Archives

Archives / 2006 / May
  • Project Tango

    Sun Project Tango is now a reality. This is the first technology suite specifically oriented to WCF and Java interoperability. Congratulations to the team

    Read more...

  • CodePlex

    CodePlex is online now and available in a beta version. Those guys are coming up with a ton of ideas to enhance the .NET communities and open source projects. Great stuff!!

    Read more...

  • Invoking WCF services from BizTalk Server using the WSE 3.0 adapter

    One of the main purposes of the Web Services Enhancements (WSE) 3.0 project was to provide a high degree of interoperability with Windows Communication Foundation (WCF).   Both WSE and WCF services can be designed to be compliant with the WS-I profiles to guarantees interoperability. The Turnkey Security Assertions in WSE 3.0 can be mapped directly to WCF bindings.

    The WSE 3.0 adapter for BizTalk Server 2006 allows invoking WCF services from BizTalk orchestrations as well as exposing BizTalk orchestrations as WSE 3.0 services that can be consumed by WCF clients.

    The following example illustrates how to invoke a WCF service from BizTalk Server using the AnonymousOverCertificate Turnkey Security Scenario.

     

    The WCF service we created in our demo exposes a “very complex” Echo operation as we show in the following code:

    [MessageContract()]

              public class HelloWorldRequest

              {

                        [MessageBody(Name = "Message")]

                        public string Message;

              }

     

              [MessageContract()]

              public class HelloWorldResponse

              {

                        [MessageBody(Name = "ReturnValue")]

                        public string ReturnValue;

              }

                                 

              [ServiceContract()]

              interface IHelloWorld

              {

                        [OperationContract(Action="HelloWorldRequest", ReplyAction="HelloWorldResponse")]

                        HelloWorldResponse HelloWorld(HelloWorldRequest message);

              }

     

                    

              class HelloWorldService : IHelloWorld

              {

     

                        public HelloWorldResponse HelloWorld(HelloWorldRequest request)

                      {

                                  HelloWorldResponse response = new HelloWorldResponse();

                                  Console.WriteLine("Message received: " + request.Message);

                                  response.ReturnValue = "Hello: " + request.Message;

     

                                  return response;

                     }

               }

     

    The binding for this service specifies a UserNameOverCertificate Turnkey Security Scenario.

    <?xml version="1.0" encoding="utf-8" ?>

    <configuration>

                 

                  <system.serviceModel>

                 

                                  <services>

                                                <service

                                                                behaviorConfiguration="ServiceBehavior"

                                                                name="Service.HelloWorldService">

                                                                <endpoint binding="customBinding" address=""

                                                                              bindingConfiguration="ServiceBinding"

                                                                              contract="Service.IHelloWorld"></endpoint>

                                                </service>

     

     

                                  </services>

     

                                  <bindings>

                                                <customBinding>

                                                                <binding name="ServiceBinding">

                                                                              <security authenticationMode="AnonymousForCertificate" messageProtectionOrder="SignBeforeEncrypt"

                                                                                            messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005

    WSSecurityPolicy11BasicSecurityProfile10"

                                                                                              requireDerivedKeys="false">

                                                                              </security>

                                                                              <textMessageEncoding messageVersion ="Soap11WSAddressingAugust2004"></textMessageEncoding>

                                                                              <httpTransport/>

                                                                </binding>

                                                </customBinding>

     

                                  </bindings>

                                  <behaviors>

                                                <behavior name="ServiceBehavior" returnUnknownExceptionsAsFaults="true">

                                                                <serviceCredentials>

                                                                              <serviceCertificate findValue="CN=tc2003s" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/>

                                                                </serviceCredentials>

                                                </behavior>

                                  </behaviors>

                  </system.serviceModel>

    </configuration>

     

    The following figure shows a “complex” BizTalk Server Orchestration that interacts with the WSE service using the WSE 3.0 Adapter.

     

     

    Figure 1: BizTalk Orchestration view.

     

    The WSPort physical port configured manually in BizTalk Explorer looks like the following:

     

    Figure 2: WSE 3.0 Send Port view.

     

    As we can see these port is using the wcfPolicy which is configured in the Policy configuration file of the WSE 3.0 adapter.

