Today on endpoint.tv – Windows Server AppFabric in action

Before PDC I went to the Channel 9 studio and recorded an episode of endpoint.tv with Ian and Adam two of the program managers on the AppFabric team.  At the time we were still using the code name “Dublin” because we didn’t know for sure what the official name would be.  I had some trouble getting the video uploaded to the site but it is finally there today.

Be sure to check it out here.

WCF Security Spike – Day 2

We learn what he have to learn.

Does that surprise anyone?  Some people have reacted with shock when I said that I don’t know WCF Security very well.  Others said that I was implying that evangelists are somehow inferior to their colleagues on the product teams.  Of course there are people with varying skills in different roles as a part of any organization.  Technical Evangelists must have deep technical skills just like any other developer.  However, the truth remains that when faced with an overwhelming amount of new technology every day we make choices and learn what we have to learn.

There are a few people who have taken the time to decipher WCF security.  To this point, I have not been one of them because I have not had to learn it.  The evangelist in me wants to focus on new product features and in the area of security there is nothing new in WCF.  Yet because many customers are struggling with it, I felt that it was time… I must take on the beast so here we go for day 2.  I’m writing these notes as I go so who knows what we will find.

Service Principal Name

Jesse mentioned to me that I needed to use setspn.exe to create a service principal name.  I immediately went to Bing :-) and searched for WCF setspn which lead me to the WCF Security Guidance wiki page on the application scenario Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)

This article discusses using setspn when hosting the WCF service in an ASP.NET app pool running under a custom domain account.  In my case the app pool is running under Network Service so I wasn’t sure if I needed it or not but I decided to give it a go so I ran the command

C:\>setspn -A http/rojacobs-vid rojacobs-vid
Registering ServicePrincipalNames for CN=ROJACOBS-VID,OU=Workstations,OU=Machines,DC=redmond,DC=corp,DC=microsoft,DC=com
        http/rojacobs-vid
Updated object

Test It

I’ve created a local group on my machine called “ServiceUsers”.  The plan is to add accounts to the “ServiceUsers” group and then use IsInRole to determine if the user is a member of the group.

The test will be to simply invoke the service with the WCF Test Client using two different accounts.  One test will run it under my domain account REDMOND\rojacobs and the other will run it under a local admin account ROJACOBS-VID\Ron.  Both of these accounts are members of ServiceUsers.

Here is the code for testing the user accounts.  For now I’m commenting out the PrincipalPermission attribute

//[PrincipalPermission(SecurityAction.Demand, Role = "BUILTIN\\Administrators")]
public string AdminOperation()
{
    return string.Format("IsInRole(\"ServiceUsers\")={0}",
        Thread.CurrentPrincipal.IsInRole("ServiceUsers"));
}

Test #1 – using domain account

I launch the WCF Test Client and add a service reference to my service by giving it the address of my service.

After clicking Invoke I see that it works returning the following

<s:Body u:Id="_0">
   <AdminOperationResponse xmlns="http://tempuri.org/">
     <AdminOperationResult>IsInRole("ServiceUsers")=True</AdminOperationResult>
   </AdminOperationResponse>
 </s:Body>

This didn’t work yesterday so I think it was the setspn trick that fixed it.  Just to be sure I delete the spn and try it again

C:\>setspn -d http/rojacobs-vid rojacobs-vid
Unregistering ServicePrincipalNames for CN=ROJACOBS-VID,OU=Workstations,OU=Machines,DC=redmond,DC=corp,DC=microsoft,DC=com
        http/rojacobs-vid
Updated object

Well guess what – it still worked.  Strange, I’m sure this didn’t work yesterday…  Perhaps the reboot overnight did it?  Maybe the effects of setspn are still lingering in the worker process? 

Just to be sure, I do an iisreset command

C:\>iisreset

Attempting stop...
Internet services successfully stopped
Attempting start...
Internet services successfully restarted

Now to test it again… still works. 

Test #2 – using local admin account

Yesterday no matter what I did, the local admin account would never return true for IsInRole.  Wonder what will happen today?

<s:Body u:Id="_0">
  <AdminOperationResponse xmlns="http://tempuri.org/">
    <AdminOperationResult>IsInRole("ServiceUsers")=True</AdminOperationResult>
  </AdminOperationResponse>
</s:Body>

Doh! I can’t believe it… 

Test #3 – using PrincipalPermission

Now I’m going to put PrincipalPermission back and try to get it to allow only users in the ServiceUsers group.

