Navigation for dotNetTips.com - Web Services

One of the features I use often with the Microsoft Web Service Enhancements (WSE) is logging. It's a great feature where it logs everything coming in and out of a web service. When someone calls me with issues, the first thing I do is turn this on in the web.config and watch the data coming and going. The data is stored in two different xml files. One for incoming calls and one for responses.

The problem I just ran into is that I got a call that stated web service calls that were taking about 1 second or less were now taking 20 seconds or even timing out. After working on the issue off and on for two days I discovered that these two WSE log files have grown to 59MB+ because I forgot to turn off logging the last time there was an issue! Once I turned off logging this issue went away.

One symptom that we noticed that made us go down the wrong direction at first was that the w3wp.exe in Task Manager would eat a lot of memory during those 20 seconds and spike the CPU usage up to 99%! When we Googled this, we found lots similar issues, but none relating to the xml log files generated by WSE. We wasted a lot of time on this.

I hope this helps anyone else that uses logging in WSE.

Tip By: David McCarter

Microsoft Web service and distributed systems technologies provide the means for software to connect to other software applications in order to build distributed, service-oriented systems.

http://msdn2.microsoft.com/en-us/webservices/default.aspx

The Web Service Software Factory (also known as the Service Factory) is an integrated collection of tools, patterns, source code and prescriptive guidance. It is designed to help you quickly and consistently construct Web services that adhere to well known architecture and design patterns.

For more info, go to: http://msdn2.microsoft.com/en-us/library/aa480534.aspx

WSE 2.0 SP3 simplifies the development and deployment of secure Web services by enabling developers and administrators to more easily apply security policies on Web services running on the .NET Framework. Using WSE, Web services communication can be signed and encrypted using Kerberos tickets, X.509 certificates, username/password credentials, and other custom binary and XML-based security tokens. In addition, an enhanced security model provides a policy-driven foundation for securing Web services across trust domains. WSE also supports the ability to establish a trust-issuing service for retrieval and validation of security tokens, as well as the ability to establish more efficient long-running secure communication via secure conversations.

New support for message-oriented programming enables asynchronous communication for Web services that involve long-lived operations, batch processing, peer to peer programs, or event driven application models. Web services that leverage WSE can now be hosted in multiple environments including ASP.NET, standalone executables, NT Services and can communicate over alternative transports including HTTP or TCP.

WSE provides a foundation for building applications based on Web services specifications published by Microsoft and industry partners including WS-Security (OASIS 2004 standard), WS-Policy, WS-SecurityPolicy, WS-Trust, WS-SecureConversation and WS-Addressing.

WSE 2.0 SP3 and WSE 1.0 SP1 can be installed side by side. If you had downloaded the 2.0 technology preview, uninstall it before installing WSE 2.0 SP3. Please review the product readme for more information about WSE 2.0 SP3, including API changes from WSE 1.0.

WSE 2.0 SP3 may be redistributed as part of your solution, provided that redistribution is done using the WSE 2.0 SP3 redistribution MSI, Microsoft WSE 2.0 SP3 Runtime.msi. This MSI is available as a separate download and is also included in the complete WSE 2.0 SP3 download.

WSE 2.0 SP3 is built for developers using Visual Studio .NET 2003 and the .NET Framework 1.1. The WSE support life-cycle policy is in line with the .NET Framework support life-cycle policy. For additional information on this support policy, please check: http://support.microsoft.com/common/international.aspx.
Click here to download.

This is the redistributable package for WSE 2.0 SP2. For an overview of WSE 2.0, please see the Web Services Enhancements page.

Click here to download.

WSE 2.0 SP2 simplifies the development and deployment of secure Web services by enabling developers and administrators to more easily apply security policies on Web services running on the .NET Framework. Using WSE, Web services communication can be signed and encrypted using Kerberos tickets, X.509 certificates, username/password credentials, and other custom binary and XML-based security tokens. In addition, an enhanced security model provides a policy-driven foundation for securing Web services across trust domains. WSE also supports the ability to establish a trust-issuing service for retrieval and validation of security tokens, as well as the ability to establish more efficient long-running secure communication via secure conversations.

New support for message-oriented programming enables asynchronous communication for Web services that involve long-lived operations, batch processing, peer to peer programs, or event driven application models. Web services that leverage WSE can now be hosted in multiple environments including ASP.NET, standalone executables, NT Services and can communicate over alternative transports including HTTP or TCP.

