Category Archives: WSE

Glav gives in to letting WSE3 do the work it was built to

Sounds like Paul Glavich was trying to manually process an incoming email message and get it into the pipelline. Finally he gave in and used the built in goo: Pipeline.ProcessInputMessage(soapEnvelope) and WSE did it’s magic. Apparently it was some white spaces that were eluding him, but the WSE method knew how to deal with them.  BTW – he’s doing this in WSE3, but this is also a class and method available in WSE2. I have never had to use it before, so this is a great thing to know.

Don’t Forget: www.acehaid.org

Re-watching Mark Fussell on WSE 3.0

Although I missed Mark’s talk at PDC last Friday, I was still highly entertained by watching (again) his WSE 3 Overview talk from the WSE 3 SDRs. Mark has a lot of fun acting out many messaging scenarios such as timing out a telephone conversation with his mother to demonstrate a new feature for SecureConversation. It may seem silly, but he has great methods of taking concepts that may be confusing and putting them into a context that many people can understand. You can watch this video yourself. There are a bunch of them on the home page of the Web Services Developer Center.

I am giving a similar talk Sunday at Code Camp and then at TechEd South Africa and once more at DevConnections. Mark is a tough act to follow. Being the pm on the WSE team and having a serious background in XML, he knows this stuff inside and out.



Don’t Forget: www.acehaid.org

WSE3 Tracing Info

I have been meaning to mention how cool and informative the info is in the WSE3 trace files. Not only does it show you the soap, but leaves a step by step trail of processing. Here is a sample file from a simple HelloWorld request being made from a client using a UsernameoverX09 policy asserstion.

