In WSE2.0, the recommended way to do authorization, was to attach a principal with role information to a SecurityToken in a custom UsernameToken manager (which you would be using to authenticate against anything but A.D.). Then in your web method, you can just get at that principal by returning the Context.Security.Tokens from the RequestContext. But that is now obsolete. In fact if you use it, you will get a warning that SoapContext.Security is obsolete and to write a custom filter instead.

However the samples and the documentation in WSE 3.0 still show the old method. So, I’m not a Michele or Benjamin or William or Clemens or Christian. And most people using this stuff aren’t (cause those guys have all moved on to INdigo, but I have a live app that needs ws security…). Now what?

I guess I am going to learn how to use filters today. (so much for my fantasy of cutting out for 2 hours after lunch to go skiing because we got about 4 inches of new snow last night. whaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa)

Don’t Forget: www.acehaid.org

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!