.NET Web services (Windows Communication Foundation)

Microsoft PDC: First keynote focuses on Microsoft’s Cloud OS, Windows Azure

LOS ANGELES — In unveiling its Web-based development platform today at PDC, Microsoft has fired a salvo at Amazon EC2, the company’s hosted development platform.  Microsoft’s version of the cloud computing platform, dubbed Windows Azure, is essentially a hosted version of its server-side .NET platform. Developers can write ASP.NET code, complete with hookups to a hosted version of SQLServer, and run it on virtual machines hosted by Microsoft.

Windows Azure is meant to be another tier of computing, addressing Web development in the same respect that Vista and Windows Server address client-side and server-side development, said Ray Ozzie, the company’s chief software architect.

For now, Windows Azure is in very early beta. Its functionalities are fairly limited, and the company has not rolled it out to the public at large yet; for now, only developers at PDC will get activation codes. Ozzie warned that when the service reaches a commercial release — at a yet-unnamed time — it will likely be very different, and possibly incompatible, with  the current version.

Developers looking for client-side news were out of luck today; the whole keynote focused on Azure, with plenty of demos to show what the cloud OS can do so far (though not a whole lot on how that’s different from what standard client-server apps already do). Tomorrow’s keynote will focus on client-side Windows development; check here for more updates.

Getting down with WCF security

By Andrew Horne

Authentication and authorization are key areas of focus in the “Improving Web Services Security” guide published by Microsoft’s Patterns and Practices Team. The guide leads you through SOA security, WCF security, and useful application scenarios for both internet and intranet.

The twin security approach of authentication and authorization assures that only trusted users use your applications. This guide runs through the decisions you have to make in setting up these security devices, such as which authorization approach to use: role-based, identity-based or resource-based. This leads to questions about user stores and transfer security, among many others. The answers you give to these questions also have an effect on authentication: for instance, do you go with username or certificate authentication? The chapter “Solutions at a Glance” gives you a neat five-step outline to keep your thoughts organized.

Patterns and Practices pooled knowledge resources with Microsoft’s WCF team and outside leaders in the field, while also comparing this knowledge with user responses. The guide reflects the increasingly important role security plays for designers in today’s technological environment. As Nicholas Allen, Program manager of WCF, writes in his forward to the book, “Security has to be treated as part and parcel of functionality.”

Download the guide here, and also check out SearchWinDevelopment’s WCF Learning Guide.

Using WCF to Build a REST App

Dino Chiesa, who previously wrote about how not to write a REST app, finally spills his guts on how to go about doing so. The basic metaphor in WCF is that services receive and respond to incoming communication, and clients initiate those communications. The REST service is an application that receives and understands HTTP GET Requests according to the REST pattern. He notes that although these can be built using any text editor, Visual Studio makes it a lot easier to code, test, and debug. He also talks about how LINQ complements REST approaches.

http://blogs.msdn.com/dotnetinterop/archive/2008/03/20/how-to-build-a-rest-app-in-net-with-wcf.aspx

Microsoft releases .NET Micro Framework Version 2.5 updates

Microsoft updated the .NET Micro Framework, releasing Version 2.5 with improvements in Web Services and TCP/IP support.

.NET Micro Framework Version 2.5 includes a Web Services on Devices implementation compatible with Windows Vista and supported by the other Microsoft Windows Embedded platforms.

With Web Services on Devices, Micro Framework devices can discover and communicate with other devices on a network without need for user configuration. While some observers initially scoffed at Web services as a ‘real-time’ embedded solution, a growing consensus hold that it is ‘real-time’ enough for a slew of solutions.
 
Also, with Version 2.5, the framework gains native TCP/IP stack support, and, let’s face it, TCP/IP is nothing short of the greatest protocol of all time.

Microsoft also said it has inked a deal with oft-time rival IBM to collaborate on a pre-installed Windows embedded-based point-of-service solution for the retail and hospitality industries.

Microsoft again vows to promote interoperability - shares new API info

Microsoft said Thursday it will provide extensive documentation for APIs covering its major software products, including Office 2007, the Windows client and server, and the .NET Framework. Much of this information had been closely held, available only along with trade secret licenses or only within the company.

The move is an apparent extension of concessions Microsoft made late last year in the face of a difficult European Union Commission antitrust case. As described by Microsoft Chief Software Architect Ray Ozzie at a press briefing, the API initiative is also a response to an industry-wide move toward software that is delivered as a Web service. Major Microsoft managers Steve Ballmer, Bob Muglia, and Brad Smith appeared at the briefing along with Ozzie.

Ozzie described the API move as a strategy shift. Software users need software and services that are “flexible enough such that any developer can use their open interfaces and data to effectively integrate applications or to compose entirely new solutions,” said Ozzie.

Microsoft’s Muglia said the company would publish the more than 30,000 pages of protocol documents created as a part of the effort to meet requirements set by the European Commission and the Department of Justice to divulge information to independent software and hardware vendors.

“In the coming months, and no later than the end of June, we will publish  the protocols in Office 2007 that are used to connect to any other  Microsoft product, including Exchange Server 2007 and SharePoint Server 2007, as well as — we will take the .NET Framework related protocols and  publish those on our Web site, on MSDN,” said Muglia.

For his part, Steve Ballmer said the company was designing new APIs for Word, Excel and PowerPoint that will allow developers to plug in additional document formats, and enable users to set those formats as their default for saving documents.

