“Icky” Decisions
Mar 12th
@KeithDahlby posted a good question for thought the other day on “the” Twitter:
When implementing the Observer pattern, how do you handle exceptions from observers?
This seemingly harmless question should spark at least a good 15 minute debate. An obvious question (and the one I asked):
Do you care if an observer throws an exception?
If you consider the classic observer pattern you’ll note that the observed only knows about it’s observers through an interface. Using an interface for observers to reduce coupling is a good practice but by doing that you’ll want to be sure to retain that reduction of coupling by not allowing the observed to know about any of the concrete observers.
Deciding to allow the observed to know about it’s observers and allow it to handle exceptions would introduce coupling that could lead to bugs down the road.
Keith is a super smart guy and knew all along what to do, but the “what” is icky:
That’s what we’re doing, but agreed that it’s icky – wish there were a better option that catch(Exception)
This is icky because in the event an observer is very broken you won’t have a first-hand way to find out (and ReSharper will let you know about the dangers of your empty catch block). Each observer is now responsible for logging or notifying someone about exceptions which adds some additional complexity (possibly through configuration or another mechanism).
You’ll run into these icky decisions and each one certainly needs healthy debate and some documentation to cover the bases later on when someone might question why the icky option was chosen.
What was your most recent “icky” situation?
WCF 4 – Loosening the Chains of Configuration
Mar 8th
If you have spent anytime in WCF land the first thing you learn about is the joys of configuration. For the coming release of .NET 4 and WCF 4 the team heard that feedback and has made configuration much easier for the development experience.
Let’s take a look at what’s changed:
Sample 1 – WCF Configuration on .NET 3.5 SP1
<system.serviceModel> <services> <service name="WcfServiceConfig35.Service1" behaviorConfiguration="WcfServiceConfig35.Service1Behavior"> <!-- Service Endpoints --> <endpoint address="" binding="wsHttpBinding" contract="WcfServiceConfig35.IService1"> <!-- Upon deployment, the following identity element should be removed or replaced to reflect the identity under which the deployed service runs. If removed, WCF will infer an appropriate identity automatically. --> <identity> <dns value="localhost"/> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="WcfServiceConfig35.Service1Behavior"> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel>
By the way, I left out about 100 lines of other configuration “stuff” that had to do with System.Web, etc.
Sample 2 – WCF Configuration for the same service as Sample 1, in .NET 4
<?xml version="1.0"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> <system.webServer> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>
Notice there is no (none, nada, zero) system.serviceModel element. That said, if you start your service this way you have one teeny issue:
By default WCF disables metadata publishing (security through obscurity) so no one could query your service WSDL to build a client. In order to do that, you simply need the default code that WCF 4 puts in your config.
Sample 3 – WCF Configuration to enable metadata publishing, in .NET 4
<?xml version="1.0"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> <system.serviceModel> <behaviors> <serviceBehaviors> <behavior> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>
I will certainly be looking forward to the easing of the configuration pains in WCF 4!
Reclaiming Your Identity with Windows Identity Foundation
Mar 1st
Windows Identity Foundation is a new framework from Microsoft that helps to solve the identity crisis so many users face with multiple accounts for on-line services, applications, etc. WIF (dub-eye-eff, not “wiff”), supports the notion of claims-based authentication where a user will authenticate with an external provider and return to your application with a set of claims (in the form of an encrypted token such as SAML) which you then verify and accept. Delegating authentication is meant to remove the responsibility of authenticating from your application so that it can focus on doing what the app needs to do and not become full of logic to authenticate users.
What’s in a Claim Anyway?
Claims based security isn’t something new. The idea behind claims is simple. Users go to a centralized provider where they authenticate and are given a token which contains information about that user; their name, roles, and any other data the authentication store provides. The user then takes those claims and presents them to the application. The application verifies the authenticity of the claims and allows the user to access the resources which they are authorized to use.
Real World Claims
The identity problem hasn’t been eliminated in the real-world. Think about how many cards you carry in your wallet that identify you to some other external party. You have a drivers license, credit cards, video club cards, etc. These cards are generally only trusted by the person issuing them.
