I was tasked with developing a web service for our development team that would mimick the operation of a client web service that has access limited by IP address. This target service was developed with WSE 2.0. The encryption used in WSE 2.0 is different from that in 3.0. Allthough some posts I read said you could change the encryption mode, I decided it would be less risky to adapt WSE 2.0 to ASP.NET 3.0.
There are lots of sample programs for using WSE 3.0 in ASP.Net 2.0, but none using WSE 2.0. Here are a couple of things that I had to change in the Web.Config given in the sample projects that come with the WSE install:
<security>
<x509 storeLocation="LocalMachine" allowTestRoot="true" allowRevocationUrlRetrieval="false" verifyTrust="true"/>
<!--Replaced UsernameSignCodeService with App_Code for using WSE 2.0 in VS2005!!!! -->
<securityTokenManager type="EcsMockWebService.CustomUsernameTokenManager, App_Code" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" qname="wsse:UsernameToken" />
</security>
<
webServices>
<soapExtensionTypes>
<!-- group="0" removed from the end of the following line to use WSE 2.0 in ASP.Net 2.0 -->
<add type="Microsoft.Web.Services2.WebServicesExtension, Microsoft.Web.Services2, Version=2.0.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" priority="1"/>
</soapExtensionTypes>
</webServices>