Neuron ESB User Network

The Service Bus for the Connected Business

Passing NetworkCredential

Hi,

I'm exposing a WCF service via ESB which require NetworkCredential.

Created the Service Connector Using a Subscriber. Security Model is, Message:Windows. Binding is WSHttp.

Created a Client Connector with imported Metadata.

Created Test application to use the Client URL using Visual studio. 

It works when I specify the NetworkCredential on the client code as follows.

ServiceClient client = new ServiceClient();

client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("UserName","Password");

client.CallMethod();

Is there a way to keep the NetworkCredential inside ESB so calling client don't have to pass that in?

Regards,

Gihan.

Tags: NetworkCredential

Views: 497

Reply to This

Replies to This Discussion

Permalink Reply by Joe Klug on November 11, 2015 at 9:14am

Is your goal to expose the client connector with no credentials, then to use a network credential when calling the web service via the Service Connector?

Permalink Reply by Gihan Attanayake on November 11, 2015 at 1:10pm

Yes,

In that way only client via ESB can access the WCF methods and if credentials being changed don't have to notify all the clients with new credentials.

Cheers,

Gihan 

Permalink Reply by Joe Klug on November 12, 2015 at 12:09pm

In that case, you just need to define a security credential for the user you want to connect with.  Go to Security->Credentials, click the New button, give a meaningful name, select Windows Domain from the dropdown list and enter the user credentials.  Then in your service connector, if you have WSHttp binding selected and Message:Windows as the security model, the Client Credentials dropdown list will be enabled on the Service Connector tab.  Select the previously created credential in the list.

Joe

Permalink Reply by Gihan Attanayake on November 12, 2015 at 9:23pm

Hi Joe,

Thanks for the reply.

Seems it is not working as my client running from different domain to ESB hosted domain. 

I tried creating security credentials, UserName, Password and Domain(this user is for ESB domain). Then on the service connector selected the security credentials from the client credentials drop down. 

When I tried to run the client code without setting the ClientCredential, I get an exception saying "The request for security token could not be satisfied because authentication failed".

If I set the ClientCredential on the code, it works without any errors.

Looking at Windows Security log(Event viewer), it seems try to authenticate the user I'm running the client with and fails. "Unknown user name or bad password".

How does inter domain security is handled on ESB?

Cheers,

Gihan.

Permalink Reply by Joe Klug on November 13, 2015 at 7:00am

Oh, I think I know - did you define the client connector and the service connector in the same service endpoint settings?  If you did that, then whatever security model you apply to the service endpoint is used by both the client connector and service connector.  Since you want different security models, you need to have two service endpoints - one that hosts the client connector with no security model and the other to host the service connector with Message:Windows as the security model.

When you do this, make sure you disable the client connector in the one that's hosting the service connector and vice-versa.

Permalink Reply by Gihan Attanayake on November 15, 2015 at 4:49pm

Hi Joe,

Thanks for that. Yes, I was using server and client connectors on the same service endpoint. 

I created new service endpoint for the client connector. Set the binding to WSHttp,Security Model None. Used the metadata WSDL document for client, created it was created when importing the Service. Disabled the client connector on the previous service endpoint(endpoint for Service). Updated my Client code with new client service endpoint. 

When i call the method  I get the same exception as before and same thing on Windows Security Log.

Also notice the ClientConnector log,

"An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail"

"The message could not be processed because the action 'http://schemas.xmldsoap.org/ws/2004/09/transfer/Get' is invalid or unrecognized".

Inner Exception Trace:

at Neuron.Esb.Party.SendMessage(ESBMessage message,Boolean duplicateMessage)

at Neuron.Esb.EsbService.ESBClientConnector.ProcessMessage2(Message p1)

Cheers,

Gihan. 

Permalink Reply by Gihan Attanayake on November 16, 2015 at 9:27pm

Hi Joe,

Had a look at End point Health.

I notice the Service Connector State is Failed with following error. Means something wrong with that.

