Menu
I have created a Security Token Service (STS), an service with a reference to the STS and an example desktop application.
This works as expected when using Windows authentication and Message security, a token is retrieved from the STS and the service method is called successfully. The service returns a string containing the current users identity, which returns my AD username.
I have a requirement however to authenticate against a database rather than AD. I have tried creating a CustomUserNameValidator (in the STS, is this the correct place?) and referencing it in the web.config. I then provide the credentials as shown below.
SampleServiceReference.SampleServiceClient client = new SampleServiceReference.SampleServiceClient();
client.ClientCredentials.UserName.UserName
= "alex";
client.ClientCredentials.UserName.Password
= "pass";
I believe the certificates are set up correctly (all using 'localhost'), however I receive the following exception when calling the service:
System.ServiceModel.FaultException: ID3242: The security token could not be authenticated or authorized.
Whatever I try seems to fail. Is what I am describing even possible? Does the service client also pass the client credentials through to the STS, or am I completely misunderstanding what is happening here?
This stackoverflow question is similar, however I have checked the audience URL and it seems ok. WIF STS ID3242
Has anyone got any advice on how I can achieve custom authentication when using a STS?
316
An authentication token (security token) is a “trusted device” used to access an electronically restricted resource (usually an application or a corporate network). It can be seen as an electronic key that enables a user to authenticate and prove his identity by storing some sort of personal information.
With token authentication, a secondary service verifies a server request. When verification is complete, the server issues a token and responds to the request. The user may still have one password to remember, but the token offers another form of access that's much harder to steal or overcome.
AWS provides AWS Security Token Service (AWS STS) as a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users you authenticate (federated users).
Update: the code samples referenced below are not available anymore (Codeplex doesn't exist). The book download does and it is here: https://www.microsoft.com/en-us/download/details.aspx?id=28362
There's a simple example of what you need here: http://claimsid.codeplex.com
Look at either sample 8 or 4.
Small clarification though. The username/password authentication is on the STS, not on your service. Your service will authenticate with a security token obtained from the STS.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
