Archive for March 2007
As promised, today we have announced the newtelligence CardSpace SDK:
“newtelligence AG announces plans to release the newtelligence CardSpace SDK, a Software Development Kit for Microsoft Windows CardSpace. The SDK, based on newtelligence expertise in information security, will help developers build more robust CardSpace-enabled application on the .NET platform – with ease.
newtelligence SDK for Windows CardSpace will provide a comprehensible API for key CardSpace application scenarios: Programmatic creation of managed information cards; requesting and validating security tokens in Microsoft Windows and web applications; and issuing security tokens. Use of the API will increase software security and developer productivity: Writing secure software is simplified and less software coding is required to achieve the desired, secure functionality. To aid understanding of the SDK and of CardSpace in general, a reference application and additional code samples covering different aspects of the API usage will accompany the SDK.
I would encourage you again to join me on this blog if you are interested in the CardSpace SDK project! In the next several posts I will focus more on a user’s perspective of the SDK.
I got another reason to sign up: When the Identity Metasystem will finally come “Useless Account” will probably be the only place on the web where you can still use usernames and passwords
Today’s web is crazy. Open ID is a pipe dream. Every direction you turn you’re forced to create yet another account. Most of the time it’s for one of those throw-away web startups created 10 times a day, but occasionally it’s worth the effort. It might be to purchase some fancy threads, order a pizza or see how fat the Cool Kids from high school have become. When it’s that important, you can’t afford to drop the ball. With a useless account you can practice without fear. So when it comes to the crunch, you’re ready!
And it has almost 10000 registered users!
Want to CardSpace-enable your application, but not sure where to start from? Not familiar with WS-* standards? Cryptography sounds cryptic? CardSpace is a great technology, but it has a very high entry threshold.
From my own experience with CardSpace I always had to write a lot of common CardSpace-related code that could be easily reused. I always thought that I need a framework for this and that. That’s why I’m extremely excited to “pre-announce” our new project – “newtelligence SDK for Windows CardSpace”. The project should be soon officially announced on the newtelligence website. When it is ready it will be available (with complete source code!) on the newtelligence security center.
SDK will contain API for different aspects of CardSpace programming, like issuing information cards, issuing security tokens, authentication for web and for windows applications. The API and a reference application should significantly help developers to use CardSpace in their applications. During the next weeks I’m going to post some code samples showing the usage of the API.
Stay tuned and join the discussion if you are interested
WCF tool svcutil.exe can generate code and configuration based on WSDL. This tool is mostly used for client-side programming to create a proxy. The same functionality can also be used to generate a service contract when implementing some WSDL-described standard (contract-first development). However, the code that is generated by the svcutil.exe is not always suitable for a service-side contract.
For a better compatibility (I think) svcutil.exe disables SOAP Action header check for the reply messages. This is done by setting the OperationContractAttribute.ReplyAction property to asterisk (*):
[System.ServiceModel.OperationContractAttribute(Action = "http://tempuri.org/Method", ReplyAction = "*")]
[return: System.ServiceModel.MessageParameterAttribute(Name = "Response")]
MethodResponse Method (MethodRequest Request);
The same asterisk has, actually, different meaning for the service-side contract: it “instructs WCF not to add a reply action to the message, which is useful if you are programming against messages directly” (according to MSDN). By the way, Action and ReplyAction properties don’t default to asterisk rather to “<namespace>/<service>/<operation>[Response]”.
Setting the Action property to an asterisk is another story. It indicates the method that will be used to handle all unmatched incoming messages (not referring to operations with explicit action). See MSDN Reference for more information.
Moreover, WsdlExporter, which is used for metadata publishing, ignores operations with asterisk actions (both Action and ReplyAction). Precisely speaking, it ignores operation contracts that have either input or output message with asterisk action. This leads to publishing metadata with empty service contract (with no operations in it). Although, messages conforming to the original WSDL can be successfully received, dispatched and handled by the service without any problem.
So, be aware of that interesting facts and pay attention to the auto-generated code, especially to those Action and ReplyAction properties.