Interoperating with WSE
This sample demonstrates how interoperability can be achieved between a Web Service Enhancements (WSE) 3.0 service and a Windows Communication Foundation (WCF) client or service.
Note
The WCF samples may already be installed on your machine. Check for the following (default) directory before continuing.
<InstallDrive>:\Samples\WCFWFCardspace If this directory does not exist, click the download sample link at the top of this page. Note that this downloads and installs all of the WF, WCF, and CardSpace samples. The sample is located in the following directory. <InstallDrive>:\Samples\WCFWFCardSpace\WCF\Basic\Client\Interop\WSEThe sample implements a custom binding called WseHttpBinding. This binding enables you to use a WSE 3.0 policy file to configure a WCF client or service, and achieve interoperability with WSE 3.0. WseHttpBinding does this by providing a mapping from the WSE 3.0 properties in the policy file to the properties in the WCF bindings. You can consider the WseHttpBinding to be similar to a standard binding because it provides a constrained view over the properties of other bindings in the stack, most notably the SecurityBindingElement.
The sample is divided into two parts. The first part demonstrates using the WseHttpBinding to call from a WCF client to a WCF self-hosted service. The second part requires that the WSE 3.0 SDK to be installed.
Using the WseHttpBinding between a WCF Client and Service
On the client, the CallWcfService
method creates an instance of the WseHttpBinding and sets the properties for the client's security requirements.
static void Main(string[] args)
{
CallWcfService();
...
}
These requirements must match the values set inside the Main
function of the service, as shown in the following code.
//Create a ServiceHost for the CalculatorService type.
using (ServiceHost serviceHost = new ServiceHost(typeof(CalculatorService)))
{
//Create and configure the WseHttpBinding.
WseHttpBinding binding = new WseHttpBinding();
binding.SecurityAssertion = WseSecurityAssertion.AnonymousForCertificate;
binding.EstablishSecurityContext = true;
binding.RequireDerivedKeys = true;
binding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt;
serviceHost.AddServiceEndpoint(typeof(ICalculator), binding, "");
ServiceCredentials creds = new ServiceCredentials();
creds.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "localhost");
serviceHost.Description.Behaviors.Add(creds);
serviceHost.Open();
...
}
To set up, build, and run the sample
Be sure you have performed the One-Time Set Up Procedure for the Windows Communication Foundation Samples.
To build the C# solution, follow the instructions in Building the Windows Communication Foundation Samples.
To run the sample in a single-machine configuration, follow the instructions in Running the Windows Communication Foundation Samples.
The service in this sample is self-hosted. Therefore, make sure that you have run the Service.exe file in the /service/bin directory before running the client.
Using the WseHttpBinding to communicate with WSE 3.0 services
The client in this project can also be used to communicate with the Quickstart samples in the WSE 3.0 SDK.
Once you have installed the WSE 3.0 SDK, you can use the Svcutil.exe tool to generate a client that can be used to communicate with a WSE 3.0 service after the service has been built. The following example shows how to do this with the WSE 3.0 service running on the local machine.
svcutil.exe /out:wseproxy.cs /n:"http://Microsoft.ServiceModel.Samples,Microsoft.ServiceModel.Samples" https://localhost/WSSecurityAnonymousPolicy/WSSecurityAnonymousService.asmx
The Wseproxy.cs file is included in this project. The generated proxy class name is WSSecurityAnonymousServiceSoapProxy
and is supplied with a WseHttpBinding that has either been configured with properties in the code or using a WSE 3.0 policy file loaded from the Wse3PolicyCache.config configuration file. A Wse3PolicyCache.config configuration file is also included in this project.
Once the WSE 3.0 WSSecurityAnonymous sample has been successfully built, a stock quote is returned securely from the WSE 3.0 service when the client is run.
The setup instructions for WSE 3.0 are detailed at the end of this topic.
On the client, comment out the call to the CallWcfService
and uncomment the code to CallWseService
. Passing in true or false determines whether a policy file is used to configure the WseHttpBinding by calling the LoadPolicy(String filename, String policyName)
method, which uses an XmlReader to parse the WSE 3.0 policy file.
