WSE 3.0 Released on MSDN

Having spent the last few months getting WSE 3.0 built, it is now live on MSDN here. This includes new Messaging and Security Hands on Labs (HOLs) to get you started on the new features. Next week there will be a WSE 3.0 overview article on MSDN

To provide feedback and suggestions on this WSE 3.0 release use the MSDN Product Feedback Center using the WSE product category.

To get support and ask questions on WSE 3.0 use the MSDN Web Services Forum

For those of you who are at TechEd 2005 next week I will be camped out at CSI cabana so come and find me and give me feedback on on WSE.


New Features for Version 3.0

  • The introduction of Turnkey Security Scenarios that provide high level security building blocks that enable you to secure messaging patterns (such as request/response) rather than having to consider how to secure the request and response independently. These Turnkey Security Scenarios, otherwise known as security assertions, are best practices when securing end to end messages.
  • Improved Policy Framework
  • The Policy format has been simplified to reflect the Turnkey Security Scenarios. Policy still allows configuration-based declaration of security requirements for incoming and outgoing SOAP messages, but now concentrates on where to get the security tokens from based upon the chosen security assertion.
  • CLR attribute based programming. Policy files can now be associated with a client proxy or a service via a Policy attribute i.e. [Policy("ServerPolicy")]
  • Imperative and declarative programming models for policy have been aligned to provide uniform programming abstractions. In WSE 2.0 there was no correlation between the code written to secure a message exchange and declarative policy files. In WSE 3.0 through the use of the CLR Policy attribute and the SetPolicy method on WSE generated client proxies (via Visual Studio's Add Web Reference) policy files can now be used in code to secure a client or a service.
  • Policy also allows significant extensibility mechanisms for user-defined policies in code. By extending the Microsoft.Web.Services3.Design.PolicyAssertion class to create your own policy assertion, custom transformations of the SoapEnvelope can be performed at any stage in the pipeline. For example this enables you to define a logging assertion or have a policy assertion that enforces specified XML schemas for message validation. The same assertion can then be used in the declarative policy file.
  • An updated Security Settings Wizard that helps secure an application by generating a policy. The Security Settings Wizard also now reflects the Turnkey Security Scenarios when securing an application and walks you through the best choice of Policy assertion based upon your chosen security deployment.
  • ASP.NET Web services, otherwise known as ASMX Web services, can now be hosted outside of IIS, for example in console applications or NT services and called with the TCP/IP protocol. The existing lightweight, message-oriented, SOAP programming model SoapSender/ SoapReceiver classes remain.
  • Support for the W3C MTOM Recommendation to enable large amounts of binary data to be sent efficiently and securely.
  • Improved session management when using WS-SecureConversation and Security Context Tokens (SCTs). SCTs can now contain the original client authentication token when sent from the client to the service, which enable sessions to be re-established if lost e.g. when a service's appdomain is reset. This provides reliability for the session and enables sessions to be used in web farm scenarios.
  • WS-SecureConversation sessions can now be cancelled explicitly.
  • Integrated tool support with Visual Studio 2005 Beta 2. The WSE 3.0 configuration tool can be accessed via the context menu on the Visual Studio 2005 Solution Explorer.
  • Support for 64 bit runtime.
  • Support for updated Web services specifications including WS-Addressing, WS-Security, WS-Trust, and WS-SecureConversation. 
  • Updated QuickStart samples.