On 4 and 5 March Microsoft is organizing the Microsoft Applicatieplatform Congres in Noordwijkerhout in the Netherlands. At the congress Microsoft will be showing what their application platform is capable of. The first day is targeted at IT managers and architects, the second at software architects and lead developers.
My session will be on the first day and is on our TFS work-item tracking implementation at REAAL. I’ll be discussing the decisions we made, the challenges we faced and the advantages we’re getting out of using TFS. I will be doing this session together with InfoSupport who will talk about their TFS implementation at CZ.
Another cool thing for me is that my session is just before Ivar Jacobson! Very nice to see my name in the same list as his :-)
You can find details on this event and how to register here.
Using Geneva in for authentication in your website is called "passive federation". It relies on other factors like redirection and javascript to perform it's actions. "Active federation", like you can do in services or smart clients, can implement the WS-trust protocol directly. For more information read this excelent white paper by Keith Brown.
In my previous post, I explained how to set-up a Geneva server, that we're going to use in this scenario. We're going to use a sample application that is present in the "Samples"-folder of the Geneva Framework, the "Simple claims-aware web application using managed STS". This site contains no more than a default.aspx that shows information about the logged on identy. It has no logon page of itself. To use the Geneva STS as the identity server we have to make some changes to the web.config. The web-application has to know where it can find the STS, information to validate the tokens it receives and which claims the application will be using. Fortunately, you don't have to write it yourself. You can use the FedUtil-tool that can be found in the Geneva framework folder.
First you have to point the tool to the web.config file it needs to update and enter the url of the web-application (this has to be a SSL-url, be sure to match the casing of the vdir or you get problems). You also have to select a certificate the application can use to sign the tokens it sends itself (you can use the SSL-certificate). On the next page you have to give a reference to the metadata of the STS. The url of the metadata is: https://[hostname]/FederationMetadata/2007-06/FederationMetadata.xml.
If you have problemes retrieving the metadata, it could be that there are problems with your SLL certificate. Do no use the ip-address in the url, but the host-name. If your SSL certificate is self-created like mine you also have to import it to the browsers "Trusted Root Certification Authorities" (Tools > Internet Options > Content > Certificates).
In the next screen you select the claims that your application needs and the STS offers, in this case you can select them all:
After finishing the wizard the FedUtil-tool has inserted the needed nformation in the config-file. It also has created a metadata.xml file that contains the information the STS will need to communicate with the client.
From the STS side we want to control which applications are using the services. You can do this by adding a "relying party" to the STS in the Geneva Server Management tool. On the first screen you're required to enter the URL to the metadata-file in the client application. This is the file we just created using the FedUtil tool.
Again, if the tool has problems retrieving the metadata this probably has to do with the SSL certificate. The solution is the same as described above, but now by adding the SLL-certificate of the client-application to the browser of the server.
In the next screen just add a name and description for the relying party. Then select the claims we want to expose (in this case leave them all selected) and save the relying party.
This is all the configuration we need to do. From the client startup your website. If all went wel, you will be presented the folowing screen:
When you look closely to the url you can see that this a url on the STS server. Choose the sign-in option on the left and after that for username/password. Enter an username and password from the server and you will be redirected to the default page of your application (I modified the code a little to show all claims available).
If your browser enters an endless loop after siging in, you have probably entered the name of the vdir of your application in the incorrected casing. Everytime you enter the name of the vdir the casing has to be exactly the same as in IIS.
This is all there a is for a basic authentication scenario. In a next post I will show how the use the identiy and the claims in code.
Last week at TechEd I followed a couple of presentations on Geneva, the project that used to be called Zermatt. Geneva is a series of components that will make it a lot easier for developers to work with identities within their applications. It's build up from three components:
- Geneva Server: a security token service (STS) that will be responsible for supplying the identities.
- Geneva Framework: a new part of the .NET framework that will handle all of the plumbing in dealing with these identities.
- Geneva Cardspace: the client technology that will make it easier for users to reduce and handle the identities that they have to use.