In the blogsphere, early reaction to the Microsoft announcement sometimes centered on its relation to the EC’s case against the company, and efforts by Microsoft to gain OSI acceptance for its OOXML format. In his Digital Daily Feed blog John Paczkowski notes that the European Commission seems unimpressed by Microsoft’s declaration of interoperability principles. The EC said in a statement: “This announcement does not relate to the question of whether or not Microsoft has been complying with EU antitrust rules in this area in the past.”

The intersection of patents and open software remain an issue for Microsoft to address. For its part, Linux vendor Red Hat wants more, saying that MS should make additional commitments. Editor Joseph Ottinger discusses this with the Java community at TheServerSide.com.

WCF Certificates, by example

We bought into .NET Remoting early and have quite a few products in place that exploit the .NET Remoting lifestyle. Did I say lifestyle?  Yes. It seems that, once you go remoting, you don’t want to go back — that is, until WCF came along.  It is better (and worse) than remoting.  I won’t go into any comparison here but I do want to show an example of using certificate based security to validate a client process because it is pretty cool.  I’m using my standard Dog Pound example — which, someday, may run humane societies everywhere.

The architecture looks like this:

Both applications are WinForms apps.  The DogServer is configured as the “Host” while DogClient is, you guessed it, the client.  My requirement is to fire up DogClient and talk to the server without logging in but I want to be secure in the fact that I’m being authenticated and authorized.  We can do this with WCF using either an http connection or a tcp connection and either using a self-hosted server or utilizing IIS as the host.  My example is self-hosted because, lets face it, we want that control!

Assuming you have some kind of application architecture set up (download the code and you will) you can make a few minor changes to the config files to enable secure communication between client and host.  Our example will not use https for the transport, but, even so, each message will be encrypted using a certificate.  The first thing we need to do is create some certificates. If you have a Windows domain with a domain controller that you control, it’s fairly easy to get the certificate server service up and running on Windows Server 2003.  For the purpose of this article, we’re using the makecert utility that comes with Visual Studio. Do this:

makecert -n "CN=DogBase" -sk DogBaseKey -pe -sr localmachine -sky exchange -ss TRUST -r DogBase.cer
makecert -n "CN=DogServer" -sk DogServerKey -pe -sr localmachine -ss MY -sky exchange -ic DogBase.cer -is TRUST DogServer.cer
makecert -n "CN=DogClient" -sk DogClientKey -pe -sr localmachine -ss MY -sky exchange -ic DogBase.cer -is TRUST DogClient.cer

After you execute the third makecert statement you should see DogClient and DogServer certificates in the personal store of [Local Computer]. Use the mmc certificate snap-in to view your certificates. You may need to copy the certificate from the Enterprise Trust store to the Trusted Root Certification Authorities store before things will work for you. I’m not a certificate guru by any means and getting this little sample running in a repeatable process was not the easiest thing i’ve ever done.

We’re finally ready to test some code.  If you downloaded the code then you have everything you need to perform a test.  If not then you need to modify your configuration files to use certificates and transport security as follows:

Click here to see the client config file

Click here to see the server config file

Click here to download the sample code

Some things to note about using makecert for your certificates:  It is easy to get things set up and it provides a good learning experience for certificates but the certificates created should not be used in a production environment. There are also a few caveats. I had to configure the client and server to use PeerTrust on each other’s certificates instead of the default ChainTrust (see the config files). I believe this is partly because I’m using makecert for my certificates and partly becaues my computer is part of a windows domain. I didn’t have this trouble when using certificates issued by the certificate authority from my domain controller. For similar reasons, I had to set the negotiateServiceCredential to false and supply the service certificate in the client configuration.

In a future post I will dive into Mixed-Mode security where we use https for the transport and encrypt the messages.

Interactive Builds with TFS

Steve Porter at Imaginet Academy has been working to get Team Foundation Server (TFS) up and running, and one of his tasks was to take an existing project and migrate it over. His former build was using a couple of tasks from the MSBuild Community Tasks Project (specifically the StopServices and StartServices tasks).

He writes: This worked without a hitch with our 2005 build machine, but when I migrated this script over to our 2008 build machine, the build started failing on these tasks.

The answer in getting these tasks to work lies in using the Interactive Build feature of Team Build 2008, he notes. Team Build now uses WCF to communicate with the build agent and the experience is different than with .Net Remoting based Team Build.

Custom password validators in .NET Framework 3.5

In its first incarnation, Windows Communication Foundation (WCF) did not support custom validators with transport-level HTTP security. That changed with .NET Framework 3.5. But how do you make it happen?

In a recent blog entry, Phil Henning discusses use of Custom UserNamePassword Validators in .Net Framework 3.5. He notes that the scenario is only supported under self-hosted services.

Henning describes how to create a validator, as well as how to configure a service. By configuring your service using transport security and the Basic clientCredentialType, he notes, and authentication header will be protected by SSL.

Top of the Pops: WCF blog rundown for 2007

It is list time. WCF blogger extraordinaire Nick Allen put together his yearly review of his most popular posts.  Among the most-read Allen articles written in the year just past are tips on Preventing Anonymous Access, Client IP Address, Using XML Serialization with WCF and MSMQ Poison Messages.

What is a Poison Message? It is a permanent processing error, possibly caused by a malformed message that can get locked into a ”futile cycle of retrieving the message and unsuccessfully processing it.” In one of his top posts, Allen shows you how to take the Poison Message out of the queue and apply a useful programming strategy that avoids futile cycles.

Allen notes that his article on client IP addresses elicited important feedback that directly contributed to that feature being added in Orcas.  Both posts and feedback comments are valuable on this Indigo blog.

2007 Year In Review  - Dr. Nick’s Indigo Blog