RSS 2.0 | Atom 1.0 | CDF

Search

Categories

 
 
 
 
 
 
 
 
 

Archive

January, 2012 (2)
December, 2011 (1)
October, 2011 (1)
January, 2011 (1)
September, 2010 (1)
June, 2010 (2)
May, 2010 (1)
September, 2009 (1)
April, 2009 (1)
March, 2009 (1)
February, 2009 (2)
January, 2009 (1)
December, 2008 (2)
October, 2008 (2)
September, 2008 (1)
August, 2008 (1)
July, 2008 (1)
May, 2008 (2)
April, 2008 (2)
March, 2008 (2)
January, 2008 (4)
December, 2007 (1)
November, 2007 (4)
October, 2007 (3)
September, 2007 (3)
August, 2007 (3)
July, 2007 (5)
June, 2007 (1)
May, 2007 (5)
April, 2007 (4)
March, 2007 (3)
February, 2007 (4)
January, 2007 (3)
December, 2006 (1)
November, 2006 (1)
October, 2006 (3)
September, 2006 (3)
August, 2006 (6)
July, 2006 (2)
April, 2006 (2)
March, 2006 (2)
February, 2006 (4)
January, 2006 (9)
December, 2005 (10)
November, 2005 (3)
October, 2005 (1)
September, 2005 (4)
August, 2005 (6)
June, 2005 (2)
May, 2005 (3)
April, 2005 (3)
March, 2005 (5)
February, 2005 (2)
January, 2005 (3)
December, 2004 (3)
November, 2004 (5)
October, 2004 (3)
September, 2004 (3)
July, 2004 (5)
June, 2004 (3)
May, 2004 (2)
April, 2004 (3)
March, 2004 (7)

Blogroll

Sign In

# Friday, November 16, 2007
Running WSE 2 and 3 side by side
Friday, November 16, 2007 12:16:50 PM (GMT Standard Time, UTC+00:00) ( .Net General | .Net Windows Forms | Asp.Net )

Note: this doesn't really work..

i'm just leaving it here for interest.  the approach will work for the first invocation of either v2 or v3 client, but after a v2 client has used the web service, any v3 clients will fail.  MS told me this is not supported because of the 2 soapExtensions interfere with each other in the pipeline etc

My asp.net CMS has some winforms clients running WSE2, and i'm doing an upgrade to the client (and server) to use WSE3, but i want to support both versions.  Both WSE2 and WSE3 clients are using a CustomUsernameTokenManager.  it was a bit tricky to work out, but here is what i ended up doing. thanks to brian o'keefe for his newsgroup post for most of the answer.  Your exact config might vary but hopefully it will save you some of the hassle of working all this out.
  • Leave the existing web service in place, e.g. Service_WSE2.asmx
  • Create a new web service for the WSE3 client, essentially copy/paste the ASMX file, e.g. Service_WSE3.asmx
  • Create a new CustomUsernameTokenManager for the WSE3 service which inherits from Microsoft.Web.Services3.Security.Tokens.UsernameTokenManager.  In my case it was as easy as copy/paste from the WSE2 token manager and change all the WSE2 namespaces to WSE3.
  • then in web.config, make sure both WSE config sections are listed:
    <configuration>
    	<configSections>
    		<section name="microsoft.web.services3" type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration, Microsoft.Web.Services3,Version=3.0.0.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    		<section name="microsoft.web.services2" type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    	</configSections>

  • add in references to both the assemblies for the compilation section (not 100% sure if this is necessary, but at least it means the app will not compile on the production server if you forget to deploy either of the WSE assemblies, instead of waiting till one of your clients connects).

    	<compilation defaultLanguage="c#" debug="true">
    		<assemblies>
    			<add assembly="Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
    			<add assembly="Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>

  • remove the <webServices> section from <system.web>, because each web service should be configured by location, not global as this interferes.