<?xml version=”1.0″ encoding=”utf-8″?>
<log>
  <outputMessage utc=”9/23/2005 7:04:53 PM”>
    <processingStep description=”Unprocessed message”>
      <soap:Envelope xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema“>
        <soap:Body>
          <HelloWorld xmlns=”http://tempuri.org/” />
        </soap:Body>
      </soap:Envelope>
    </processingStep>
    <processingStep description=”Entering soap filter Microsoft.Web.Services3.Design.UsernameOverCertificateAssertion+ClientOutputFilter” />
    <processingStep description=”Exited soap filter Microsoft.Web.Services3.Design.UsernameOverCertificateAssertion+ClientOutputFilter” />
    <processingStep description=”Processed message”>
      <soap:Envelope xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema” xmlns:wsa=”http://schemas.xmlsoap.org/ws/2004/08/addressing” xmlns:wsse=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd” xmlns:wsu=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd“>
        <soap:Header>
          <wsa:Action wsu:Id=”Id-3055d475-5038-45ae-9909-d7feb1241b7b”>http://tempuri.org/HelloWorld</wsa:Action>
          <wsa:MessageID wsu:Id=”Id-bc312d98-8815-4c65-a015-2cf87409140c”>uuid:80c57c6f-7226-49a6-95ba-51c160841d30</wsa:MessageID>
          <wsa:ReplyTo wsu:Id=”Id-d3c52946-1153-4ef6-85df-4e80506bb0a2″>
            <wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
          </wsa:ReplyTo>
          <wsa:To wsu:Id=”Id-047058e6-d0e9-4592-8d10-2df4cd13d976″>http://localhost:1624/WSE3_Demo2_Service/Service.asmx</wsa:To>
          <wsse:Security soap:mustUnderstand=”1″>
            <wsu:Timestamp wsu:Id=”Timestamp-71acb0d5-9d5c-4d6d-beba-585045011528″>
              <wsu:Created>2005-09-23T19:04:53Z</wsu:Created>
              <wsu:Expires>2005-09-23T19:09:53Z</wsu:Expires>
            </wsu:Timestamp>
            <xenc:EncryptedKey Id=”SecurityToken-2eb49508-1d19-4dc8-ac98-df6037e4dce3″ xmlns:xenc=”http://www.w3.org/2001/04/xmlenc#”>
              <xenc:EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#rsa-1_5” />
              <KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#”>
                <wsse:SecurityTokenReference>
                  <wsse:KeyIdentifier ValueType=”http://docs.oasis-open.org/wss/2004/xx/oasis-2004xx-wss-x509-token-profile-1.1#X509ThumbprintSHA1” EncodingType=”http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary”>h9ksyrcUww2w4LrmubC2W11t988=</wsse:KeyIdentifier>
                </wsse:SecurityTokenReference>
              </KeyInfo>
              <xenc:CipherData>
                <xenc:CipherValue>(this goes on for a while…) Udj=</xenc:CipherValue>
              </xenc:CipherData>
            </xenc:EncryptedKey>
            <wssc:DerivedKeyToken wsu:Id=”SecurityToken-a4ae21b8-bdab-4011-a7b2-c5e8f65bae44″ Algorithm=”http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1” xmlns:wssc=”http://schemas.xmlsoap.org/ws/2005/02/sc“>
              <wsse:SecurityTokenReference>
                <wsse:Reference URI=”#SecurityToken-2eb49508-1d19-4dc8-ac98-df6037e4dce3″ ValueType=”http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-soap-message-security-1.1#EncryptedKey” />
              </wsse:SecurityTokenReference>
              <wssc:Generation>0</wssc:Generation>
              <wssc:Length>16</wssc:Length>
              <wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
              <wssc:Nonce>0waVpgMtJcwLe6nu2EJfWA==</wssc:Nonce>
            </wssc:DerivedKeyToken>
            <xenc:ReferenceList xmlns:xenc=”http://www.w3.org/2001/04/xmlenc#”>
              <xenc:DataReference URI=”#EncryptedData-95a05b43-87ff-4265-8220-0b0301998d5c” />
            </xenc:ReferenceList>
            <xenc:ReferenceList xmlns:xenc=”http://www.w3.org/2001/04/xmlenc#”>
              <xenc:DataReference URI=”#EncryptedData-474cdefc-1a57-4848-9d3b-195021ac5f88″ />
            </xenc:ReferenceList>
            <xenc:EncryptedData Id=”EncryptedData-474cdefc-1a57-4848-9d3b-195021ac5f88″ Type=”http://www.w3.org/2001/04/xmlenc#Element” xmlns:xenc=”http://www.w3.org/2001/04/xmlenc#”>
              <xenc:EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#aes128-cbc” />
              <KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#”>
                <wsse:SecurityTokenReference>
                  <wsse:Reference URI=”#SecurityToken-a4ae21b8-bdab-4011-a7b2-c5e8f65bae44″ ValueType=”http://schemas.xmlsoap.org/ws/2005/02/sc/dk” />
                </wsse:SecurityTokenReference>
              </KeyInfo>
              <xenc:CipherData>
                <xenc:CipherValue> (this goes on for a while…) =</xenc:CipherValue>
              </xenc:CipherData>
            </xenc:EncryptedData>
            <wssc:DerivedKeyToken wsu:Id=”SecurityToken-ef9f2efd-b777-4288-9a93-f7b24b9eb083″ Algorithm=”http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1” xmlns:wssc=”http://schemas.xmlsoap.org/ws/2005/02/sc“>
              <wsse:SecurityTokenReference>
                <wsse:Reference URI=”#SecurityToken-2eb49508-1d19-4dc8-ac98-df6037e4dce3″ ValueType=”http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-soap-message-security-1.1#EncryptedKey” />
              </wsse:SecurityTokenReference>
              <wssc:Generation>0</wssc:Generation>
              <wssc:Length>16</wssc:Length>
              <wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
              <wssc:Nonce>+G94xbAd/DYLEKwIvHIdTA==</wssc:Nonce>
            </wssc:DerivedKeyToken>
            <Signature xmlns=”http://www.w3.org/2000/09/xmldsig#”>
              <SignedInfo>
                <ds:CanonicalizationMethod Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#” xmlns:ds=”http://www.w3.org/2000/09/xmldsig#” />
                <SignatureMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#hmac-sha1” />
                <Reference URI=”#SecurityToken-6d4fff15-de0b-449d-ab5e-47ac5f5b4592″>
                  <Transforms>
                    <Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#” />
                  </Transforms>
                  <DigestMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#sha1” />
                  <DigestValue>XOXZQd6B320w7VI/HbimntQgLI0=</DigestValue>
                </Reference>
                <Reference URI=”#Id-3055d475-5038-45ae-9909-d7feb1241b7b”>
                  <Transforms>
                    <Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#” />
                  </Transforms>
                  <DigestMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#sha1” />
                  <DigestValue>1kE5FH5eNF4vkBKNE9o0/vCJvks=</DigestValue>
                </Reference>
                <Reference URI=”#Id-bc312d98-8815-4c65-a015-2cf87409140c”>
                  <Transforms>
                    <Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#” />
                  </Transforms>
                  <DigestMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#sha1” />
                  <DigestValue>t/FJbUnIn0gLqoLt6eMRTFOTI/Q=</DigestValue>
                </Reference>
                <Reference URI=”#Id-d3c52946-1153-4ef6-85df-4e80506bb0a2″>
                  <Transforms>
                    <Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#” />
                  </Transforms>
                  <DigestMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#sha1” />
                  <DigestValue>9QxbDw3l7++M8PbJMur9JxcPf4c=</DigestValue>
                </Reference>
                <Reference URI=”#Id-047058e6-d0e9-4592-8d10-2df4cd13d976″>
                  <Transforms>
                    <Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#” />
                  </Transforms>
                  <DigestMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#sha1” />
                  <DigestValue>9l1Au73puBn71S7N/1XIBe2vRSY=</DigestValue>
                </Reference>
                <Reference URI=”#Timestamp-71acb0d5-9d5c-4d6d-beba-585045011528″>
                  <Transforms>
                    <Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#” />
                  </Transforms>
                  <DigestMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#sha1” />
                  <DigestValue>Ys2mZfoq7z+Ix/XyIYWTIDUvm28=</DigestValue>
                </Reference>
                <Reference URI=”#Id-8d5987f2-3dd0-41aa-8dc5-5551bc171011″>
                  <Transforms>
                    <Transform Algorithm=”http://www.w3.org/2001/10/xml-exc-c14n#” />
                  </Transforms>
                  <DigestMethod Algorithm=”http://www.w3.org/2000/09/xmldsig#sha1” />
                  <DigestValue>PkZhQS+mXa/s8BC0x09fp7BOeB8=</DigestValue>
                </Reference>
              </SignedInfo>
              <SignatureValue>tJZfFrgNccXPYc91i41uHxdrzXk=</SignatureValue>
              <KeyInfo>
                <wsse:SecurityTokenReference>
                  <wsse:Reference URI=”#SecurityToken-ef9f2efd-b777-4288-9a93-f7b24b9eb083″ ValueType=”http://schemas.xmlsoap.org/ws/2005/02/sc/dk” />
                </wsse:SecurityTokenReference>
              </KeyInfo>
            </Signature>
          </wsse:Security>
        </soap:Header>
        <soap:Body wsu:Id=”Id-8d5987f2-3dd0-41aa-8dc5-5551bc171011″>
          <xenc:EncryptedData Id=”EncryptedData-95a05b43-87ff-4265-8220-0b0301998d5c” Type=”http://www.w3.org/2001/04/xmlenc#Content” xmlns:xenc=”http://www.w3.org/2001/04/xmlenc#”>
            <xenc:EncryptionMethod Algorithm=”http://www.w3.org/2001/04/xmlenc#aes128-cbc” />
            <KeyInfo xmlns=”http://www.w3.org/2000/09/xmldsig#”>
              <wsse:SecurityTokenReference>
                <wsse:Reference URI=”#SecurityToken-a4ae21b8-bdab-4011-a7b2-c5e8f65bae44″ ValueType=”http://schemas.xmlsoap.org/ws/2005/02/sc/dk” />
              </wsse:SecurityTokenReference>
            </KeyInfo>
            <xenc:CipherData>
              <xenc:CipherValue>(this goes on for a while…) ==</xenc:CipherValue>
            </xenc:CipherData>
          </xenc:EncryptedData>
        </soap:Body>
      </soap:Envelope>
    </processingStep>
  </outputMessage>
</log>



