I am having a problem creating the appropriate Certificates for mutual X509 security use our in house Cert Authority with teh CertSrv wizard. I have not found any good documentation on what type of certificates need to be created and which parameters need to be set in the CertSrv. I took a l...more >>

The makecert.exe tool signs certificates with the ROOT AGENCY. Couple of questions -- 1. Who created this ROOT AGENCY "CA"? Microsoft, I presume? 2. Does the ROOT AGENCY cert contain the same serial #/thumbprints across all versions of Windows? (XP and 2003 appears to be the same) 3. ...more >>

Hi All, I'm having a problem configuring my servers to allow WSE 3.0 usernameOverCertificate security. Just a little overview, I have a asp.net 2.0 web service that provides data to windows app. I am able to use the usernameOverCertificate policy from my dev machine in debug mode i.e. my serv...more >>

Hi, I'm getting several sporadically occuring errors using WSE 3.0. I'm using a Windows Service to host the web service - therefore using soap.tcp://. The errors only seem to occur when using asynchronous calls. WSE007 The SoapEnvelope or its SoapContext has already been processed by...more >>

I have been testing successfuly for a couple of weeks with WSE 3.0. Today out of the clear blue, none of my projects work. When the client executes the Web Service, I get the following Error: Message="System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later...more >>

Hi All, I am trying to use an SSL certificate that I got from Verisign to sign and encrypt message using wse 3. The Verisign certificate I have is a class 3 Secure Server Ca. When I use the wse configuration tool to setup my policy (UsernameOverCertificate) and choose this certificate I get t...more >>

Hi All, I have a webservice which is consumed by clients the world over.I needed some authentication for creating user specific views of the data being accessed.I decided to use wse 2.0 UserToken custom authentication (using a SqlServer Database).On the dev environment this worked like a char...more >>

Is there a way to disable ws-addressing on the server side ?? Or at the very least a way to stop the check of the TO address ???? -- Rob...more >>

I have an ASP.net 2.0 application with membership, roles and profiles configured. Users log into the site to and everyting works as expected. I have then created a webservice and test windows app that uses wse 3.0 to authenticate using the providers for membership, roles and profiles that the A...more >>

I have my web service application running well using the UsernameForCertificate assertion. As part of getting the service and test client application set up on a development Win2003 Server box I have access to, I had to use the WSE3 certificates tool to grant permissions to the server certi...more >>

Hello, How do I enforce that UsernameToken be passed with SOAP request to Web Service. I looked at the following thread: http://groups.google.com/group/microsoft.public.dotnet.framework.webservices.enhancements/browse_thread/thread/3b659d7a27f280b7/724037e2293a2fb4%23724037e2293a2fb I trie...more >>

Hello all so i have a web-service that will be ran over SSL and it has a custom UsernameToken that can validate my users with a db now i would like to encrypt this UsernameToken so using an X509 cert sounds like the logical action. now management doesn't not want anything installed on the c...more >>

Here we go again, more WSE fun! I am in the process of writing a wizard for helping our support people in making changes to the web.config for supporting WSE configuration and have encountered an issue with the <securityTokenManager> node when using a custom user token manager. Below is a v...more >>

I have a .net solution in which there is a web page which makes a call to another project (inlucded as a dll). The dll then makes a call to a webservice. I'm trying to authenticate via username. I have been able to make this work with certifacates, but when I try with the username I get th...more >>

Hi All, I have installed WSE 3.0 on top of VS .NET 2005. It was working fine till two days before. Suddenly, the WSE 3.0 Settings menu item on the Project context menu had been disappeared. I tried to locate the WSE 3.0 Add In in the Add-In manager. I even reinstalled WSE 3.0, no luck... W...more >>

If I use the web reference built into VS2005 the reference.cs file created creates a wse version of my service, but when I use the wsdl tool, it does not. Anyone know what's going on?? Thanks --- Posted via www.DotNetSlackers.com...more >>

I am using content based routing, to route web service calls from a ‘perimeter’ or ‘gateway’ service, to an actual target web service. The content based router has been built by using the SoapHttpRouter class, as outlined in the WSE3.0 documentation, content based routing sample. I ...more >>

Thanks for reading. I'm trying to authenticate a server with an X509 certificate which is embedded, as a byte[], within the distributed client code -- all the examples I've seen assume you're going to load the cert from the local cert store, but we can't do this. I'm able to load and c...more >>

Hello all There is a lot of good information on this list so i thought i would ask for some advise. I have a windows application that need to access web services i do have a user-name and Pass that can be validated with a DB (users is text and password is a salted hash) so what i have created...more >>

We are building an solution where a web service is called from a desktop app. We want to secure the calls to the webservice. For right now we are only concerned with authentication, we do not need to encrypt the message content,etc. yet. Working with WSE 3.0. I'm very new to it. We ha...more >>

I am trying the sample code that came with WSE 2.0. I deployed this web service to my test server UsernameSignCodeService. When I point the sample client to this webservice, the example stops working. I get the following exception: " at System.Web.Services.Protocols.SoapHttpClient...more >>

I've been sifting thru article after article looking for an answer to 1 question. I'm hoping someone can help me with this. Here's the problem. I have a website that I have enabled WSE 3.0 and have a policy set for. Now, this works great for all of the desktop app clients that connect to...more >>

I am getting this Error, we have a application which is there in the Server with Certificates, and it is working fine done by some one else. I am taking care of that app now, and i don;t have any info on how they installed etc. i am trying to put it in my machine for support etc, but cannot m...more >>

I identified most of the issues to at least get a signed and encrypted response back from the WSE 3.0 web service. My lastest issue seem to be the unsupported sections in the response (wse2.0 cannot handle this, since specific to WSE 3.0) - <KeyInfo> - <wsse:SecurityTokenReference> - <X5...more >>

