How do I examine the properties of the SSL certificate that was used for an HTTPS operation?
When a caller presents security information to the server, the caller is making a number of claims. Each claim is a piece of information that we want to later associate with the caller. Related claims are then typically bundled into a claim set that presents numerous pieces of information about a particular topic for an entity in the system.
As examples of pieces of information for an SSL certificate, think of things such as the certificate hash, the subject name, or the public key of the certificate. Each of these pieces of information is a claim about an SSL certificate. The set of claims related to a particular certificate form an X509CertificateClaimSet.
When an operation is invoked, the various sets of claims made for the operation are a part of the ServiceSecurityContext. You can access these through ServiceSecurityContext.Current.AuthorizationContext.ClaimSets. If a certificate claim set was presented for the operation, then it will be in this collection and all of the known properties about the certificate will be claims within that claim set.
TechEd 2009 is just a few weeks away now May 11th through 15th in Los Angeles. Here's what's on tap at the conference covering WCF.
SOA201 A First Look at WCF and WF in the Microsoft .NET Framework 4 by Aaron Skonnard
Programs coordinate work. The code for coordination and state management often obscures the purpose of a program. Learn how programming with Windows Workflow Foundation (WF) 4 provides clarity of intent while preserving the functional richness of the .NET Framework. See how easy it is to build workflows with the new Microsoft Visual Studio workflow designer. Learn about text-based authoring options for WF. Hear how WF integrates well with other Microsoft technologies (WCF, WPF, ASP.NET). If you've looked at WF before, come and see the changes to data flow, composition, and new control flow styles. Significant improvements to usability, composability, and performance make Workflow a great fit for a broad range of solutions on both the client and the server.
SOA204 The Microsoft Developer Platform for Building Software-Plus-Services Applications by Burley Kawasaki and Anush Kumar
Are you an IT manager looking for an overview of the key advances in the Microsoft .NET Framework, and how they can help drive significant improvements in code quality and productivity for your development teams? Are you being asked to do more with less resources while the complexity of business solutions you need increases and spans into the cloud? Come to this session to see Microsoft's developer platform in action and understand our roadmap for .NET. Learn about Microsoft's vision for enabling greater productivity and agility, by enabling developers to build their current and future applications on a consistent set of skills, frameworks, and platform capabilities.
SOA206 Every Class As a Service: WCF As the New Microsoft .NET by Juval Lowy
Windows Communication Foundation (WCF) is more than just the next generation platform for building connected systems. In many respects, WCF is the next development platform for Windows applications, providing system features that are presently crafted by hand on top of .NET and Windows. With WCF, every class automatically benefits from security, instrumentation, call timeout, error masking, fault isolation, reliability, remote calls, tracing and logging, calls buffering, synchronization, interoperability, and with little or no change could also benefit from queued calls, transactions management, and various instantiation modes. To maximize the use of these off-the-shelf plumbing aspects you should push the service boundary down into your system, but taken to its ultimate conclusion--should every class be a WCF services? And what about performance? This session starts with discussing the power and productivity of WCF as a 'Better .NET', contrasting WCF used granularly on every class with classic .NET in terms of performance, throughput and scalability, and substantiate the provocative claim that every class can and should be a service.
SOA302 Building RESTful Services Using WCF by Jon Flanders
REST is an architectural style for building services. It has been popular outside of the Microsoft development community for many years, and is quickly becoming the de facto standard inside, as well. Microsoft has enabled this style of services with new programming model and runtime enhancements in Windows Communication Foundation (WCF) 3.5. This programming model enables developers to build Services using a RESTful architecture. In this session we cover the basics of REST, how to build this type of service using WCF 3.5, and about the other features (such as AJAX/JSON, Feeds, and ADO.NET Data Services) that this Web programming model enables.
SOA303 Busy Microsoft .NET Developer's Guide to WCF, SOA, and Success by Ted Neward
Working with Windows Communication Foundation (WCF), particularly when trying to interoperate against technologies that aren't .NET-based (such as the various Java stacks or Ruby), can be a frustrating and mystifying experience. In this presentation, we talk about how to make WCF work successfully, without a lot of hype, clouds, or hand-waving, including how to get WCF to talk to a RESTful endpoint, a SOAP endpoint, and how to test your WCF code to make sure it's sending what you think it should.
