It seems all kinds of people are asking questions about the use of tracing tools with the WSE 2.0 release. Benjamin mentions it and points to an entry from Christoph Schittko that has some more background.
Christoph is correct in noting that WSE 2.0 is restrictive regarding matching the <wsa:To> header with the URL that the request arrives on. This is a security restriction: the policy engine in WSE 2.0 uses the <wsa:To> to select policy - allowing random headers here would allow an attacker to attempt to select different, possibly weaker, policy than the service developer intended.
Christian Weyer has posted one possible workaround as a comment:
EndpointReference epr = new EndpointReference(new Uri("http://localhost/AsymEncryptPolicyService/AsymEncryptService.asmx"));
epr.Via = new Uri("http://localhost:7777/AsymEncryptPolicyService/AsymEncryptService.asmx");
ws.Destination = epr;
This ensures that (a) the <wsa:To> header has the correct value for the final destination (b) the request is routed through the tracing tool.
OK, so now you're asking "Sure, but this workaround means I have to change my code!" That's a fair comment, so here's another solution to try: configure a referralCache at the client and place the appropriate entries in it so that the request is redirected to the tracing tool automatically. For example:
<r:ref xmlns:r="http://schemas.xmlsoap.org/ws/2001/10/referral">
<r:for> <r:exact>http://localhost/AsymEncryptPolicyService/AsymEncryptService.asmx</r:exact>
</r:for>
<r:if>
</r:if>
<r:go> <r:via>http://localhost:7777/AsymEncryptPolicyService/AsymEncryptService.asmx</r:via>
</r:go>
<r:refId>uuid:09233523-345b-4351-b623-5dsf35sgs5d6</r:refId>
</r:ref>
When you're finished tracing, clear the referralCache or remove it from your config file. Check the product documentation for more details on the entry format and configuration of the referralCache itself.
Posted by herveyw at May 25, 2004 06:33 PM