Kevin W. Hammond

Complex Types Serialized to the Wrong Namespace by WCF

Have you recently tried to migrate an existing ASMX Web service to Windows Communication Foundation, and discovered that the complex types you've so lovingly hand-crafted for the XmlSerializer don't work the way you expect? Are you having to resort to MessageContracts to obtain the serilization behavior your desire?

I recently wrote a lengthy post over on my blog that outlines a namespace problem when WCF serializes complex types that live in a different XML namespace than the Web service itself and a work-around provided by Dino Chiesa.

Expression Web and Expression Blend to be available to MSDN Premium subscribers!

I just provided some behind-the-scenes commentary over on my blog regarding Somasegar's announcement that we are making Expression Web and Expression Blend available to anyone with an MSDN Premium Subscription.

My Recommendations for the Ultimate Developer Rig

Interested in what I would focus on if I were building the Ultimate Developer Rig? Well, I just posted some commentary to my blog regarding my recommendations for the Ultimate Developer Rig as being built by Scott Hanselman.

Do as I say, not as I do - use UniqueID, not PPID

If you've watched my screencast on How to use Windows CardSpace with ASP.NET Forms Authenticaiton, then be sure to check out the latest update on my blog, Do as I say, not as I do - use UniqueID, not PPID, for an important security update.

The Secret of Successful Telemarketing

Take a lesson from Game Stop. Their automated system called me today and left a voice mail. It got my attention right off the bat with, "Attention Halo fans!" Every other automated telemarketing pitch I've ever received on my cell phone was immediately deleted or promptly hung up on.

But here was one that knew exactly what my gaming passion was and followed up with exactly the information I needed to make a purchasing decision right there. Right then.

"Pre-order your copy of Halo 3 today ... just announced ... available in 3 versions. Regular! Collectors!! And Legendary!!!"

Sign me up for Halo 3 Legendary Edition with Halo Spartan Mjolnir Mark VI Helmet right now! I don't even know where I'm going to put that thing. It's huge.

Why was this effective? Game Stop understands my customer profile. They've paid attention to my buying habits. They delivered a marketing message that was tuned exactly to what I needed to hear to make a decision.

I stopped in at my local Game Stop tonight (which, conveniently enough is in the same parking lot as Home Depot, so I was able to mask my trip to "the dealer" under the guise of needing pluming supplies to fix a leaky bathroom sink. Heck, I even took the kids with me. Bonus points for giving my wife a break!)

I was charged only a modest fee for my pre-order. Seemed reasonable enough. Then I had the sense to ask how much, exactly, is the Legendary Edition. "$100 bucks," the cute girl behind the counter informed me. Did I even flinch? Nope. Heck, we even traded XBOX Live gamer tags.

Kudos to Game Stop for running an effective telemarketing campaign that got me to buy not one but two high-end game packages from them. I also pre-ordered Gears of War which is available next Tuesday. Go buy it and look for me online. My gamertag is kevinha.

Got a successful telemarketing story? Share it with me here.

Casa dé Hambone makes an apperance on HanselMinutes

In this week’s edition of HanselMinutes on identity, Scott Hanselman and Carl Franklin chat about information cards and Windows CardSpace. Scott gives me mention for the work I did to enable information cards and Windows CardSpace on www.casadehambone.com.

There's some great content about how information cards can (and I believe will) change the way we manage identity overall. Go check it out.

Early SVN patch of DasBlog 1.9.6264 with information card support available

Rather than wait for perfection, I'm making available an SVN patch of my work-to-date for information card support in DasBlog 1.9.6264. You can get it here from the Casa dé Hambone Download Center.

Due to the dependence in my current build on Microsoft.IdentityModel.TokenProcessor, you will require .NET Framework 3.0 and Visual Studio 2005 with the Visual Studio 2005 Web Application Projects add-on installed in order to open and build the project after applying the patch. Furthermore, you must run this instance of DasBlog as an ASP.NET 2.0 application.

A version of Microsoft.IdentityModel.TokenProcessor that works with .NET Framework 1.1 is forthcoming. As my implementation of information card support in this patch is provider driven, a .NET Framework 1.1-compatible TokenProcessor can be dropped in and the project returned to Visual Studio 2003 and ASP.NET 1.1.

