Code through the pain Ladislav Mrnka's professional blog about software development

13Apr/110

Last week I was working on some SOAP message preprocessing in our current project. We needed to extract raw information about security tokens used in SOAP message and because of that we decided to use WSSecurityTokenSerializer class from System.ServiceModel.Security namespace. This class provides public method ReadKeyIdentifierClause inherited from SecurityTokenSerializer. The method was working fine until we used it to read EncryptedKey token with included ReferenceList. In this scenario the pair method CanReadKeyIdentifierClause returns true, but ReadKeyIdentifierClause is throwing an unexpected XmlException because the method implementation expects the end element for EncryptedKey instead of the start element for ReferenceList. I asked related question on MSDN but I haven't got any answer yet. I think this is a bug.

Using ReferenceList in EncryptedKey is allowed by both WS-Security 1.0 and WS-Security 1.1 specifications and moreover it is result of many security configurations in WCF including BasicHttpBinding with security mode set to BasicHttpSecurityMode.Message and client credentials set to BasicHttpMessageCredential.Certificate. This configuration creates mutual certificate asymmetric security binding which uses exactly that problematic token. The rest of the article shows the test fixture to reproduce the issue.

Posted on April 13, 2011 by Ladislav Mrnka
Filed under: WCF
Continue reading
13Apr/110

ADO.NET team yesterday released final version of Entity Framework 4.1. It is again available as stand alone download or NuGet package. This version doesn't contain any API changes except changed default maximum length for string properties mapped with the code first approach. EF 4.1 RC used nvarchar(128) as default SQL type for all string properties. This caused some issues to many developers who didn't know how to change it. ADO.NET team also received some feedback and because of that the default value for a length of string properties was changed to Max for SQL Server and to 4000 for SQL Compact. That is in my opinion the worst choice because now 90% of databases created with the code-first approach will have all string columns defined as nvarchar(max).

Posted on April 13, 2011 by Ladislav Mrnka
Filed under: Entity framework
No Comments