|
|
Browse by Tags
All Tags » Windows Communication Foundation (RSS)
-
I am sure you are all more than familiar with DreamSpark , the amazing (YES, amazing. Bravo Milo!) offer through which Microsoft gives access to developer & designer tools at no charge. That requires, naturally, to be able to prove that you are indeed a student. Eduserv is a not-for-profit UK-based organization that focuses on IT solutions for the education sector: their identity management solutions are used by over 4 millions of students from universities in UK & other countries. And here comes the interesting bit: Eduserv wrote an identity management component for DreamSpark integrated with their OpenAthens SP , and based on WCF & CardSpace :-) you can read about this on a recently published case study (word document here ). With all the identity talent that runs abundant in the Microsoft offices in UK (Paul MacKinnon & Planky, congrats!) it is not really a surprise to see that they are ahead of the curve, but it is most definitely a pleasure :-) congratulations to all the people involved! Read More...
|
-
Just back from vacation. The tan barely started to fade, and here I am already playing with the new shiny toy :-). Did you experiment with Zermatt by now? As Kim mentions the samples (and the documentation) are an excellent way to start, and I am sure that blog posts & tutorials will soon start mushrooming here and there in the blogosphere: here I begin my humble contribution with my first technical post about Zermatt . I had *absolutely* no hesitations when deciding which scenario I should tackle first: an active STS which handles requests backed by smartcards . I received asks about from many segments (especially about eID management from governments and high authentication levels for finance) and pretty much from everywhere in the world (especially Europe and Asia): I am really delighted to finally have a chance to give you something about that scenario that you can compile in visual studio, as opposed to the usual whiteboard sketches :-) Before we dive into the code, let me disclaim the disclaimable: as usual, the code you see in this blog is just an example and is by no mean production ready code. My purpose here is to introduce you to new ideas, so I favor readability and clarity over completeness If you consider the definition of best practices as "A technique or methodology that, through experience and research, has proven to reliably lead to a desired result" , I think I can safely say that there are no established best practices yet. Sure, there are some fixed points Read More...
|
-
Ahh, I’ve been looking forward for this post for a looong time. We just made available for download the bits of the Beta of “Zermatt” Developer Identity Framework . “ Zermatt ” is the codename of a .NET framework that helps developers build claims-aware applications to address challenging application security requirements using a simplified application access model. Let me expand a bit on that. If you want to develop applications that take advantage of claims & identity Metasystem goodness in general, Zermatt makes your life easier by providing base classes, controls but especially capabilities & a programming model that take care of most of the plumbing for you. Regardless of the role (IP, RP, subject) or the style (Active, Passive, “ Passive-Aggressive ”), Zermatt shields you from the sheer handling of protocols & tokens and provides you with a great model for externalizing your access logic. For my loyal readers and in general to whoever worked with tokens and cardspace in general, who stormed me with mails since the TechEd EMEA demo and even earlier: this means that we can finally retire historical samples like the SimpleSTS and the TokenProcessor class . Zermatt is a fully supported developer framework that gives you those capabilities and MUCH more. How much more? Below there’s a partial list of the goodies you get: · An HttpModule (the Federated Access Module, or FAM) that takes care of handling the token processing pipeline: fully extensible & web.config-urable, Read More...
|
-
I am now focusing exclusively on identity & services, true, but certain news about former interests of mine are just too good not to share. While evangelizing the web capabilities of WCF introduced in the framework 3.5, one of the most recurring questions was about hiding the svc extension for WCF services. That makes a lot of sense, since ideally a good RESTful URI (whatever that really means) should not give away the technology that is used to handle the resource and should not change when the underlying technology does change. Thanks to IIS7 architecture, it is very easy to write a URLrewrite module that does just that: if you recall the Mix session about MySpace's use of WCF in their REST API, you'll remember that they did demonstrate this (sample code here ). Now you don't need to write that module for the ground up anymore: we just shipped the technical preview of the "official" URLrewrite module for IIS7 . Give it a spin, and thanks to the IIS crew for listening to the REST community! Read More...
