UsernameTokenManager.VerifyPlainTextPassword Method

Verifies the password for a UsernameToken security token in a received SOAP message that is in plain text.

Namespace: Microsoft.Web.Services3.Security.Tokens
Assembly: Microsoft.Web.Services3 (in microsoft.web.services3.dll)

Usage

'Usage
Public Class usernameTokenManagerImplementation
    Inherits UsernameTokenManager
        Protected Overrides Sub VerifyPlainTextPassword(token As UsernameToken, _
            authenticatedPassword As String)
            MyBase.VerifyPlainTextPassword(token, authenticatedPassword)
        End Sub
End Class

Syntax

'Declaration
Protected Overridable Sub VerifyPlainTextPassword( _
    ByVal token As UsernameToken, _
    ByVal authenticatedPassword As String _
)
protected virtual void VerifyPlainTextPassword(
    UsernameToken token, 
    string authenticatedPassword
);
protected:
virtual void VerifyPlainTextPassword(
    UsernameToken^ token,
    String^ authenticatedPassword
);
protected virtual void VerifyPlainTextPassword(
    UsernameToken token, 
    System.String authenticatedPassword
);
protected function VerifyPlainTextPassword(
     token : UsernameToken, 
     authenticatedPassword : String
) : Void;

Parameters

  • authenticatedPassword
    The password to match against the one received in the SOAP message.

Exceptions

Exception type Condition
Exception

The password in the SOAP message does not match the authenticatedPassword parameter.

-or-

The password was sent in plain text and the AuthenticateToken method returned an empty string.

ArgumentNullException

token is null .

Remarks

When a SOAP message is received that contains a UsernameToken , WSE uses the UsernameTokenManager security token manager to process the contents of the security token. During that process, the UsernameTokenManager calls the VerifyToken method to verify the validity of the token, which in turn conditionally calls the AuthenticateToken method and then the VerifyPassword method. The VerifyPassword method verifies the password portion of the security token. If the password is not valid an exception is thrown.

When authenticatedPassword is null , WSE authenticates the UsernameToken security token against a Windows account. WSE calls the Win32 LogonUser function for this authentication using the user name and password in the SOAP message. If it succeeds, a Windows principal is assigned to the Principal property of the UsernameToken security token.

The default implementation of the VerifyPassword method verifies the validity of the password for a UsernameToken in a SOAP message based on how the password is sent in the SOAP message. If the password is sent hashed, VerifyPassword calls the VerifyHashedPassword method. If the password is sent in the SOAP message in plain text, the VerifyPassword method calls the VerifyPlainTextPassword method. If there is no password sent in the SOAP message, VerifyPassword verifies that AuthenticateToken successfully retrieved a non- null password.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Development Platforms

Windows XP Home Edition, Windows XP Professional, Windows Server 2003, Windows 2000, Windows 2000 Server, Windows 2000 Advanced Server

Target Platforms

See Also

Reference

UsernameTokenManager Class
UsernameTokenManager Members
Microsoft.Web.Services3.Security.Tokens Namespace
UsernameToken
PasswordOption
VerifyHashedPassword
VerifyPassword
VerifyToken
AuthenticateToken