WSE Settings 3.0 Tool

The WSE Settings 3.0 tool allows you to enable WSE features by using a graphical user interface in Visual Studio 2005, rather than editing the configuration file directly. Using the WSE Settings 3.0 tool can help you avoid typographical and schema errors in your configuration file.

To use the WSE Settings 3.0 tool from within Visual Studio 2005

1. In Visual Studio 2005, open a solution or project that you want to use the WSE with.

2. In Solution Explorer, right-click the project you want to use the WSE with, and then click WSE Settings 3.0.

To use the WSE Settings 3.0 tool from the Start menu

1. Click Start, point to All Programs, point to Microsoft WSE 3.0, and then click Configuration Editor.

2. On the File menu, click Open.

3. In the Open dialog box, navigate to a .config file that you want to view or modify, and then click Open.

The following screen shot shows the General tab of the WSE Settings 3.0 tool.

Security

To specify where WSE looks for X.509 certificates and how it verifies them

1. Click the Security tab.

2. In the Store location box, select the certificate store that you want WSE to load X.509 certificates from.

3. Check the other options under X.509 Certificate Settings that control how the WSE verifies an X.509 certificate.

   The following table shows the other options under X.509 Certificate Settings.

   Option	Description
   Allow test roots	Allows X.509 certificates signed by a test root to pass the verification.
   Allow URL retrieval	Specifies whether cached URLs are used in building a certificate trust chain, and whether the WSE accesses the network to do any URL retrieval.
   Allow revocation URL retrieval	Specifies whether the WSE does URL retrieval during certificate revocation checking. When it is set to false, revocation checking only accesses cached URLs and does not access the network to do any revocation URL retrieval.
   Verify trust	Specifies whether the WSE verifies that X.509 certificates used to sign a message have an issuer chain that extends to a trusted root authority.

   An <x509> Element is added to the configuration file.

To add or remove binary security token managers

1. Click the Security tab.

2. Click Add or Remove.

   If you click Add, the Binary SecurityToken Manager dialog box appears.

   The following table shows the Binary SecurityToken Manager dialog box options.

   Value	Description
   Type	The fully qualified type name of the binary security token manager.
   ValueType	The QName for the binary security token that this binary security token manager should handle, as it appears in the SOAP message.

   A <binarySecurityTokenManager> Element is added to the configuration file.

To add or remove non-binary security token managers

1. Click the Security tab.

2. Click Add or Remove.

   If you click Add, the SecurityToken Manager dialog box appears.

   The following table shows the Security Token Manager dialog box options.

   Value	Description
   Type	The fully qualified type name of the security token manager.
   Namespace	The XML namespace for the namespace prefix portion of the QName specified in the QName box.
   QName	The QName for the security token that this security token manager should handle, as it appears in the SOAP message.

   A <securityTokenManager> Element is added to the configuration file.

Policy

To specify the policy file

1. Click the Policy tab.

2. Select the Enable Policy check box.

3. Click Browse.

4. From the Open dialog box, select the policy file, and then click Open.

   A <policy> Element is added to the configuration file.

To edit the application policy

1. Step 1

2. Step 2Click the Policy tab.

3. Under Edit Application Policy, click Add.

4. From the Add or Rename Endpoint URI dialog, type the name of the endpoint to modify and click OK.

5. The WSE Security Setting Tool wizard will start. Click Next.

6. From the Choose the Type of Application dialog, select Secure a server application to secure the Web service or Secure a client application to secure a client of the Web service. Click Next.

7. From the Creating a Secure Conversation dialog, click Enable Secure Conversation to enable secure conversation.

   1. From the Client Authentication Method pane, select the desired type of authentication.
   2. From the Select Server Certificate pane, click Select Certificate. Choose the certificate from the Select Certificate dialog and click OK.

   Click Next to continue.

8. From the Request Message Settings dialog, choose whether to require digital signing and encryption of incoming SOAP messages.

   1. To require digital signing of incoming messages, select the Require signatures check box in the Integrity pane and choose the type of token or certificate to use for signing.
   2. To require encryption of incoming messages, select the Require encryption check box in the Confidentiality pane. Click Select certificate and from the Select Certificate dialog, choose the certificate to use for encryption. Click OK.

   Click Next to continue.

9. From the Response Message Settings dialog, choose whether to require digital signing and encryption of outgoing SOAP messages.