[23] ERROR - Service Connector ServiceConnector_MyService_svc failed to start. The content type multipart/related; type="application/xop+xml";start="a href="http://tempuri.org/0>" target="_blank">http://tempuri.org/0>;";boundary="uuid:fa75fad7-a2f9-4299-969c-032f918f132d+id=98";start-info="application/soap+xml" of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '
--uuid:fa75fad7-a2f9-4299-969c-032f918f132d+id=98
Content-ID: a href="http://tempuri.org/0>" target="_blank">http://tempuri.org/0>;
Content-Transfer-Encoding: 8bit
Content-Type: application/xop+xml;charset=utf-8;type="application/soap+xml"

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action... Context="uuid-fe78f199-82fb-40aa-ac88-023726ecf135-1" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/spnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">TlRMTVNTUAACAAAAEgASADgAAAA1gpni0kuJPSrRh+AAAAAAAAAAAMgAyABKAAAABgOAJQAAAA9QAEEAUwBTAFAATwBSA'.
System.ServiceModel.ProtocolException: The content type multipart/related; type="application/xop+xml";start="a href="http://tempuri.org/0>" target="_blank">http://tempuri.org/0>;";boundary="uuid:fa75fad7-a2f9-4299-969c-032f918f132d+id=98";start-info="application/soap+xml" of the response message does not match the content type of the binding (application/soap+xml; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '
--uuid:fa75fad7-a2f9-4299-969c-032f918f132d+id=98
Content-ID: a href="http://tempuri.org/0>" target="_blank">http://tempuri.org/0>;
Content-Transfer-Encoding: 8bit
Content-Type: application/xop+xml;charset=utf-8;type="application/soap+xml"

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"><s:Header><a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue</a:Action... Context="uuid-fe78f199-82fb-40aa-ac88-023726ecf135-1" xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><t:BinaryExchange ValueType="http://schemas.xmlsoap.org/ws/2005/02/trust/spnego" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">TlRMTVNTUAACAAAAEgASADgAAAA1gpni0kuJPSrRh+AAAAAAAAAAAMgAyABKAAAABgOAJQAAAA9QAEEAUwBTAFAATwBSA'.

Server stack trace:
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation, EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open()
at Neuron.Esb.EsbService.ESBServiceConnector.StartupCreateProxy()
at Neuron.Esb.EsbService.ESBServiceConnector.Start(SerializableDictionary`2 properties, ESBConfiguration envConfig, ESBConfiguration zoneConfig)
[23] INFO - Stopping
[23] INFO - Waiting for heartbeat thread shutdown
[Heartbeat] INFO - Heartbeat thread is sending termination notification to the control service.
[Heartbeat] INFO - Heartbeat thread is exiting
[23] INFO - Stopped
[23] WARN - Recreating the master control service channel. State = Closed

Hope this is help you to narrow down the problem.

Cheers,

Gihan.

Permalink Reply by Joe Klug on November 19, 2015 at 9:20am

Please enter a support ticket and include the Neuron log files from the latest log file folder and your configuration.

Thanks,

Joe

RSS

Neuron ESB Product Support Forums and Communities

Latest Activity

Anupama Nair posted a discussion

Marketo Adapter Invalid Token

Hi,We are using the Marketo adapter to push account updates to Marketo. It works well for some time then starts failing with Invalid Token unless restarted. Is there a configuration that can be done so it can auto refresh the token when required?Thanks!See More
Nov 6, 2023
1 Comment
Sayantini Basak posted a discussion

Maximum payload size(REST API) for requests interfacing to NeuronESB

I am new to Neuron ESB and in our current scenario,We need to process batch transactions comprising of ~1000 records and send them to Neuron ESB for further processing. I would like to understand what is the maximum size of payload that can be transferred using REST interface to Neuron ESB.See More
Jul 22, 2022
0 Comments
Profile IconRobert E Dunie and Sayantini Basak joined Neuron ESB User Network
Apr 28, 2022
Profile IconDayanand, Frederic C, Steffen Greve-Oksfeldt and 1 more joined Neuron ESB User Network
Mar 16, 2022
Profile IconCam Vong and Mitja Luznar joined Neuron ESB User Network
Jan 27, 2022
Profile IconWill Hitzges, Chad Parsons, michael larsen and 4 more joined Neuron ESB User Network
Jun 11, 2021
Anupama Nair posted a discussion

ODBC stored proc polling with temporary tables

We have set up an ODBC adapter to poll a stored proc.We found that if the stored proc has a temporary table defined the rows returned are always 0.Any idea why this would be and what we can do to get around it?See More
Dec 14, 2020
3 Comments
Prasanth Kharade is now a member of Neuron ESB User Network
Dec 30, 2019
Welcome Them!

Badge

Loading…

Get Badge

© 2024   Created by Neuron Admin.   Powered by

Badges  |  Report an Issue  |  Terms of Service

Sign in to chat!