l am still working on this sucker. It’s not just the distractions, but the desire to understand what I’m doing, not just do it. I’m doing the plumber way with this Lab. I’ll do the other HOL, too. Then I’ll experiment with the tools and wizards. The whole concept of the elements collection is very interesting. that’s the SoapContext.security.Elements collection. Lots of buckets to help organize your brain and get your head around all that is going on. I imagine that I will look back on this and wonder why I ever thought it was so complex!

Posted from BLInk!

in my old Non-WSE method of doing web services security, I had to get a token from the webserver and have it time out after 2 minutes’then get another one. This was to protect myself from someone discovering and using that token while it was valid. they could do that, but 2 minutes is not enough time to do much damage. But it was still a kludge.

Now WSE2 hasderivedkeyTokenswhich forces a different hash of your username token each time you stick it into your soap header. Cool. Benjamin Mitchell wrote more on this here.

Posted from BLInk!

Among  the methods you can use in WSE2 to  authenticate users is to pass the local windows account through the UsernameToken — not a common scenario of course. However, it is notable that when you use this method, WSE2 can only use this if the password is sent in plain text (one of the enumerations you can choose when creating a UsernameToken) which, in *this* case, limits you to using HTTPS (or just letting your password hang free in the wind, so to speak).

Posted from BLInk!

I’m working on the WSE2ws-securityhands-on-lab somehow my distractions are too many." It is taking forever. I remember doing a HOL at TechEd with only one distraction… (was it Christoph? who is so much fun to chat with). But still I was able to get through the lab fairly quickly.

Posted from BLInk!