I have created a web service which has a couple of methods developed using .net 3.5. The clients who will access the web service will be using .net 3.0. I have been asked to make this web service ‘secure’ and having looked on the net have seen a number of options.
First one is to use WCF with .net 3.5 for the service. If I develop the service using .net 3.5 Will I need to develop the client using 3.5 also?
Secondly I could look at using WSE 3.0 and implement the security that way. However having looked on the .net I have read that there are some issues in using WSE 3 with visual studio 2008.
Any other suggestions would be greatly appreciated. I would like to secure the web service hence the use of WCF or WSE 3.0.
The WCF framework is part of .NET 3.0 and not .NET 3.5, so you don’t need .NET 3.5 in the clients.
Also with WCF you can provide services that are based on the web services standards. These services can be used even with the ‘old’ web service clients, or other platforms, like Java.
The credential based WCF message security is fulfilling the WS-Security 1.1 standard, which can also be used with a WSE client.
I would definitely go for the WCF solution and not the WSE. I see WCF as a direct successor of WSE, which is not imporved further by Microsoft (even the WSE home link is broken from the WSE 3.0 download page).
As Alex mentioned, connecting to non-MS platform, despite the standards, might be challenging. A proof of concept is definitely neccessary in these scenarios.