Saturday, November 20, 2010

WsiHero: A GUI utility for web services WSI validation


Download WsiHero (3MB)

Last week was an important moment for web services interoperability: WS-I has approved the final versions of Basic Profile (BP) 1.0 and 2.0 and of Reliable Secure Profile (RSP) 1.0. These profiles are a set of rules which web services vendors and consumers are expected to comply with in order to support interoperability. The original profile goes back to 2004 and was highly successful in improving web services interoperability.

So how do we test our web services for WSI profiles compliance?
The WSI site contains a deliverables section which has a few command line utilities to check the services. Using these command lines directly has some overhead like a learning curve for all the options, preparing the input wsdl / soap files in the specific log format, and repeating this manual task every time.

I have written the WsiHero utility to make this validation simpler.

How to become a WSI hero?
If you want to easily validate your service for WSI compliance and become a WSI hero then Download WsiHero. It is a GUI application which saves you the need to deal with the WSI command line and its strict log format.

Download WsiHero (3MB)

1. Ensure Microsoft .Net framework 2.0 or higher is installed (

2. Ensure Java 5 or higher is installed (

3. Download WsiHero and extract it to some folder, for example c:\program files\WsiHero.

4. Since it is not legal for me to distribute the WSI command line utility, please download it by yourself as follows:

Download these two zip files to your machine:

Do not extract them, just put them as .zip in the WsiHero folder (c:\program files\WsiHero). Do not change their names.

In case the direct links do not work for some reason here is how to get the above files from the WSI site: From the "deliverables" section of the site download "BP 1.2 and 2.0 Test Tools package" and "Reliable Secure Profile Delivery Package".

1. Run WsiHero.exe from its folder.

2. Paste a Wsdl or a Soap file location into the text box and press "Add".


  • Location can be a local disk path or a Url.
  • If the file contains Soap it must have the .Xml extension. Otherwise it is assumed to be a Wsdl.

    For example any of the following can be put in the text box:


    If you do not have any Wsdl available you can to use

    3. Repeat step (2) any number of times.

    4. Click the arrow near the validation button and choose the validation type you want to perform:

  • For Soap 1.1 services choose "Basic Profile 1.2".
  • For Soap 1.2 services choose "Basic Profile 2.0".
  • For secured / reliable services choose "Reliable Secure Profile 1.0" (you may want to test such services also with one of the former options).

    After a few seconds (depending on the input size) the WSI report will appear:

    I plan to open source and enhance this utility soon.
    Let me know if you have any problem or a feedback.


    What's next? get this blog rss updates or register for mail updates!
  • Monday, November 8, 2010

    Wcf with 256 bit Ssl


    Recently I had to call a Java web service from Wcf. The service was secured with a 256-bit ssl certificate. Every request I made was rejected with a 401 Unauthorized response.

    I then used this site to check what encryption strength my machine supports:

    It seemed my pc is configured to only allow 128 bit connection.

    Luckily I have found this link which explains how to configure windows to use 256-bit Ssl (Vista only). It seems the problem is in the windows defaults and not in Wcf. This changed the result in IE:

    and also the Wcf client worked. The strange is that the setting that needs to be changed should only affect the order of the supported algorithms. So if the server requires a 256-bit OR a 128-bit key, the default setting would suggest 128 first. But if the server only allows 256-bit I would expect this to work since this is a supported configuration, just not the first in order. Either way the fix made it work.


    What's next? get this blog rss updates or register for mail updates!

    Monday, November 1, 2010

    Silverlight, Html5 and the future of Wcf


    Update: Silverlight is alive and well! Microsoft clarifies that Silverlight is a strategic technology. Scott Guthrie promises that future features and tools will be revealed soon. I will update about anything which has relevancy to Wcf. This post is still very relevant to show the increasing importance of javascript clients, side-by-side with Silverlight clients.

    Everybody talk about the "unofficial" announcement of Microsoft embracing Html5 over Silverlight. And while this was never approved (unless you read between the lines) the below may be a hint.

    Yesterday Microsoft had published an "early access" codeplex project with some features from the next Wcf version. The two main themes seem to be native Http support and jQuery. And not a word about Silverlight. Will there ever be security in the SL netTcp transport? Will we see more WS-Security coverage from the Wcf stack? It seems jQuery improvements got a higher priority for this release. Is the Wcf early access project a hint for a focus shift from SL to Html5? (update: more SL features will be revealed soon, hopefully they include the above).

    The planned jQuery support includes code generation for javascript clients, working with untyped json objects, Html forms submission and more.

    So how does the Html5 thing affect Wcf?
    This is definitely a big push to the Rest / Json / Anti WS-* approach (not that it needed it anyway). Silverlight did not support the full Wcf stack in version 4, but in theory nothing prevented it from growing into it in the next versions. Browsers in contrary cannot work with WS-Security and feel much more at home with Json over Xml. Also Rest is more natural for the web anyway.


    What's next? get this blog rss updates or register for mail updates!