When it is due to the fact that my web service and client application really ARE reading my policy files!

“Microsoft.Web.Services2.Policy.PolicyVerificationException: WSE464: No policy could be found for this message.”

I’m still in the middle of wiring this up. I have to say that the refactoring process is definitely time consuming (and very educational). It is MUCH easier of course to implement WSE2 when you are working with new projects.

I am working with a client app that has MANY components and many different web services. Even though it is working already, and seems foolish to attempt to tackle this, I know that if I can get this working with wse2 then I have accomplished and learned a lot.

okay- I seem to have picked up this “jig” thing from Ted Neward, but I just noticed something – that is MUCH more obvious when working with code you know well, rather than fiddling little samples.

With WSE1.0, you have to modify your client’s proxy to the web service so that it inherits from Microsoft.Web.Services.WebServicesClientProtocol instead of the default System.Web.Services.Protocols.SoapHttpClientProtocol. Every time you update the web reference, you have to remember to go back into the proxy and make that change. I have gotten into the habit, but really it’s just one more thing I need to remember, cluttering up my brain.

I have just modified the client component that has been working with WSE1 to use WSE2. When I updated the web reference in that project, the inherited class was automatically changed to Microsoft.Web.Services2.WebServicesClientProtocol.

This makes me very happy. I can free up that little space in my brain now for more important things! And it is one less barrier to getting regular programmers to use this stuff. Thanks WSE folks!

(I should point out that you get TWO proxy classes and this happens to the WSE2 version…)

I am finally converting my web service login and authentication procedures for one of my big production apps. Currently it is using straight web services, with a combination of soap headers and a System.Web.Security.FormsAuthentication ticket which is returned to the client as an encrypted string to be sent back with future requests as well as cached on the server. Lastly, I have a little user class that stores some details about the user that are used for authorization on the client end.

It’s somewhat similar to a secure conversation model because my token also times out every two minutes and has to be regenerated, but I don’t have to authenticate on every single message.

But an interesting difference is that I am explicitly authenticating at the user login (like we always have done, right?) whereas with the ws-security model, I will authenticate along with my actual requests. So if I were CODING all of this (which I’m not sure if I choose between hand coding in order to drill the stuff in to my brain better, or if I will just use the config tool and let that and policies do the grunt work for me — and if you saw what a GORGEOUS day it is out – you’d probably vote for the latter, too! :-)) …where was that sentence? Oh yeah, I will basically strip out the authentication that happens at login.

Thereare some cases where I am doing application updating and I require authentication at login for that process also. But for the other apps, I get to just rip out SO MUCH CODE – yippee – on both the client side and the ws side. Currently, on the client side, I am stuffing the token in the header of every ws call, so I won’t have to do that any longer. On the ws side, every method takes that token and checks against the cache to see if it’s still valid. So I get to take that code out. If it’s not valid, I was returning nothing to my client and the client has to send back the login/pw (which is still available to the app) and get another token. So all *that* code can go, too.

Rip rip rip, delete delete delete.

VSLive lucked out when the hurricane diverted and missed Orlando. Now PASS, in Orlando next week, is dealing with Hurricane Jeanne. Watch PASS track chair Roman Rehak’s blog for updates. The SQLPass site also has information and links regarding the Hurricane.

There is an AP article that has been picked up by a lot of papers around the world and I’ll link to it on msnbc’s site. The article is about using quantum physics for encryption via photons (light particles) – rather than the keys (strings of random numbers) we use today. It’s pretty far out but not even totally new. There are a few companies already offering solutions (eg MagiQ Technologies) and Harvard is working on the availability on the web. Pretty amazing stuff. I guess in __ years from now, it will be as common as sliced bread.