[PrincipalPermission(SecurityAction.Demand, Role = "ServiceUsers")]
public string AdminOperation()
{
    return string.Format("IsInRole(\"ServiceUsers\")={0}",
        Thread.CurrentPrincipal.IsInRole("ServiceUsers"));
}

I test it from both WCF Test Clients (one under REDMOND\rojacobs and the other running as ROJACOBS-VID\Ron) they both succeed. 

Now I test it from a third local account (ROJACOBS-VID\Andrew) which is not a member of ServiceUsers – this one should fail.

Yes! Success – it fails.

I’m still not sure about this – with things not working yesterday, then working today.  I think I need to reboot and run all the tests again just to be sure.

Test #4 – After Reboot

WCF Test client on the same machine running under domain account works

WCF Test client on the same machine running under local admin account works

Test #5 – Multiple Machines

Ok great, but I wonder will this work across machines? 

In order to test this using HTTP I need to enable the firewall rule World Wide Web Services (HTTP Traffic-In)

Once I enabled all the machines in my home office to see each other (by turning on Network Discovery) I could browse to the service and see the WSDL but then I ran into a problem.

The WSDL used the full name of my machine rojacobs-vid.redmond.corp.microsoft.com in the URIs.  My other machines in my home office could not resolve this address so the WCF Test Client failed.

Strange that I can navigate to http://rojacobs-vid but not http://rojacobs-vid.redmond.corp.microsoft.com

This is probably an issue because I’m testing this in my home office.  If I had all these machines physically plugged into the corporate network (rather than via DirectAccess) it might work.

Day 2 Spike Summary

What have we learned so far?

• The easy way to restrict access by roles is with Windows Groups with PrincipalPermission demands
• You can do the PrincipalPermission demand with an attribute or in code
• You can use a local machine groups
• You do have to use a binding that supports this Intranet scenario (wsHttpBinding or netTcpBinding.  basicHttpBinding wont’ work)
• You must enable the firewall ports for inbound and outbound traffic when testing
• Sometimes things just don’t work until you go home for the day and try again the next day :-)

What have we not figured out?

• How to test from another machine using the WCF Test Client when it cannot access the machine using the full DNS name (for some strange reason)
• or how to generate WSDL that does not use the full DNS name of the machine in the URI

Some other things to investigate

• What about Windows Identity Foundation?  Does this make it easier or harder?  Is it appropriate for this scenario?

Next Steps

• Review Windows Identity Foundation Whitepaper
• Do the Windows Identity Foundation WCF Services hands on lab

WCF Security Spike – Day 1

My first goal was to secure a service.  I’m happy to say I managed to get a service that allowed one user and didn’t allow another by using a PrincipalPermission with wsHttpBinding (I gave up on netTcpBinding for now – one monster at a time right?)

I created a simple service and declared a service with an endpoint as you see in the web.config (from .NET 4)

<system.serviceModel>
    <services>
        <service name="Security">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration=""
         contract="ISecurity" />
    </service>

Then I implemented my service with a security demand

[PrincipalPermission(SecurityAction.Demand, Role="BUILTIN\\Administrators")]
public string AdminOperation()
{
    return GetSecurityInfo("AdminOperation");
}

Easy huh? Wait a minute… not so fast.  I started testing this.

The machine is joined to the REDMOND domain and when I tested using my domain account it worked just fine.

However when I fired up the WCF Test Client using a local machine account that is a member of the Administrators group I get “Access Denied”.

In fact, if I allow the call and then test for role membership using IsInRole(“SomeGroup”) with any local group, all of them returned false.  The only time I got IsInRole(“Administrators”) to return true was when I used my domain account to call the service.

Oh the mysterious ways of Active Directory…  Who can plumb the depths of kerberos?  Perhaps I could (should?) look at Windows Identity Foundation for help…

WCF Security Is Hard

Ok… I said it.  Let’s just admit the truth for a second.  It is hard.  Recently somebody contacted me about a security problem and asked for me help.  I’m probably the wrong guy to ask.  After all, I’m an evangelist.  That means I create demos, labs etc. none of which use security (typically).  What that means is that while I know a great deal about some aspects of WCF when it comes to security I actually don’t know much.  I know, I know… it’s embarrassing.

My new years resolution for 2010 is to write some articles, samples and create some videos to help you deal with security.  After all it is vital that we help you to get this right.  I’m tired of waiting for somebody else to fix this. 

