WSE 2.0 SP2 went out on 3 December. You can download it here. The WSE 2.0 SP2 runtime is available here. Also Hands-On-Lab Security and Messaging are also updated and include examples in VB.NET. Hands-On-Lab are the first thing you should read before starting to implement anything with WSE. You can find them here. MSDN Library has a new page for WSE – Getting Started.

From the Readme file:

“A new compatibility mode attribute is introduced to select the wire format on the sending side. The mode attribute tells WSE runtime to generate a message compatible to a particular release of WSE. By default, the compatibility mode is set to WSE2RTM. It can be WSE2RTM, WSE2SP1 WSE2SP2 and so on. On the receiving end, a particular version of WSE runtime is able to accept all types of wire format in all its previous releases. In a request-response message exchange, a server generates a response message which is compatible with the request message. The server, by default, still uses the compatibility section to generate its response if it cannot determine the compatibility mode based on the request message.”

This is set with Compatibility node in web.config file. For example:

<microsoft.web.services2>

    <compatibility mode=”WSE2SP2″>

</microsoft.web.services2>

“A new implementation of the Kerberos token based on SSPI interfaces is included in this release. The new token is named KerberosToken2. Please see the reference conceptual documentation for more details on KerberosToken2 and differences between KerberosToken2 and KerberosToken.”

As far as I know with the new KerberosToken2 you will not need administrative privilege to authenticate the user with Kerberos token. I have not played with it though.

“For security reasons, it is strongly recommended to encrypt Username tokens, especially when they contain password information. The SecurityTokenServiceClient class now automatically encrypts any UsernameToken security tokens included in outgoing SOAP requests. Similarly, the SecurityTokenService class automatically encrypts any UsernameToken security tokens included in outgoing SOAP responses.”

An awaited one! Now you can create secure communication channel with the public key of the server only.

“WSE setting tool would always prompt users for confirmation when the Cancel button was clicked. Now it is fixed so that the tool will prompt user only when some changes are made by users.”

Pretty dull user interface problem 🙂