I was told that there appears to be a couple of non-working samples in the Windows Communication Foundation (WCF, previously - Indigo) Sept-CTP drop. I found out (the hard way) that one of them was the BasicSecurityProfile sample.
There is a workaround to it. There are basically 2 bugs in that sample. It may help solve the other bugs in the samples. This will only affect the security samples that uses the WS-Security Specifications in the [basicHttpBinding] bindings.
BUG 1. The affected sample will only work with X.509 Digital Certificates that has the Subject Key Identifier (SKI) installed. Unfortunately, the cert samples, which are used, are being issued by makecert.exe which doesnt generate X.509 certs with the SKI.
- You can create test certificates from Verisign. Those test certs will come with SKI
- You can set up a Certificate Authority (CA) on Windows 2003 Server. This is not installed by default and you need to add that component into your server setup. This will issue you a cert with SKI.
On a separate note, X.509 Digital Certificates that come with SKI offer the best approach in interoperability, so it is best recommended that you work with certs that comes installed with it.
BUG 2. Once you fix the workaround to BUG 1, and you run the BasicSecurityProfile sample and the client barfs this exception at you:
System.ServiceModel.Security.MessageSecurityException was unhandled
Message="No signature message parts were specified for messages with action '*'."
Source="mscorlib"
StackTrace: [BLAH] [BLAH] [BLAH]
You would have come across the second bug. This is an easy fix.
- On the client proxy, change the replyAction = "*"
Once you have these 2 workarounds done up, the BasicSecurityProfile sample should work.
Both these bugs will be fixed in the subsequent WCF drop. I hope this at least helps someone.