WSE 3.0 WebCast: What does a message for secure conversation look like?

Rather than paste miles (271 lines) of angle brackets in here, I am posting the section of my trace files here from today’s webcast and have renamed it so you can view it in your browser if you want. Note that in general, these trace files will contain your UNSECURED raw data as well (I have stripped those sections out in mine) so you don’t normally want to do this!

I have put comments in the file to point out what is of interest.

Here is the basic story.

Because our policy indicates SecureConversation, WSE will know that before it can make that HelloWorld call, it needs to request a security context token. So you will see not one, but TWO outgoing messages, one right afte the other. THe first is the request for an SCT that WSE deemed necessary (based on the policy). That request sends the usernameToken with the login and password we provided in code. The user is authenticated against the db and the SCT is created and sent back to the cient. Then the client creates the HelloWorld request, but instead of using the username/password for authentcation, it uses the SCT!

I have put comments in the key spots of the file so you can see the differences between the first and second request. I.E. renders them as gray. Don’t be afraid to look at this goo because it’s a good arrow to have in your problem-solving quiver! I promise you won’t have angle-bracket filled nightmares. If you do, I recommend Dr. Ewald’s CureAll Tonic for Angle Brackets.

I’m packing up the code and will write another post when it is on the presentations page of website.

[update: see this post for information on the sample code, etc.]

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!  

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.