Friday, April 24, 2015

wse 2 run windows server 2008 R2

For some legacy issues, you app stack might use WSE to do the message level authentication. and if you have to run wse 2 in your asmx hosted on windows server 2008 R2. here could be some issues and solutions.

1. If you bind multi Binary kerberos token to the request and send to the server, you might be rejected even both of them are valid. like you put host to abc and abs.fullqualifiedname.com

solution: manually downgrade the wse 2 from 2.0.3 to 2.0.1. I found since 2.0.3, the request filter does not allow 1+ tokens

2. unable to extract username from the binary token passed from client.

solution: config the application pool to run on 32 bit mode. twick the code a little bit, to remove the session key extraction.

image

if always shows me the memroy access exception when it try to do the session key marshaling.

check the code in Microsoft.Web.Services2.Security.Tokens.Kerberos.LsaServerContext.LogonUser(byte[] inToken), you might just decompile the code ,chagne it and sign it back using your own key. and update the reference to your version of wse.dll

Friday, April 3, 2015

JWT token, signed in C#, and Decode in JS

JWT is a widly used token system that we can share token info between APIs or between Apps.

i.e we can sign the token by using a shared key in C#, then verify the token in javascript by using the same sharedkey.

in C#, you can search nuget for the jwt , there are several libraries.
image

let’s I want to sign a simple clamin using the simple password.
image

we get token eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJuYW1lIjoiUGV0ZXIiLCJSb2xlIjoiQWRtaW5zLFJlYWRlciJ9.Qh2J93epa7ls0y6DAn_8YvIRoRHq28hLT9N-93fStcajCd90nLzLG6Vit-Qdfl1TsPtL56qh4jiKDOzpfs1OyA

then follow the library for different languages from jwt.io to do the decoding

Past the token into the validation box, and enter pass in the shared key, you will see token get decoded and verified

image

 
Locations of visitors to this page