|
|
Browse by Tags
All Tags » Architecture - ... » WCF (RSS)
-
Just back from vacation. The tan barely started to fade, and here I am already playing with the new shiny toy :-). Did you experiment with Zermatt by now? As Kim mentions the samples (and the documentation) are an excellent way to start, and I am sure that blog posts & tutorials will soon start mushrooming here and there in the blogosphere: here I begin my humble contribution with my first technical post about Zermatt . I had *absolutely* no hesitations when deciding which scenario I should tackle first: an active STS which handles requests backed by smartcards . I received asks about from many segments (especially about eID management from governments and high authentication levels for finance) and pretty much from everywhere in the world (especially Europe and Asia): I am really delighted to finally have a chance to give you something about that scenario that you can compile in visual studio, as opposed to the usual whiteboard sketches :-) Before we dive into the code, let me disclaim the disclaimable: as usual, the code you see in this blog is just an example and is by no mean production ready code. My purpose here is to introduce you to new ideas, so I favor readability and clarity over completeness If you consider the definition of best practices as "A technique or methodology that, through experience and research, has proven to reliably lead to a desired result" , I think I can safely say that there are no established best practices yet. Sure, there are some fixed points Read More...
|
-
Yesterday we finally had the session about the making of MySpace APIs . As you'll be able to see from the recording , it was a *great* session: extremely interesting and very informative. It had only one issue: Paul Walker , the architect behind the MySpace API efforts and the key person we worked with on the WCF components of the project, couldn't make it to the conference. Paul has a deep, deep understanding of the REST principles and was the one who envisioned how WCF could have been used and extended for meeting MySpace architectural needs. If you'll ever have a chance to attend a session from him or read anything he writes on this topic, I strongly recommend it. The session was opened by Aaron Sloman, who gave the business background. Back to the very first edition of Mix, MySpace demonstrated some Vista gadgets: the reaction it elicited from the audience was the request of opening the corresponding APIs. Well, just a couple of years later here we are, developer.myspace.com is up and running! Aaron then moved to give the list of requirements for the API of a juggernaut like MySpace, and hinted to the fact that the REST architectural principles and WCF were the solution they found fit for the task after much testing. The main technical delivery came from Haider Sabri , who was involved in the implementation of the project for the very beginning. I won't go too much on the details, since there is the recording of the session publicly available ; anyway, just for wetting your Read More...
|
-
On the Paris-Seattle flight, coming back after 2 weeks spent stuffing myself with all sorts of food with the excuse "after all, you can't find this in USA" :) Before hurling myself back in the vortex of daily work, and celebrate the end of the year with something crazy, I want to take some time writing down some hallucinatory (=vision without execution) thoughts about omnidirectional identities . Be warned, this may be just pointless rambling at this point. Few weeks ago I chatted about this in front of a microphone with John Udell , digressing along a crazy tangent instead of answering his questions about the book (I eventually came back to Earth and answered properly :)). I don't know if he'll deem those fragments publication worthy, but just in case I'll make a brain dump here. It's not that there's much more to do in this small seat anyway (just finished the latest Eco . He didn't mention underbite at all, I'm happy). Looking back at the activities related to identity in the past year, I am glad to report that amazing progress has been done. Something that makes 2007 very different from 2006 is the kind of work that was made: in 2007 the accent was on execution. The vision behind the metasystem is still being explored, sure, like Kim's series on linkage or the discussions about display token and first law demonstrate; and I feel that conjugating the metasystem and claims in enterprise environment is an area that still need focus (especially in fighting old forma mentis that Read More...
|
-
It's that time of the year again: the end of June marks the end of the fiscal year, and for us it's time to reflect on what we've done in the past 12 months. Vast majority of the things I've done are internal-only or with high profile customers that can't be mentioned publicly until their PR departments give the green light, hence I won't discuss those here; however I think it's interesting to share with you a summary of some of the things that I worked on, just to give you a measure of how .NET3.0 (especially CardSpace in my case) is relevant. It should give you an hint of how much impact you can have working in my group, so you'll be able to put announcements like this in the right perspective! I also hope that this will boost your confidence that the content of our upcoming book is based on very solid real world experience, earned by working daily with our key accounts in the identity space: the PG intent is tempered by immersing it in requirements from customer actually shipping solutions based on this thing that we call CardSpace. Which, by the way, is the reason for which I'm still at the computer at this time... big stuff is going on in cardspaceland! Projects, Briefings, Deep Dives This year I've worked with or briefed more than 45 enterprise companies on CardSpace/WCF/WF, good part of it at the very top of the fortune100 and global100 (ah, btw: just subscribed to Fortune. I was buying it all the times anyway). Sometimes it was just a 2 hours personalized QA, some other Read More...
