Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

WS-I Basic Security Profile 1.0 Sample Application: Final release for the .NET Framework version 1.1


WS-I Basic Security Profile 1.0 Reference Implementation: Final Release for the .NET Framework version 2.0

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

patterns & practices Developer Center

June 2007


Building truly interoperable Web services that adhere to the latest Web service security standards is much easier when you have a reference implementation to use as a guide. The WS-I Basic Security Profile Reference Implementation is built using Web Services Enhancements (WSE) 3.0 and the .NET Framework 2.0 to illustrate how to build resilient, real-world, secure, interoperable Web services. The supply chain management scenario was designed by the WS-I and is the same application used to test the success of interoperability with other Web service vendors who have implemented the WS-I Basic Security Profile. In addition to applying a solid architecture with clear separation of concerns, the patterns & practices Enterprise Library is used to address cross-cutting concerns such as logging, exception handling, configuration, and data access.


Design of the Scenario
Getting Started
What Is in This Guide
Feedback and Support
Authors and Contributors
Related Titles


This release includes the source code for the reference implementation and accompanying documentation that describes design and implementation of this deliverable. The guide includes information about the:

  • Implementation of Web service security using X.509 certificates and using declarative security policy.
  • Design of services to provide interoperability and resilience to certain types of changes.
  • Manner in which WSE 3.0 is used to provide interoperable secure Web services based on the WS-I BSP 1.0.
  • Process of installing and running this reference implementation.
  • Factors to consider when developing and implementing your own secure interoperable Web services.

Although the Enterprise Library code is included with the application, you must download Enterprise Library separately to use the configuration console.

Audience Requirements

This guide is targeted at software developers and architects who need to design and implement interoperable Web services with message layer security. To benefit fully from this guide, you should have an understanding of the following technologies:

  • Microsoft Visual Studio 2005
  • Microsoft .NET Framework version 2.0
  • Microsoft Web Services Enhancements (WSE) 3.0

Highlights of This Release

This deliverable:

  • Demonstrates how to design and implement interoperable Web services with message layer security. These Web services are currently being tested across multiple platforms.
  • Illustrates an example application (known as a sample application) that was developed in accordance with WS-I profiles, including the Basic Profile (BP) and the Basic Security Profile (BSP).
  • Anticipates migrating from WSE 3.0 to Windows Communication Foundation (WCF) and was designed with this in mind
  • Follows patterns & practices guidance including the use of Microsoft Enterprise Library.

System Requirements

To install the application, you must have the following software installed:

  • Microsoft Windows Vista, Windows XP or Windows Server 2003 with Internet Information Services (IIS)
  • Microsoft Visual Studio 2005 with SQL Server Express (or SQL Server 2005)
  • Microsoft WSE 3.0

Design of the Scenario

This deliverable is a distributed application that consists of a series of interdependent Web services and databases that form the Supply Chain Management application. It is based on a scenario that involves interactions between a consumer, a retailer, a series of warehouses, and a series of manufacturers.

The retailer manages stock in three warehouses. When an order is placed, the retailer Web service checks to see if Warehouse A can fulfill the order. If Warehouse A cannot fulfill an order, the retailer then checks Warehouse B, and if Warehouse B cannot fulfill the order, it checks Warehouse C. When a warehouse's inventory of a particular product falls below a certain threshold, the warehouse orders more units from the appropriate manufacturer. Configuration and logging services are also involved.

The flow chart in Figure 1 illustrates the core sequence of Web application and Web service calls that take place in an application that is based on the Supply Chain Management architecture.


Figure 1: Sample Application control flow

For more information, see Chapter 3 - Sample Application Walkthrough.

Getting Started

To understand how the application was designed and implemented, you should do the following.

  1. Download the installation file.
  2. Check to make sure you have the required software installed.
  3. Follow the instructions in Chapter 2 - Installing the Sample Application to install and run the Sample Application.
  4. Read Chapter 3 - Sample Application Walkthrough to get a high-level view of the application's functionality.
  5. Read the remaining chapters of the documentation and look at the source code to understand how the application was designed for interoperability and smooth migrations.

What Is in This Guide?