[edit: 12/4] By this comment I don’t mean to say that all evangelists are less technically competent that any other programmer.  I work with some very smart guys who are great developers.  I only meant to imply that we tend to learn things that our work requires and mine doesn’t require security very often

My First Spike

Here is the first security spike.  I’m going to create a WCF service hosted in IIS.  The service will use wsHttpBinding and Windows Credentials.  The goal is to restrict access by role as defined by group membership in active directory.  This should be a no-brainer right?

Yesterday I searched around looking for resources to help.  I didn’t find much.  Most things I found showed how to secure self-hosted WCF services with console apps.  The security picture with an IIS hosted service is significantly more complex.  You have IIS settings to deal with, plus ASP.NET stuff in web.config and then the myriad of WCF security settings and options.

I have often referred people to the WCF Security Guide from patterns and practices which is good but even after reading it I found myself confused.

My first attempt yesterday was to create a service hosted in IIS and then to use netTcpBinding as recommended by the WCF Security Guide to access it.  I didn’t get very far.  Once I hosted the service in IIS I was not able to access it with the netTcpBinding from the client.  I kept getting one of those “machine actively refused the connection” messages.

Today I’m going to go with the wsHttpBinding so I can simplify things a bit.  I’ll let you know how it goes.

Where can I get the Workflow Services Lab?

If you saw the walkthrough of the Workflow Services lab on Channel 9 you might be wondering where you can get the lab code.  This lab will be in the next update of the VS2010 training kit.  Until then I’ve posted a beta version of the lab here.

How do I clear my AppFabric Databases?

Once you start to develop apps with Windows Server App Fabric you will quickly find that your AppFabric monitoring and persistence databases become cluttered with stuff.  From time to time you will want to clear out these databases.

Here is the PowerShell script I use to get the job done.  Just copy these into a file like AppFabricReset.ps1

(Watch out for line breaks)

# Bring in the App Fabric module

import-module applicationserver

$ConfirmPreference = "None"

# Remove the persistence db

Remove-ASPersistenceDatabase -Force -Server ".\SQLExpress" -Database "ApplicationServerExtensions" -Confirm:$false

# Create the persistence DB

Initialize-ASPersistenceDatabase -Admins $env:computername\AS_Administrators -Readers $env:computername\AS_Observers -Users "BUILTIN\IIS_IUSRS" -Database "ApplicationServerExtensions" 
-Server ".\SQLExpress" -Confirm:$false

# Clear the monitoring DB

Clear-ASMonitoringDatabase -Database "ApplicationServerExtensions" -Server ".\SQLExpress" -Confirm:$false

WF4: How To Access Out Arguments

To get a value from your workflow you must access the dictionary of output arguments returned from the workflow.

Note: This example is based on Visual Studio 2010 Beta 2

Consider a workflow that accepts two arguments

The workflow uses an assign activity to set the result of the expression "Hello " & UserName & " from Workflow 4" to the Greeting out argument.  The hosting program can access the Greeting out argument from the dictionary of output values returned from the WorkflowInvoker or WorkflowApplication.

Because the values in the output dictionary are stored as objects with a string as the key, there are three possible outcomes when you try to access an argument value.

1. The key does not exist in the dictionary
2. The key exists but the type of the value is not what you expected
3. The key exists and the type is compatible with what you expected

Whenever you access an out argument you must consider these outcomes. In the event that the key does not exist or the type of the value is not what is expected you may encounter a KeyNotFoundException or InvalidCastException

You can choose to

• Let these exceptions propagate possibly terminating the host with an unhandled exception
• Catch the exceptions
• Code defensively using TryGetValue to access the key from the collection or the C# keyword “as” or VB function TryCast to avoid the invalid cast

Accessing Out Arguments with WorkflowInvoker

The following example shows a method that Invokes the SayHello workflow passing in the UserName and accessing the out argument named “Greeting” after the workflow completes. 

