WSE2 ships with some excellent sample code. However, the steps needed to get the right X509 Certificates in the right stores are not immediately clear from the docs. Here’s what I had to do to get the Secure Conversation sample working.

Note: the certificates mentioned are in the <%WseInstallDir%>\Samples\Sample Test Certificiates folder 

1)      Install the “Server Private.pfx” key in the LocalComputer\Personal Store

2)      Install the “Server Public.cer” key in the CurrentUser\Other People Store

3)      Grant the ASP.NET worker process “read” access to the server certificate in the LocalComputer store.

The last step can be accomplished with the X509 Certificate tool by pointing the tool at the LocalComputer\Personal store, selecting the WSE2QuickStartServerCertificate, and selecting “Open Private Key Properties”. 

On my first attempt, I had permissions set incorrectly, which caused a fault whose messages was “<RequestSecurityToken> has one or more invalid child elements”. Not the most helpful thing in the world, but WSE is helping security here by returning intentionally obscure messages back to the client. I found a more detailed error message in the Event Log, which helped me diagnose the permissions issue and get the samples working.