SOA309 Load Balancing and Scaling Your WCF Services Today and Tomorrow by Michèle Leroux Bustamante
Windows Communication Foundation (WCF) is a platform for distributed system development and SOA. Large-scale production systems are typically deployed in redundant environments with multiple Web servers, application servers, and database servers. System administrators typically configure appliance or software load balancers to handle distribution of load among each tier-and this requires WCF architects and developers to be aware of the potential implications of their service configurations. This session focuses on the affects of transport and application sessions; overhead related to channel creation and the benefits of shared proxies and multithreading; the implications of shared proxies on load balancing; and appropriate deployment configurations to support this distributed scenario. We also discuss the impact of the forthcoming Microsoft .NET Framework 4 release and the Windows Application Server ("Dublin") on these scenarios to help you plan for future migration.
SOA313 StockTrader Sample Application Case Study: Performance and Java Interop by Gregory Leake
This session focuses on .NET and Windows Communication Foundation (WCF) performance and scalability for services built with Windows Communication Foundation. The session includes information comparing/contrasting the performance of various different WCF bindings/encoding standards and security standards with actual benchmark results. Information on performance trade-offs, tuning for performance and performing your own load tests are covered. In addition, the session discusses interoperability between .NET 3.5-based services and non-Microsoft platforms, both Java Enterprise and OSS-based. Comparative benchmark data are presented and discussed with respect to WCF/business logic vs. equivalent workloads on Java Enterprise. The session also offers an overview for implementing load balancing and failover for WCF services.
SIA312 Introduction to Claims-Based Programming and the Microsoft Code Name "Geneva" Framework by Keith Brown
For years, Windows has supported a rich, built-in authentication and authorization framework. If you can assume clients will have a Windows account, you can rely on Windows integrated authentication to validate client identity, and use impersonation, ACLs, and role-based security to authorize access to resources. But that model only works if all of your users have Active Directory accounts in a trusted domain. It's difficult to turn one of these applications to face the Internet to support remote employees, partners, and so on. This talk introduces you to a new model for identity, which allows you to factor authentication and many authorization decisions out of your applications and into a central identity service. This model makes it much easier to achieve Internet-friendly single sign-on. It also makes it easier for your application to receive richer identity information, and paves the way for identity federation, should you ever need to integrate with another organization or another platform (Java, for example). This talk introduces the Microsoft code name "Geneva" Framework as the new API for building claims-aware applications.
DTL324 Microsoft Visual Studio 2010 Overview for the Business Application Developer by Jay Schmelzer
Visual Studio 2010 includes a number of exciting advancements for all developers building on the Microsoft platform(s). In this demo-focused session we focus on the advancements specifically targeted at developers building line-of-business applications targeting the Windows, Web, and Microsoft Office system platforms. We take a practical look at the tools for working with data via the ADO.NET Entity Framework, ADO.NET Data Services and Windows Communication Foundation, creating desktop applications using Windows Presentation Foundation, Web applications using Microsoft ASP.NET, the ASP.NET Dynamic Data Controls and Microsoft Silverlight and Office Business Applications that include Office client customizations in Excel, Word, and Outlook and SharePoint Server applications all from within Microsoft Visual Studio. If you build business applications this is the session for you.
OFC307 Integrating WPF and WCF into Your Office Business Applications by Tim Huckaby
This session highlights many of the ways that the Windows Presentation Foundation (WPF) and the Windows Communications Foundation (WCF) can be leveraged in Office applications built with Visual Studio Tools for the Office System (VSTO). Visual Studio 2008 introduced an array of new features aimed at a wide range of Office solution types. With Visual Studio 2008, you can build solutions that incorporate the native capabilities of the Office client applications (like Outlook) combined with the sophisticated UI capabilities of WPF that's connected to remote data and services via WCF and use the RAD features of LINQ to manipulate that data. These new technologies provide opportunities for building powerful solutions with functionality that was previously difficult or impossible to achieve. Now that Office has evolved into a true development platform, office-based solutions are becoming increasingly sophisticated, less document-focused, and more loosely coupled. This session shows you how easy it is to build robust solutions that leverage the latest technologies.