Since I’ve been doing a lot of flying lately, let’s consider this example. When you go through the airport now you are required to have a “government issued ID” in addition to your boarding pass. In the United States alone there are 50 governments responsible for issuing IDs. You can also print your own boarding pass and each of the airlines format is slightly different. When you hand your ID and boarding pass to the TSA agent they are not going to verify who actually printed your ID or the legitimacy of your boarding pass. They are looking for signs of fraud and that the person in the picture resembles the person standing in front of them.
You present the TSA agent your claims (valid boarding pass and government issued ID) and they verify your claims by checking against known signs of fraudulent IDs.
WIF Terms
Claim – Comes from the attribute store for a user. Typically a key value pair.
Identity Provider – The service responsible for provisioning users & their attributes.
Relying party – The application which will rely on an STS to provide authentication and a token containing claims.
Security Token Service (STS) – The interface of the Identity Provider which allows you to interact with the Identity Provider as a web service.
Token – The “thing” that contains claims to be used by an application. Typically it is an encrypted cookie or xml file.
Getting Started with WIF
To build your first claims aware application you’ll need to grab the SDK here. To use WIF you need to have IIS installed. For instructions on installing IIS on Windows 7, check this post. Included in the samples are several ways you can use WIF. For this post we’ll look at the PassiveRedirectBasedClaimsAwareWebApp found in {Program Files}\Windows Identity Foundation SDK\v3.5\Samples\Quick Start\Web Application.
To get started with the samples after you installed IIS, be sure to run the SamplesPreReqSetup.bat in {Program Files}\Windows Identity Foundation SDK\v3.5\Samples\Utilities (You must run this “as administrator”) 
After running the pre-requisite setup, you need to run the Setup.bat in {Program Files}\Windows Identity Foundation SDK\v3.5\Samples\Quick Start\Web Application and once again be sure to run as administrator.
To test your app just point your browser to https://localhost/WebControlBasedClaimsAwareWebApp/default.aspx. Log in with your windows account and you should see a page listing the claims in the token. Note the https; during the pre-requisite setup the scripts will create an SSL cert and enable SSL on your machine.
Let’s Add a Claim
The STS is located in the PassiveSTS project. Open App_Code and then the MySecurityTokenService.cs file. This is the STS implementation. You can look through the code to get a feel for how the STS works. To add claims, jump down to the GetOutputClaimsIdentityMethod. To add a claim use the following snippet:
outputIdentity.Claims.Add(new Claim("http://christopherDeweese.com/Claims/Twitter", "@cdeweese"));
We’ll also need to alter the web applications to support the claim. The code in the apps will ignore claims it is not expecting. Open the default.aspx.cs in WebControlBasedClaimsAwareWebApp. Add the following code near the top where the ExpectedClaims field is defined:
string[] ExpectedClaims = new string[] { Microsoft.IdentityModel.Claims.ClaimTypes.Name, "http://WindowsIdentityFoundationSamples/myID", "http://WindowsIdentityFoundationSamples/2008/05/AgeClaim", "http://christopherDeweese.com/Claims/Twitter" };
When you browse to the page your output should look something like:
What Just Happened?
Nothing like learning about it by diving in head-first. When we made our first request to the web app it could not locate our token with the claims and we were immediately redirected to the STS where we were prompted for our logon credentials. After we were authenticated the STS built an identity which was returned in an encrypted token and we were redirected back to the web app. This time the web app found our token and allowed us in, displaying the page we see above.
Conclusion
Windows Identity Foundation is a different way to solve your identity problems. WIF focuses on a model that focuses on how the problem is dealt with in the “real-world”; though we haven’t solved it there yet either. This will hopefully be part one of many posts that will cover WIF and the good, bad, and ugly of using it to tackle identity problems head-first.
2010 MVP Summit Experience
Feb 22nd
Before I get started, I’ll just say that if you are here to read about things I learned or saw at the summit you will be disappointed. Most all of what I saw and learned was under NDA, so I won’t be talking about any content. What I will talk about is the experience and my thoughts around the MVP program and my first summit.
As a new MVP I had heard a lot about the MVP summit and what goes into it. Actually being at the summit truly opened my eyes to the depth of the MVP program and the people who are working hard everyday to build products for Microsoft.
The Summit
The summit has evolved over the years, but the basic idea is to get all the MVPs together to network and link them with product teams to provide real feedback that makes it into products we use everyday. One of the best parts of the summit was being on the campus at Redmond with the 18,000 people who work there everyday.
