What's New in WSE Version 3.0
This section describes the new and enhanced features included in the Web Services Enhancements for Microsoft .NET Framework version 3.0 (WSE 3.0).
Simplifying Security in Web services
Security Based on Policy Assertions
Like WSE 2.0, WSE 3.0 enables developers to use configuration files to specify requirements, including security for receiving and sending messages. These configuration files consist of a collection of named policies, each of which defines a set of requirements, including security, for a SOAP message exchange. WSE 3.0 has aligned this declarative model with the imperative programming model so that policies are always used to apply security and other requirements to a SOAP message. In addition, WSE 3.0 has simplified the policy model, so that it is applied to a message exchange instead of on a per-message level. For more details about securing an application, see Specifying Security Requirements for a Client and Specifying the Security Requirements For a Web Service.
WS-* Specifications support
MTOM
Sending Large Amounts of Data using MTOM
WSE 3.0 enables a client and a Web service to communicate using large amounts of data, such as an image file, and have that data interoperate with the WS-* specifications. To send large amounts of data in WSE 3.0, WSE supports the SOAP Message Transmission Optimization Mechanism (MTOM) specification. When WSE 3.0 is configured to send or receive SOAP messages that comply with MTOM, it places the data that is considered to be part of the SOAP envelope. This allows the data to compose with the WS-* specifications, including WS-Security, which allows the data to be digitally signed or encrypted. To specify that you want to send large amounts of data, specify that the Web service takes a parameter or return type that is or contains a byte array. Using the MTOM protocol allows for the byte array to not be Base64 encoded, which reduces the SOAP message size. Additionally, the programming model is simplified as it is the same regardless of whether files are MTOM-encoded or not. For more information, see How to: Enable a Web Service to Send and Receive Large Amounts of Data and How to: Send and Receive Large Amounts of Data to and from a Web Service.
WS-Security 1.1
Digital signature confirmation
To support the WS-Security 1.1 specification, Web services can now confirm to a client when a digital signature is verified. Clients can decide whether to accept SOAP responses from Web services that do not send signature confirmations. For more details, see IncludeSignatureConfirmation.
EncryptedKey security tokens
To support the WS-Security 1.1 specification, EncryptedKeyToken security tokens are now supported. EncryptedKeyToken security tokens are used to optimize the performance of cryptographic operations when only the public key from an asymmetric key pair, such as a certificate, is present. EncryptedKeyToken security tokens can be used to secure SOAP message exchanges between anonymous clients that have only the public key for a Web service's certificate.
SOAP 1.2
Support for the SOAP 1.2 protocol
Like the .NET Framework 2.0, WSE allows a developer to choose between the SOAP 1.1 and SOAP 1.2 protocols.
Hosting Web services Using ASP.NET Outside of IIS
WSE enables ASP.NET Web services to be hosted in console applications, Windows services, COM+ components, or Windows Forms applications and then to be called using the TCP protocol or any custom transport protocol written for WSE. For more details, see How to: Host an ASP.NET Web Service Outside of IIS.
Visual Studio 2005 and .NET Framework 2.0 Design-Time Support
WSE 3.0 provides design-time tool support in Visual Studio 2005. Using the WSE Settings 3.0 Tool, settings that are normally set in a configuration file or policy file can be set using the tool's graphical user interface. In addition, when WSE is enabled for a project and a Web reference is added, WSE modifies the generated proxy class to derive from WebServicesClientProtocol. For more details, see WSE Settings 3.0 Tool and How to: Create a Proxy Class to Communicate with a Web Service.
Session reliability management
WSE 3.0 improves upon the WSE 2.0 support for the WS-SecureConversation specification to establish secure sessions (secure conversations) between a client and a Web service by making the sessions more reliable and manageable. Sessions are more reliable, because they allow clients to reestablish a session with a Web service whose application domain has been reset. Additionally, this enables secure sessions to work in Web farms. Some antivirus programs cause application domains that are hosting a Web service to be reset, which required a new session in WSE 2.0. In WSE 3.0, the session can simply be reestablished. Sessions in WSE 3.0 also are more manageable, because they can now be explicitly canceled and reestablished. For more details, see <statefulSecurityContextToken> Element.
Additional Security Enhancements
Opaque issued security tokens
WSE 3.0 allows a security token service to change the type of security token that is being issued without having to update clients in some cases. Previous versions of WSE always required the client to be updated to accommodate a different type of issued security token. Specifically, WSE 2.0 required a client application to register all security token managers for issued security tokens; with WSE 3.0, that is no longer necessary. For more details about issuing tokens, see Establishing a Secure Conversation.
WSE 2.0 and WSE 3.0 Interoperability
Note
WSE 2.0-enabled applications do not interoperate with WSE 3.0-enabled applications, because WSE 3.0 supports newer versions of some of the WS-* specifications. The Windows Communication Foundation (WCF) supports the same version of the WS-* specifications as WSE 3.0. WSE 2.0 and WSE 3.0 client applications can run side-by-side with the .NET Framework 2.0. WSE 2.0 and WSE 3.0-enabled Web services can be hosted on the same computer, but they must be in separate virtual directories. For more information on the version of the WS-* specifications that WSE 3.0 supports, see Web Service Specifications Supported by WSE.