    	<location path="Service_WSE2.asmx">
    		<system.web>
    			<webServices>
    				<soapExtensionTypes>
    					<add type="Microsoft.Web.Services2.WebServicesExtension, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" priority="1" group="0" />
    				</soapExtensionTypes>				
    			</webServices>
    		</system.web>
    	</location>
    	
    	<location path="Service_WSE3.asmx">
    		<system.web>
    			<webServices>
    				<soapExtensionTypes>
    					<clear/>
    				</soapExtensionTypes>
    				<soapServerProtocolFactory type="Microsoft.Web.Services3.WseProtocolFactory, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    				<soapExtensionImporterTypes>
    					<add type="Microsoft.Web.Services3.Description.WseExtensionImporter, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
    				</soapExtensionImporterTypes>				
    			</webServices>
    		</system.web>
    	</location>
  • my webservice policy are defined in policyCache.config files, so the following web.config sections point each version of WSE to the right file:
    	<microsoft.web.services3>
    		<policy fileName="policyCache_WSE3.config"/>
    		<security>
    			<securityTokenManager>
    				<add type="Whatever.CustomUsernameTokenManager3" namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" localName="UsernameToken"/>
    			</securityTokenManager>
    		</security>
    	</microsoft.web.services3>
    	<microsoft.web.services2>
    		<messaging>
    			<maxRequestLength>10000</maxRequestLength>
    		</messaging>
    		<security>
    			<securityTokenManager type="Whatever.CustomUsernameTokenManager2, MyAssemblyName" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    				qname="wsse:UsernameToken" />
    			<defaultTtlInSeconds>86400</defaultTtlInSeconds>
    			<timeToleranceInSeconds>86400</timeToleranceInSeconds>
    		</security>
    		<policy>
    			<cache name="policyCache_WSE2.config" />
    		</policy>
    	</microsoft.web.services2>
  • and lastly, the policy cache files themselves:
    WSE 3 version
    <?xml version="1.0"?>
    <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
    	<extensions>
    		<extension name="usernameOverTransportSecurity" type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    		<extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    	</extensions>
    	<policy name="usernameTokenSecurity">		
    		<usernameOverTransportSecurity />
    		<requireActionHeader />
    	</policy>
    </policies>
  • WSE 2 version
    <?xml version="1.0"?>
    <policyDocument xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns="http://schemas.microsoft.com/wse/2003/06/Policy">
    	<mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy">

    		<endpoint uri="http://localhost/Service_WSE2.asmx">
    			<defaultOperation>
    				<request policy="#username-token-signed" />
    				<response policy="" />
    				<fault policy="" />
    			</defaultOperation>
    		</endpoint>

    		<defaultEndpoint>
    			<defaultOperation>
    				<request policy="" />
    				<response policy="" />
    				<fault policy="" />
    			</defaultOperation>
    		</defaultEndpoint>

    	</mappings>
    	<policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    		<wsp:Policy wsu:Id="username-token-signed" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext">
    			<wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">
    				wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wse:Timestamp()
    			</wsp:MessagePredicate>
    			<wssp:Integrity wsp:Usage="wsp:Required">
    				<wssp:TokenInfo>
    					<SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">
    						<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken</wssp:TokenType>
    						<wssp:Claims>
    							<wssp:UsePassword wsp:Usage="wsp:Required" />
    						</wssp:Claims>
    					</SecurityToken>
    				</wssp:TokenInfo>
    				<wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">
    					wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To)  wse:Timestamp()
    				</wssp:MessageParts>
    			</wssp:Integrity>
    		</wsp:Policy>
    	</policies>
    </policyDocument>

Comments [1] | | # 
Monday, August 02, 2010 7:04:55 PM (GMT Daylight Time, UTC+01:00)
Ha ha, thanks for referencing my solution that didn't work. I found the same thing about it breaking the WSE2 items later on and I forgot all about the Google Groups post.
Brian O'Keefe
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):
Live Comment Preview