C#

private static void GetArgumentsFromWorkflowInvoker()
{
    IDictionary<string, object> output = WorkflowInvoker.Invoke(
        new SayHello() { UserName = "Test" });

    string greeting = (string)output["Greeting"];

    Console.WriteLine("WorkflowInvoker said {0}", greeting);
}

Visual Basic

Shared Sub GetArgumentsFromWorkflowInvoker()
    Dim output As IDictionary(Of String, Object) =
        WorkflowInvoker.Invoke(New SayHello() With {.UserName = "Test"})

    Dim greeting As String = output("Greeting")

    Console.WriteLine("WorkflowInvoker said {0}", greeting)
End Sub

Accessing Out Arguments with WorkflowApplication

WorkflowApplication invokes the workflow on a thread from the CLR threadpool. To capture the outputs you must assign a delegate to the WorkflowApplication.Completed property. Keep in mind that your delegate is called whenever the workflow completes successfully or not. You can check the CompletionState property to find out if the activity closed or faulted. Because accessing the Outputs dictionary may result in an exception you should wrap the access with a try/catch/finally block as shown.

C#

private static void GetArgumentsFromWorkflowApplication()
{
    AutoResetEvent sync = new AutoResetEvent(false);
    string greeting = null;
    Exception argException = null;

    WorkflowApplication wfApp = new WorkflowApplication(
        new SayHello()
        {
            UserName = "Test"
        });

    wfApp.Completed = (e) =>
        {
            // Did the workflow complete without error?
            if (e.CompletionState == ActivityInstanceState.Closed)
            {
                try
                {
                    // Accessing the output arguments dictionary
                    // might throw a KeyNotFoundException or
                    // InvalidCastException                            
                    greeting = (string)e.Outputs["Greeting"];
                }
                catch (Exception ex)
                {
                    argException = ex;
                }
                finally
                {
                    // Must be sure to unblock the main thread
                    sync.Set();
                }
            }
        };

    wfApp.Run();
    sync.WaitOne();

    // Show the exception from the background thread
    if (argException != null)
        Console.WriteLine("WorkflowApplication error {0}", argException.Message);
    else
        Console.WriteLine("WorkflowApplication said {0}", greeting);
}

Visual Basic

Shared Sub GetArgumentsFromWorkflowApplication()
    Dim sync As AutoResetEvent = New AutoResetEvent(False)
    Dim greeting As String = Nothing
    Dim argException As Exception = Nothing
    Dim wfApp As WorkflowApplication =
        New WorkflowApplication(New SayHello() With {.UserName = "Test"})

    wfApp.Completed = Function(args)
                          If (args.CompletionState = 
                                         ActivityInstanceState.Closed) Then
                              Try
                                  ' Accessing the output arguments dictionary
                                  ' might throw a KeyNotFoundException or
                                  ' InvalidCastException                            
                                  greeting = args.Outputs("Greeting")
                              Catch ex As Exception
                                  argException = ex
                              Finally
                                  ' Must be sure to unblock the main thread
                                  sync.Set()
                              End Try
                          End If

                          ' VB requires lambda expressions to return a value
                          Return Nothing
                      End Function

    wfApp.Run()
    sync.WaitOne()

    ' Show the exception from the background thread
    If (argException Is Nothing) Then
        Console.WriteLine("WorkflowApplication said {0}", greeting)
    Else
        Console.WriteLine("WorkflowApplication error {0}", argException.Message)
    End If
End Sub

Accessing Out Arguments with Defensive Coding Style

In this example, we are accessing the Out Argument with a defensive coding style that will insure no exceptions are thrown.

C#

private static void GetArgumentsFromWorkflowInvokerDefensive()
{
    IDictionary<string, object> output = WorkflowInvoker.Invoke(
        new SayHello() { UserName = "Test" });

    object obj = null;
    string greeting = null;

    if (!output.TryGetValue("Greeting", out obj))
    {
        Console.WriteLine("Greeting not found");
    }
    else
    {
        greeting = obj as string;
        if (greeting == null)
            Console.WriteLine("Greeting could not be converted to a string");
        else
            Console.WriteLine("WorkflowInvoker said {0}", greeting);
    }
}

Visual Basic

Shared Sub GetArgumentsFromWorkflowInvokerDefensive()
    Dim output As IDictionary(Of String, Object) =
        WorkflowInvoker.Invoke(New SayHello() With {.UserName = "Test"})

    Dim obj As Object = Nothing

    Dim greeting As String

    ' TryGetValue will not throw an exception
    If (Not output.TryGetValue("Greeting", obj)) Then
        Console.WriteLine("Greeting not found")
    Else
        ' Not sure what type it is, try to convert it
        greeting = TryCast(obj, String)
        If (greeting Is Nothing) Then
            Console.WriteLine("Greeting could not be converted to a string")
        Else
            Console.WriteLine("WorkflowInvoker said {0}", greeting)
        End If
    End If
End Sub

WF4: Passing Arguments to Activities

In Windows Workflow Foundation .NET 4 (WF4) everything is an Activity.  That is a class that inherits from System.Activities.Activity.  Activities can have in, out or in/out arguments and do their work then the Activity.Execute() method is called.  You could think of them as being similar to a static method except for the fact that a static method can have only 1 return argument where an Activity can have more than one. 

