SCT in WSE2 and WS-SecureConversation 

If you get this error [1], while working on a WS-SecureConversation based application, consider the following:

  • Look at the timeout period for you SCTs, issued by the server-side service.
  • If this is all ok, then you're probably in my situation. Check if you enabled web garden support in your IIS's application pool. If so, go back to Performance tab in application pool's properties and enter 1 (one) as a 'Maximum number of worker processes'.

Things can get really rough in a state WSE2 is in if you create a web garden and use WS-SecureConversation at the same time.

A few weeks ago I was designing an architecture for a complex B2B secure communication channel and parts of it wanted to use some form of a web garden. Since I forgot to disable it, there were trouble.

The strangest thing I noticed when investigating this was that everything worked the first time after IIS restart happened - sure - a session is pinned to the first worker process, the second one just gets created.

Of course, there are workarounds regarding this, but they include some non-trivial WSE2 subclassing.

[1] Additional information: Microsoft.Web.Services2.Security.SecurityFault: The specified source for the derivation is unknown ---> System.Exception: WSE512: This derived key token's parent cannot be found. The reference to the parent token follows: <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="uuid:227d47ac-1b2b-45a5-92f0-d7d630aeda86" ValueType="http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct" /></wsse:SecurityTokenReference>.

Categories:  Web Services | Work
Tuesday, October 26, 2004 12:56:29 PM (Central Europe Standard Time, UTC+01:00)  #    Comments

 

 Google Did It Again 

In one of my previous posts I said it will take three years for Google experience to come to the desktop.

It's here now. The other company I dearly love did it. Experience it, it will change the way we think about fast local searching.

Categories:  Other | Personal
Friday, October 15, 2004 9:09:46 AM (Central Europe Standard Time, UTC+01:00)  #    Comments

 

Copyright © 2003-2014 , Matevž Gačnik
Recent Posts
RD / MVP
Feeds
RSS: Atom:
Archives
Categories
Blogroll
Legal

The opinions expressed herein are my own personal opinions and do not represent my company's view in any way.

My views often change.

This blog is just a collection of bytes.

Copyright © 2003-2014
Matevž Gačnik

Send mail to the author(s) E-mail