   1. To require digital signing of outgoing messages, select the Require signatures check box in the Integrity pane and choose the type of token or certificate to use for signing.
   2. To require encryption of outgoing messages, select the Require encryption check box in the Confidentiality pane. Select either Use token from request or Use X.509 Cert. If using an X.509 certificate, click Select certificate and from the Select Certificate dialog, choose the certificate to use for encryption. Click OK.

   Click Next to continue.

10. Review your settings from the Create Security Settings dialog and click Finish to save the settings to the configuration file.

Issuing Security Tokens

To specify settings for issued SecurityContextToken security tokens

1. Click the TokenIssuing tab.

2. In the TTL In Seconds box, type the time-to-live (TTL), in seconds, for the issued SecurityContextToken security tokens.

Routing

To add a router

1. Click the Routing tab.

2. Under Routing Handlers, click Add.

   The Routing Handler Input dialog box appears.

3. In the Type list, select Microsoft.Web.Services3.Messaging.SoapHttpRouter.

   If you have created a content-based router, type the fully qualified type name in the Type list. For more information about content-based routing, see How to: Route SOAP Messages Based Upon Their Content.

4. In the Path box, enter the file extension of incoming requests that must be routed through the router.

5. In the Verb box, enter the list of comma-separated HTTP verbs or the asterisk (*) wildcard character.

   HTTP requests that match the path specified in step 4 and contain the HTTP verb specified in this step are handled by the router specified in step 3.

6. Click OK.

   An <add> Element for <httpHandlers> element is added to the configuration file.

To add a referral cache

1. Click the Routing tab.

2. Under Referral Cache, click Browse.

   The Open dialog box appears.

3. Select the file containing the referral cache, and then click Open.

   A <referral> Element is added to the configuration file.

Diagnostics

To enable SOAP message tracing

1. Click the Diagnostics tab.

2. Select the Enable Message Trace check box.

3. In the Input File box, type the name of the file in which incoming SOAP messages are logged.

   It is recommended that the file have a .webinfo extension, so that users cannot request the file by default.

4. In the Output File box, type the name of the file in which outgoing SOAP messages are logged.

   It is recommended that the file have a .webinfo extension, so that users cannot request the file by default.

5. A <trace> Element is added to the configuration file.

To specify the level of detail on errors that are returned to SOAP message senders

1. Click the Diagnostics tab.

2. In the Send Detailed Error Information list, choose the level of error reporting detail.

   The following table shows the available options.

   Value	Description
   true	All SOAP message senders receive complete exception information.
   false	All SOAP message senders receive filtered exception information.

   A <detailedErrors> Element is added to the configuration file.

Messaging

To specify whether SOAP messages are MTOM-encoded

1. Click the Messaging tab.

2. When the current project is a, choose the Server Mode.

   The following table lists the available options.

   Value	Description
   always	All incoming and outgoing SOAP messages must be MTOM encoded. When a SOAP request is received that is not encoded using MTOM, an HTTP error 415: "Media unsupported" is returned to the sender.
   never	All incoming SOAP messages must not be MTOM encoded. When a SOAP request is received that is encoded using MTOM, an HTTP error 415: "Media unsupported" is returned to the sender. SOAP responses and SOAP faults are not encoded using MTOM.
   optional	WSE processes incoming SOAP messages whether or not they are MTOM encoded. All SOAP responses and SOAP faults match the MTOM encoding of the incoming SOAP message.

3. When the current project is a Web service client, choose the Client Mode.

   The following table lists the available options.

   Value	Description
   On	Specifies that SOAP messages are MTOM encoded unless client code explicitly sets the RequireMtom property of the proxy class to false.
   Off	Specifies that SOAP messages are not MTOM encoded unless client code explicitly sets the RequireMtom property of the proxy class to true.

4. Click OK to dismiss the dialog.

5. This adds an <mtom> Element to the Web service's Web.config file.

To specify the requirements for MTOM-encoded SOAP messages

1. Click the Messaging tab.

2. In the MaxMimeParts box, specify the maximum number of MIME parts that can be in an MTOM-encoded message.

3. Select the Require Soap Envelope First check box to require the SOAP envelope to be the first MIME part.

See Also

Concepts

Configuration File Schema

Other Resources

WSE Tools