OFC327 Developing and Consuming Services for Microsoft SharePoint by Steve Fox
We are increasingly living in a services-oriented world, and increasingly developers are wanting to integrate services of all kinds with SharePoint. This session provides an overview of how you can build and deploy custom services with SharePoint, specifically focusing on the development of ASP.NET and Windows Communication Foundation services for SharePoint and the consumption of these services from client applications including Microsoft Silverlight controls.
A while back I mentioned Shawn Wildermuth's series on building domain specific languages using the Oslo modeling tools and now the remaining two parts of that series are available. The second and third parts of the series cover creating a textual domain specific language, including defining its grammar, and consuming the domain specific language from an application. Here's the complete article series for this tutorial.
Textual Domain Specific Languages for Developers, Part 1
Textual Domain Specific Languages for Developers, Part 2
Textual Domain Specific Languages for Developers, Part 3
When using a typed contract with URI templates, how do I catch any type conversion errors?
The WebGet and WebInvoke attributes allow you to specify a URI template that maps components of the request address to operation parameters. For example, the URI template "weather/{state}/{city}" maps the request address into literal tokens, a parameter named state, and a parameter named city. These parameters might then be bound by name to some of the formal parameters of the operation.
The template parameters appear in the form of strings within the URI while the formal parameters of a typed contract might be of non-string types. Therefore, a conversion needs to take place before the operation can be invoked. A table of conversion formats is available if you're curious about the supported types of conversions. However, if the conversion fails, then there's no way to let the operation know that something has gone wrong. The type conversion instead surfaces in the form of a dispatch failure.
You can inspect a type conversion dispatch failure the same as with many other types of dispatch failures by installing an error handler. The IErrorHandler extensibility point is called to handle service-level exceptions. From there you can choose the response that you'd like to have sent back to the caller as well as perform any custom tasks and reporting that you'd like.
How do I decide what parts of my service to specify in code? Should I support changing all of the settings in configuration?
The split between code and configuration comes from a difference in roles and responsibility for a service. If your job is to both write and take care of a service, then these different roles are probably not important to you. However, if there is a division of responsibility between multiple people, then these roles may become more important for deciding the right way to build the service.
Although there are many types of roles, two commonly talked about roles are the developer and the administrator. The developers are the ones responsible for assembling the logic of the service to create a program. That logic may come from other sources, such as domain experts or business analysts (more examples of roles), but the developers are responsible for performing the actual coding tasks. In contrast, the administrators are the ones responsible for deploying the service and keeping the service operational. There are also many examples of roles that fall within these categories of developer and administrator but I'll use those terms very broadly for this explanation.
A way to think about the difference between code and configuration is that things specified in code define the function or behavior of the service while things specified in configuration define the environment or operational characteristics of the service. A developer controls the function while an administrator controls the environment.
For example, you would generally specify in code, part of the program definition, whether two actions are transactionally associated because the coordination between actions is part of the functional semantics of the service. On the other hand, you would generally specify in configuration, part of the operational definition, a quota for how many copies of an action are allowed to run because the quota defines a capacity for the system rather than the function of the system.
As another way of thinking about this, if you were to install the service in a different environment, on another machine for instance, the capacity of the system may change while the function of the system does not. Therefore, you want these environmentally influenced factors to be controlled by an administrator while the factors that are not environmentally influenced to be controlled by a developer.
I noticed recently that videos and slides were available for the presentations at the 2009 SOA Business Process Conference held here at Microsoft in the end of January.
Here's a few of the presentations that you might be interested in.
.NET Fx, BizTalk, "Dublin", "Oslo", and .NET Services: Bucket of Bits or SOA Portfolio? by Kris Horrocks
Building Workflow Driven Services with .NET Today and Tomorrow by Jon Flanders
Designing Services for Management & Scale with "Dublin" by Stephen Thomas and Kent Brown
WCF 3.5 SP1: Implementing RESTful Services With Windows Communication Foundation 3.5 SP1 - Concepts and Introduction by Ron Jacobs
One Service Multiple Faces: Supporting WS-*, REST, and POX Simultaneously with WCF and Service Virtualization by William Oellerman and Raul Camacho
What message encoding do I get if I don't include one in the binding?