|
-
Almost one year ago I briefly mentioned the Biztalk Service SDK, here and here . A new version has recently been made available: you would not believe the amount of new features that were added to it in this timeframe. The main reason of excitement for me is that this new release supports managed cards ! It's a bit late at night here in Redmond and the drowsiness makes me feel less than bright right now, so I better defer detailed explanations to tomorrow (or the weekend). Anyway, for the identirati tuned in, this basically means that the service bus offers a R-STS that will accept, among many other means of authentication, also third party's managed cards. The behavior of the R-STS can be influenced by using the Biztalk Services identity portal , or by management API; you can translate attribute claims into authorization claims (if an incoming claim has a certain value you can issue a token which tells to the ultimate destination that the caller is authorized to perform the call; you can copy the input claims directly in the issued token so that the info is preserved; and so on). "Artist" rendering below: Again, I'll be more verbose in a later post: in fact, I plan to walk you through a sample that will make you hit the ground running exactly with that feature. The managed card support is the feature that I find most appealing ( surprised ?), but in fact there are many other great additions such as X509 authentication, REST management APIs, support for multiple languages ... Read More...
|
-
Well, don't get fooled. I'm not going to make any big philosophical considerations about technology and privacy (though I may do that in the future), but I will talk about the little project I've put together after three gintonics & the MIX party at TAO . I am often on the road. When I am homesick I often open a terminal server session with one of my home machines and fire up the webcam; sometime I am in dramatically different timezones, so it's nice seeing that where I am it is dark but back in Redmond it's just dawning, and similar mellow stuff. Before leaving for Vegas I thought it would be nice to access the image directly, without having to fire up an entire remote desktop session for that. Hence I wrote some code for taking webcam snapshots (thanks Scott for putting together a nice WIA sample ), exposed it via WCF service, generated a certificate on my test CA, wrote a binding that uses cardspace... and I had it working. About 1 hour, during which I also managed to watch some futurama . Once I got to Vegas I was too busy with the MySpace session for playing with those things, but yesterday's atmosphere at TAO restored my playful/timewaster attitude: after the party I made the necessary adjustments for accessing the service from outside, calibrated the UniqueID from the selfissued I want to use for authenticating with the service... and it was done. One hour of distracted development, 30 mins of fiddling with the config file (after abundant party's beverages) and now Read More...
|
-
Yesterday we finally had the session about the making of MySpace APIs . As you'll be able to see from the recording , it was a *great* session: extremely interesting and very informative. It had only one issue: Paul Walker , the architect behind the MySpace API efforts and the key person we worked with on the WCF components of the project, couldn't make it to the conference. Paul has a deep, deep understanding of the REST principles and was the one who envisioned how WCF could have been used and extended for meeting MySpace architectural needs. If you'll ever have a chance to attend a session from him or read anything he writes on this topic, I strongly recommend it. The session was opened by Aaron Sloman, who gave the business background. Back to the very first edition of Mix, MySpace demonstrated some Vista gadgets: the reaction it elicited from the audience was the request of opening the corresponding APIs. Well, just a couple of years later here we are, developer.myspace.com is up and running! Aaron then moved to give the list of requirements for the API of a juggernaut like MySpace, and hinted to the fact that the REST architectural principles and WCF were the solution they found fit for the task after much testing. The main technical delivery came from Haider Sabri , who was involved in the implementation of the project for the very beginning. I won't go too much on the details, since there is the recording of the session publicly available ; anyway, just for wetting your Read More...
|
-
[There's not much tech content in this post. You read it all at your risk :-) the next posts will get the technical discussion back on track from where we left it a couple months ago] From the all time record of 17 posts in June, this feed dropped to next to 0 activity in the last 2 months. in fact, I wasn't sleeping at all; but it sounded nice to repurpose Mr .Friedman's excellent opening of " the world is flat " :-) and speaking of World, below there's the trajectory I followed since June. No wonder I'm Freccia Alata . Los Angeles, New York In early July I went to visit some key customers there, evangelizing the new WCF/WF Orcas features few days before the Beta2. James and Ryan did the same with the new web development, Windows Server 2008 and framework features. It was fun! Can't say much about the customers we met: all very interesting, but I have to protect their IP. I loved Roku in L.A. (thanks Mike for bringing me there), but I was seriously turned off by Little Italy in NY (looked like a tourist trap & food wasn't exceptional). Seattle As soon as I got back in the happy Washington state, I entertained my colleagues from our offices worldwide at one internal conference; I spoke about CardSpace and what's new in the 2008 wave (Orcas) for WCF & WF. I was used to come to those conferences when I was working in Microsoft Consulting Services in Italy, and I know how important for readiness those events are. As a result I prepare those sessions very seriously, and this Read More...
