Microsoft released WSE Policy Advisor – a tool for checking policy correctness. It is called the FxCop tool for web services. Sample output from the report: Alarm: Test root certificates are allowed. Risk: Any usage of X.509 certificates for signing or encrypting is unsafe. An active attacker can generate valid test certificates, then for instance […]

Scott Densmore publishes a schedule for Enterprise Library Webcasts. If you are going to use it I would recommend subscribing to all of them (I did :)). The first one is on 03/03 so hurry. It will be a holiday in Bulgaria at this time, but you can always watch the recorded webcasts when they […]

David Chappell gives an overview of Indigo architecture and coexistence with today’s services. If you are already using web services and WSE this article should be a revolutionary one for you. This one stroked me though: “.NET Remoting: applications built on .NET Remoting will not interoperate with applications built on Indigo – their wire protocols […]

The long awaited Enterprise Library is out. You can download it from here. From the same page: The Enterprise Library Application Blocks Application blocks help to address the common problems that developers face from one project to the next. They are designed to encapsulate the Microsoft recommended best practices for .NET applications. They can be […]

The last two days I gave a session about .NET and COM Interoperability during the bi-monthly Software Architects and ISV Club meetings. It was quite interesting to present a session for two mostly different types of auditory. The first one were with senior management people that were not so excited about what new technologies can […]

Bill Stacey definitely kicks arses. In his article he explains how SCT (SecureContextToken) works and how it can be used without installing X509 certificates. He also provides sample code. I haven’t played with it yet, but it seems to be the missing piece in the WSE architecture that many developers have been looking for it […]

As Matt Powell points out, MTOM has become W3C Recommendation. We are all waiting to see its implementation in WSE 3.0.

William Stacey points out one major problem when using SendHashed and SendNone options. They are both vulnerable to dictionary attack. As he offers to present a solution using custom UsernameTokenManager and Crypto API, I would recommend that you implement SecureConversation and use option SendPlainText. This way your calls can be automatically authorized depending on their […]

WSE 2.0 SP2 went out on 3 December. You can download it here. The WSE 2.0 SP2 runtime is available here. Also Hands-On-Lab Security and Messaging are also updated and include examples in VB.NET. Hands-On-Lab are the first thing you should read before starting to implement anything with WSE. You can find them here. MSDN […]