Bellevue, the Sights & Sounds
This year’s summit was centralized in Bellevue, WA which is just a few skips down the highway from Redmond. Bellevue has underwent a lot of updates in the last several years and is one of the cleanest and most attractive towns I’ve been to in a while. Most MVPs were at the Hyatt or Westin which is attached to the Bellevue Square via a few sky bridges and walkways. There were almost too many good food choices and an unbelievable amount of shopping available.
Clint Edmonson, Chris Sutton and I even managed to squeeze in a late night showing of Avatar in Imax 3-D which was phenomenal.
Product Team Interaction
Meeting with the product teams was a great experience. Some of the smartest people in the world are working in Redmond and they have a lot of tough choices to make. All of the product teams have trade-offs to make in terms of balancing the features and delivery times as well as limitations on what they have to work with. It is hard to articulate what a tough job the teams have without going to specifics. My respect for the product teams increased 1000-fold, and believe me, those teams know when something isn’t what it could be and they will work to get it there for V-next.
As users of their products it is easy to think that these people have no idea what they are doing, but the fact is I heard many of the teams say they knew something was not what it could be or that they were in situations where they didn’t know what the best choice would be. Those teams face the same choices us “normal” developers do except they have the scrutiny of developers across the world when something isn’t perfect.
Breakout Sessions
I was able to attend several of the breakout sessions which covered various products & technologies. The largest session I attended was the Developer & Platform Evangelism Session where all the US MVPs met with the evangelism teams that work throughout the United States. We all received a very nice jacket for our participation. Thanks DPE!
Overall
Being an MVP is a huge honor. To be included with some of the most passionate and outspoken technologists is an amazing experience. Seeing MVPs who I only know via Twitter and Blogs and reading about their accomplishments just shows how much MVPs live and breathe technology and making it work for people.
There are a lot of exciting developments coming in 2010. Rest assured that as soon as we can, MVPs from all over the world will be sharing those insights with you!
To see more about my MVP Summit experience, check out the Flickr photos.
All Quiet on the Midwestern Front
Feb 14th
I am having bloggers guilt. The last few weeks have been seen a low posting volume. I have not taken any vows of silence; my schedule has got the best of me. I’m off to the MVP summit, my first, and I’m extremely excited to get a chance to travel to Seattle and meet fellow MVPs, MVP program leads, and MS product teams. Kevin “I need an Architect Now” Grossnicklaus and I will be rooming together. We’ll also see several familiar faces from last years Day of .NET.
Expect it to be quiet around here for a few weeks.
To give you something worth your time, how about some upcoming events to keep your eyes on:
- February 22 5:30 PM – STL .NET Users Group: “The Easy Life: Inversion of Control with StructureMap” My friend and colleague Brad Tutterow is going to present on StructureMap, a great follow-on session to my presentation on SOLID where he will cover Dependency Inversion and what the heck StructureMap does.
- February 26-28 – STL Innovation Camp“Local technology user groups, area businesses, and the entrepreneur support community will join forces to present a one of kind camp designed to spur innovation in the Information Technology community, support economic recovery, and spark an entrepreneurial renaissance in the Saint Louis Area.”
- March 10 – Building Rich Internet Applications with Silverlight and WCF RIA Services – “This event will be a half day of technical drilldown into using Visual Studio, Expression Blend, and Silverlight to build compelling applications. The focus will be on building applications that are useful in a business context, and not on “dancing bears” and “world’s funniest videos””
- April 20 – Gateway to Innovation “An interactive forum highlighting innovation in St. Louis that drives business and community prosperity. The 2010 conference will explore how IT drives growth in the life sciences, manufacturing, finance, global commerce and industries yet to be discovered. Interactive break-out sessions with regional executives and industry leaders will address the convergence of IT with other business imperatives. An evening gala and awards program will recognize the efforts of local leaders and help foster the region’s most significant economic cluster.”
Calling SharePoint Services with WCF and Impersonation
Feb 5th
After battling with error 0×80004004 the WCF client I was testing started received a new error.
Could not load file or assembly ‘System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a’ or one of its dependencies. Either a required impersonation level was not provided, or the provided impersonation level is invalid. (Exception from HRESULT: 0×80070542)
A search yielded this post, which contained some key information. Interestingly enough, we were seeing the “White Screen” issue on our local instance under similar circumstances: a WCF client calling the list service.
