wse 3.0 or wcf and where to start

Question

I have created a web service which has a couple of methods developed using .net 3.5. The clients who will access the web service will be using .net 3.0. I have been asked to make this web service "secure" and having looked on the net have seen a number of options.

First one is to use WCF with .net 3.5 for the service. If I develop the service using .net 3.5 Will I need to develop the client using 3.5 also?

Secondly I could look at using WSE 3.0 and implement the security that way. However having looked on the .net I have read that there are some issues in using WSE 3 with visual studio 2008.

Any other suggestions would be greatly appreciated. I would like to secure the web service hence the use of WCF or WSE 3.0.

Answer 1

The WCF framework is part of .NET 3.0 and not .NET 3.5, so you don't need .NET 3.5 in the clients.

Also with WCF you can provide services that are based on the web services standards. These services can be used even with the "old" web service clients, or other platforms, like Java.

The credential based WCF message security is fulfilling the WS-Security 1.1 standard, which can also be used with a WSE client.

http://msdn.microsoft.com/en-us/library/ms735093.aspx: WCF supports a wide variety of interoperability scenarios. The BasicHttpBinding class is targeted at the Basic Security Profile (BSP) and the WSHttpBinding class is targeted at the latest security standards, such as WS-Security 1.1 and WS-SecureConversation. By adhering to these standards, WCF security can interoperate and integrate with Web services that are hosted on operating systems and platforms other than Microsoft Windows.

I would definitely go for the WCF solution and not the WSE. I see WCF as a direct successor of WSE, which is not imporved further by Microsoft (even the WSE home link is broken from the WSE 3.0 download page).

As Alex mentioned, connecting to non-MS platform, despite the standards, might be challenging. A proof of concept is definitely neccessary in these scenarios.

Answer 2

I recently had some problems connecting a WCF client to a WS-* service served by Apache Axis, and had to revert to WSE 3.0 to get it working. I don't know whether that was WCF or Axis' fault, but either way it's not too impressive that two of the highest profile WS-* stacks don't interoperate properly.

Given there's still this need to use WSE 3.0, its also a shame that MS have pretty much deprecated WSE 3.0:

• the web page stuff mentioned by Gaspar
• you have to fiddle around with the command line to use WSE 3.0 from VS2008

Answer 3

Ok so in terms of getting started with WCF can you recommend any resources to build a simple sample with the security aspects covered?

Cheers for the advice thus far!