The are a couple of things about Geneva that make it very powerful:
- It's based on open standards, most importantly SAML 2.0, so it can communicate with STS'es of other vendors and will increase the possibilities of fast adoption.
- Geneva server takes care of the federation of identities by setting up trust relations between STS'es.
- It will make life easier for developers because they don't have to worry where the identies come from. They will program against the same objects no matter what the origin of the identity is.
Geneva is based on someting called "claims based identities". Identities make certain claims about themselves (eg. organizational units, roles, shoe size) that can be queried from within your application.
David Chappel wrote a great white paper about this, to help you get started on the concepts.
This technology is very interesting for the company I work for. We expose an extranet and services to our customers and identity manangement is a problem we struggle with. So I decided to get some "hands on" with this technology. I will write a couple of posts about my experiences.
The first issue I ran into is the lack of availabilty of pre-installed VPC, so I had to take care of this myself. So the rest of this post will cover this topic.
I started with a fresh Win2K8 image that I downloaded from http://www.microsoft.com/vhd. Here you can find a number of virtual hard disks with severs you can try for 30 days. Very handy.
I will be coding in my host environment and using the VPC as a dedicated STS server. You get the best "network" performance between the host and the VPC by using the Microsoft loopback adapter. You can read about this here to set this up.
After setting up the network assign a fixed IP to the server. This is kind of a prerequisite when installing an active directory. Normally I just use ip-adresses to communicate between the VPC and the host, but since we will have to do a lot of SLL communication we will have to make the host names available on both ends. Using the ip-adresses will cause security warnings about the hostname not matching the certificate. You can set this up easily by editing the host files on both machines.
The first thing we wil do is setting up the Active Directory (in the current beta-version of Geneva this is the only identity source available). We will be using DcPromo to do this. DcPromo is a command-line utility that can take several parameters for automatic setup of a domain controlller. If you omit the parameters on the command-line you will be presented a wizard that will help you in a couple of steps to set this up. A good description of this proces can be found here.
After completing this you will have to install SQL Server 2005 or 2008. Geneva Server stores all policy information in this database. I choose to install SQL Express 2005, which is sufficient. You also need SP2 to run it on Win2K8.
Next thing is to activate and configure IIS. By default IIS is not activated in Win2K8. You can enable IIS in the Server Manager snap-in by adding the "web server" role. When choosing role services at least enable everything under "Application Development" and "Security". Also enable "IIS 6.0 metabase compatibility" which is required by Geneva Server. We're going to be using SSL, so we need to enable this a wel. Start the IIS manager and select the webserver node in the tree. In the details section look for the Server Certificates icon. Open it and create a self signed certificate and give it a name. Then select the Default Web Site node and select "Bindings" in the action menu on the right. Add a SLL binding using the certificate you just created.
The last step before installing the Geneva stuff is installing the .NET framework 3.5.
Now we will install the Geneva Framework and Geneva Server, both can be found here. After installing startup the Geneva Server Management snap-in. Select the "Geneva Server Configuration" node. In the middle of the screen the are four sections with a "auto configure" button:
- Click the button in the Policy Store section and select the SQL Express instance we created earlier. The policy database is created automically.
- Click the button in Service Certificates and click "ok" in the next screen. A certificate to secure the security tokens will be created for you.
- Click the button in Web Service Client Support and click "ok" in the next screen. A WS-MEX end point will be created voor WCF services to consume.
- Click the button in Web Browser Client Support and click "ok" in the next screen. This will create a passive federation web site, that can be used for authentication by other web sites.
Due to all the preparation we have done, these four steps should go smoothly. Now select "Start Geneva Server" in the action menu on the right. If everything went well your screen should look something like this:
Now your Geneva server is ready to use. I hope this has helped you set up your rig. In my next post I will explain how to use the server in your website.