Information card sign in without validation

I'm testing out a slightly modified information card login process on Casa dé Hambone.

Previously, I validated your email address in your self-issued card. An email was sent to your email address asking you to click a link to activate your account.

Currently, I'll take whatever claims you provide in your self-issued card and sign you on directly with no need to perform email address validation and no account created for you. In short, your information card acts as form fill mechanism for comments.

What do you think of this model?

Streamlining my Information Card login process

I spent a little more time this afternoon polishing the info card login process on Casa dé Hambone. Let me know what you think.

I really liked how sxcore and sandbox.netfx3.com are handling their info card login. Sxcore specifically has a nice way of using a GET to kick off the process which eliminates the need to have a separate form element on the web page for the information card activator.

In addition to cleaning up the code, I

• Eliminated the "This page contains both secure and nonsecure items" warning by having Login.aspx fire off a GET to a handler that is 100% secure
• Activate the CardSpace UI from a separate dedicated handler page; the result is no CardSpace UI popping up if you attempt to anything else from the login page other than sign in with an info card
• Properly handle cases where you cancel submission of your info card and/or your browser does not have support for information cards
• Implemented a unique identifier for the click back handler that verifies your email address
• Automatically approve comments from information card users, even if comment moderation is enabled
• Turned off caching of the start page to accurately display the logged in state of normal users

What started as a simple project to Windows CardSpace-enable the DasBlog admin account has yielded a ton of key learning and design that you'll have to consider when adding support to your own site for information cards. The technology itself is cake ... the devil is in the details. Fortunately, I captured all of those details and decision points along the way and will be starting a series of blog posts on each one soon.

Do you want authenticated comments in DasBlog?

DasBlog 1.9.6264.0. Authenticated comments. Windows CardSpace. Working. Try it out right now by signing in with your information card and then leaving a comment on this post. Inclusion of your web page claim is optional; include during the initial card selection if you want your web page linked to your name when leaving a comment. Let me know what you think.

Say goodbye to laptops? I don't think so.

Has this guy ever sat inside a high rise office building or even the basement of a Midwestern home and struggled to get a reliable cellular signal? In his article about how once again the browser will make Windows irrelevant, he sings the joys of living with an Internet-connected mobile device:

Things will get more exciting for entrepreneurs when we all start walking around with new Internet-ready portable devices such as the Nokia 770 Internet tablet or smartphones such as the Motorola Q and Nokia E61.

These pocket-size monsters with keyboards, luscious displays, and brisk 3G connections will soon replace laptops. All they need are browsers that can access Web-based software as easily as your desktop can. (I already use a Nokia E61 to help manage my website and write short blog posts from within the phone's browser. Soon I'll be able to run the whole site from my phone's browser.)

Pocket-size monsters? Luscious displays and brisk 3G connections replacing laptops? Please. Have you looked at the trend lately in flat panel monitors, HD televisions and laptop computers? Bigger. Wider. Not some 800x600 web-only display that requires a stylus for input. And brisk 3G connections? Surely you must mean the brisk 3G connection that is always reachable and never (ever) manages to crap out right about the time you either really need it or want to demonstrate your cool new Internet-ready portable device to your friend.

When I'm working with an office productivity app... excuse me. When I'm working with 2007 Microsoft Office, I don't want to worry if Ctrl+S is really going to work or not because my "brisk 3G [Internet] connection" may or may not be available. I don't plan on reducing the speed in which I type to fit that of a stylus or T9 text input. I don't plan on growing smaller thumbs to tap out brief messages on the keyboard of some device that makes my Dockers look I'm trying to impress the ladies.

The dream is there. I'm sure we'll reach it some day, likely even within my lifetime. But laptops are not going away any time soon. Speaking of which, I need to get busy on that order of Dell Latitude D820's ...

Casa dé Hambone is Windows CardSpace-enabled!

Taking inspiration from Kim Cameron and how he CardSpace-enabled WordPress, I did the same with DasBlog 1.9.6264.0. casadehambone.com now supports logging into the administrative account using Windows CardSpace allowing me to throw the use of passwords to the wind!

The great thing is that it only took minor changes to three source files and the introduction of one new configuration option each to site.config and siteSecurity.config. I have a little more work before me to make configuration just a tad easier, but the great thing is that this works really well.