Passing arguments to an activity can be done one of two ways.  You can use Initialization syntax when creating the activity to set the input arguments (which are just public properties of type InArgument<T>) or you can pass a Dictionary<string, object> which will be used to initialize the arguments.

Passing Arguments with Initialization syntax

   1: [TestMethod]

   2: public void ShouldReturnGreetingWithName()

   3: {

   4:     var output = WorkflowInvoker.Invoke(

   5:         new SayHello()

   6:         {

   7:             UserName = "Test"

   8:         });

   9:     Assert.AreEqual("Hello Test from Workflow 4", output["Greeting"]);

  10: }

This works well except that out arguments (OutArgument<T>) will also show up in the Intellisense window as well as other public properties such as the DisplayName.  In this example from the beta 2 release of the “Introduction to Workflow 4” hands on lab (look for it at the PDC) you will see three properties from Intellisense but only one of them is an in argument suitable for initialization.

As you can see initializing an OutArgument looks possible, but if you try it…

What’s going on here?  InArgument<T> will implicitly construct from an argument of type T but OutArgument<T> won’t do this so even though it appears like you can do this, you can’t because it won’t compile.  But this is a good thing because you shouldn’t initialize an OutArgument anyway.

In practice, I think most people will wrap activity initialization and (possibly) invocation inside of other methods so that developers who are unfamiliar with workflow can just call those methods to do the work. 

WCF Essentials – Great Stuff now online

Michelle Leroux Bustamante has written some great new papers for MSDN that you really should check out.  They are in the WCF Essentials series.

What I like the most about these articles is that she gives really great practical advice.  For example check out this sentence from Getting Started with WCF

“The default is PerSession which is typically not the desired setting.”

Wow – you won’t read that in the MSDN documentation about the InstanceContextMode Enumeration but it is probably something that you should know.  It is the kind of advice you can expect from a seasoned WCF developer.

Are you doing WCF Services or SOA in your organization?

If so, I’d like to talk with you about your solution as a part of some research we are doing for future releases.  Please contact me through my blog if you would be willing to have a short phone discussion with me about your solution and needs.

Testing a SendMail activity with WF4

Many applications send email.  After all it is the preferred binding for async app to human communication.  I noticed that many of my colleagues were creating samples that simulate email by dropping a text file into a directory.  Then they would open the file and copy and paste a GUID into a form.  There is a much better way of course.  In the real world people would send an HTML mail with a link that brings you back to the website with the GUID in place.

Nearly everyone has done this with a web site where you register with the site, they send you an email to confirm and then you click a link in the email to complete the registration process.  I decided to build out this scenario using a workflow to manage the registration process but then I ran into the issue of how to test the email.

At first I thought I would just use Hotmail.  This would work for a demonstration but you have to have network connectivity and verifying that the message arrived would require coding to open the mailbox with POP3 and look for a particular message.  Then I found an easier way.  You can configure the SmtpClient to drop mail messages into a folder rather than send them.

Of course, many of you will say “Duh! I can’t believe Ron didn’t know about this…”.  Well it was news to me so I’m sure that some people didn’t know about it either so here is how it works.

First off, here is the very simple SendMail activity (using .NET 4 Beta 1)

   1: public class SendMail : CodeActivity

   2: {

   3:     public InArgument<string> From { get; set; }

   4:     public InArgument<string> Recipients { get; set; }

   5:     public InArgument<string> Subject { get; set; }

   6:     public InArgument<string> Body { get; set; }

   7:     public InArgument<bool> IsBodyHtml { get; set; }

   8:     protected override void Execute(CodeActivityContext context)

   9:     {

  10:         SmtpClient client = new SmtpClient();

  11:         MailMessage message = new MailMessage(From.Get(context),

  12:             Recipients.Get(context), Subject.Get(context), Body.Get(context));

  13:         message.IsBodyHtml = IsBodyHtml.Get(context);

  14:         client.Send(message);

  15:     }

  16: }

Now I want to test my SendMail class.  So I created a Unit Test project and added an app.config file with the necessary configuration magic.

