Capturing and viewing WCF SOAP messages

When using WCF it is sometimes required to examine the incoming and outgoing SOAP messages. You can do this by modifying your WCF configuration file, then viewing the messages using a utility installed alongside Visual Studio.

The easiest way configure your configuration file is to use the Visual Studio menu,
Tools | WCF Service Configuration Editor. Use the utility to open up your WCF configuration file (the place where all your WCF endpoints are defined). Next, access the Diagnostics section to enable logging for incoming and outgoing SOAP messages (Message Logging in the tree view). There are various options in the right pane of the display. If you want to see the entire SOAP messages, be sure to enable the LogEntireMessage option in the Message Logging section (it took me a while to figure out this one).

Perform a File | Save and now your WCF configuration should be ready to go. When you run your WCF application, a new xxxx.svclog file will be created in the root directory of your Visual Studio project (you can change this via the WCF configuration file).

To view the message log file, use the SvcTraceViewer.exe program from Microsoft. It’s normally located in \Program Files\Microsoft SDKs\Windows\v6.0A\Bin. Use the File | Open to find the xxxx.svclog file. There are several different ways to view your data. I like the "Messages" view the best.

When you are done with your diagnostics, you can use the WCF Service Configuration Editor to disable logging.

PowerShell to encrypt / decrypt app.config sections

Here is a PS script called AppConfigCrypto.ps1 that allows you to encrypt and decrypt sections of an appConfig. Be aware that once a config is encrypted, you can't just copy it from machine to machine since the encryption is done via the default machine key. You should be able to get around this by importing your own keys and modifying the script below. If you don't import a user specified key, then you will have to encrypt on the machine where the application will execute.

Here's the PS script:

param(
[string]$sectionName,
[string]$exePath="app.config",
[switch]$encrypt,
[switch]$decrypt)

function CallExit($msg)
{
$msg
Usage
exit
}

function OKExit($msg)
{
$msg
exit
}

function Usage
{
"Usage: ./AppConfigCrypto.ps1 sectionName exePath [-encrypt | -decrypt]"
}

# check params
if ($sectionName.Trim().Length -eq 0) { CallExit("%You must pass a section name (e.g. appSettings, ConnectionStrings)") }
if ($encrypt -eq $false -and $decrypt -eq $false) { CallExit("%Must specify -encrypt or -decrypt") }
if ($encrypt -ne $false -and $decrypt -ne $false) { CallExit("%Must specify either -encrypt or -decrypt") }

# load the config
$config = [System.Configuration.ConfigurationManager]::OpenExeConfiguration((Resolve-Path $exePath))

# make sure section exists and is readable
$section = $config.GetSection($sectionName)
if ($null -eq $section) { CallExit("%$sectionName section not found") }
if ($section.IsReadOnly()) { CallExit("%$sectionName is read-only") }

if ($encrypt)
{
if ($section.SectionInformation.IsProtected -eq $true) { OKExit("%Section already encrypted") }
"Encrypting $sectionName . . ."
$section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider")
}
elseif ($decrypt)
{
if ($section.SectionInformation.IsProtected -eq $false) { OKExit("%Section already decrypted") }
"Decrypting $sectionName . . ."
$section.SectionInformation.UnprotectSection()
}

# save section
$section.SectionInformation.ForceSave = $true
$config.Save()