Archives
-
Web service security patterns released
The Patterns & Practices team has released the web service security patterns in the MSDN.
This guide provides excellent material about many security patterns and how they can be applied in different scenarios. For example, to authenticate a client or to validate a message as well. -
Interoperability between WSE 2.0 and WSE 3.0
This is probably one of the main concerns for people involved in the development of web services using WSE.
Unfortunately, WSE 3.0 was designed from the beginning to be compatible at wire level with Indigo and therefore it doesn't interoperate well with WSE 2.0.
To be clear, "Wire compatible" means equivalent messages.
I wrote this post to provide some necessary points to obtain interoperability between both versions. -
X509 Turn-Key Scenarios for WSE 3.0
If you got the chance to look into the WSE 3.0 code, maybe you noticed that it comes with two turn-key scenarios for X509 tokens, “CertificateMutualAuthenticationProfileAssertion” and “MutualCertficateAssertion” (This assertion adds some new features from WS 1.1).
Both scenarios are completely different, so I decided to write this post to describe how they work and how the keys are interchanged in each one.
First of all, I will give a brief description about a new class “EncryptedKeyToken” introduced in this version of WSE.
This introduction is really important since this token is used in many places for the assertions to encrypt messages. -
Binding an ADAM principal to Azman
As I mentioned in a previous post, I had a lot of problems last week trying to bind an ADAM principal to Azman.
I found a way to do that using the Azman PIA but unfortunately it is not supported by the Azman Role provider shipped within ASP.NET 2.0.
There are two available versions of Azman PIA, 1.0 and 1.2. The latest version was released within the W2k3 SP 1 and contains some improvements compared with the version 1.0.
The only way I found to bind an ADAM principal to Azman was through the user’s SID -
Problems with Azman and ADAM
Configuring both products to work together can be a nightmare.
I've spent almost three days trying to configure Azman and ADAM membership providers in a normal ASP.NET application, but I couldn't.
I wanted to use ADAM as user/group repository and Azman as authorization repository (to have fine grained access control and manage roles).
This article from MSDN has helped me a lot to configure both products, but it's a little tricky. It shows how to use ADAM as a repository for the Azman schema, but not as authentication server. Instead it uses a windows user to get the azman roles. -
Default algorithms in WSE 3.0
WSE 2.0 and 3.0, both provide AES128 + RSA 1.5 as default algorithms for symmetric encryption and key-wrap.
However, AES256 + RSA-OAEP are always recommended for these purposes, and Indigo will ship with that combination as default. -
SAML Preview for WSE 3.0
-
WS-I BSP Sample Application for WSE 3
The "WS-I Basic Security Profile Sample Application" preview for WSE 3.0 is out, you can get it in the GDN workspace.
This sample illustrates how to build secure and interoperable web services based in the specification WS-I Basic Profile 1.1.
When we started to develop this application, we faced some challenges, all of them related to the new policy framework shipped in WSE 3.0.
Some parts of the policies used by the previous version of this application weren't easy to migrate, so we had to develop some custom assertions.
In this post, I will give a brief description about the new WSE "Policy framework", and the custom assertion shipped in this preview. (CustomX509Assertion) -
Creating a Virtual Directory with ASP.NET 2.0 support
This script is helpful when you have different versions of the .NET framework running in your computer and you need to setup a virtual directory in IIS targeting one of them.
If you have the versions 1.1 and 2.0, when you create a virtual directory in IIS, it takes a version by default, usually 1.1. -
HTTP Endpoints in SQL Server 2005
SQL Server 2005 ( Codenamed "Yukon" ) provides a new interesting feature to execute stores procedures or Transact-SQL statements through web services published in the server, without need to use IIS.
This new feature exposes Http endpoints using the Http Api provided in Windows XP SP2 and Windows 2003.
These endpoints are published in a specific URI, and they listen for incoming soap requests, so they facilitate interoperability because any application, which talks soap, can communicate with SQL server without requiring additional sql libraries or MDAC. -
Writing managed custom actions in an easy way
In my last post, I talked about hosting the CRL within a native custom action.
This week I found an easier way to execute a managed custom action, it is based on a hack and not extra C++ code is required.
Actually, you can't write a C# custom action because the compiler doesn't allow you to create a __stdcall function to be
called from the outside.
Well, take a look to this article, it shows how to overcome that problem. -
Hosting the CLR within a custom action
Today, in order to develop a custom action for a Window Installer setup, you can choose between two options:
-
Installing a SQL database with WIX
I like to share a sample about how to install a Sql database using a custom action shipped within WIX, it is an easy task and it can be useful in many scenarios.
Let's take a look to this source file "sql.wxs":