   1: <?xml version="1.0" encoding="utf-8" ?>

   2: <configuration>

   3:   <system.net>

   4:     <mailSettings>

   5:       <smtp deliveryMethod="SpecifiedPickupDirectory">

   6:         <specifiedPickupDirectory pickupDirectoryLocation="c:\maildrop"/>

   7:       </smtp>

   8:     </mailSettings>

   9:   </system.net>

  10: </configuration>

Now all that I need to do is write the test.  I want to be sure that when I send a mail that a file ends up in the c:\maildrop directory.  The file will have a random GUID as the name.  I’m not worried about reading the file to be sure that it contains the correct text.  That would be testing the SmtpClient class which I assume works properly.

   1: [TestMethod]

   2: [DeploymentItem("MyActivities.dll")]

   3: public void ShouldSendMail()

   4: {

   5:  

   6:     // Remove all files from the drop location

   7:     if (Directory.Exists(mailDrop))

   8:         Directory.Delete(mailDrop, true);

   9:     Directory.CreateDirectory(mailDrop);

  10:  

  11:     // Create and send the message

  12:     WorkflowInvoker.Invoke(new MyActivities.SendMail()

  13:     {

  14:         From = "test@tempuri.org",

  15:         Recipients = "foo@bar.org, baz@foo.com",

  16:         Subject = "Test HTML message",

  17:         IsBodyHtml = true,

  18:         Body = messageBody

  19:     });

  20:  

  21:     // Find the message in the drop location

  22:     var messages = Directory.EnumerateFiles(mailDrop);

  23:     Assert.AreEqual(1, messages.Count());

  24: }

And the really cool thing is that you can open this file with Windows Live Mail and click the link if you want to demonstrate how it works.

I decided to screencast this code check it out
endpoint.tv Screencast - Spike on Workflow Managed Email Verification

Windows Workflow in .NET 4 and Web Services

Today I published 10-4 episode 29: Workflow Web Services on our Channel 9 10-4 Show about Workflow Services in .NET 4 beta 1. 

People have asked me why they would want to implement a web service with a workflow rather than with code using WCF.  It is a valid question.  Over the next few blog posts I’ll describe some of the reasons why I find workflows a very interesting solution for implementing web services.

Workflows are a simple way to implement web services

Remember the ABC’s of web services with WCF?  Every service has an Address, Binding and Contract right?  Well it turns out that this isn’t as simple as it sounds.  With Workflow services I don’t have to bother so much with the ABC’s.  Instead I can focus on a declarative model where I simply create a variable of some type that I want to receive and put it into a receive shape.

Here is a screenshot of a Declarative Sequential Workflow Service in Visual Studio 2010 Beta 1.

This picture is a visualization of XAML that describes a contract.  And what is the contract?  You can see it from the WCF Test Client

Ok – so the name is a bit ugly but it is just a property of the receive activity easy to change.  I have a contract with a method named GetData.  And what does the GetData method use as an argument?  The value is an Int32, of course because this is a web service message the value might not be included so the WCF Test Client now allows me to use a Nullable<Int32>

And the workflow definition is just a XAMLX file that I can drop on the web server (along with any assemblies it uses) and have a complete working service.

   1: <Service xmlns="http://schemas.microsoft.com/netfx/2009/xaml/servicemodel" xmlns:d="clr-namespace:DeclarativeSequentialServiceLibrary1;assembly=DeclarativeSequentialServiceLibrary1" xmlns:p="http://schemas.microsoft.com/netfx/2009/xaml/activities" xmlns:sad="clr-namespace:System.Activities.Debugger;assembly=System.Activities" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml">

   2:   <WorkflowServiceImplementation ConfigurationName="Service1" Name="Service1">

   3:     <p:Sequence DisplayName="Sequential Service" sad:XamlDebuggerXmlReader.FileName="c:\scratch\DeclarativeSequentialServiceLibrary1\DeclarativeSequentialServiceLibrary1\Service1.xamlx">

   4:       <p:Sequence.Variables>

   5:         <p:Variable x:TypeArguments="CorrelationHandle" Name="handle" />

   6:         <p:Variable x:TypeArguments="x:Int32" Name="data" />

   7:       </p:Sequence.Variables>

   8:       <Receive x:Name="__ReferenceID0" CanCreateInstance="True" DisplayName="ReceiveRequest" OperationName="GetData" ServiceContractName="Contract1" ValueType="x:Int32">

