Everything I thought I knew about how to interop messages between WCF and WSE3.0 went down the toilet with the newest bits of WCF.
Thanks to some serious counseling from William Tay this morning (who has been diving deep with WCF for a long time and has also kept up with the changes that affect all forms of interop, even WSE3.0) and then lots of hours of just trying, failing, thinking, adjusting (rinse and repeat) I finally got a WCF client app to talk to a WSE3.0 secured web service using a UsernameforCertificate binding/policy.
And yes, it’s all secured on the wire. I had every problem. Wrong X509 certificates installed, wrong encryption algorithms, hitting a few WCF bugs and more. Luckily, all of the work I have done with WSE3.0 has helped me prepare for troubleshooting this stuff. To me, that is one of the most important lessons!
Here are a few of the things I can share.
I was doing what Willie tells me is the hardest thing with interop – UsernameOverCertificate. But being bullheaded I had to go forward with it.
I tried writing my own, but didn’t understand well enough (though now I think I could tackle that) and instead used WSEHttpBinding that is a custom binding in one of the WCF samples.
That binding uses the Aes128 algorithm for it’s default security binding and secure conversation. I kept getting a message that the algorithm was insufficient to encrypt and key wrap. Changing them both to Aes256 fixed that. It took me a while to realize there were two spots to change, but I had the right idea! Uggh.
At one point, I was still getting an error, but looking at the web service’s trace, I could see that everything on that end had finally happened correctly. Therefore the problem was on the client side. Google gave me ONE response, and naturally it was from a blog post of Willie’s! He had seen a similar problem in the Sept. CTP, but it was enough to fix my problem (Feb CTP).
Since this stuff is still in flux, I think I will wait for WCF beta2 to be released before I attempt to update my article on preparing WSE3 web services for WCF. Truly the hard part (until the new bits are all sorted out) is writing the WCF client. I didn’t have to do anything to my web service to get this to work.
I will never have the deep knowledge of this stuff hat Willie and his compadres (Michele Butamante, Christian Weyer, Juval Lowy, etc.) have, but as long as I am willing to battle this stuff out so that I can share it with other programmers who are floating on the surface, I’ll keep at it.
I’ll be looking at more of this stuff in my WSE3 for WCF session at DevConnections next week. My focus is on making sure the WSE3 services are written correctly so that you can talk to them in the future from WCF. I won’t be teaching WCF. You can go across the hall to see Michele for that.
Don’t Forget: www.acehaid.org
Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!