A message encoding binding element is required for any binding that uses an encoding-aware transport. However, it turns out that most transport binding elements include a default message encoding if you don't specify one explicitly. The default message encoding isn't standardized as you aren't supposed to try to build a binding without one if the transport requires it.
All of these construct the default message encoding as if you instantiated the message encoding binding element with no additional settings.
MSDN has been down quite a lot lately which prevented an article from being posted today. In the meantime you can enjoy the archives until site stability improves enough for the auto poster to run again.
How is the current ServiceSecurityContext determined?
If you access the ServiceSecurityContext through its static Current member, there are four things that need to be true to get a valid ServiceSecurityContext.
Some of these are not going to be available early on during message processing, such as the OperationContext, and some of these are going to start disappearing as you follow along cleanup and recovery paths, such as the Message instance during error handling.
Once things start disappearing, you're out of luck unless you've gone to the trouble of preserving a copy of the information you need. For example, you might save the Message instance or particular message properties prior to entering error handling so that you have access to that information later on.
On the reverse side, when things are still early on, you generally do have access to the Message instance and the included MessageSecurityProperty, so you can fish things out manually as needed. However, depending on where you are during processing, you may be grabbing information prematurely and see the security context before the actual context that the service will be provided is available.
It's often useful when analyzing a failure to create a carefully controlled environment that reproduces the issue reliably. Using a controlled environment allows you to test hypotheses about the issue while eliminating some of the effects of random chance from the observations that you're making. Capturing an HTTP session for replay is one way to construct a controlled environment in which you can experiment with HTTP responses.
You can make an HTTP session capture in a variety of ways.
You can then replay the HTTP session capture at a later time using HTTPReplay.
Depending on the data available in the log you might construct various experiments using the captured responses. For example, STrace captures timing data for sending the response, which can be used to explore issues related to race conditions. As another example, HTTPReplay allows response files to be extracted from the log and modified to try sending back altered versions of the originally captured session.
Two early release previews received new updates this week.
Velocity is a highly scalable application cache that reduces the number of data lookups in a distributed system. Cache management is provided to make building caches into these types of applications easier. This week's update brings Velocity to a third release. A readme and documentation are available at the same location as the download.
MEF is an extensibility framework for building applications that use interchangeable components. This week's update brings MEF to a fifth release, with the amount of changes here smaller than in some of the previous ones. You can get a list of changes for the release in the release notes.
Yesterday marked the 40th anniversary of RFC 1 published by Steve Crocker at UCLA and covering host software for processing messages. The contents are forgettable but signify the start of an initiative that has broadly impacted how network standards are shared.
Here's a look at some other historical anniversaries during this year that I think are interesting. You'll see an article covering one of these from time to time over the next few months.
25 Years
20 Years
15 Years
10 Years
This time covers some of the new features in the WCF portion of Silverlight 3. You can get more details about everything here on the Silverlight Web Services blog.
Tim Sneath did a roundup of new features in Silverlight 3 recently but I'll instead point you at Paul Stubbs who is putting together some annotations and walkthroughs showing how the features are actually used. Here's an overview of the general feature set for Silverlight developers.
Next time I'll talk a bit about the feature set of the WCF portion of Silverlight 3.
How do I control the order in which members of the data contract are serialized?
The DataMember attribute has a property called Order that influences the order in which the different members are serialized. Let's call the value of the Order property the data member's order and try to define what the overall ordering looks like. Here are the rules of that ordering.
The data members of a particular type are serialized in increasing order. A data member without a value set for the Order property has an order that is less than the order of any data member with a value set for the Order property. If two or more data members have the same order, then they are ordered according to an ordinal comparison of the names of the data members.
Now, the ordering of data members for a type hierarchy is that data members for a less derived type are ordered before data members for a more derived type.
Therefore, the overall order looks like this.