Daily Archives: June 8, 2006

Security Guru, Bruce Schneier speaking in Vermont, 40 minutes from my house!

dotNET

So I’m flipping through the local weekly, Seven Days, and I did a double take when I thought I saw Bruce Schneier’s name in big letters at the top of the page. Here’s the article.

Yep it’s him and yep he’s coming to Vermont. There’s an ACLU meeting on Tuesday and he’s speaking at it.

When? You ask? On Tuesday, the day I will be in Boston at TechEd. I will be driving past Montpelier at about 7am.

It’s not like I pay attention to his speaking schedule, which has this event on it!

Aaaaargh.

 

WSE3.0 WebCast: Powerpoint and Sample code online

WSE

I have posted my version of the powerpoint (not the pretty MSDN version since I don’t have that) and the sample code from today’s Intro to WSE 3.0 webcast.

You can find them on my TALKS page. Scroll down to Introduction to…. and you’ll see the zip and ppt files.

Thanks to all who attended!

I hear there was a snafu with the survey and MP3 Raffle and that emails will be sent out to attendees on how to get back in the game (within 24 hours, they told me)

WSE 3.0 WebCast: What does a message for secure conversation look like?

WSE

Rather than paste miles (271 lines) of angle brackets in here, I am posting the section of my trace files here from today’s webcast and have renamed it so you can view it in your browser if you want. Note that in general, these trace files will contain your UNSECURED raw data as well (I have stripped those sections out in mine) so you don’t normally want to do this!

I have put comments in the file to point out what is of interest.

Here is the basic story.

Because our policy indicates SecureConversation, WSE will know that before it can make that HelloWorld call, it needs to request a security context token. So you will see not one, but TWO outgoing messages, one right afte the other. THe first is the request for an SCT that WSE deemed necessary (based on the policy). That request sends the usernameToken with the login and password we provided in code. The user is authenticated against the db and the SCT is created and sent back to the cient. Then the client creates the HelloWorld request, but instead of using the username/password for authentcation, it uses the SCT!

I have put comments in the key spots of the file so you can see the differences between the first and second request. I.E. renders them as gray. Don’t be afraid to look at this goo because it’s a good arrow to have in your problem-solving quiver! I promise you won’t have angle-bracket filled nightmares. If you do, I recommend Dr. Ewald’s CureAll Tonic for Angle Brackets.

I’m packing up the code and will write another post when it is on the presentations page of website.

[update: see this post for information on the sample code, etc.]

Demos just don’t work like real life

Presentations

I did an MSDN Webcast today on Introducing WSE 3.0. Since I had an unusually short amount of time to get through all of my demos,I practiced them over and over (even though they were old hat to me ;-)) just to make sure nothing unexpected happen.

On the very last demo, where I created a new Policy that had “SecureConversation” turned on, it threw an error when I ran the client side app. There was not time to deal with the error and since I knew I had done everything correctly, I moved on, highlighting the key take-away of the demo (which was not seeing “Hello World” on a black screen, but what SC is and how easy it is to implement.)

Now I have just gone back to see what wasn’t lined up. I ran the demo again so that I could see what the error was and make sure the code was a-ok before I posted it…. and wouldn’t you know, it just friggin worked. And I hadn’t touched anything yet.

As my grandmother and all of her grandmothers before her would say: Oy Vey!

[update: see this post for information on the sample code, etc. and this post for more info on the SecureConversation demo]