WSE: Configuring the Client

On to configuration! To configure the client, right click on the project and select the "WSE Settings 3.0" option at the bottom of the context menu. You should get a dialog that looks like Figure 1. Make sure that Web Service Enhancements is enabled (top checkbox). Click the Policy tab at the top to bring up a screen that looks like Figure 2. Check the "Enable Policy" checkbox at the top if it is not already.

Figure 1	Figure 2

Click the "Add" button to add a new policy and you will be prompted for a policy name. Pick something easily remembered such as "MyPolicy". Once you have selected a name, the "WSE Security Settings Wizard" will start giving the screen shown in Figure 3. Click "Next" and you will get the "Authentication Settings" (Figure 4) view. Make sure that "Secure a Client Application" and "Username" are selected. You could select one of the other client authentication methods, though this series of posts will build entirely off the second option. Click "Next".

Figure 3	Figure 4

The "Optionally provide Username and Password" screen (Figure 5) is pretty much self explanatory. If you want to hard code a username and password into the configuration, uncheck the box and specify. For our purposes, leave the "Specify Username Token in code" box checked and click "Next" to get to the "Message Protection" screen (Figure 6). There are a lot of interesting options here that are begging for experimentation, though we are going to use none of them now. Make sure the "Enable WS-Security 1.1" box is checked and in the "Protection Order" radio button group, select the "None (rely on transport protection)" option. Notice that the "Establish Secure Session" checkbox is now unchecked and disabled. Take this as a warning. Our first webservice transaction will NOT be secure. We're just experimenting with WSE right now.

Figure 5	Figure 6

Clicking "Next" brings you to the summary screen which should look very much like the one in Figure 7 if you were following verbatim. Click "Finish" and the wizard is done.

Figure 7

Now you should see the screen shown in Figure 2. Click "OK" and you have a configured client.

Next up, configuring the service.

WSE: Role-based Security Database

Since I want to build a role-based security system, a database might prove useful. Furthermore, instead of blathering on and on about what the database looks like, how about a shapshot of the dataset? Ok, I'm blathering. if the image to the left is a little small, click on it for an enlarged version.

WSE: Introduction

I'm preparing a series of posts on Web Service Enhancements that should be starting in the next couple of days. I am not going to focus on all aspects of WSE, but instead focus on a single problem: direct authentication integrated with a custom role-based authorization system. My approach will be iterative. I'll start with the simplest possible example and continue to add small layers of complexity until we have a secure, functional WSE implementation.

A couple of notes:

• If you want to follow along, you will need to install WSE 3.0 (a free download from Microsoft).
• Login accounts, roles and resources (i.e., web service names) will be stored in a database. I'll make sure my next post will include a database diagram showing the all of the tables and their relationships, though any number of database schemas will work.

Day of .NET: Mission Accomplished

For those of you who missed Day of .NET, you really missed an incredible event thanks to Josh Holmes, John Hopkins and Jason Follas. They did a tremendous job of organizing 20 sessions, 130+ attendees, lunch, a registration process, swag, etc. It was truly amazing at how smooth things went.

Here's a little factoid you should take note of: We ran out of people before we ran out of swag!!! Someone took a picture of the lecture hall with every book winner holding up their prize. It was truly an amazing site and we still hadn't given out an software! I want to thank everyone who helped and/or attended. I look forward to seeing you next year.

WSE 3.0 Resources

While brushing up my slides for Day of .NET, I realized I wanted to share a lot of useful WSE links. So for convenience sake, here they are...

• WSE 3.0 Installation Package and Other Resources
• Service Oriented Architecture Resources
• Web Service Security: Scenarios, Patterns, and Implementation Guidance - make sure you download the "Web Service Security Guide in CHM Format" in the downloads section.

AACS Grok Talks

The AACS Grok talks went amazingly well thanks to Bill Wagner, Josh Holmes, Duane Collicott and the AACS quartermaster(whose name escapes me right now). Just getting 8 speakers to show up in a night is quite an effort, but when one of those speakers is going to be presenting remotely, it got a whole lot more complex. For a complete rundown of the talks, check out this post by Josh Holmes. The speakers were Jason Follas, John Hopkins, Me, Bill Wagner, Aydin Akcasu, Martin Shoemaker's Computer (yes, Martin's computer did all the talking), Josh Holmes and Carl Franklin. It was a fun for both the attendees and the speakers.

BTW, All speakers (except Carl) are going to be presenting at Day of .NET, so if you weren't able to be there you can more than make up for it by registering for this free event.

Value cannot be null. Parameter name: project

Ever got that annoying message on your dataset (*.xsd file) when opening up a project in VS2005? I was pretty irritated the first time I got it, especially since I couldn't figure out why. The project builds. The last time I closed the project everything was fine. What happened? Nothing happened. VS2005 *just* seems to choke if it is one of the displayed files when opening. All you have to do is close the dataset file and reopen. Annoying? Yes. Devestating? No.