Folks, I need some help if anyone has any ideas. Scenario ========================== In my case, the server App is an ASP.NET 2.0 Web Service on Windows 2003 using WSE 3.0 and Kerberos policy. The client will be a ASP.NET 2.0 Web site that will be located on either a Win 2000 or Win 2003 ma...more >>

Hi everbody, I wanna generate certificate X.509 in Win2003. Can you tell me the steps how to do it ? Thank You ...more >>

I have a web service which is using WSE 3.0. Within the web config I have authentication set to None and the service is set to Anonymous access in IIS. My reason for using WSE is so I can get some credentials for the user requesting the method. To do this they add a username token to the so...more >>

Hello, I need to secure a web service that is used by GPRS devices (so amount of data is important) running NET CF 2.0. My requirenment is that every client may be authenticated, and its identity cannot be spoofed. I also like that data downloaded from server is encrypted, but this is not in...more >>

I have 3 platforms that must talk. There's an IE browser client, an ASP.NET 2.0 web application and a WSE3-based web service, running in a 2nd ASP.NET2 web application. It's unclear whether the 2 ASP.NET web applications will be running on the same machine. The web service uses the Kerber...more >>

I'm the consumer of a 3rd party web service using WSE 2.0. Access to the WSDL is firewall restricted by IP. Only the test server has access, not the development server. I downloaded the WSDL and transferred it to the development server, now I need to create a proxy class. Can't seem to use t...more >>

The requirement is to build interoperable web services which should conform to WS-I Basic Profile 1.1 (This requirement came little late in the development life cycle). Some of the existing web services utilize Dataset as return type and input parameters. The web services by default contain...more >>

We are having an issue with wss4j client to WSE 3 web service using mutualCertificate10Security. We are seeing following message in input trace on the server. The signature or decryption was invalid... We tried same call from a .net client that worked fine, I have input trace for .net cl...more >>

I have just stumbled across this xml serializer attribute (in .NET 2 and .NET 1.1 rollup 8 KB872800) XmlSerializerAssemblyAttribute which allows you to specify an assembly that contains the serializer for the given web method so that you don't have to wait for the system to create one the f...more >>

Folks, Is there any way to change the action SOAP Header Action element on the client during processing? I'm using WSE 3.0 on client and server with Kerberos Policy. In my situation I have 5 web service methods (e.g.Method1, Method2, Method3, Method4, Method5) that basically do the same ...more >>

I have to say, since I started trying to work with WSE, my major activity seems to consist of reading msdn pages and googling for answers (sigh). Due to an apprehensive customer, at the last minute we have to switch over from usernameForCertificateSecurity to usernameOverTransportSecurity. ...more >>

Hello. Im in the process of learing WS, WSE etc. and i would need some help. I've sended a RST to my webservice and it returned a RSTR. And everything is correct so far. But now i need to verify the digital signature in the RSTR. I just dont have a clue how. Anyone able to push me in...more >>

Hi , I need to develop some feature of web service that can notify client - "Push" operation - and fast somebody know if it's possible , and how? When I say "Push" I mean - pure push :) , not mechanism of client checking for messages in interval... thanks ...more >>

Hi all, I've a really stupid problem. I've declared policy for my WS proxy in a policy file, referenced from app.config and added an attribute to my proxy class [Policy("MyPolicy")]. Everything looks to be pretty straight forward. But on a stage of proxy object creation I'm getting problem: ...more >>

kind regards to all. I'm faced against an implementation problem on which I need some guidelines and advice. my client has a Win2k3 domain with ActiveDirectory. I need to implement two parts of the solution: a) Web Service that will run on a computer in the client's domain with access to...more >>

Hi All, I need to Deserialize the SoapService's SoapEnvelope response object. Here is the Body of the SoapEnvelope received as respone, <q1:serviceResponse xmlns:q1="urn:CallSetup"><serviceReturn xsi:type="q1:response" xmlnssi="http://www.w3.org/2001/XMLSchema-instance">ok</serviceReturn></...more >>

Both WSE 2.0 and 3.0 support authentication from SOAP messages, so clients could access a web service with UsernameToken. For example: MyServiceWse.RequestSoapContext.Security.Tokens.Add (new UsernameToken ("Peter", "1234", PasswordOption.SendPlainText)); I am kind of confused: ...more >>

Has MS verified that UsernameForCertificateSecurity works with non-MS clients? We are trying to get message-level encryption to work between a WSS4J Java client and our WSE3-based Web Service. Previously, we've verified that our WSS4J client can use UsernameOverTransport security (i..e no ...more >>

I have a simple web service (Hello world at this stage) being called from an ASP.Net client using VB.Net. Both Web Service and Client are installed on the same development server - Win 2003 with IIS6 WSE 3.0 is applied to both and functions work at the base level. I am trying to add the Us...more >>

I'm developing a WSE 3.0 based Web Service that will use Kerberos utilizing the WSE 3.0 policy framework. Are there any special considerations etc that I will need to take to make this work on a Server Farm? For example in the client policy file I have the following line (got this from the sam...more >>

Our web services should conform to WS-I BP 1.1. In VS 2005, the WSI-BP 1.1 conformance is ensured by decorating the web services with WebServiceBinding attribute. This attribute is used by .NET to test the BP 1.1 conformance. If anyone of the rules is violated, the web service will throw excep...more >>

I have a custom security header that I have added to the Security.Elements collection in a Policy Assertion using WSE 3.0. After a lot of effort, I have managed to sign this element by giving it a WS-utility ID and then sign it using the following code: MessageSignature sig...more >>