|
-
Yesterday night I was going through the unresolved parts of the inbox, a fairly boring task, when Dennis rescued me: he chimed in via Messenger reminding me that a new version of the BizTalk Services SDK is out. It wasn't hard to switch my attention to something far more exciting, and I promptly installed it. If you had the old version of the SDK on your machine, I suggest uninstalling it before installing the new one. For the ones that were bold enough to play with the new binding at low level: the changes in the machine.config show how the assembly hierarchy and the object model changed: <!-- <system.serviceModel> <bindings> <relayBinding> <binding name="metadataExchangeRelayBinding" /> </relayBinding> </bindings> <client> <endpoint address="" binding="relayBinding" bindingConfiguration="metadataExchangeRelayBinding" contract="IMetadataExchange" name="net.relay" /> <metadata> <policyImporters> <extension type="Microsoft.ServiceModel.Relay.Description.RelayBindingElementImporter, Microsoft.ServiceModel.Relay, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </policyImporters> <wsdlImporters> <extension type="Microsoft.ServiceModel.Relay.Description.RelayBindingImporter, Microsoft.ServiceModel.Relay, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <extension type="Microsoft.ServiceModel.Relay.Description.RelayBindingElementImporter, Microsoft.ServiceModel.Relay, Read More...
|
-
In short: this is the description of a sample that sends a CardSpace-obtained token to an AJAX service implemented with the new Orcas features. Few posts ago I published a tutorial about using CardSpace with Silver. While talking about it with Kushal Shah from the Workflow team, he suggested that it could be nice if we'd also demonstrate how to use CardSpace with the new RESTful capabilities of WCF: that sounded perfect for my "cardspace+<technology_of_choice>" series, hence I promply jumped on the task. The post below documents the results. Preamble Before diving into the code, let's take a moment for understanding what is this all about. The .NET framework 3.5, currently in beta , extends WCF with new capabilities explicitly designed to enable web development scenarios. There's really a lot to say on the subject, however for our context it is enough to say that you can now expose WCF services in ways that makes them extremely easy to consume from web pages. In practice, this mean that you can 1) invoke WCF services via HTTP verbs (POST and GET) and 2) handle messages in web-friendly formats, such as JSON. The macroscopic implication is that you don't need a proxy. Calling a WCF service becames a simple exercise in BLOCKED SCRIPT you gather the data from whatever UI element you need to, you create "by hand" a web request in AJAX style (with the object XMLHttpRequest or the activeXs Msxml2.XMLHTTP/Microsoft.XMLHTTP) and finally you use the results for updating selcted parts Read More...
|
-
In short: this is a step by step tutorial for creating from scratch a Workflow Service with the Beta 1 release of Visual Studio codename "Orcas". The tutorial shows how to secure the service with Windows CardSpace, how to create a client application on the fly and how to access claims from the code of a Workflow activity. Just days before the Earth-moving news at Mix , with the Beta 1 release of Visual Studio codename "Orcas" we made available another silvery technology: the Workflow Services, Silver for friends, are an exciting new technology which allows developers to blend WCF and WF for creating service-aware workflows. As in good tradition, one of the first things I thought about was how to secure those new breed of services via CardSpace: turns out that is incredibly easy, and I could explain it in a 1/2 post if I'd start from an existing workflow service project. However Silver technology is still cutting edge: so I thought it could have been useful to make a full walkthrough. EDIT: after some hours spent writing this post, I've seen that the WF overlord already covered the workflow creation part and in better details: I recommend you checking Matt's post out, especially if some of the passages below are obscure to you. The plan We'll partition the work in few steps: 1. Create the workflow project 2. Add and configure the Receive activity 3. Host the workflow in a WorkflowServiceHost 4. Configure the workflow endpoint for using CardSpace 5. Create a client project on the Read More...
|
-
Periodically I hear people having issues with debugging STS code from CardSpace based scenarios. When you invoke an STS by selecting a managed card, you do that from the private desktop; that means that you can;t access your interactive session until the call to the STS returns, but if the STS code is exactly what you want to inspect you appear to be stuck. There are a number of easy ways out from that apparent impasse: I recently shared those with a colleague, and her reaction convinced me that there's some value in sharing those on the blog. Trick 1 : Put a breakpoint in the STS code, launch your client app and get to the point in which you use the managed card. The dialog of the token request will be stuck, since you have a breakpoint that blocks your RST processing. Just cancel the request and exit the private desktop : you will find the execution stopped at your breakpoint and you can go through the STS code. Obviously if you successfully step through the entire code the token will never be returned, since you killed the client, but if your purpose is debugging the STS you should not care. Easy :-) Trick 2 : Alternatively, you can have the client in a VPC or in another physical machine. Trick 3 : (thanks to Xiao Xie for this one): if you are running on an OS which allows more than one concurrent interactive sessions, such as Windows 2003 or Longhorn Server, just create a remode desktop session on the machine itself. You can run the client from the remote desktop console, Read More...