Posted from BLInk!

Why non-HTTP web services are so much cooler (for non-plumbers) with WSE 3.0

In WSE 2.0 we had the ability to run web services over TCPIP and other transports. Did you use it? I didn’t. Too confusing. Loved the demos at TechEd & PDC, though. The Messaging API has in it SoapSender and SoapReceiver, but it is disconnected from all of the security I was doing with WSE – or maybe I just couldn’t ever figure it out. I think it even required a lot more angle bracket programming, too,  though I don’t recall now.

With WSE 3.0, Microsoft has made transport independent Web Services much more accessible. You can now write web services the way most of us luddites are used to, with the VS IDE (or even graduate to contract first web services) – – add in all of your WSE goodness – i.e. policies for security, etc.

With a HTTP hosted web service, you write the web service and build it in VS2005, deploy it if necessary (I’m still working in a development environment), then write your client, and ( in the simple world), add a web reference which creates a proxy, then make calls to the proxy.

With the example of a console application hosted web service, you write the web service and write a console app that fires up the web service in a URI with a tcp scheme.

The key code for the console app is

1) Create a URI that will be the endpoint
dim myTCPServiceURI as URI= new URI(“soap.tcp://mytcphost/mynicewebservice”)

2) Add the endpoint and the class for your web service to the Microsoft.Web.Services3.Messaging SoapReceivers
SoapReceivers.Add(new EndPointReference(myTCPServiceURI), GetType(myService))

Then you can fire up this console app and it will sit and wait for messages on that URI, just the way IIS does, but in the case it’s coming through TCP. You can also specifiy a port eg: soap.tcp:90. The web service processing just happens right there.

On the client side, the code is not too much different than calling an HTTP Web Service.

For those who only know how to get at web services through web references, remember that this is an existing HTTP Web Service, right? So you can get a proxy to that the way you know, by pointing to the original HTTP Web Service. Otherwise, you can use the wsewsdl3 tool (included with the SDK) that will create a  proxy class directly from WSDL. The proxy is just to make it easier to code against the web service and has nothing to do with where the endpoint is. We will still access it through TCP when we run our client app.

