NET? Most tutorials I've found assume Axis is being used to consume the service? 2. When following the main wss4j tutorial for adding Username token authentication, I ran into the following strange scenario: Using the requestFlow and PWCallback examples from the tutorial, I've set up a web service that requires username 'wss4j' and password 'security'. When accessing this service from .NET, things behave differently given the scenario: - Token sent with password hashed: When the password is correct, the service works; when the password is incorrect, the service doesn't work and throws an exception. This is the expected behavior. - Request sent without a token: Exception thrown. This is the expected behavior. - Token sent with password as plaintext: When I do this it works *even when the password is incorrect*. How can this be prevented? Thanks so much for the help, -Joshua Kuritzky --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
