WSE 2.0: Setting a Bad Example

Today, while working on a uber cool blog tool that I will be talking more about shortly, I needed to utilize WSE 2.0 for authentication. WSE 2.0 authentication is fairly straightforward (though not a walk in the park if you haven't done it before). However, unlike WSE 1.0, WSE 2.0 goes ahead and automatically authenticates your users using Windows auth unless you specify otherwise. Changing this behavior is just a matter of implementing your own UsernameTokenManager class and updating your web.config files. This, of course, is all very brain dead stuff if you have an example or some good docs to walk you through the process. However, the official MSDN examples and all the other guys writing WSE code seem to have been working with another version of WSE, because their examples don't do jack as they are written. It took me a while to figure out why the hell their code was malfunctioning, but finally, with the help of the WSE 2.0 tracing utility, I determined the root of the problem: the wsse namespace used by the UsernameToken class has been changed to match the OASIS specs and is not the one listed in all the damn examples! So, if you are thinking about using WSE 2.0 with some custom authentication, keep in mind that you will need to use this namespace if you are passing UsernameToken credentials:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd

1 Comment

  • Sir I totally agree with ya

    I was facing the same problem until i read ur article.

    I changed the url and everything started workin.



    Thanx

Comments have been disabled for this content.