Implementing WS-Security in SOAP, for a C++ Dll called by IIS

I know the title is a mouthful, but the task was as complicated. My task was to do SOAP calls using WS-Security. For those who do not know, this means encrypting the SOAP request with the X.509 certificate. It was quite a task, and I'm sad that C++ failed me in this.

I have tried using C/C++ for implementing WS-Security, and failed. The only useful library in C++ is Gsoap, which works well for SOAP without WS-Security. It has a WS-Security plugin, which I tried using. But it was very difficult to use, there were build problems (I was working in VS2005, on Windows XP) and warnings that I had to get rid off, no good examples, support or forums (since hardly anyone was implementing WS-Security), and no transperency on how openssl was reading the certificates, etc.

The other way was using the deprecated MS SOAP Toolkit, but it is never a good idea to use deprecated tools for new technologies.

At last I tried to implement it using C#. To interface with C++, I could have created a Dll and called it as a COM object in c++, or just implemented a web service. I eventually got both done, but the decision was taken to implement the COM dll.

Implementing in C# wasn't without its own share of configuration problems:

• The Dll has to be installed in the Global Assembly Cache (GAC) using gacutil.exe. The Dll also has to be registered using regasm.exe.
• You need to install the X509 certificate. Otherwise you will get a ‘Class not registered’, even though the Dll has been registered and is in the GAC.
  
• Since this is a Dll run by IIS, no configuration file like app.config or web.config can be read by it. This is because IIS will not know where to find the file, or might not have permissions to the directory. The configuration needs to be hard coded.
• IIS needs to read your whole X509 certificate. Without that, IIS can only read the public key, and you will get the message “Object contains only the public half of a key pair. A private key must also be provided.” You need to set the user permissions on the private key by running WseCertificate3.exe. Run WseCertificate3.exe, open the certificate and give permission to the IIS process owner, usually the machine.
  
• The C# compiler (csc.exe) needs access to the C:\Windows\temp directory.
• Do you have custom headers? In that case hard code the configuration files app.config, web.config, etc into your code. In case the configuration is meant to add headers to your web references, make sure to edit the Reference.cs files created by web references to add this information.
  

Hope this helps those who are going down this path.....