WSE provides a foundation for building applications based on Web services specifications published by Microsoft and industry partners including WS-Security (OASIS 2004 standard), WS-Policy, WS-SecurityPolicy, WS-Trust, WS-SecureConversation and WS-Addressing.

WSE 2.0 SP2 and WSE 1.0 SP1 can be installed side by side. If you had downloaded the 2.0 technology preview, uninstall it before installing WSE 2.0 SP2. Please review the product readme for more information about WSE 2.0 SP2, including API changes from WSE 1.0.

WSE 2.0 SP2 may be redistributed as part of your solution, provided that redistribution is done using the WSE 2.0 SP2 redistribution MSI, Microsoft WSE 2.0 SP2 Runtime.msi. This MSI is available as a separate download and is also included in the complete WSE 2.0 SP2 download.

WSE 2.0 SP2 is built for developers using Visual Studio .NET 2003 and the .NET Framework 1.1. The WSE support life-cycle policy is in line with the .NET Framework support life-cycle policy. For additional information on this support policy, please check: http://support.microsoft.com/common/international.aspx.

To download, click here.

About WSE 2.0 SP1

WSE 2.0 SP1 simplifies the development and deployment of secure Web services by enabling developers and administrators to more easily apply security policies on Web services running on the .NET Framework. Using WSE, Web services communication can be signed and encrypted using Kerberos tickets, X.509 certificates, username/password credentials, and other custom binary and XML-based security tokens. In addition, an enhanced security model provides a policy-driven foundation for securing Web services across trust domains. WSE also supports the ability to establish a trust-issuing service for retrieval and validation of security tokens, as well as the ability to establish more efficient long-running secure communication via secure conversations.

New support for message-oriented programming enables asynchronous communication for Web services that involve long-lived operations, batch processing, peer to peer programs, or event driven application models. Web services that leverage WSE can now be hosted in multiple environments including ASP.NET, standalone executables, NT Services and can communicate over alternative transports including HTTP or TCP.

WSE provides a foundation for building applications based on Web services specifications published by Microsoft and industry partners including WS-Security (OASIS 2004 standard), WS-Policy, WS-SecurityPolicy, WS-Trust, WS-SecureConversation and WS-Addressing.

WSE 2.0 SP1 and WSE 1.0 SP1 can be installed side by side. If you had downloaded the 2.0 technology preview, uninstall it before installing WSE 2.0 SP1. Please review the product readme for more information about WSE 2.0 SP1, including API changes from WSE 1.0.

WSE 2.0 SP1 may be redistributed as part of your solution, provided that redistribution is done using the WSE 2.0 SP1 redistribution MSI, Microsoft WSE 2.0 SP1 Runtime.msi. This MSI is available as a separate download and is also included in the complete WSE 2.0 SP1 download.

WSE 2.0 SP1 is built for developers using Visual Studio .NET 2003 and the .NET Framework 1.1. The WSE support life-cycle policy is in line with the .NET Framework support life-cycle policy. For additional information on this support policy, please check: http://support.microsoft.com/common/international.aspx.

To download go to: http://www.microsoft.com/downloads/details.aspx?FamilyID=fc5f06c5-821f-41d3-a4fe-6c7b56423841&DisplayLang=en

To download the redistributable, go to: http://www.microsoft.com/downloads/details.aspx?FamilyID=d3c8f18b-7bbf-489d-90e1-e8d4147205b8&DisplayLang=en

The exception would be on a (different) strange looking file name each time I would run the web service. For example the file name would be 4drv23rf.dll. Below is the entire error:

System.IO.FileNotFoundException: File or assembly name 4drv23rf.dll, or one of its dependencies, was not found.
File name: "4drv23rf.dll"
   at System.Reflection.Assembly.nLoad(AssemblyName fileName, String codeBase, 
    Boolean isStringized, Evidence assemblySecurity, Boolean throwOnFileNotFound, 
    Assembly locationHint, StackCrawlMark& stackMark)
   at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Boolean stringized,
    Evidence assemblySecurity, StackCrawlMark& stackMark)
   at System.Reflection.Assembly.Load(AssemblyName assemblyRef, Evidence assemblySecurity)
   at System.CodeDom.Compiler.CompilerResults.get_CompiledAssembly()
   at System.CodeDom.Compiler.CompilerResults.get_CompiledAssembly()
   at System.Xml.Serialization.Compiler.Compile()
   at System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings)
   at System.Xml.Serialization.XmlSerializer.FromMappings(XmlMapping[] mappings)
   at System.Web.Services.Protocols.XmlReturn.GetInitializers(LogicalMethodInfo[] methodInfos)
   at System.Web.Services.Protocols.XmlReturnWriter.GetInitializers(LogicalMethodInfo[] methodInfos)
   at System.Web.Services.Protocols.MimeFormatter.GetInitializers(Type type, 
    LogicalMethodInfo[] methodInfos)
   at System.Web.Services.Protocols.HttpServerType..ctor(Type type)
   at System.Web.Services.Protocols.HttpServerProtocol.Initialize()
   at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context,
    HttpRequest request, HttpResponse response)
   at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context,
    HttpRequest request, HttpResponse response, Boolean& abortProcessing)

