WWSAPI to WCF interop 11: security binding templates

In my previous post on WsUtil, I explained how the generated helper functions can simplify the creation of WS_SERVICE_PROXY and WS_SERVICE_ENDPOINT. In both of these functions, the first parameter is a pointer to a same binding template. When no security is used in the binding, the template will be a simple wrapper of channel properties…

0

WWSAPI to WCF interop 10: WsUtil.exe, the silver bullet

In my previous post on interoperating with WCF BasicHttpBinding endpoint, I explained that you had to set the channel properties to match SOAP version and addressing version on the server side. Wouldn’t it be great if you don’t have to do all that? That’s one of the goal of building WsUtil.exe, the silver bullet for…

1

Common WWSAPI errors: addressing version mismatch

WWSAPI supports two WS-Addressing versions: the existing W3C recommendation version (1.0) and the older 2004/08 version (0.9). WS-Addressing defines a set of SOAP headers to describe the message recipient, targeted action and some other basic messaging information. When HTTP transport is used, WWSAPI also supports a mode that does not use WS-Addressing. This is called transport…

1

Common WWSAPI errors: SOAP version mismatch

There are two versions of SOAP supported by WWSAPI and most other web services stacks: SOAP 1.1 and SOAP 1.2. Although the basic message layout in the two SOAP versions is the same (Header and Body inside Envelope), there are three main differences: the namespace, the content type for HTTP binding and the SOAP fault layout. Since…

0

More on HTTP header authentication

My previous post on header authentication comparison between WWSAPI and WCF mentioned the impersonation level. Here is a bit more detail as people still seem to be caught by surprise due to this difference. I mentioned that WCF client could set the impersonation level, but I didn’t mention the default value. The default impersonation level…

1

WWSAPI to WCF interop 9: secure conversation bootstrapped by Kerberos AP-REQ token

In my post on WWSAPI federation support, I explained how to set up secure conversation on the WWSAPI client to work with a WCF server using WSFederationHttpBinding. In this post, I’ll show how to use secure conversation without federation. Secure conversation can be helpful in reducing the payload size. For example, when Kerberos AP-REQ token…

1

WWSAPI to WCF interop 8: invalid XML characters (part 2)

In part 1 of this topic, I explained that some Unicode characters would be rejected by WWSAPI’s XML reader and writer because they are not considered legal in XML spec. There is an XML reader property and an XML writer property to allow such characters. Unfortunately that won’t work in all cases and I’ll explain…

1

WWSAPI to WCF interop 8: invalid XML characters (part 1)

Although all Unicode characters can be carried in XML document, not all characters are considered legal according to XML 1.0 spec, the version used by SOAP and supported by WWSAPI. As you can see in the production copied below, ASCII characters under 32 except tab, carriage return and line feed are considered invalid. Char          ::=  …

2

403 Forbidden due to client certificate issue

Just when I thought I had seen all possible 403 Forbidden errors and could pinpoint the 403 issues without looking into traces, I found myself surprised by another 403 error. I was testing a WWSAPI client to WCF server interop scenario. Only this time the WCF server was hosted on IIS 7.0 on Windows Server…

2

WWSAPI to WCF Interop 7: HTTP header authentication (part 3) - used in BasicHttpBinding with transport credential only

In my previous post I explained how to do HTTP header authentication protected by SSL in WWSAPI. In this post, I’ll show how to do header authentication without SSL. In WCF, this mode is called TransportCredentialOnly and is only available in BasicHttpBinding. (Note that this mode is not secure as the SOAP envelope is sent…

0