Checking for ServiceSecurityContext

When authorizing a client, how do I tell the difference between a connection with anonymous security and a connection with no security? Anonymous security turns out to offer a surprising amount of protection even though you have no idea who the caller is. With anonymous message security, it’s still possible to authenticate the server using…

1

Better Proxy Clients

I was in a meeting last week with a few WCF users at Microsoft when they asked about performance issues creating client proxies. The first service pack for WCF, which ships at the same time as Orcas, includes some performance fixes for the most frequently seen issues, including the one they described. Wenlong Dong from…

0

Videos from MIX UK

Session videos from the UK version of the 2007 MIX conference are now available for download. Go to the session schedule page for the conference and choose to either watch or download videos for the sessions that are available. It looks like about two-thirds of the sessions on both day 1 and day 2 have…

0

Substituting for TryAccept

We’re back to the channel pump for another round. In the previous channel pump article we had introduced an asynchronous coroutine between the main channel pump loop and a callback on acquiring a channel throttle. This use of coroutines let us suspend the channel pump until a throttle was available without having to tie up…

1

No Session Before Sending

When you create a sessionful channel, that implies the existence of some correlation factor for all of the messages that are associated with the session. For example, the correlation factor for a TCP session is that all of the messages travel over the same TCP connection and the correlation factor for a WS-RM session is…

1

When Certificates are Required

I’m trying to use a username and password with message security but I’m being told that I need to have a certificate on the client or the server depending on the configuration. Is it possible to send username credentials without issuing a certificate? The reason a certificate is being specified here is because without an…

1

Extensibility

One of the frequently repeated phrases around SOA development is that SOA allows you to build composite applications that span heterogeneous environments. It’s tough to put a perspective on how heterogeneous an environment can be until you look at surveys of protocol usage in the enterprise. There must be several thousand different protocols used on…

1

SOA & Business Process Conference Next Week

Microsoft is hosting a conference on SOA and Business Processes here in Redmond next week running from October 29th to November 2nd. It looks like the final agenda is now available at the conference website for those of you that are attending and want to plan your days. I’ve already talked to a few people…

3

Best Practice for Channel Shapes

The hierarchy of channels derives from the single interface IChannel. By itself, IChannel is not particularly interesting because it doesn’t introduce any new methods for communication. Each channel shape, such as IInputChannel or IDuplexSessionChannel, has its own interface derived from IChannel that describes the capabilities and semantics of the channel. When you write a channel,…

1

Controlling HTTP Caching

Is HttpResponse.Cache the preferred way to control caching? HttpResponse is only available in ASP.NET compatibility mode. No, you don’t need ASP.NET compatibility mode to set cache headers. In fact, almost everything from HttpResponse can be done by attaching an HttpResponseMessageProperty to the outbound message. The largest difference is that HttpResponseMessageProperty makes you use a collection…

3