j_saremi has posted a message in the WCF forum noticing that WCF source code can now be downloaded from Microsoft. The source can be viewed using the reflector since ever - no news here - but now it can actually be used to debug!
When X.509 certificates are used you might get this error:
The second part of the error implies that you may need to set permissions on the private key. I'll deal with that in a separate post.
The first part of the error means that the certificate was created with a private key that is not capable of key exchange. This can happen when you use makecert.exe to create a test certificate without specifying the correct flags. The correct way to use makecert is:
We are using the log4net logging framework in a new project. In one initialization point of the application we init it:
And in many other locations we use it:
In one of my classes the messages I've logged did not appear in the log file (or in any of the other appenders). When I explicitly re-initialized log4net in the same class the messages were written successfully. A short investigation found the reason: This class is called from a different AppDomain than the other classes. log4net's LogManager class is static, which limits its scope to the calling AppDomain.
Conclusion: log4net needs to be initialized once per AppDomain.
So I run this msi and the first stage in the installation wizard is the end user license agreement (EULA). Now I'm not a legalist but the beginning looks promising:
"Microsoft...and you" sounds good, and "you may install" is what I wanted to hear anyway. But the second item is suspicious:
Now wait one second. If I may not transfer the software to any third party, then how can I redistribute this Redistributable Runtime MSI? Or is this EULA just an agreement between Microsoft and the third party, in which case where is the agreement between Microsoft and me? Am I not worth at least one or two vague terms?
Anyway I passed this to our legal department. I better go work on some legacy code, which comparing to this looks more readable than ever...
Prabath gave a great presentation on SOA & web services security in the WSO2 summer school. It is particularily interesting for everyone who wants to understand what stands behind security related WS-* standards such as WS-Security and WS-Trust.