Since the behaviors section is not specifying the clientCredentials, the allowedImpersonationLevel is set to Identification. This means that the server can get the Identity of the user, but it is unable to impersonate the user.
This was almost identical circumstances to our problem except that we were not running in the context of Biztalk. The solution was to allow Impersonation by adding an endpoint behavior.
<endpointBehaviors> <behavior name="ImpersonationBehavior"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation" /> </clientCredentials> </behavior> </endpointBehaviors>
Once this was set the service client began working and it was back to the SharePoint dev races. For more on calling SharePoint Services with WCF check out this post.
Calling SharePoint Services Over SSL with WCF (WSS 3.0)
Feb 4th
While troubleshooting another SharePoint WSS issue (related to DCOM permissions) I had to test calling the List Service against an Instance of SharePoint that was running over SSL. I was using WCF as the client and the biggest pain was the configuration (which is usually the case with WCF). Based on several other posts, here is what I tried.
1. Added Service Reference which generated configuration info for the service
2. Changed the config and set the security model to “Transport” and clientCredentialType to “Ntlm”. “Transport” is required when calling over SSL.
<system.serviceModel> <bindings> <basicHttpBinding> <binding name="ListsSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="Transport"> <transport clientCredentialType="Ntlm"/> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://someserver/somesite/_vti_bin/lists.asmx" binding="basicHttpBinding" bindingConfiguration="ListsSoap" contract="SharePointServices.ListsSoap" name="ListsSoap" /> </client> </system.serviceModel>
3. In code, the only trick I had to use was to AllowNtlm by setting the property on the ClientCredential object.
using (var client = new SharePointServices.ListsSoapClient()) { try { client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "password", "domain"); client.ClientCredentials.Windows.AllowNtlm = true; var lists = client.GetListCollection(); var listsXElement = XElement.Parse(lists.OuterXml); Console.WriteLine(listsXElement); } catch (Exception ex) { client.Abort(); Console.WriteLine(ex.ToString()); } }
Troubleshooting 0×80004004 in WSS 3.0 (SharePoint)
Feb 3rd
Today I spent some time working through a few issues with SharePoint and DCOM permissions. Hopefully this helps another developer on a quest to solve this issue.
If you’ve found 0×80004004 then you are already pretty far along to the solution. While testing calls to the List service in SharePoint using WCF for the client I received the following error from the List service which I captured by enabling tracing on my WCF client.
<soap:Fault> <faultCode xmlns="">soap:Server</faultCode> <faultString xmlns="">Exception of type 'Microsoft.SharePoint.SoapServer.SoapServerException' was thrown.</faultString> <detail xmlns=""> <errorstring xmlns="http://schemas.microsoft.com/sharepoint/soap">Operation aborted (Exception from HRESULT: 0x80004004 (E_ABORT))</errorstring> <errorcode xmlns="http://schemas.microsoft.com/sharepoint/soap">0x80004004</errorcode> </detail> </soap:Fault>
Repeated searches on Bing and Google yielded nothing with a direct solution. But I did find a few pointers that helped my quest.
Digging through program files\common files\Microsoft Shared\Web Server Extensions\12\LOGS I found log files with rows looking similar to this:
w3wp.exe (0×1718) 0×1418 Windows SharePoint Services General 8e2s Medium Unknown SPRequest error occurred. More Information: 0×80004004
This confirmed the error, but wasn’t helpful. However, the line just above that was slightly more revealing:
w3wp (0×1718) 0×1418 Windows SharePoint Services Database 6f8g Unexpected Unexpected query execution failure, error code 11. Additional error information from SQL Server is included below. “[DBNETLIB][ConnectionWrite (WrapperWrite()).]General network error. Check your network documentation.” Query text (if available): “{?=call proc_GetTpWebMetaDataAndListMetaData( [some values here] ) }
My immediate thought was, “ok, database permissions”. I was able to locate the stored procedure in question as belonging to the Administration database (SharePoint_AdminContent). I tweaked a few permissions to no avail.
The project architect suggested I try the same code against a different SharePoint instance. Sadly, when I tried that the only problem I had to fight was getting the NTLM credentials to work using WCF and SSL. Things worked flawlessly after that.
