Monthly Archives: February 2005

WSE 2 Tracing Utility updated for SP2 of WSE 2.0

WSE

My favorite method of inspecting SOAP messages when I am working with WSE2.0 is Mike Taulty’s WSE 2.0 Tracing Utility. Mike had to update the tool to work with SP2. If you use this tool, and have updated to SP2, be sure to grab the new version here. You will need to modify your config files as well.

If you are using WSE2 and not using Mike’s utility, I highly recommend that you try it. The messages are so much more disoverable and readable than opening up the log files in notepad..

Posted from BLInk!

WSE2 Security without X509

WSE

At Web Services Edge, someone asked me in the hallway about doing WSE2 Security without X509 certificates. Although there is, out of the box, support for Kerberos (which I still know nearly zip about) and you can write custom tokens as well, I think the question was really about how to do security well with login/pw —> UsernameTokens.

The answer is that you can, but with the caveat that logins/passwords are often (thanks to social engineering and use of passwords like “cat”) not the best way to go.

However, if you are hoping to do this with UsernameTokens, there are two important resources you should be aware of.

1) Keith Brown’s recent article on the Web Services dev center on Securing UsernameTokens with WSE 2.0

2) To solve another problem – doing SecureConversation with UsernameTokens – which still basically requires a web server x509 certificate – see William Stacy’s blog post which accomplished what a number of us have been trying to do for some time!



Posted from BLInk!

Sys-Con Web Services Edge was a blast

Community Cheerleading

I had a great time at the Edge East conference in Boston over the last few days. I was able to meet some people I know via emails, blogs etc. This includes Philly area D.E. Stan Spotts – who i hope is feeling better, Atlanta D.E. Doug Turnure and Raj Das from Magenic. I also unexpectedly got to catch up with Andrew Duthie. Best of all was seeing all my New England pals  – some of the user group leaders that I konw and others, like Robert Hurlbut. I also enjoyed seeing Michael Stiefel’s talk on SOA and WSE2.0. He and I consulted in advance so that our talks didn’t overlap. I got to focus soley on the security fundamentals – all concept no code! That talk is becoming my raison d’etre these days!

There were some fantastic session, including the workshops and Ari Bixhorn did a super job of the keynote. Though the keynote was the same focus as the keynote that he did with Eric Rudder at VSLive, he really made it his own at this show. It’s always entertaining to get a chance to catch up with Ari!

Thom Robbins got me to actually sit down to do a Hands on Lab with Whitehorse, but I didn’t get too far as I was having too much fun chatting with Jim Murphy and Tim Ewald from Mindreef which was right by the HOL area. I got to hear about some interesting features that are upcoming in their already awesome product. I think those guys are going to do a group road trip to speak at VTdotNET after this summer. That will be a blast. What great luck for the user group!

The Cabanas (sponsored by INETA, no less <g>) last night were great. I ended up in the VB room with Carl Franklin and Markus Egger. People asked awesome questions. It seems that STILL the #1 most difficult new concept for VB6 devs coming into .NET is delegates. (it was mine as well…)

I went over this morning for a bit and sat in an amazing (and entertaining) workshop called “Security, the new reality” doen by Patrick Hynds and Duane LaFlotte of Critical Sites. It is a REALLY good thing that these guys are not on the wrong side of the law when it comes to hacking website. I pity any hacker that tries to get into their sites.

All in all it was a great show. Thanks especially to Derek Ferguson and Grisha Davida!!

And I can’t complain about the very clear weather for driving to Boston and back either!

http://www.AcehAid.org

Need searching for your website?

Tools

Congrats to Scott Cate and company on a killer feature of EasySearchASP.NET. The tool lets you incorporate a search engine very easily right into your own website. But the new feature is “hints”. It is REALLY cool. You can see it best right on the EasySearchASP.NET site by searching for something on that site. On the home page is a search box. Just go start typing in it…..

Cool, huh?

You don’t have to rely on visitors knowing how to use google’s site:www.mysite.com parameter to search your website.

I like it. But the hints is super duper slick.

http://www.AcehAid.org