UsernameToken Profile vs. WCF

The WS-Security UsernameToken Profile 1.0 defines how the username and password can be encapsulated into a security token. The profile defines two different ways to transmit the password (or password equivalent): ·         wsse:PasswordText: the password is sent in clear-text ·         wsse:PasswordDigest: a digest derived from the password is sent As documented on MSDN, only the…

5

Override AtlThrow with care

ATL allows you to replace its stock routine, AtlThrow, for communicating an error back to the caller using exceptions. This is documented on MSDN here: http://msdn.microsoft.com/en-us/library/z325eyx0.aspx. Most of the time, when ATL encounters an error and you overrode AtlThrow with a custom implementation, the latter will be called (as expected). However, a customer reported that…

0

WIF on Windows Server 2003

I was setting up Windows Identity Foundation (WIF, formerly known as Geneva) on Windows Server 2003 to reproduce a customer’s problem. However, I got the following exception, even when trying one of the WIF SDK samples: CryptographicException – Object identifier (OID) is unknown System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid) +0   System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid) +37   System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str) +61   System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[]…

0

Garbage collection vs. expression evaluation

A few months ago, a customer contacted us with a problem that seemed to be related to WCF. As it turned out, its roots were deep within the CLR… The error was indeed thrown by WCF: it was a System.ServiceModel.CommunicationObjectAbortedException: “The communication object, System.ServiceModel.Channels.HttpChannelFactory+HttpRequestChannel, cannot be used for communication because it has been Aborted.” There…

0

Service metadata: size does matter

Web services use standards like WSDL and WS-Policy to describe themselves in an interoperable format. When you use WCF to implement your web service, generating the metadata is fortunately not your job (assuming you haven’t defined any custom binding elements). However, if you have a service that exposes many endpoints or operations (or both), than…

0

Tool of the month: Microsoft Service Trace Viewer

I was quite busy during the last two months, but today I’m back with a new post. If you use WCF, you’ve probably already come across this tool, which is mostly marketed as WCF’s troubleshooting companion. However, it’s actually a very useful utility for general .NET troubleshooting. Note that this post does not aim to…

0