Note
If you have WSE 3.0 installed on the client instead of using an XmlReader to load a policy file you can modify the code to use the WSE 3.0 Microsoft.Web.Services3.Design.Policies class to load the policy. The benefit of this is that the Microsoft.Web.Services3.Design.Policies class can parse all valid forms of WSE 3.0 policy files and then supply this to the WseHttpBinding. With the code using the XmlReader type only a limited set of policy files can be parsed.
To set up, build, and run the sample with WSE 3.0
Install the WSE 3.0 product from Web Services Enhancements (WSE) 3.0 for Microsoft .NET.
Read the WSE 3.0 Quickstart sample guide on how to configure and setup the WSE samples. This is required to both install the correct X.509 certificates and to create a virtual directory to host the Web service in Internet Information Services (IIS). Specifically run the Setup.bat file in the default install directory C:\Program Files\Microsoft WSE\v3.0\Samples.
Build the WSE 3.0 Quickstart policy sample WSSecurityAnonymous, which is installed by default in the following directory (Note: There is a code only version of WSSecurityAnonymous that also works if you want to use this instead. If you want to use the code only version, you must change URL of the service on the client to https://localhost/WSSecurityAnonymousCode/WSSecurityAnonymousService.asmx).
This WSE 3.0 project C:\Program Files\Microsoft WSE\v3.0\Samples\CS\QuickStart\Security\WSSecurityAnonymous\Policy.
The WCF client in this interoperating sample has been designed to interoperate with this WSE 3.0 Quickstart sample.
In the
Main
function in the Client.cs file, uncomment the calls to theCallWseService
method. You may also want to comment out the call to theCallWcfService
to prevent it from calling the WCF service.To build the C# solution, follow the instructions in Building the Windows Communication Foundation Samples.
To run the sample in a single-machine configuration, follow the instructions in Running the Windows Communication Foundation Samples.
To set up, build, and run the sample with WSE 3.0 across machines
First set up a WSE 3.0 service. Install the WSE 3.0 product on the remote machine from Web Services Enhancements (WSE) 3.0 for Microsoft .NET.
Read the WSE 3.0 Quickstart sample guide on how to configure and setup the WSE samples. This is required to both install the correct X.509 certificates and to create a virtual directory to host the Web service in Internet Information Services (IIS). Specifically run the Setup.bat file in the default install directory C:\Program Files\Microsoft WSE\v3.0\Samples.
Build the WSE 3.0 Quickstart policy sample WSSecurityAnonymous, which is installed by default in the following directory.
Note
There is a code only version of WSSecurityAnonymous that also works if you want to use this instead.
This is the WSE 3.0 project: C:\Program Files\Microsoft WSE\v3.0\Samples\CS\QuickStart\Security\WSSecurityAnonymous\Policy
Having set up the server we are not going to set up the WCF client on another machine. Using the MMC tool, export the WSE2QuickStartServer certificate that can be found in the LocalMachine/Personal certificate store where you installed WSE 3.0, to a file using the All Tasks->Export option from the context menu. You do not need to export the private key, only the public key to create a .CER file. See the readme.htm file in the WSE 3.0 C:\Program Files\Microsoft WSE\v3.0\Samples directory for details on how to use the MMC certificate management snap-in to view certificates in a certificate store.
Copy the .CER file from the server machine to the client machine and import the public certificate into the CurrentUser/Trusted People certificate store. See the readme.htm file in the WSE 3.0 C:\Program Files\Microsoft WSE\v3.0\Samples directory for details on how to use the MMC certificate management snap-in.
Note
When running the WSE 3.0 setup.bat file it copies the WSE2QuickStartServer server certificate from one certificate store to another for you).
To run the sample in cross-machine configuration, follow the instructions in Running the Windows Communication Foundation Samples for the WCF client and configure the client to use the address of the WSE 3.0 service instead of localhost. For example, on a machine called "mymachine" the address is the following by default: http://mymachine/WSSecurityAnonymousPolicy/WSSecurityAnonymousService.asmx
In the
Main
function in the Client.cs file, uncomment the calls to theCallWseService
method. You may also want to comment out the call to theCallWcfService
to prevent it from calling the WCF service.To build the C# solution, follow the instructions in Building the Windows Communication Foundation Samples.
Run the client.
To clean up after running the sample
- To remove the certificates from the client or the server use the MMC tool. Alternatively on the server you can run the Cleanup.bat file in the directory C:\Program Files\Microsoft WSE\v3.0\Samples directory.
© 2007 Microsoft Corporation. All rights reserved.