Aha! I had seen many samples of getting a digital certificate out of the client machines certificate store, but all of the examples were sending in some pre-defined private key.

Let me back up. When you get a digital certificate and install it on your machine, it has a private key associated with it. So when you are using WSE2’s FindCertificateByKeyIdentifier method, you pass in that key and it gives you back the certificate so you can sign whatever it is you want to sign.

In all of the examples I was looking at, the key was “predetermined“. For example in one article it passed in a variable and said “by the way, this private key is stored in the app.config”, or “previously stored private key” pr in the example of the hands on labs, you just manually pasted the key into your code after copying it from the WSE Certificate Tool (a UI that comes with WSE so you can easily work with your X509 certs). But I could never figure out how the key was being retrieved dynamically.

What was bugging me was this: if you have a client application and an end user installs it on their machine, what is the end-user experience when dealing with the key? How is that pre-determined key being discovered?

Now I see that basically you need to get the user to tell you which of their digital signatures they want to use when using this client to access your web service. D’uh, that’s not so bad. So either you have some setup routine where the user can choose the signature and then store the key in a settings file or just have them choose the key dynamically during the application execution. There are of course different scenarios where you would want one method over the other. There is a Quickstart sample (AsymmetricEncryptionCode) that demonstrates how to popup a dialog box and have the user choose from the correct signatures included with the WSE2 install.

There are other methods for getting a digital signature besides by the private key. Again, based on what you are trying to accomplish, you would choose what method to use. But this was the most common scenario in the samples I have looked at so far.

(I’m very open to corrections if I have stated anything incorrectly here. And James, just because I’m a little thick, doesn’t mean this stuff is *so* hard that we should all switch to smalltalk :-))

Once again, I’m getting it from James (though he and I agree to respectfully disagree with each other) for *considering* the DotFuscator Community Edition that is bundled in with Visual Studio .NET.

Here are his posts:

http://www.artima.com/forums/flat.jsp?forum=155&thread=67231

http://www.cincomsmalltalk.com/blog/blogView?showComments=true&entry=3270899203

James is a passionate guy. I’m just a curious girl.

I explicitly chose to put the google toolbar in my i.e.. I *never* installed a Yahoo toolbar and I was never asked. It just appeared out of nowhere. That ticks me off – quite a lot. What’s going on here? Is Yahoo being run by the we-are-going-to-take-over-your-computer Real Networks, now? I wonder if it was because I went to a website that uses MacroMedia Shockwave and I said yes to installing that but changed my mind and aborted.

Well, here’s another pretty picture for you, Yahoo..

I just received an email from PreEmptive, the makers of DotFuscator. This is the obfuscation tool that has a “lite” version embedded into Visual Studio. Their email pointed me to a survey they are doing and based on the questions, I wonder if they are not seeing a lot of Visual Studio users upgrading to the Developer or Pro editions and they are trying to figure out why.

I *know* that obfuscation is  another level of security that we can all leverage. I *know* Microsoft has made it really easy by putting this “lite” (Community Edition) version into Visual Studio.NET. So, raising my hand, yet again as a typical developer – writing custom corporate applications that are not being put out in the market place – why have I never touched  it, used it, thought about it? I have even listened with fascination, as Brent Rector talked about obfuscation on DotNetRocks (his company, Wise Owl, also has an obfuscation tool called Demeanor).

I know with the many many things we are learning all of the time about .NET, for me at least, this is one of those items that is “on my list”. It just hasn’t bubbled to the top yet.

Update: is this about opensource (or lack thereof)? Not in my mind, but since James thinks so (my interpretation), I thought I’d point to his post about this post. 

We all know Dare Obasanjo’s a smart guy. When I visited his home page and saw something about “we welcome visitors to Vermont”, I had a suspicion that his page was tracking where my ping was coming from but I brushed off that idea and {foolishly] decided to email him and ask what the Vermont connection is. I know he comes from far away lands (including Atlanta) but …oh well. Yeah, I was a dope.

So he told me he uses a geolocator. I wonder. I can get a  list of originating IPs that hit thedatafarm.com. Now a little googling (ip address geolocator) quickly finds me a product called DOTS Geolocator by Service Objects

DOTS GeoLocator is a hosted, programmable XML Web Service that allows you to integrate IP-based location information, distance calculation and other geographic intelligence into your applications, business processes, and Web sites

Cool. I learned something (else) new today. I can imagine many of you xml geeks saying “geeze that’s been around for ages“ but hey, it’s not something I have ever needed or sought out so I didn’t happen to know about it. So don’t you be giving me a hard time, eh?!

I was hoping to run my top five ip addresses visiting thedatafarm.com, but their demo seems to be not working.

Christian’s been putting some teaser’s up about something related to WSDL and I thought his “announcement” post was another teaser! Geesh. Ben Miller mentioned that it was available (and that he likes it!) and I kind of did a double take – wondering how I had missed it.

THIS IS A LINK TO THE TOOL (so that there’s no mistake…)

Hopefully, I can get thorugh what I need to do tonight and can check it out. It looks loverly, Christian.

In the UI for BLInk! I want to have my icons for formatting be large enough for clicking on with a stylus. Most of the format graphics provided in microsoft development apps (eg Visual Studio) that match the typical MS UI are bmps which don’t resize (upsize to eg 32×32 or 24×24) well. I know we’ve all been there done that. I found Wesner Moise’s good blog post on this problem and may just have to go ahead and buy some myself. Ugh … for a tool I plan to give away.

Update: I did look at Tim Dawson’s gorgeous SandBar toolbar is free if you are using it for freely distributed apps, but it’s using the same 1616bit bmps…

Posted from BLInk!

I’ve been watching Benjamin Mitchell’s awesome WSE2 presentation from TechEd 2004. The demos are really blury. He keeps showing the trace in some tracing tool but I can’t see what it was. I just opened up my rss aggregator and there at the very top of my feeds was Simon Guest’s post entitle “WSE 2.0 Trace Tool”! That is what I call serendipity. I’m not sure if it’s what Benjamin was using, but I’ll definitely be trying it out.

Benjamin recently did an MSDN WebCast on message in WSE2 and it should be online soon. More information here.

I started playing with this program about a week ago.

Now I can say I definitely love it. It suits my needs to a “t”. I was more than happy to pay a mere $25 for it.

This was the phone call at 7am from the sys-admin at my client site. After a major server hacker problem a few months ago, they threw together a new box with Win2003 Server and a trial version of SQL 2000 to tide them over until they rebuilt the other machine. Things have been running smoothly on this temporary box and they had put off upgrading the regular server (which had SQL7 and Win2000 on it) for a few months because of the cost. Apparently they miscalculated the dates. They will have the the new license tomorrow but the immediate solution (while everyone in the company sat on their hands) was to put another trial on another server machine that is on the network. There are a lot of applications using SQL Server including a bunch of Web Applications.  So I had a fun morning. But we got past it and everything’s fine and they’ll be breathing a little easier after tomorrow. One person in the office did call to ask when SQL 2005 is coming out. It’s painful to pay the $5,000 knowing that they will have to do it again soon. I promised them that I won’t force them to SQL2005 too quickly.