WCF Security Guidance Package - Direct Authentication ADAM

Topics: Service Factory Modeling Edition Forum
Mar 30, 2009 at 1:54 PM
I have a question with regards to WCF Security Guidance Package - Direct Authentication with ADAM.
I have been trying to get this to work for days now.

I have tried with a Single Adam for both Membership Provider and Role Provider.
I have tried with two Adams, one for Memebership Provider and one for Role Provider.

In either case I can click on the URL for the Web Service and get the WSDL so it seems to communicate with the Adam correctly.

However when I run "ASP.NET Configuration" web site administration tool and try to "Create Users" I get following error:
The following message may help in diagnosing the problem: Exception has been thrown by the target of an invocation. at System.Web.Administration.WebAdminPage.CallWebAdminHelperMethod(Boolean isMembership, String methodName, Object[] parameters, Type[] paramTypes) at ASP.security_users_adduser_aspx.PopulateCheckboxes() in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\addUser.aspx:line 28 at ASP.security_users_adduser_aspx.Page_Load() in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users\addUser.aspx:line 22 at System.Web.Util.CalliHelper.ArglessFunctionCaller(IntPtr fp, Object o) at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) at System.Web.UI.Control.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)



If I run the test client that I created for the Web Service I get the following Error:
There was a communication problem: An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
Server stack trace:
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.ProcessReply(Message reply, SecurityProtocolCorrelationState correlationState, TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
   at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
   at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at RFG.House.Svc.WCF.Client.HouseManagementProxy.HouseManagementServiceContract.GetHouseInfo(GetHouseInfoRequest request)
   at RFG.House.Svc.WCF.Client.HouseManagementProxy.HouseManagementServiceContractClient.RFG.House.Svc.WCF.Client.HouseManagementProxy.HouseManagementServiceContract.GetHouseInfo(GetHouseInfoRequest request) in C:\DataContractCollection\UsingDCCollectionADAM\RFG.House.Svc.WCF\Tests\RFG.House.Svc.WCF.Client\Service References\HouseManagementProxy.cs:line 238
   at RFG.House.Svc.WCF.Client.HouseManagementProxy.HouseManagementServiceContractClient.GetHouseInfo(String HouseID) in C:\DataContractCollection\UsingDCCollectionADAM\RFG.House.Svc.WCF\Tests\RFG.House.Svc.WCF.Client\Service References\HouseManagementProxy.cs:line 245
   at RFG.House.Svc.WCF.Client.MainForm.ExecuteButton_Click(Object sender, EventArgs e) in C:\DataContractCollection\UsingDCCollectionADAM\RFG.House.Svc.WCF\Tests\RFG.House.Svc.WCF.Client\MainForm.cs:line 103

Inner Exception: At least one security token in the message could not be validated.


Questions:
1) Is it possible to use ADAM for both the Membership Provider and Role Provider?
2) Can this be accomplished with One Adam or do I need two different Adams?
3) Has anyone been able to get this configuration to work?
4) Has anyone been able to get "ASP.NET Configuration" to work with Adam?

Thanks!


Developer
Mar 30, 2009 at 4:45 PM
Some links that may clarify your questions about ADAM, used for authorization.

Authz
http://msdn.microsoft.com/en-us/library/cc949081.aspx
Azman & ASP.NET
http://msdn.microsoft.com/en-us/library/ms998331.aspx
Roles & ASP.NET
http://msdn.microsoft.com/en-us/library/ms998336.aspx
Mar 30, 2009 at 5:05 PM
Yes I have read these.

Simple question: Want to create a User to use for the Direct Authentication with Adam.
This is the User an Password I will use in my client code to see if they are allowed to call my WCF Service.
// Direct Authentication pattern
oService.ClientCredentials.UserName.UserName = "User";
oService.ClientCredentials.UserName.Password = "password";

I thought I would be able to Create this User using "ASP.NET Configuration" but keeps getting error (see previous post).
I have been able to do this successfully whith Direct Authentication with SQL Server.

I have set up the ADAM as per http://msdn.microsoft.com/en-us/library/ms998331.aspx but still get error when try to Create User using "ASP.NET Configuration".

Also tried to set up Adam according to http://erlend.oftedal.no/blog/?blogid=6 but still get error when try to Create User using "ASP.NET Configuration".
.

Have you ever seen the error I am getting before or know what the cause is?
Developer
Apr 15, 2009 at 12:08 AM
Have a look at these links:
http://erlend.oftedal.no/blog/?blogid=8  (In case of XP, http://erlend.oftedal.no/blog/?blogid=6)
http://www.alexthissen.nl/blogs/main/archive/2007/07/26/getting-started-with-adam-and-asp-net-2-0.aspx