|
-
Dear English readers, this post announces the first Channel9 video entirely in Italian language . As such, the rest of the post is going to be in Italian. E allooooora :) Dopo mesi che meditiamo sull'iniziativa, abbiamo deciso di dare spazio su channel9 a contenuti in lingue diverse dall'inglese. E per puro caso [;)] il primo video e' in Italiano, addirittura in home page ! Sono andato a trovare Mauro Ottaviani nel suo ufficio del mitico building 42, dove sta il product group connected systems, e ci siamo fatti un'allegra chiacchierata sulla performance . Nei prossimi mesi passero' a visitare svariati altri connazionali: siamo davvero tanti qui a Redmond, e tutti in posti interessanti... tenete un occhio su http://channel9.msdn.com/tags/Italia ! Un grazie enorme a Charles "Carlo" Torre per il suo supporto, senza il quale questo show non sarebbe mai partito. Carlo, sei sempre il migliore ;-) Read More...
|
-
It's that time of the year again: the end of June marks the end of the fiscal year, and for us it's time to reflect on what we've done in the past 12 months. Vast majority of the things I've done are internal-only or with high profile customers that can't be mentioned publicly until their PR departments give the green light, hence I won't discuss those here; however I think it's interesting to share with you a summary of some of the things that I worked on, just to give you a measure of how .NET3.0 (especially CardSpace in my case) is relevant. It should give you an hint of how much impact you can have working in my group, so you'll be able to put announcements like this in the right perspective! I also hope that this will boost your confidence that the content of our upcoming book is based on very solid real world experience, earned by working daily with our key accounts in the identity space: the PG intent is tempered by immersing it in requirements from customer actually shipping solutions based on this thing that we call CardSpace. Which, by the way, is the reason for which I'm still at the computer at this time... big stuff is going on in cardspaceland! Projects, Briefings, Deep Dives This year I've worked with or briefed more than 45 enterprise companies on CardSpace/WCF/WF, good part of it at the very top of the fortune100 and global100 (ah, btw: just subscribed to Fortune. I was buying it all the times anyway). Sometimes it was just a 2 hours personalized QA, some other Read More...
|
-
Yesterday night I was going through the unresolved parts of the inbox, a fairly boring task, when Dennis rescued me: he chimed in via Messenger reminding me that a new version of the BizTalk Services SDK is out. It wasn't hard to switch my attention to something far more exciting, and I promptly installed it. If you had the old version of the SDK on your machine, I suggest uninstalling it before installing the new one. For the ones that were bold enough to play with the new binding at low level: the changes in the machine.config show how the assembly hierarchy and the object model changed: <!-- <system.serviceModel> <bindings> <relayBinding> <binding name="metadataExchangeRelayBinding" /> </relayBinding> </bindings> <client> <endpoint address="" binding="relayBinding" bindingConfiguration="metadataExchangeRelayBinding" contract="IMetadataExchange" name="net.relay" /> <metadata> <policyImporters> <extension type="Microsoft.ServiceModel.Relay.Description.RelayBindingElementImporter, Microsoft.ServiceModel.Relay, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </policyImporters> <wsdlImporters> <extension type="Microsoft.ServiceModel.Relay.Description.RelayBindingImporter, Microsoft.ServiceModel.Relay, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <extension type="Microsoft.ServiceModel.Relay.Description.RelayBindingElementImporter, Microsoft.ServiceModel.Relay, Read More...