With the assistance of our IT pro, he found this article which discusses DCOM permission issues with SP. Unfortunately we found ourselves unable to change the IIS WAMREG permissions until we found this article which helped us slay that problem. After taking ownership of the appropriate registry key, we were able to change permissions on the IIS WAMREG DCOM component to allow the SharePoint WPG groups to have Local Launch and Local Activate.
Apparently this issue stems from how the local SharePoint install was configured. Seems that many people run into this issue when trying to consume SharePoint services on a local machine.
After a reboot and an IIS reset the problem went away. Sadly, my WCF client received a new error which I will cover in a future post.
How to Make Coffee Undetected
Feb 3rd
I love coffee. My wife loves coffee. Except when now that she’s pregnant (again). A few weeks ago I received a request to cease coffee making at home because the smell was a little much for my wife to take. Apparently baby on the way (#3) does not appreciate coffee.
This situation wasn’t going to work well because the logistics of taking my coffee making paraphernalia to the office every day is not ideal. Here’s my current set up:
- Aerobie Aero Press
- CoffeeMate coffee grinder
- 1 lb espresso & 1 lb decaf espresso, whole bean, in sealed containers (Kaldi’s or Mississippi Mud beans are the best)
- A collection of Monin syrups (almond, toffee nut, hazelnut to name a few)
I’m at the point where I have my “system” and I can make my coffee fresh each morning in under 5 minutes, including setup & clean up. I really enjoy coffee this way and I am determined to continue it.
I devised a new “system” based on some input from a coworker and trial and error.
Additional items needed:
- Ventilation fan above stove
- Spray bottle with white Vinegar
The new process takes a few extra minutes but minimizes the coffee odor and lessens its effects on my wife. I now perform the process under the hood of the stove with the fan on low. Prior to opening the sealed can of coffee beans and grinding it, I spray a little vinegar in the air near the kitchen doorway. After grinding the beans I spray a little more. The “puck” (as named by the Aerobie documentation) is discarded into a plastic bag with a sprits of vinegar and promptly taken outside to the trash.
In my first few trials my wife still complained about the odor. However, I found that if I do this about an hour before she wakes up and use a healthy amount of vinegar in the air it is far more tolerable.
Fortunately the vinegar odor does not change how fabulous the coffee tastes and I don’t have to deal with the daily grind minus my home brew.
Back to ‘Getting Things Done’
Feb 2nd
Years ago, when I was working in libraries, I had the chance to read David Allen’s Getting Things Done. The impact of that book took a while to really sink in and combining that with Inbox Zero a few years later I was on my way to a GTD system. Unfortunately after a good year or so it began to fall apart for various reasons. Now that I’m back to a fresh start, here are some of the tools and tips I’m using to stay on top of things.
The Tools
- Outlook 2007 – Email & Calendar. Also syncing to my Blackberry, though I have been leaving my Blackberry on silent a lot lately.
- Remember the Milk (RTM) – This guy I sit next to uses it very effectively. Now I am using it too (not so effectively yet).
- White boards and camera phones. I don’t think we have put anything on a white board that did not end up in a picture that is translated to tasks, Visio diagrams, or a document.
The Process (For Now)
Everything goes to my inbox in Outlook. I try to read my email in dashes and clear out the junk, respond to the quick ones and defer the rest. Anything actionable from email goes to my inbox in RTM. Within RTM I’m trying to start weekly and daily reviews where I push tasks from the inbox to their respective lists (Home, Work, Store) and assign due dates. Each day I pick a few tasks from each list to complete. Currently the Home tasks seem to drag on longer than the work ones.
RTM has a host of keyboard shortcuts that make working with it fun. For instance, click on a task, press ‘d’ and start typing a new due date. Hit ‘c’ and mark it completed. In addition, the syntax in RTM is handy, typing “Call Mom Tomorrow #Home” in the task description adds a task to call mom, due tomorrow, to the home list. Very handy.
Other Thoughts
I find that working with a team on a focused iteration is really helping this process. Previous attempts would break down because of fire fighting or “emergencies” that would come up. Dealing with constant fires is a sign of several things (which we will not detail here) and really hampers your ability to guard your attention. Those environments require a lot more discipline to really execute a GTD system well.