I got a request to update the policy injection extension sample from my previous post to Unity 1.1. There are not that many differences but here is the updated code:
5 namespace UnityHelpers.PolicyInjection
6 {
7 public class PolicyInjectionStrategy : BuilderStrategy
8 {
9 public override void PreBuildUp( IBuilderContext context )
10 {
11 IBuildKey buildKeyTo = context.BuildKey as IBuildKey;
12 IBuildKey buildKeyFrom = context.OriginalBuildKey as IBuildKey;
13
14 if( buildKeyFrom != null && buildKeyFrom.Type != null && buildKeyFrom.Type.IsInterface )
15 {
16 context.Existing = Wrap( context.Existing, buildKeyFrom.Type );
17 }
18
19 else if( buildKeyTo != null && buildKeyTo.Type != null && buildKeyTo.Type.IsMarshalByRef )
20 {
21 context.Existing = Wrap( context.Existing, buildKeyTo.Type );
22 }
23
24 base.PreBuildUp( context );
25 }
26
27
28 private static object Wrap( object existing, Type t )
29 {
30 if( existing != null )
31 {
32 existing = (new PolicyInjectorFactory()).Create().Wrap( existing, t );
33 }
34
35 return existing;
36 }
37 }
The ITypeBasedBuildKey is now replaced by IBuildKey in lines 11 and 12.
The code of the PolicyInjectionExtension class also changed a little bit:
4 namespace UnityHelpers.PolicyInjection
5 {
6 public class PolicyInjectionExtension : UnityContainerExtension
7 {
8 protected override void Initialize()
9 {
10 Context.Strategies.AddNew<PolicyInjectionStrategy>(UnityBuildStage.PostInitialization);
11 }
12 }
13 }
In the following thread on CodePlex a forum member states that the Builder Context is always null in the prebuild-up stage. I'm not experiencing this, but if you do his code solves your problem.
Yesterday I blogged about on how to add a Policy Injection extension to Unity. To do this, I had to modify some of the code of both Unity and ObjectBuilder2 to get all the references I needed. Today Francois Tanguay pointed me to the new drop of Unity released on Monday.
A couple of improvements have been made in this drop and one of these is the availbility of the original build key. This is the key before any mapping has occured and just what I need to create my extension without making modifications to Unity and ObjectBuilder2.
The code of the extension is now:
1 public class PolicyInjectionStrategy : BuilderStrategy
2 {
3 public override void PreBuildUp( IBuilderContext context )
4 {
5 ITypeBasedBuildKey buildKeyTo = context.BuildKey as ITypeBasedBuildKey;
6 ITypeBasedBuildKey buildKeyFrom = context.OriginalBuildKey as ITypeBasedBuildKey;
7
8 if( buildKeyFrom != null && buildKeyFrom.Type != null && buildKeyFrom.Type.IsInterface )
9 {
10 context.Existing = Wrap( context.Existing, buildKeyFrom.Type );
11 }
12 else if( buildKeyTo != null && buildKeyTo.Type != null && buildKeyTo.Type.IsMarshalByRef )
13 {
14 context.Existing = Wrap( context.Existing, buildKeyTo.Type );
15 }
16
17 base.PreBuildUp( context );
18 }
19
20 private static object Wrap(object existing, Type t)
21 {
22 if (existing != null)
23 {
24 existing = (new PolicyInjectorFactory()).Create().Wrap(existing, t);
25 }
26 return existing;
27 }
28 }
The BuilderStrategy base class now also has PreBuildUp and PostBuildUp methods to override. The PreBuildUp methods are excuted through the chain in a forward direction, just like the former BuildUp method. The PostBuildUp methods are called in reverse order when all PreBuildUp methods have been executed.
One of the things that excited me when I first heard about Unity was the possibility to combine both Dependency Injection and Policy Injection. So when I downloaded the CTP I was a bit dissapointed that it was not (yet?) supported out of the box. The good thing about Unity though is that is supports extensions. These extensions dive directly under the hood to the underlying ObjectBuilder2 framework. Extensions are build up with Strategies and Policies just like you would with ObjectBuilder2.
The basic idea I had was to use the wrapping mechanism of the Policy Injection block to wrap the objects created by Unity in one of the last building stages. This way I do not have to care about constructor arguments.