   9:         <Receive.AdditionalCorrelations>

  10:           <p:InArgument x:TypeArguments="CorrelationHandle" x:Key="ChannelBasedCorrelation">[handle]</p:InArgument>

  11:         </Receive.AdditionalCorrelations>

  12:         <Receive.KnownTypes>

  13:           <x:Type Type="x:Int32" />

  14:         </Receive.KnownTypes>

  15:         <p:OutArgument x:TypeArguments="x:Int32">[data]</p:OutArgument>

  16:       </Receive>

  17:       <d:TraceActivity Message="[String.Format(&quot;Received data {0}&quot;, data)]" />

  18:       <SendReply Request="{x:Reference __ReferenceID0}" DisplayName="SendResponse" ValueType="x:String">

  19:         <p:InArgument x:TypeArguments="x:String">[data.ToString()]</p:InArgument>

  20:       </SendReply>

  21:     </p:Sequence>

  22:   </WorkflowServiceImplementation>

  23: </Service>

This is a pretty cool way to declare a service.  If I want to get a little more complex, I can create a type that is received with multiple properties and such.  This is exactly what we are doing in the Introduction to Workflow Services lab from the Visual Studio 2010 Training Kit.

Another reason I love Windows 7 - The Network Troubleshooter

After installing the RTM release of Windows 7 I dropped by the office this morning and when I put the laptop on the docking station I fired up the web browser and got… nothing.  My PC was acting like it had no network connection even though it was connected both to a wired and wireless connection on the corporate network.

I’ve been through this enough times to know that the issue was probably something to do with the corporate firewall and proxy settings on IE but I decided to test out the Windows 7 Network Troubleshooter. 

When people say that Windows 7 is just a minor update to Windows Vista they underestimate the great work the Windows team did on this release.  Somebody who doesn’t know the first thing about networking or proxies would have to call the helpdesk to fix this problem but Windows 7 includes troubleshooter “packs” that help you to solve common problems without becoming a networking guru.

First I select the Troubleshoot Internet connections

Notice that this dialog shows a publisher – I assume this means that others can publish troubleshooting packs though I’m not sure what the process is for this.    I click next.

Since I’m having trouble connecting to any website I’ll use the first option which will test microsoft.com

After short time I got the problem fixed automatically

The problem was that I forgot to install the ISA firewall client that automatically sets up the proxy settings when I’m on corpnet.  I used to do product support many years ago.  How I would have loved a tool like this.  Way to go Windows 7!

Mocking the Console

I’ve posted an update to the Microsoft.Activities.Simulation library.  Today at the team meeting I showed the library to the Windows Workflow team and Ed Pinto said “That is cool!” so I must be doing something right.

Today’s update is a better TestConsole.  This time I’ve had the TestConsole redirect the Console output stream by calling Console.SetOut.  Now the stream will go into a StringWriter backed by a StringBuilder as the buffer.

   1: StringBuilder _buffer;

   2:  

   3: public TestConsole()

   4: {

   5:     StringWriter outWriter = new StringWriter(_buffer);

   6:     Console.SetOut(outWriter);

   7: }

This way anything that writes to the console will now be captured and therefore it will become testable.

When I want to verify that something was written to the console there are two ways I can do it.  I can access the StringBuilder by calling TestConsole.Buffer.ToString() and then look for something in the string.

Or if I prefer a line oriented approach I can do something like this test.

   1: Assert.AreEqual("Scope 1 Number is 1", results.Console.Lines[0]);

Here I have a SimulationResults type with a TestConsole member named Console.  I can access a string[] named Lines that will return each line from the TestConsole buffer by calling Regex.Split

   1: public string[] Lines

   2: {

   3:     get

   4:     {

   5:         // Split it only if we need to

   6:         if (Buffer.Length != _lastBufferSplit)

   7:         {

   8:             _lastBufferSplit = Buffer.Length;

   9:             _lines = Regex.Split(Buffer.ToString(), Environment.NewLine);

  10:         }

  11:  

  12:         return _lines;

  13:     }

  14: }

Since splitting the buffer is a little work, I only split it if the length of the buffer has changed since the last time I split it.  One side effect of using Regex.Split is that you always get an empty last line.  Since the CancellationScope Activity Sample also uses this library I put the library in place and found that I had to update all the unit tests that relied on a line count.  If they asserted the count should be 2 I had to change it to 3. 

I’ m not enough of a Regex guru to know how to work around this.  For now I think it is ok to just say that you will always get one empty line at the end of the array and that is just the way it is.

