I have a WSE2 WS receiving X509-signed messages. I can't read the RequestSoapContext.Current to get the cert token--the object is null. It worked fine on my dev box. Now on a test server, it breaks whether I'm coming from a different box or through localhost on the server box. Is this a ...more >>

Hi, I have a client (C# MS Excel Project) calling a Web Service to retrieve and update data. One of the business requirement is the client's NT Login ID, IP Address and computer name must be log for each web service method call. To get client information using integrated Windows authenticati...more >>

I need to download a greater than 4 megabyte attachment via WSE / DIME. The only way I know how to configure this is via a .config file. Normally, the ..config file is the same name as the base application. I built a .NET driver program to test this, NetBrokerDriver and provided a NetBrokerD...more >>

Hi, I'm trying to use WSE through a Proxy class generated with WseWsdl2 in order to be independent from the transport protocol. My service is implemented through a ASP.Net Web Service (with WSE). I'm trying to authenticate users (like I used to do with Intergrated Security in IIS and Network...more >>

Hi All, I now have a client that will expect a secure response to be returned from the server. To achieve the authentication I have extended UsernameTokenManager in the standard way (this will be ported to a certificate-based solution in the near future). What is troubling me, however, i...more >>

Hello, When I configure a web method using WSE 2.0 to require a digital signature, is it mandatory to have all SOAP elements signed? I made a simple .Net Web method and a .Net client to invoke it and I can see that all elements (including Timestamp and Addressing elements) have a wsu:Id ...more >>

Hi All, If I call a WebMethod and supply a UsernameToken, a MessageSignature and an EncrypedData object I know that my message to the server is secure. If I do nothing other than return the 'result' in my WebMethod, is the Response sent back to the client secure? If so, is it automatica...more >>

I have seen several places that state the need to do the following for using the WSE 3.0 Kerberos samples. 1. Give the ASPNET account "Act as Part of Operating System" rights. 2. Modify machine.config by setting the username attribute equal to "SYSTEM" in the ProcessModel element, and then reset...more >>

I'm transferring a file from server to workstation, using Web Service Extensions and DIME. Along with the file, which travels as a DIME attachment, I'm also sending along metadata information about the file as it exists on the server. The metadata also travels as a DIME attachment in XML for...more >>

I am running a WSE 2.0 Service with an Apache Axis client trying to consume. The Fault message is that the client is missing the TO and Action SOAP header. I assume this has something to do with the WS-Addressing. THey are using Axis 1.2. I've read that Axis2 has more robust support for WS-A...more >>

Hi, I'm using a Java client to invoke a .Net Web Service with some security requirements, such as digital signature. I already have a .Net client which works fine, but the Java client is sending a SOAP request in which the WS-Addressing elements belong to the "http://schemas.xmlsoap.org/...more >>

Hi All, I have almost completed the first stage of our security upgrades for our web services. So far I have implemented Authentication, Authorization, Signing & Encryption from client to server. The first 2 of these I can test very simple. However, I am uncertain how to test the latter 2 s...more >>

In Mark Fussell's overview of wse3, he demos the tcpip hosted web service. There are two lines in there for ws-addressing which point to the operation and open up a return pipe. proxy.requstsoapcontext.addressing.action=new action("MyMethod") proxy.requestsoapcontext.addressing.replyto=new r...more >>

How do I preserve the file timestamps when uploading or downloading a file via Web Services, using WSE/DIME? Do I need to send this information along manually (i.e. as separate parameters), or does the attachment itself actually carry this information? Thanks for your help! - Joe Geretz ...more >>

Hello, Using the WSE 2.0 (SP3) Configuration Editor, I can't seem to find a way to create a policy file with a SecurityToken assertion (I don't want encryption or signing.) Must I create this policy file by hand, or am I missing something? Thanks!...more >>

Hi, I'm attempting to call a .Net Web Service from a Java client and I always receive the above message. I've already read many posts/replies about this issue and tried many suggestions, but none worked for me. Here's what I've done: I created a simple Hello World Web Service and the...more >>