|
-
If you are watching the Card-space, I'm sure you didn't miss it: the Otto Store smart client application, announced during TechEd Europe and VSLive, is now up and running. You can download and install it from there . This news is relevant to this blog in different ways. The Otto store is the first application available on the internet to use managed cards. It is the first application to secure web services call via CardSpace. And among the customers I have worked with in the last year, Otto is the first one to release a CardSpace based application. Hoooray! It was a pleasure to work with everybody on the project, I can't tell you the satisfaction of seeing all this beautifully coming together. I could fill the entire post just with juicy annedoctes, like the time when me and Jaime (the great guy who dealt with the WPF parts here in Corp) flew in Germany for the first ADS: we took an early cab from downtown Munich to the offices, and it was the very first ride of the very first work day of our extremely young driver. A 20 mins drive became a 45 mins tour in the foggy & frozen countryside around Munich, with the driver increasily panicking: the GPS was banned by his company policy, so I could not pull out my beloved Universal and give him a hand. He was very brave and professional! In the end we did it to the meeting, though with some delay: looking at he app today, anyway, looks like that delay didn't really matter that much. But you're not interested in annedoctes, are you: Read More...
|
-
Well, what a alliterative title :-) I've been asked in several occasions how to use managed cards, and specifically the simple STS sample , together with the surprisingly popular WPF smartclient sample . It is not especially difficult: few changes in the configuration and you're all set. The only nuisances arise from the fact that when you set up a full end to end CardSpace scenario sample on a single machine you are basically trying to sing, play the guitar and the drums at the same time: setting up SSL for RPs and IPs, tweaking the hosts file for mapping website names to IPs, setting up certificates and permissions, making sure that web proxies and ISA will not sabotage your "artificial" connectivity, setting up virtual directories for CRLs and logotypes... those are all things that need to be done. In this case we can make some serious semplification by not adding any virtual directory, since all moving parts live in a dedicated process (RPs and STS in their own console app, the client in the WPF app). That would mean no logotypes and no CRL, though. While for the sake of the example we can go around the former, the latter has the potential of upsetting WCF big time; we'll how to mitigate that. Just remember that logotypes and CRL would be something you don't want to give up in production, here we are simply trying to see CardSpace in action. In this post I am making the assumption that you set up the simple STS at the address , and that it is secured by a certificate with Read More...
|
-
Well, what a week :) Monday and Tuesdsay, @ S.Diego for the Gartner Healthcare Summit . Ben Flock (mighty PSA!), Chris Henchey (COO & Cofounder of Choicelinx ) and I presented a case study about cross entity authentication in Healthcare. The session was largely based on the learnings derived from a WCF early adoption project we had with Cigna/Choicelinx: incidentally, the case study of that project is out :) let me know if you like the picture! During the session, though, we demonstrated the next step: that is to say, CardSpace-enabling the scenario and seeing dev times becoming from small (with WCF) to risible. I am truly impressed with Chris: in my experience his openness to completely novel ideas is something that is not easy to find in his environment. I'm truly honored we copresented! Anyway, as soon as I was back I had an internal CardSpace show&tell with colleagues form another division. It was supposed to be 30 mins, but we ended up doing 1:30 :-) yes, I'm horribly verbose, but to my defense nobody stopped me! And we came out with very interesting questions, though. Then, the craziest times of all: I had to prepare for the EMEA tour I'm doing. Not that easy! Close mails, review docs, push out the WPF/WCF smartclient secured with cardspace with caching , install vista RTM.... vista is not a difficult install per se, actually it was a breeze: it's that my machines are practically protesic extensions of my brain, and if something malfunctions... it's a problem. So Read More...
|
-
Hello everybody. It's some time that I have this sample in the buffer: I am publishing now in a rush, since this sundaly I leave for 2 weeks in EU for some nice CardSpace briefings here and there. I won't be on mail very much, so I hope you will hold most questions for when I will be back in Redmond :-) I would really love to speak at lenght about this, but I really don't have much time (I have also to mention all the ones that helped, and the list is long!:)). For the time being I am including an exerpt of the sample documentation: later I'll go deeper on it. Enjoy :) Vittorio --------------------------------------------- Windows CardSpace, WCF and Token Caching Windows CardSpace provides a consistent experience across web and rich client scenarios. Windows Communication Foundation (WCF) supports CardSpace out of the box, supplying a powerful means of handling authentication in web service based applications: users enjoy an easy experience that shields them from the complexities of WS-Policy, while WCF receives a token for securing the messages. The WCF programming model stores credentials on a per-channel basis: hence, in normal conditions the user would be prompted to choose a card as many times as a channel is created and used. WCF extensibility model, however, offers an easy way of modifying this behavior. The sample presented here demonstrates how a simple WPF application can leverage CardSpace for securing the access to two different WCF web services, prompting the user Read More...
|
|
|
|