1) Create a proxy  web reference (let’s say that becomes localhost)
2) Instantiate the proxy
Dim myWS as localhost.MyServiceWSE=new localhost.MyServiceWSE()

3) Change the URL to point to the uri that is waiting on the TCP Wire (above)
myWS.URL=”soap.tcp://mytcphost/mynicewebservice”

4) Define the operation that will be called (eg Web Method)
myWS.RequestSoapContext.Addressing.Action=new Action(“GetSomeData”)

5) Create a ReplyTo endpoint (as per the WS-Addressing specs)
myWS.RequestSoapContext.Addressing.ReplyTo=new ReplyTo(new URI “soap.tcp://receiver”)

6) SetPolicy if that is required
myWS.SetPolicy(“mypolicy”)

7) Make your call!

Like I always say, if I can do it, so can you! More importantly, it’s taken a while for me to finally comprehend it. Which says to me, that Microsoft has gotten it to the proper place for non-plumbers.

Don’t Forget: www.acehaid.org

WSE3 Beta 1 Release Notes

Since I didn’t see the release notes are not on the website for WSE3.0 Beta1,  I thought I would put the key bits here.

Main Features Updated from the July CTP Release

  • Wsewsdl3.exe can now produce ASP.NET proxy clients from an ASP.NET Web service over TCP using the /type: parameter. This setting determines the default proxy type to generate. Choose from ‘webClient’, ‘soapClient’. If you choose webClient, a proxy class deriving from WebServicesClientProtocol will be generated, otherwise, a proxy class deriving from SoapClient will be generated. The soapClient is the default.
  • The policy framework has new assertions for <requireSoapHeader> and <requireSoapAction> which enforce constraints on the received messages to require that either a SOAP header is present or a SOAP action is present. See the product documentation for more details. The schema for the WSE policy, wsePolicy.xsd, can be found in this directory C:\Program Files\Microsoft Visual Studio 8\Xml\Schemas after WSE 3.0 is installed.
  • WSE generated proxies have the same asynchronous pattern as ASP.NET 2.0 generated proxies.
  • More detailed tracing when a policy fails during the processing of a message.
  • The SoapHttpRouter class now works with the policy framework to enable you to secure messages with policy files. See the quickstart samples for an example.

Known Issues

  • The WSE Settings may not be integrated with Visual Studio 2005. This occurs if you install Visual Studio 2005 and then install WSE 3.0 Beta 1 without first having started Visual Studio 2005. Ensure that you start Visual Studio 2005 before installing WSE 3.0 Beta 1. Alternative you can use the Visual Studio 2005 Add-in Manager available from the Tools menu item to manually install the WSE 3.0 Settings tool.
  • WSDL files produced by the Windows Communication Foundation (formally codenamed “Indigo”) Beta 1 cannot be consumed by WseWsdl3.exe
  • Using WSE with Web services hosted in ASP.NET, SOAP section 5 encoding does not work.  Set the Web service to use literal encoding instead.
  • With Microsoft Windows 2003 Server SP1, all Web services that run under the Network Service account cannot write WSE diagnostic trace files. To enable these services to write diagnostic files, either add write access permission for the Network Service account to the directory where the diagnostics files are being written or alternatively run the service under an account which has write access privileges.
  • WSE 3.0 and the Windows Communication Foundation (formally codenamed “Indigo”) Beta 1 cannot be installed on the same machine as they use different versions of the .NET Framework.
  • Wsewsdl3.exe cannot produce ASP.NET proxy clients when just the .NET Framework Runtime is installed on the machine. The .NET Framework SDK is required.


www.acehaid.org

WSE 3.0 July CTP (for VS2005 July CTP)

I am still on the ancient Beta2 with WSE 3.0 June CTP, but there are new bits out. The July CTP of VS2005 came out on MSDN (for suscribers only at this point) and soon after a new release of WSE3.0 came out to go with that (i.e. this requires the July CTP of VS2005). Note that there was a small problem with the WSE3 CTP that Matt Powell explains how to work around.

I got a good chuckle reading Mike Gunderloy’s pointer to the latest CTP: “Just in case your edge isn’t bleeding enough yet.

www.acehaid.org

Good goings on in the Web Services Developer Center aka “WS and Other Distributed Technolgies Center”

1) MSDN Web Services Developer Center is repositioned as “Web Services and Other Distributed Techonlogies

2) Guidance on when to use which technologies to use when in building distributed apps with todays tools from Rich Turner. Steve Swartz gave an excellent session on this advice at TechEd.

3) related: WS-Security gets it’s own PAG group. (“Web Services Security Patterns“) This is excellent news. Not just how to use the stuff but WHEN, WHY and what approaches work best under which scenarios. I am really happy to see this happening.

www.acehaid.org