The first thing I tried to do was to create a PolicyInjectionStrategy. ObjectBuilder creates and decorates it's objects using a series of strategies. I let the PolicyInjectionStrategy derive from BuilderStrategy and did an override of the BuildUp method. The BuildUp method has a couple of arguments:
context: provides information about the total build up process and contains the policies
buildKey: provides information about the type being created
existing: the object that has been created in earlier stages of the strategy chain.
To use the wrapping mechanism of the Policy Injection block you need either one of the following:
- A type that derives from MarshalByRefObject
- A type that exposes an explicit interface
This gave me a bit of a problem. Because I try to do this in one of the last build up stages the buildKey argument only provides me information about the type being created and not of the interface that may have been used to instantiate the object. In te very beginning this information is available but quickly overwritten by the BuildKeyMappingStrategy. I explored all of the arguments of the BuildUp method and the only thing I could possibly use was the browse through the policies and try to reverse the process of the BuildKeyMappingStrategy. An ugly and not very stable solution.
So I decided to dive a little deeper and alter both Unity and ObjectBuilder2 a bit. The first thing I did was to alter the interface of the type of the buildKey argument (ITypeBasedBuildKey) by adding a TypeFrom propery:
32 Type TypeFrom
33 {
34 get;
35 }
and the class that implements it: NamedTypeBuildKey. I also added a constructor to accept a value for typeFrom.
36 public NamedTypeBuildKey(Type type, string name, Type typeFrom)
37 {
38 this.type = type;
39 this.name = name;
40 this.typeFrom = typeFrom;
41 }
The buildkey mapping from interface to the actual type is performed by UnityDefaultBehaviorExtension using the BuildKeyMappingPolicy as a container. I changed it a little to put the source type in the BuildKey.
61 private void OnRegister(object sender, RegisterTypeMappingEventArgs e)
62 {
63 context.RegisterNamedType(e.TypeFrom, e.Name);
64 context.Policies.Set<IBuildKeyMappingPolicy>(
65 new BuildKeyMappingPolicy(new NamedTypeBuildKey(e.TypeTo, e.Name, e.TypeFrom )),
66 new NamedTypeBuildKey(e.TypeFrom, e.Name));
67 }
Now I have every information I need in my PolicyInjectionStrategy. I created the following code the perform the wrapping:
7 public class PolicyInjectionStrategy : BuilderStrategy
8 {
9 public override object BuildUp( IBuilderContext context, object buildKey, object existing )
10 {
11 ITypeBasedBuildKey typeBasedBuildKey = buildKey as ITypeBasedBuildKey;
12
13 if( typeBasedBuildKey != null )
14 {
15 Type typeTo = typeBasedBuildKey.Type;
16 Type typeFrom = typeBasedBuildKey.TypeFrom;
17
18 if( typeFrom != null && typeFrom.IsInterface )
19 {
20 existing = Wrap( existing, typeFrom );
21 }
22 else if( typeTo.IsMarshalByRef )
23 {
24 existing = Wrap( existing, typeTo );
25 }
26 }
27
28 return base.BuildUp( context, buildKey, existing );
29 }
30
31
32 private static object Wrap( object existing, Type t )
33 {
34 if( existing != null )
35 {
36 existing = (new PolicyInjectorFactory()).Create().Wrap(existing, t);
37 }
38 return existing;
39 }
It first checks if a typeFrom is present and if it's an interface. If so, we can wrap the object based on this interface. If this is not the case we have a second chance by checking if the object is derived from MarshalByRefObject. If this is also not true, we just pass the received object back to the strategy chain.
The private Wrap method also contains a little trick. I'm not using the Wrap method of the PolicyInjection type, but a PolicyInjector created by a factory. I had to do this because the Wrap method of PolicyInjection does not provide a non generic overload. For generics every type has to be known at compile time and this is not the case here. The PolicyInjection type is just a little sugar over the PolicyInjector so we can easily bypass this by doing this.
