During my talk at the Alabama Code Camp, I demonstrated how you can host a soap web service in a WinForms application (or a Windows Service, etc.). However, my solution required the use of SOAP over TCP, which does make it less interoperable.
Angel Machin has a post that would allow any .NET application to host HTTP web services (using Web Services Enhancements). I have not tried this myself, but I got the link from William Stacey's blog.
William Stacey himself hasn't been idle either lately. He posted an improved custom solution to create a security context token on Channel 9. His first solution can be found on his blog and as a complete sample in my Alabama Code Camp downloads (Demo 2). I will probably change an implementation of web services I was working on to this SRP implementation. It is standards-based (which makes long-term maintenance, including maintenance by others) easier and promotes better security because the protocol has seen extensive reviews by the security community.
The Alabama Code Camp last Saturday was, from my perspective, a success. I thought that attendance was high and the quality of the sessions I attended good to very high. Thanks to the sponsors for enabling this (including a "free lunch").
The only side of the event I liked less was the venue. Computer classrooms are not the best places to sit and watch demonstrations. Also, the building is a complete maze and there are no pointers whatsoever to help you find a particular room number.
I believe people who came to my presentation were satisfied. Unfortunately, one hour was not nearly enough to show what I really wanted to show. My slides and the code for WSE 2.0 have been posted. I am working on an issue with one of the demos in WSE 3.0, but expect those files to be posted soon. I need to mention that the idea for Demo 2 in my presentation was obtained from William Stacey's blog.
Security Gaffe
One thing that is nearly as funny as this, is a poster I noticed at the Virginia College, Palisades II campus (where the Code Camp was held). The poster was meant to inform their students of the availability of a virtual library. As such, it was posted at the main entrance. Unfortunately, the poster included not only the URL to the virtual library, but also the password...
I wonder why they even bother to have a password then? (Note that I didn't actually try this out, and it's possible that the virtual library is only accessible through their student portal site, which probably requires a separate logon. Still, it makes no sense to have a secondary password then.)