I want to build a web service using .NET Framework 2.0 that implements the WS-* specs that were current when WSE 2.0 SP3 was released. In other words, I want to interoperate with clients that use WSE 2.0 SP3 but develop my services with Whidbey. The download documentation for WSE 3.0 (which...more >>

I am trying to access a web service that is secured with an username-token. However the namespace declaration of the WS-Security-Extension differs. WSE2 generates following declaration: xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" The web ser...more >>

I am starting to wonder if I need to use WSE and I'd like to hear what the WSE gurus have to say. I simply need to protect a web service that will hosted on the internet by a username/password. All methods, etc. on the webservice need to be secured so they can not be anonymously accessed. I will...more >>

Can anyone explain how WS-ReliableMessaging works with HTTP? I've read the specifications, but I don't understand how a "receiver" can send ACKs back to a "sender". i.e. If I call a web service "B" from a some other web service "A", how is B going to call A back some time later over a st...more >>

assume I'm hosting a webservice, I have 2 trusted clients consume my webservice, each client will send in properly encrypted and signed request, WSE will take care of decryption and verification of the signature, everything works great. now there is a hacker, tries to consume my webservice, he e...more >>

I am getting the following error when I try to create a custom username and pasword validator The code works if I use windows authentication. I am using the sample code that is shown in the msdn help for wse2.0. I have installed wse 20. sp3 I am using visual studio.net 2003 and have...more >>

I'm developing a Web Service using DIME to download and upload files from and to an IIS server. In order to increase the download filesize to unlimited, I have the following block in my App.config and Web.config files: <messaging> <maxRequestLength>-1</maxRequestLength> </mes...more >>

Hi, I have this policy [1] on the service and this policy [2] on the client Both have establishSecurityContext="true". Then my client use this proxy.SetClientCredential<UsernameToken>(new UsernameToken("usr", "pwd", PasswordOption.SendPlainText)); proxy.SetPolicy("ClientPolicy"); This ...more >>

i can't login with usernametoken in windows 2000... the same code work perfect in windows xp sp2... anyone can help????...more >>

can i use WSE 3.0 Beta 1 with VS2005 RC? ...more >>

I've been using the following (client-side) configuration block to allow WSE/DIME transfer of files larger than 4 meg: <messaging> <maxRequestLength>-1</maxRequestLength> </messaging> (Of course, I have a similar encoding on the Server. However, my question relates to the client side.) ...more >>

Hi, When installing WSE Beta 1, I get the following error: Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. I have VS2005 Beta 2 installed and I suspect th...more >>

Hi, my company plans to use WSE2.0 sp3 to secure the webservice communication between us and the client. now that we are looking at Verisign on what exactly to buy but the sales person at Verisign were not very helpful. and MSDN didn't provide any information on what exact certificate to buy fro...more >>

Hi This really gives me grey hairs. I'm using a WSE-enabled webservice, and a generated proxy against this = (see below). To my great dismay - the methodcall (wse.ReturnInput) throw a = SoapHeaderException ( "The signature or decryption was invalid"). How = come? Both client (XP SP2) and ...more >>

Hi I've created a webservice for importing XML data into a database. What bacially happens is that the client streams an .xml document using WSE attachments to the server. To avoid dealing with filesystem permissions, the server doesn't save the xml data to disk before loading it, it just l...more >>

What is the deal with MTOM. From what I can see (in the example), you still need to populate the whole byte[] in memory, then do something with that byte[]. For ~small files, this may be ok. But for large files, you need to chunk the reads and writes to and from a stream (e.g. 4K chunks, et...more >>

If I have 5,000 users of my web service, I need to have 5,000 public keys in my server's Certificate Store?...more >>

