MSDN Event in Baton Rouge - 6/14

Hello Baton Rouge homies,

#1 -

The little “add” security token to the RequestSoapContext was bugging the freakin’ life out of me. And something about trying to debug a problem in front of a live audience –  it just don’t work. So, here’s what was going on :

Problem Description :

After instantiating the webservice that had been WSE enabled, we tried to insert a UserNameToken in to the request soap context by using the “RequestSoapContext.Security.Tokens.Add” method. That way the windows forms client we were using to consume the webservice would send the UserNameToken with the request context every time a certain button was clicked. The token had been created by simply extracting 2 textbox field values from the form.

The way I had my code structured, I was instantiating the webservice ONCE. And then on every button-click, I added a security token on to the request context. So, if I were to enter a bad uname and pword the first time round, click on the button which calls the webservice, then, that token was added to the request context, and stayed there. The next time, if I were to add the correct uname and pword (and, yes, click the button which calls the webservice), then that would be the second token added on to the context. We saw this bug in the code in 2 different ways –

  1. by looking at the inbound and outbound messages in the trace log (right click on project name in Solution Explorer, WSE Settings 2.0, Diagnostics tab, Enable Message Trace)
  2. by attaching to the running webservice and setting a breakpoint in the AuthenticateToken - we noticed that AuthenticateToken was being called as many times as there were tokens in the request soap context.

2 ways to tackle this :

Solution 1 :

We could use the “RequestSoapContext.Security.Tokens.Clear” method to clear the existing tokens before we add any others. (the code in italics is what is different between what we saw yesterday)

    Dim tiws As New tiws.Service1Wse

    Private Sub ConfigureProxy()
Dim token As UsernameToken = New UsernameToken(txtUser.text, txtPassword.text, PasswordOption.SendPlainText)
        tiws.RequestSoapContext.Security.Tokens.Clear()
tiws.RequestSoapContext.Security.Tokens.Add(token)
End Sub

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Try
ConfigureProxy()
tiws.Url = System.Configuration.ConfigurationSettings.AppSettings("URL")
Dim ti As tiws.TaskInfo
ti = tiws.TaskInfoFromTaskID(TextBox1.Text)

            'Show output
Catch exp As Exception
MessageBox.Show(exp.ToString)
End Try
End Sub

Solution 2 :

We could instantiate the webservice on every button-click. That way we’re working off a clean slate every single time. (again, look for the italics)

    Dim tiws As tiws.Service1Wse

    Private Sub ConfigureProxy()
Dim token As UsernameToken = New UsernameToken(txtUser.text, txtPassword.text, PasswordOption.SendPlainText)
tiws.RequestSoapContext.Security.Tokens.Add(token)
End Sub

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Try
tiws = New tiws.Service1Wse
ConfigureProxy()
tiws.Url = System.Configuration.ConfigurationSettings.AppSettings("URL")
Dim ti As tiws.TaskInfo
ti = tiws.TaskInfoFromTaskID(TextBox1.Text)

            'Show output
Catch exp As Exception
MessageBox.Show(exp.ToString)
End Try
End Sub

#2 -

Someone had a question about how ClickOnce does its downloads :

https://www.windowsforms.net/FAQs/default.aspx?PageID=2&ItemID=45&CategoryID=24&tabindex=2

Any other questions? You know what to do.

“AI”