using ws-at in wcf, need to config it first use wsatConfig.exe ?  
Author Message
lingga





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

Hi all,

I want to create a distributed transaction in wcf (and for further development, a 3rd party web service could be added). That's why I want to use ws-at.

In order to do that, do I have to set the configuration to enable the ws-at using wsatconfig.exe so i could create a distributed transaction in wcf

I've tried this, but at first it generated message that it requires DTC access to be enabled and allow the inbound/outbound in Transaction Manager Communication. I have enabled it. But when I try again to enable WS-AT network support, it always says SSL certificate could not be found. What should I do next

Thank you,

lingga



Visual Studio 200831  
 
 
Andy Milligan





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

lingga,

You do need to use the WsatConfig functionality if you want to enable distributed WS-AtomicTransaction support in WCF and it sounds like you are making progress with that. I suspect that you are either specifying the certificate in the wrong format or selecting an inappropriate certificate.

To make progress, I would recommend that you use the WsatUI MMC property page which is included in the Windows SDK. This provides a dialog driven approach to selecting certificates and this may be less error prone. The UI and installation instructions are described at http://blogs.msdn.com/distilled/archive/2006/05/15/598257.aspx and more formally described at http://windowssdk.msdn.microsoft.com/en-us/library/ms733943(VS.80).aspx. Try selecting your certificate and other settings through that UI and post back with your results.

Note also that if your clients and servers are both using WCF then OleTx can be used as an alternative transaction protocol and this does not require WsatConfig configuration.

Hope this helps,

Andy.



 
 
lingga





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

Hi Andy,

Could I have a step by step How to choose the right certificate
I have installed the UI component, using regasm /codebase WsatUI.dll. It works,and I could access the dialog driven approach. But, in the WS-AT tab, the check box besides "Enable WS-Atomic Transaction network support" is disabled. I couldnt check it to enable the ws-at support.
How to enable the checkbox
Is there any chance to use ws-at without using ssl or is it a mandatory

Thank you in advance,

lingga


 
 
Andy Milligan





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

Before you can select the cert, you do need to get the "Enable WS-Atomic Transaction network support" checkbox enabled. To achieve that, in the MMC, on the MSDTC "Security Configuration" dialog, you must enable "Network DTC Access" and also enable either "Allow Inbound" or "Allow Outbound". Once those are set you should be able to go to the WS-AT tab and "Enable WS-Atomic Transaction network support" and select your cert.

Give that a go.

Andy



 
 
lingga





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

Ok.

I got the checkbox enabled. I've checked it, but when I click "ok". It again returns an error message "SSL could not be found". In Endpoint certificate, I click the "Select" button, but the box is empty. It also happened in "Authorized certificates" option.

From where could I get the certificate Or how to install a certificate
Is ssl certificate a mandatory

Thank you,

lingga


 
 
Andy Milligan





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

An SSL cert is required for WS-AtomicTransaction - there is significant value in requiring that the WS-AT headers are not communicated "in the clear".

You can obtain from certificate authority such as Verisign or perhaps from an authority within your own organization. For testing purposes only, you can use Makecert.exe tool from the Windows SDK (http://msdn2.microsoft.com/en-US/library/bfsktky3.aspx)

However you get your cert, install it into the LocalMachine MY store and then it should appear for selection within the dialog.

Andy.



 
 
lingga





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

I've found the Makecert.exe, and already created one.
How to install it into the Localmachine MY store
I right clicked on the cert, choose install and follow the wizard, but it still didnt appear within the dialog for selection. Should I reboot my computer, or I did it wrong

Regards,

lingga


 
 
Andy Milligan





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

With Makecvert.exe the -ss option allows you to specify the certificate store name for the generated cert and the -sr option allows you to specify the certificate store location i.e. use the following options:

-ss my -sr localmachine

A reboot will not be required.

Andy.



 
 
lingga





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

Thanks a lot, Andy..

It works! I could find the cert in the box now and enable the ws-at support and apply the change. The error message that requires ssl certificate also has gone now. :)

Best Regards,

lingga


 
 
Andy Milligan





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

I am glad we got there and thanks for sticking around and working through it. I will ensure that much of this is included in the final documentation set.

Thanks,

Andy.



 
 
tonytao





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

1. the svc supported transaction must implement message mode or transport mode security

2. if Q1 is yes, The certificate used for svc authenticated is same as the certificates setting in wsatconfig UI

3. I run a svcA on machineA, a svcB on machineB, and a console app on machineA call svcA and svcB, but error "The caller was not authenticated by the service." happens when the console app call svcB. the two wcf services hav'nt any security Infrastructures. I have configure trust between two machines according to SKD help.


 
 
Jesse - MSFT





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

Hi,

1. No, we do not place any (technical) constraints on what type of binding you use for App to App communication. The certificate you configure inside WsatConfig UI is for the MSDTC service itself. When coordinating transactions, MSDTC is what actually does all the two-phase commit management and it is this service which ends up communicating with WebSphere etc.

That said, we STRONGLY recommend that you do secure App to App communication when using transactions -- in any way you see fit; e.g. your app can use HTTPS or message security if you'd like.

2. Based on the above, the certificates are not related -- but they can very well be the same if you want/need.

3. This may best be answered elsewhere. Could you start another topic and describe the binding you use in the console app and the endpoint configurations you expose on svcA and svcB A guess: This may have to do with a wrong <Identity> element specified in your svc .config file.

-Jesse


 
 
tonytao





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

thanks Jesse.

I call two services in a single transaction successfully. But I am not sure whether the transaction complete in the ws-atomic protocol way, maybe is oletx Two services is WCF servcies, and console client is WCF console too. Both two services using wsHttpBinding. When I setting "TransactionFlow" attribute in binding config files, I can't find "TransactionProtocol" attribute, howerver I can find "TransactionProtocol" attribute when I using nettcpbinding.

1. How can I select transaction protocol explicit when I using wsHttpBinding
2. How can I sure the transaction is completed in WS-Atomic way, not OleTx


 
 
SanthaMind





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

Hi,

WsHttpBinding by default supports only wsatomicTransaction which is interoperable with third party protocol.

But netTcpBinding supports both oletransaction and wsatomicTransaction.

If both the client and the srevice is of type WCF you can use oletransaction only....

Hope this owuld have helped...

regards,
Santha


 
 
tonytao





PostPosted: Windows Communication Foundation ("Indigo"), using ws-at in wcf, need to config it first use wsatConfig.exe ? Top

Can I select ws-atomic transaction explicitly for wsHttpBinding