|
-
In short: this is the description of a sample that sends a CardSpace-obtained token to an AJAX service implemented with the new Orcas features. Few posts ago I published a tutorial about using CardSpace with Silver. While talking about it with Kushal Shah from the Workflow team, he suggested that it could be nice if we'd also demonstrate how to use CardSpace with the new RESTful capabilities of WCF: that sounded perfect for my "cardspace+<technology_of_choice>" series, hence I promply jumped on the task. The post below documents the results. Preamble Before diving into the code, let's take a moment for understanding what is this all about. The .NET framework 3.5, currently in beta , extends WCF with new capabilities explicitly designed to enable web development scenarios. There's really a lot to say on the subject, however for our context it is enough to say that you can now expose WCF services in ways that makes them extremely easy to consume from web pages. In practice, this mean that you can 1) invoke WCF services via HTTP verbs (POST and GET) and 2) handle messages in web-friendly formats, such as JSON. The macroscopic implication is that you don't need a proxy. Calling a WCF service becames a simple exercise in BLOCKED SCRIPT you gather the data from whatever UI element you need to, you create "by hand" a web request in AJAX style (with the object XMLHttpRequest or the activeXs Msxml2.XMLHTTP/Microsoft.XMLHTTP) and finally you use the results for updating selcted parts Read More...
|
-
In short: this is a step by step tutorial for creating from scratch a Workflow Service with the Beta 1 release of Visual Studio codename "Orcas". The tutorial shows how to secure the service with Windows CardSpace, how to create a client application on the fly and how to access claims from the code of a Workflow activity. Just days before the Earth-moving news at Mix , with the Beta 1 release of Visual Studio codename "Orcas" we made available another silvery technology: the Workflow Services, Silver for friends, are an exciting new technology which allows developers to blend WCF and WF for creating service-aware workflows. As in good tradition, one of the first things I thought about was how to secure those new breed of services via CardSpace: turns out that is incredibly easy, and I could explain it in a 1/2 post if I'd start from an existing workflow service project. However Silver technology is still cutting edge: so I thought it could have been useful to make a full walkthrough. EDIT: after some hours spent writing this post, I've seen that the WF overlord already covered the workflow creation part and in better details: I recommend you checking Matt's post out, especially if some of the passages below are obscure to you. The plan We'll partition the work in few steps: 1. Create the workflow project 2. Add and configure the Receive activity 3. Host the workflow in a WorkflowServiceHost 4. Configure the workflow endpoint for using CardSpace 5. Create a client project on the Read More...
|
-
Periodically I hear people having issues with debugging STS code from CardSpace based scenarios. When you invoke an STS by selecting a managed card, you do that from the private desktop; that means that you can;t access your interactive session until the call to the STS returns, but if the STS code is exactly what you want to inspect you appear to be stuck. There are a number of easy ways out from that apparent impasse: I recently shared those with a colleague, and her reaction convinced me that there's some value in sharing those on the blog. Trick 1 : Put a breakpoint in the STS code, launch your client app and get to the point in which you use the managed card. The dialog of the token request will be stuck, since you have a breakpoint that blocks your RST processing. Just cancel the request and exit the private desktop : you will find the execution stopped at your breakpoint and you can go through the STS code. Obviously if you successfully step through the entire code the token will never be returned, since you killed the client, but if your purpose is debugging the STS you should not care. Easy :-) Trick 2 : Alternatively, you can have the client in a VPC or in another physical machine. Trick 3 : (thanks to Xiao Xie for this one): if you are running on an OS which allows more than one concurrent interactive sessions, such as Windows 2003 or Longhorn Server, just create a remode desktop session on the machine itself. You can run the client from the remote desktop console, Read More...
|
-
In short: I discuss Sidebar Gadgets, and I show you how to invoke a CardSpace-protected WCF service from a simple Gadget. Full source code is provided, along with detailed commentary on the road I've followed for getting there. Added bonus: the code shows how to apply an arbitrary configuration file to WCF, an issue often encountered when hosting WCF code in processes you don't control. Sidebar Gadgets are mini applications which live in the Sidebar, a UI element on the Windows Vista desktop. They are extremely handy for keeping an eye on information you are often interested to; they are also very good at providing you a quick-reach UI for tasks you perform often. As you know I wear the server guy hat, so I'm not really the best person for explaining the advanteges of Gadget: I would suggest visiting Michael and Jaime blogs if you want more details on the subject. When I thought of how the gadget model could be useful for me, I realized that much of the information I'd like to keep an eye on happens to be confidential (like being notified if I received a wire transfer, or getting the access statistics from my website); the actions I want to take when I react to changes in those data are also requiring high security levels (like accessing a portion of my home banking for giving approval for a certain utility bill to be paid). So, would not be great if we could use CardSpace for authenticating the services accessed by a Gadget? I thought for few nights about the issue, devised a Read More...
|
|
|
|