I owe special thanks to Clemens Vasters who suggested this morning that the proper "hack" to get this working was to build DasBlog with Visual Studio 2005 and the Visual Studio 2005 Web Application Project add-on. DasBlog built out-of-the-box without issue, making the integration of TokenProcessor.cs to decrypt the SAML token a piece of cake.

If you haven't looked at Windows CardSpace yet, head on over to cardspace.netfx3.com and start reading. Now that Windows Internet Explorer 7.0 is released and Release Candidate 1 of .NET Framework 3.0 is available, you'll find the mainstream barriers to adoption are quickly eroding.

How to grant ASP.NET access to certificate private keys on Windows Vista

One of the more painful processes on Windows XP and Windows Server 2003 is granting read permission to the private keys of a certificate. It typically requires a few trips to your favorite search engine, msdn.microsoft.com and running winhttpcertcfg.exe.

In Windows Vista, the Certificate MMC snap-in has a new feature that enables you to directly manage the permissions of private keys associated with a given certificate.

Assuming you already have your certificate installed in the Local Machine store, fire up mmc.exe, add the Certificates snap-in to the console and choose Computer account on the Local computer. Expand Certificates | Personal | Certificates and locate the certificate to whom's private keys you'd like to grant read permissions. Right-click on the certificate, choose All Tasks | Manage Private Keys ... and you'll be starting at a standard Windows ACL editor. No muss. No fuss. Nice 'n clean the way it should have been from the beginning. If you're using a stock ASP.NET 2.0 configuration, you'll want to grant NETWORK SERVICE read rights. If you're running your application pool under another identity or performing impersonation, you'll need to adapt accordingly. In either case, this is far easier than the old hunt 'n peck method.

Firefox 2 outperforms IE7 because Firefox doesn't do "the right thing"

As I mentioned here, Scoble points out that IE7 renders TechMeme slower than Firefox 2. A true statement. Another true statement is that Firefox isn't respecting the <META HTTP-EQUIV="Expires" CONTENT="now"> tag. Furthermore, Firefox doesn't respect its own "Always clear my private data when I close Firefox" option. And this, my friends, is the heart of the performance difference in this test.

So let's we peel the onion just a bit, shall we? Fire up Fiddler, configure both browsers to use it as their proxy and rerun the TechMeme test. You'll see that Firefox makes only a few requests for page content whereas IE7 requests the entire page. The result is that Firefox makes that page pop because it is pulling its page content from cache. If you select Tools | Clear Private Data... in Firefox, shut it down and run the test again, you'll find that the experience is identical to that in IE7. IE7 is doing the right thing. Firefox isn't.

I did some more digging and played around with Firefox's "Always clear my private data when I close Firefox" option. After enabling it and exiting Firefox, I relaunched it for for TechMeme home page again and was surprised to find that it was still pulling data from cache ... despite having been set to erase Browsing History, Download History, Saved From Information, Cache and Authenticated sessions when closing Firefox! Note this is distinctly different behavior from choosing Tools | Clear Private Data...

[Edit: Firefox does respect the "Always clear my private data when I close Firefox" when the last instance of Firefox exits rather than for closing each window.]

IE7 vs. Firefox 2 - is IE7 not loading images from cache?

Scoble knocks IE7's performance compared to Firefox 2 and I had to see it to believe it. Given I've been living in IE7 for months - and more recently with IE7 on Windows Vista - I've never given performance a thought, which tells me either that performance has been fine or I'm simply ignorant. Likely a little of both. But I wonder, does it really matter?

Even so, I tried Robert's test (and that meant actually downloading Firefox) by setting the home pages for both browsers to http://www.techmeme.com and sure enough, there's a noticeable difference in overall rendering speed. Firefox's rendering makes the page just "pop" whereas IE7 spends some visible time tweaking the page as it downloads. It's almost as if IE7 is not grabbing the image files from cache.

In fact, I tried the same test with sandbox.netfx3.com and see the same rendering behavior by both browsers on the first visit. But on subsequent visits, Firefox again makes the page "pop" where as IE7 appears to be downloading the content.

As for his beef about AJAX performance, on my 64-bit Windows Vista RC2 machine, I do not see any difference in the experience between IE7 and Firefox like he describes using Google Maps.