Upgrading to WSE 3.0

If you weren’t aware, the version of WSE 3.0 built against the release version of Visual Studio was released on the Nov 7. I’m sure that it would have received launch parties and wide mention in blogs were it not for the conflicting launch of Visual Studio .NET, SQL Server 2005 and BizTalk 2006. :)

If you did any work with the CTP versions of WSE or if you are upgrading from WSE 2.0, there is one thing you should definitely be aware of. Specifically, I had created a WSE policy that use Anonymous over Certificate security. It was working in the CTP version. Then I upgraded to the release version. All of a sudden, I received the following error message on the client side:

WSE910: An error happened during the processing of a response message, and you can find the error in the inner exception. You can also find the response message in the Response property.

The inner exception was an InvalidOperationException with a Message of:

Security requirements are not satisfied because the security header is not present in the incoming message.

After a fair bit of digging, I determined that this message is actually a “can’t validate the user’s credentials” message. But the real cause (because, after all, I was still sending the same credentials that I did prior to upgrading) was a little more subtle. In order for the WSE functionality to work in 3.0, a new element needs to be added to the web.config of the service.

<system.web>
   <webServices>
      <soapServerProtocolFactory type="Microsoft.Web.Services3.WseProtocolFactory, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
/>
   </webServices>
</system.web>

When this tag gets added, all of a sudden the message went away. To be fair, this tag is documented as one of the changes between WSE 2.0 and 3.0. What surprised me is that it appears to also be one of the changes between the earlier CTP versions of WSE. Hopefully this post will help others avoid my not-so-brief struggle.