Here are a few things that keep biting me when I return to working on a web services app using wse3.0. I have blogged about some of these before, but need to keep them in the front of my mind!

1. ASP.NET Project NTLM Authentication: If NTLM Authentication is on and you are not set up to use it, you will get a 401 Unauthorized error (“The request failed with HTTP status 401: Unauthorized.”) when trying to start up a web page or access a web service.  This was a new project property setting as of Beta2.
2. Using File System and not IIS? Check your port #.  When trying to hit a web service and the port # of the Development Server has changed, you will get an error message saying “Stream was not writable”. This happened to me when I moved a solution from one computer to another and I needed to change the port # in the web reference.  In an ASP.NET application you will get this message “No connection could be made because the target machine actively refused it” when your port # has changed.
3. Permissions to read certificates Depending on your environment, a particular windows account will need READ access to the web server certificate. Normally, it would be the ASP.NET account. I found that when developing with a non-admin account, I needed to give that non-admin account access to the certificate (in a development environment). If you have not set this up properly, you will see a message indicating “Bad Key” in the soap fault when looking at the trace info. This will come back in the TraceInput of the client application. The Security Hands on Lab for WSE3 (found on this page) has instructions for setting permissions on certificates.