The last thing you need to do is the create an extension that enlists the strategy
9 public class PolicyInjectionExtension : UnityContainerExtension
10 {
11 protected override void Initialize(ExtensionContext extensionContext)
12 {
13 extensionContext.Strategies.AddNew<PolicyInjectionStrategy>(UnityBuildStage.PostInitialization);
14 }
15 }
and register it
33 IUnityContainer container = new UnityContainer()
34 .Register<ILogger, TraceLogger>()
35 .Register<IStoplightTimer, RealTimeTimer>()
36 .AddNewExtension<PolicyInjectionExtension.PolicyInjectionExtension>();
There are probably a lot of improvements to be made on this solution and not everybody will be very happy with modifying Unity and ObjectBuilder2. But it's a start and I hope this will help you a little bit to get started.
UpdatePanels are a great way to update portions of a webpage. They only have one "problem": they need a control to fire the async postback. When you are performing a postback from javascript using the following code:
__doPostBack( 'EventName', 'EventArgs' );
the execution will always be synchronous. You can work around this by using a hidden control and fire one of its events, but this is not always the most flexible solution. I debugged the framework javascript a little and found another way to do it, completely in javascript. It's done by adding the eventtargetname into two arrays of the PageRequestManager. I have created a javascript function that handles this for me:
function doPostBackAsync( eventName, eventArgs )
{
var prm = Sys.WebForms.PageRequestManager.getInstance();
if( !Array.contains( prm._asyncPostBackControlIDs, eventName) )
{
prm._asyncPostBackControlIDs.push(eventName);
}
if( !Array.contains( prm._asyncPostBackControlClientIDs, eventName) )
{
prm._asyncPostBackControlClientIDs.push(eventName);
}
__doPostBack( eventName, eventArgs );
}
You can call it just like the original __doPostBack function.
Sometimes you run into something and you wonder why you haven't noticed it before. Yesterday I discovered a feature in Visual Studio 2005 called TracePoints.
When you're debugging your application, setting breakpoints in your code isn't always sufficient. In some cases they mess up the flow of your code or you have to pass a breakpoint so many times that it's hard to keep track off. So you end up putting debug or trace statements in your code, which is not pretty.
To solve this problem, you can use TracePoints in Visual Studio 2005. TracePoints inserts comments in the Debug output window, whithout stopping or modifying the code. This is how to do this.
I used it to solve some threading issues and it's been a great help. Hope this helps you to.
Like FireFox Internet Explorer 7.0 now also has the possibility to search websites with the handy little search box in the upper right corner. It's very easy to create your own OpenSearch description document and add it to IE to search other websites (perhaps your own).
The OpenSearch description document is an XML-document with the following structure:
<?
xml version="1.0" encoding="UTF-8"?>
<
OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
<
ShortName>CodeProject</ShortName>
<
Description>Use to search the CodeProject</Description>
<
Tags>example web</Tags>
<
Contact>admin@example.com</Contact>
<
Url type="text/html"
template="http://www.codeproject.com/info/search.asp?cats=2&cats=3&cats=4&cats=5&cats=6&searchkw={searchTerms}&Submit1=Search&author=&sd=15+Nov+1999&ed="/>
</OpenSearchDescription>
The template attribute is the search url of the site (for this example I used The CodeProject) and contains a special {searchTerms} tag. This is the place where your keywords will be inserted. For a complete specification of this document look here.
To add it to your browser just create a html page like this one:
<html>
<body>
<a href="#" onClick="window.external.AddSearchProvider('http://[your url]/codeproject.xml');">Voeg Codeproject aan je browser toe</a><br/>
</body>
</html>
I have created a sample page
here with the CodeProject provider and one for BloggingAbout.Net (although the search function of this blog usually returns no results, will probably be solved in the next upgrade ;-).
For all you lightweight-lovers out there The Serverside .NET has published an extensive list of Agile resources on their site.
It covers the topics of philosophy, development, management, modeling, data and testing. You can find the list
here.
ASP.NET 2.0 has got a very cool and easy way to take your website offline:
Just place a file called
app_offline.htm in the root of your website and your worker process will be stopped.