=== Pre-bind state information ===
LOG: Where-ref bind. Location = 4drv23rf.dll
LOG: Appbase = file:///c:/inetpub/wwwroot/WebService1
LOG: Initial PrivatePath = bin
Calling assembly : (Unknown).
===

LOG: Policy not being applied to reference at this time (private, custom, partial, 
    or location-based assembly bind).
LOG: Attempting download of new URL file:///C:/WINDOWS/Temp/4drv23rf.dll.

As you can see from above, the file was always located in my C:\WINDOWS\Temp\ directory. I really have no idea what this file is or why it’s placed in this directory. I thought all temporary ASP.NET files were saved to the C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files location.

After using Google for about an hour to search for solutions, I really did not find anything that seemed to fit my particular problem. Then on the way out the door (from work), I mentioned it to my co-worker. It seems he has had the same issue.

The Solution

It seems that the ASP.NET Machine Account (<machine name>\ASPNET) needs to have read/write access to the Windows temporary directory to create these temporary dll’s. Simply go to that directory, bring up the properties dialog and click on the Security tab. Click Add and add the ASPNET account. Make sure “Write” is checked and press Apply.

Tip By: David McCarter/ Mike Carr

This Toolkit offers functionality similar to the MSDN SOAP Toolkit sample, which has been available for several months, but is a fully Microsoft supported product. This Toolkit replaces the old MSDN SOAP Toolkit.

http://www.microsoft.com/downloads/details.aspx?familyid=147ed727-0be8-48a1-b1da-d50b1ea582cb&displaylang=en

SOAP Toolkit 2.0 Redistributable Files:

http://www.microsoft.com/downloads/details.aspx?familyid=d4490e52-5f6e-4127-9dc7-88b7c8f83b74&displaylang=en

SOAP Version 1.2 is a lightweight protocol for exchanging structured information in a decentralized, distributed environment. Visit the Web Services home page.

http://www.w3.org/TR/2003/NOTE-soap12-n11n-20031008/

We have seen how it easy it is to write the web service using SOAP as the message protocol, but not how we go about making sure that the web service is secure? Well this downloadable 32 page article will show you how! Here is a taste:

What is a SOAP Fault message?

A SOAP Fault message is used to carry error and/or status information within a SOAP message response. The SOAP Fault element has four sub elements, they are as follows:

• faultcode – this value is usually either client or server, it lets the receiver know whose “fault” the error was
• faultstring – this is where the human-readable error message goes, very similar to the Message property of the Exception class
• faultactor – this element lets the receiver know who caused the error within the message path, unless the message is being routed, this will either be blank or the URI of the web service method
• detail – this is where all of the detailed error information goes, such as an error stack trace

Here is what a valid SOAP Fault message might look like:

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <soap:Fault>
      <faultcode>soap:Client</faultcode>
      <faultstring>
        The user (timm) could not be authenticated.
      </faultstring>
      <faultactor>
        http://localhost/TestSoapHeadersExample/TestSoapHeaders.asmx
      </faultactor>
      <detail>System.Exception: Authentication failed for user (timm)
        at CustomAuthentication.AuthenticationModule.Authenticate()
        at CustomAuthentication.AuthenticationModule.OnBeginRequest
        (Object source, EventArgs eventArgs)
      </detail>
    </soap:Fault>
  </soap:Body>
</soap:Envelope>

The .NET Framework makes it very easy to both send and consume SOAP Fault messages from web service clients and web service methods. Any time you throw a SoapException inside of a web service, it is automatically serialized into a valid SOAP Fault message. Conversely, any time a web service client receives a SOAP Fault message, that message is then de-serialized back into a SoapException.

Want to read all of this great article written by Tim McCarthy? Click here to download the PDF of the article. After that, click here to download the sample code. Enjoy!