If you are interested in the Microsoft.Activities.Simulation library, let me know by posting some discussion threads

How to test WF4 Workflows with Microsoft.Activities.Simulation

Recently I posted a new sample for the CancellationScope activity.  Of course, I’m building these samples on .NET 4 Beta 1.  But the team is already making rapid progress towards the next major milestone.  They are checking in changes that may or may not break my sample applications and hands on labs.  How will I know if things are broken?

Most people rely on manual testing to detect broken code.  The problem is that manual testing is time consuming and expensive.  I wanted to find a way to unit and acceptance test the sample applications and labs.  There are significant challenges to this but I’ve got some ideas that I think will work and I’m going to describe them to you on my blog as I get them in place.

Unit Testing A Workflow

I’ve covered this on my blog in the past.  In fact, the WF4 Hands On Labs (Lab 1) from the Visual Studio 2010 training kit includes unit testing.  One issue I did not cover was how to use a Test Double with workflow.  Why would you do this?  Because some activities do things that are not testable or desirable in a unit test.

• The WriteLine activity writes text to the console
• A Send activity sends a message to an endpoint that might not be available when testing
• A Receive activity requires a message to cause the workflow to continue.

One response to things like this is to use Dependency Injection with Inversion of Control containers to replace these troublesome components with something more testable.  The Microsoft patterns & practices group has produced the Unity container for this very purpose.

These solutions do not work with workflow activities because they rely on having some measure of control over the creation of dependencies so they can resolve them at runtime. 

Microsoft.Activities.Simulation

I found a way to get around this specifically for workflow.  I’m using the term “Simulation” to describe it because in the long run I believe we can build something that would be useful to technical business users for testing workflows.  To understand how it works consider the CancellationScope activity sample.  If I want to test this sample, how would I do it?

The sample writes data to a console window to show how the cancellation scope allows you to execute activities that will be triggered when a workflow element is cancelled.  It uses the System.Activities.Statements.WriteLine activity to do this.  So what I need is a way to verify that the correct messages are output by WriteLine in the correct order.  What I really wanted to do was to replace WriteLine with another activity I call MockWriteLine.

The strategy I use is to modify the XAML for testing.  Consider the following XAML snippet.

   1: <p:CancellationScope DisplayName="Cancellation Scope 1">

   2:     <p:CancellationScope.CancelHandler>

   3:       <p:WriteLine DisplayName="WriteLine Cancel Scope 1">["Cancelling scope 1..."]</p:WriteLine>

   4:     </p:CancellationScope.CancelHandler>

Here  you can see the solution staring you in the face.  If you could just change <p:WriteLine to <p:MockWriteLine and made the MockWriteLine activity have the same properties as WriteLine then you can do whatever you want from MockWriteLine to make the workflow testable.

Great, but what should MockWriteLine do?  I want to capture what it would have written to the console.  I need to get data from this activity without modifying the workflow more than I already have.  The solution is to use the Test Spy pattern with a workflow extension.

I created a class called TestConsole that will store up the WriteLine output in a buffer that I can verify later.  I can then add this extension to the workflow instance.

   1: WorkflowInstance workflowInstance = new WorkflowInstance(wfElement, inputs);

   2: TestConsole testConsole = new TestConsole();

   3:  

   4: // Add the testConsole to the extensions collection

   5: workflowInstance.Extensions.Add(testConsole);

   6:  

   7: // Run the test...

   8: RunTheTest();

   9:  

  10: // Check the first line of the buffer

  11: Assert.AreEqual("Some text to verify", testConsole.Buffer.ElementAt(0));

WF / WCF 4 and “Dublin” Resources

Every now and then somebody will ask me about resources for WF/WCF 4.  I usually copy a bunch of links into an email for them.  Today I decided I ought to share these resources with all of you.  I’ll try to remember and come back to this page and add more as we make more.

Videos

• endpoint.tv - Windows Workflow 4
• endpoint.tv - Service Discovery with WCF
• endpoint.tv - Dublin Architecture
• endpoint.tv - "Dublin" what is it and why should I care?

Code / Samples

• WF/WCF 4 Hands On Labs
• CancellationScope Activity sample
• Visual Studio 2010 Training Kit (includes WF/WCF 4 Labs)
• Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) Samples for .NET Framework 4.0 Beta 1
• MSDN – WCF / WF4 Changes

Questions

• WF4 Pre Release Forum
• WCF4 Pre Release Forum