    <policy name="wcfPolicy">

              <anonymousForCertificateSecurity establishSecurityContext="false" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false" ttlInSeconds="300">

                  <serviceToken>

                        <x509 storeLocation="LocalMachine" storeName="AddressBook" findValue="CN=testcert" findType="FindBySubjectDistinguishedName" />

                  </serviceToken>

                  <protection>

                        <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />

                        <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />

                        <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />

                  </protection>

              </anonymousForCertificateSecurity>

              <requireActionHeader />

        </policy>

     

    When the WSE 3.0 Transmit Adapter interacts with the WCF service the messages are fully encrypted and signed using the specified certificate. The following figures show the SOAP Request and Response messages produced using the WSE 3.0 Adapter:

    <soap:Envelope xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

        <soap:Header>

              <wsa:Action wsu:Id="Id-cb05a03b-a87b-46eb-a946-75736cd84cd5">HelloWorldRequest</wsa:Action>

     

              [WS-Security headers would fill this area...]

     

        </soap:Header>

        <soap:Body wsu:Id="Id-3e390b1f-543f-4749-bb31-0b8cd5baf869">

            <xenc:EncryptedData Id="Enc-a9b4c55b-31ca-4c06-aa4a-a1e6b8078b2d" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

                  <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

                 <xenc:CipherData>

                      <xenc:CipherValue>2dJ1qVHoJLUD9CgbGKSFkk/ArV6ak+NhoEYUli46sD6BErRwvCfmqAW8XYyhT4EEiE7A2

    bDlEzNykkcFDqsQ/LipSymCEfpIqXH+by0HMluhPSlFPKBqATBh1cMVKAV3</xenc:CipherValue>

                 </xenc:CipherData>

            </xenc:EncryptedData>

       </soap:Body>

    </soap:Envelope>

    Figure 3: Soap Request message sent using the WSE 3.0 Adapter.

     

    ......

    <s:Body u:Id="_1">

          <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#">

              <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />

               <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

                     <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">

                        <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">y8wAV8kV/KKascPxdSy3uFDyQX8=</o:KeyIdentifier>

                  </o:SecurityTokenReference>

              </KeyInfo>

               <e:CipherData>

                  <e:CipherValue>WsKcpTFyGqWzHbl/bKcH/QkmudOnEqXOyfvBRtrNRpcu64n8PdruHoWrjn

    PphUxo01nzoGNWzrDgaQkdUqhXshG5B8xvEg0xrXFD0Co8UfEXEdX1SkZtzVQMoGUg7cWD</e:CipherValue>

              </e:CipherData>

       </e:EncryptedData>

    </s:Body>

    ......

    Figure 4: Soap Response received from the WCF service using the WSE 3.0 Adapter.

    Where are we?

    The WSE 3.0 Adapter in its current version provides the features to allow BizTalk Server applications to interact with WCF services. Using the WSE 3.0 adapter you can invoke WCF services that are WSE interoperable or expose BizTalk Server Orchestrations as WSE 3.0 Web Services that can be invoked from WCF clients. Using the WSE 3.0 Adapter developers can build BizTalk applications that in the future will interact with the upcoming WCF adapter.

     

    The source code of this sample will be uploaded to AdapterWorx in the following days.

     

    Read more...

  • WSE 3.0 adapter

    Tomorrow at 4 pm (EST), I’ll be presenting the WSE 3.0 adapter for BizTalk Server 2006 in a WebCast with some special guests from the WSE team. Yeap, you got it, Mark Fussell (Lead Program Manager for WSE) will be joining me and Javier Mariscal in this presentation to talk about WSE, Security, BizTalk, etc….

    We’ve prepared a series of demos that illustrate some of the adapter’s main features:

     

    • Exposing an orchestration as a WSE Web Service.
    • Adding WSE Policies in BizTalk project.
    • Interacting with WSE Web Services using WS-Security, WS-SecureConversation, and WS-Trust.
    • Interacting with WSE Web Services using MTOM
    • Invoking WCF services using the WSE 3.0 adapter
    • Invoking WSE Web Services using non-HTTP transports.
    • Exposing BizTalk Orchestration as WSE Web Services hosted outside IIS.
    • Overviews of some interesting concepts around the WS-* protocols

    The details for the WebCast are:

    URL:  https://www.livemeeting.com/cc/microsoft/join?id=BTSBAG&role=attend&pw=35DKTQ
    Meeting ID: 
    BTSBAG
    Meeting Password:  35DKTQ

     

    Hope to see you there…

    Read more...

  • Web Service backward compatibility

    Web Services versioning it’s always an interesting challenge. Check out this article from some IBM Architects that explore some of the recommendations to guaranteed backward compatibility in Web Services. I agree with almost everything there, except that in my opinion XSD versioning in much more complex that just adding optional elements or type.

    Read more...