Does anyone know if the WSE will be integrated into .NET 2.0? ...more >>

I've been using the following (client-side) configuration block to allow WSE/DIME transfer of files larger than 4 meg: <messaging> <maxRequestLength>-1</maxRequestLength> </messaging> (Of course, I have a similar encoding on the Server. However, my question relates to the client side....more >>

Hi All, I'm writing a service which uses the WSE 2.0 toolkit to send signed and encrypted messages. I'm not a big fan of using the policycache.config file to enforce the WS-Security policies because it is simply a text file and could be easily changed. I wish to enforce the signing and e...more >>

I've upgraded from WSE 2 to WSE 3 and I'm connecting to a service that returns a dataset. The generated proxy no longer contains a copy of the returned dataset class. What do I need to do to enable this, or why is it off? Thanks Jon ...more >>

I wrote code for a SAMLSecurityToken that derives from SecurityToken (and it does not implement IIssuedToken). It does not support signing and encryption. Basically the GetXml method of this class adds following xml element to Security element in the header: <saml:Assertion wsu:Id="Security...more >>

We are exploring various alternatives for transferring binary files across our Intranet. We have a software application which stores files in a central filesystem repository. Because of the nature of the application, performance is a primary factor. Option 1: ---------- So far, the quicke...more >>

Hello I have a WebService with a method which is expecting two custom SoapHeaders (filled with application's data). I'm using encryption by user name and password for the message (WSE 2.0). The body is encrypted, but not the headers. How can I encrypt my two headers (I do not wish to use X....more >>

Hello. i am new to wse and kerberos, and I have some probmlem tring to understand how kerberos and kerberos in wse 3.0 works. I have a problem with wse 3.0 and kerberos authentication. Could anyone show me a sample code of how to use kerberoswith wse 3.0 in vb.net or c#? please please. HOw to crea...more >>

Hello, I have the following scenario: I have a web service who must authenticate every request to make sure it originates from someone who has a x.509 certificate issued by a specific CA, let's say BIS. Let's say that the web service has BIS's private key. I want to use policy to enforce al...more >>

I'm working on an file transfer gateway using WSE with DIME for file attachments. Our goal is to replace our direct file repository access (via windows network folder sharre) with the Web Service gateway for security purposes. As it stands now, all workstations have direct read-write access...more >>

I created a ASP .NET Web application in the Visual Studio to act as a client to a Web service signed by an X509 Certificate. Then I right clicked on the application and clicked "WSE Settings 2.0", I specified the client request to be signed by an X509 certificate. But when I started the client...more >>

I've gotten DIME attachments to work, but I'm running into the infamous 4096 limitation. How can I download a 70 meg file via a DIME attachment? I've tried the maxRequestLength setting <messaging> <maxRequestLength>-1</maxRequestLength> </messaging> but this doesn't have any...more >>

How do I configure the client to make a request to a WebService which returns an attachment via DIME? I'm not doing anything special, just instantiating the WebService and calling the method, but I'm finding that ResponseSoapContext.Current = <undefined value> inside the method. I know that...more >>

Hello everybody, My name is Andrei Matei. I'm new to wse and also to using certificates. I want to know if i've got some things straight and also to clear some up. So, if I want to sign a soap request message, I use a certificate which I attach to the message. The web service receives the si...more >>

Hi, I'm trying to implement KerberosSecurity Assertion in my console application that calls a web service. I am successful in creating the Kerberos token at the client, but not successful in validating the SOAP message signed and encrypted by the same Kerberos token at the web service side...more >>

Hi, I have a simple webservice with the HelloWorld method. I have secured it with wse 3.0 usernameOverCertificateSecurity. I can access and invoke the HelloWorld method directly from the browser with the following URL: http://localhost/SLCSecureService/Service.asmx. I also created a cl...more >>

Why isn't the ASP.NET runtime providing a valid reference to the ResponseSoapContext object to my WebService? I'm trying to use WSE and DIME to send attachments via Web Service. I created a brand new WebService project and added in the reference to WSE. I didn't modify the Web.Config file my...more >>