By reading the guide and examining the application, you can gain an understanding of how conforming to the BSP 1.0 helps you create secure Web services that are interoperable. If you would like to read the material before installing the application, you can also download a PDF version of the guide.

Chapter 1 - Introduction

This chapter discusses the WS-I and the deliverables they produce. It examines the requirements for Web services security and the Web services security specifications defined by standards organizations such as OASIS, W3C, and IETF. It then provides an overview of the BSP 1.0.

Chapter 2 - Installing the Sample Application

This chapter discusses how to install the application. It also examines how the Windows Installer package configures the environment and describes how you can modify this configuration for your own requirements.

Chapter 3 - Sample Application Walkthrough

This chapter examines the flow of the application and guides you through a walkthrough of the application's functionality.

Chapter 4 - Sample Application Architecture

This chapter examines how the WS-I Sample Application Working Group specification for the application was implemented using Microsoft .NET technologies and WSE 3.0. It discusses the use of various architectural patterns in the design of the application and shows how the security configuration of the application can be specified declaratively by implementing the functionality within the WSE 3.0 toolkit.

Chapter 5 - Policy Usage in the Sample Application

This chapter examines how the application uses policy. It discusses the WSE Policy Advisor, a tool that examines policy files and generates a report to make security recommendations.

Chapter 6 - Designing Web Services for Interoperability and Resilience

This chapter examines the design considerations for creating interoperable Web services, including general recommendations for using XML Schema (XSD) and Web Services Description Language (WSDL). It also discusses how to ensure that your Web services are resilient to changes from within products.

Chapter 7 – WS-I BSP Interoperability Guidance

This chapter provides guidance for designing interoperable Web services according to the BSP. The chapter also provides guidance for designing your Web services so they are more resilient to change from within products. It examines how to expose and consume Web services and discusses known issues that could affect interoperability.

Appendix A - Enterprise Library Integration

Appendix A describes how the Microsoft patterns & practices Enterprise Library was used to provide functionality within the application.

Appendix B - Sample Application Retailer Service Messages

Appendix B demonstrates how to analyze the application messages, using the Retailer Web service as an example.

Feedback and Support

The Microsoft WS-I Basic Security Profile 1.0 Reference Implementation: Final Release for the .NET Framework version 2.0 is a guidance offering, designed to provide emerging guidance around developing secure interoperable Web services. It is not a Microsoft product. Code-based guidance is shipped "as is" and without warranties. Customers can obtain support through Microsoft Support Services for a fee, but the code is considered user-written by Microsoft support staff.

Authors and Contributors

The following individuals made a substantial contribution to the developing, writing, testing, and reviewing of this content:

  • Program and Product Management: Jason Hogg, Don Smith, Jorgen Thelin, Microsoft Corporation
  • Development: Hernan de Lahitte, Diego Gonzalez, Pablo Cibraro, Javier Arguello, Lagash Systems SA
  • Test: Pete Coupland, Ken Perilman, Carlos Farre, Larry Brader, Jorgen Thelin, Doug Bunting, Microsoft Corporation; Mrinal Bhao, Sajjad Imran, Sidambara Raja Krishnaraj, GanapathiRam Natarajan, Sachin Wagh, Jude Yuvaraj, Muralidharan Narayanan, Infosys Technologies Ltd
  • Documentation: Paul Slater, Wadeware LLC; Tina Burden McGrayne, TinaTech Inc; Claudette Siroky, CI Design Studio; Nelly Delgado, Sanjeev Garg, Microsoft Corporation
  • Review: Edward Jezierski, Peter Provost, Scott Densmore, Tom Hollander, Mark Fussell, Tomasz Janczuk, Bill Shihara, Andy Gordon, Karthik Bhargavan, Cedric Fournet, HongMei Ge, Sidd Shenoy, Microsoft Corporation; Guido Hinderberger, Brian LeBlanc, DaimlerChrysler TSS; Aaron Skonnard, Keith Brown, Pluralsight LLC; Martin Granell, Readify; Edward Bakker, LogicaCMG

Related Titles

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

© 2014 Microsoft. All rights reserved.