The static
app_offline.htm page will then be served to the users of your site to inform them that your site is temporary offline.
To restart your site just remove (or rename) the file and your website is back online!
Now that's what I call cool!
My favourite tool in Visual Studio 2003 has always been JetBrains' Resharper. A couple of months ago we converted our application to the .NET 2.0 framework and Visual Studio 2005. Although VS 2005 now has some of the refactoring and analysis features that Resharper offered, it is nowhere near as powerful. So I was really happy to see that JetBrains was developing Resharper 2.0 for VS 2005. That happiness rapidly disappeared after installing the beta. It was really buggy and therefore impossible to use.
The last time I installed a beta was just 2 or 3 weeks ago and it still was not good enough to use in my daily work. The biggest problem was the static code analysis that got really confused when the same classname was used in different namespaces. Meanwhile I tried other tools like Omnicore's JustCode, but they just aren't as good as Resharper.
Today I read on Scott Guthrie's Blog that the final verion had been released, so I decided to give a last try. And guess what... it works perfectly. Nomore stange analysis errors, no more empty code completion boxes... And the best thing is: 1.5 users get a free upgrade to 2.0!
So, I'm a happy coder again 
I've been reading some of Patrick Wellink's posts about MyGeneration with dOOdads and I was curious if the productivity claims he was making are really true. Because the application that I'm currently working on already has a complete DAL in place, this was not a good candidate to try it on (I don't think I would have made it out of the office alive ;-). But one of my personal web sites was a perfect candidate to try it on.
Last year I promised some of my friends that I would build a web site for the Formula 1 competition we were having. Before every race we would e-mail our forecasts for the race and some pour fellow would calculate the results manually. I said that I could easliy build a web site for this, but I forgot to do so until 3 weeks before the start of the season. So, I "developed" the site under some time stress, created an Access database, dragged and dropped some dataconnectors on the forms and bound the controls to them. It worked and looked rather nice from the outside, but is was far from perfect.
First I used the Access upgrading wizard to migrate the tables and data to SQL Server 2005 Express and translated some of the queries that I had build to SQL views. For the dOOdads architecture to work, you will need to create some extra stored procedures in the database. I used the "SQL_StoredProcs.vbgen" template in MyGeneration, selected the tables I wanted the procedures generated for, and after a couple of seconds the script was ready and I ran it on the database.
After this I used MyGeneration with the "CSharp_SQL_dOOdads_BusinessEntity.vbgen" template to create the data access classes, which I added to my project. These classes are impletented as abstracts so you will have to write concrete classes to implement them. Or ofcourse, generate them with the "CSharp_SQL_dOOdads_ConcreteClass.vbgen" template (you will have to add an using directive to this template to the namespace that you have used to generated the data access objects).
The last generation step is to create objects for the views in the database using the "CSharp_SQL_dOOdads_View.vbgen" template. These are implemented in concrete classes already.
To make all of theses classes work, you will have to add the MyGeneration.dOOdads project to your solution. Don't forget to set the "Build Action" property to compile for SQLClientEntity and the SQLDynamicQuery classes. Build the solution and you're ready.
It took me about 30 minutes to do this, but if you've done this before, you can do it in 5. Converting the rest of the application was very easy. The dynamic query feature of the dOOdads lets you create strong typed dynamic queries with great ease and loads them into the business objects. The objects have a DefaultView property that you can use as a datasource for your controls.
Other nice features of the dOOdads architecture are:
- String properties: these are string equivalents of the fields of your objects, that make the handling of null values easy by converting them from and to empty strings.
- Prevention of SQL-injection attacks.
- Easy transaction handling
For a good impression of all the dOOdads features read this introduction document.
MyGeneration and the dOOdads architecture make it really easy to create a useful solid DAL for your application. There are also a lot of other templates available for MyGeneration on their site. Creating your own templates will be a bit harder. The IDE has no intellisense and you will have to build your scripts in a sort of ASP.
After a period of radio silence I have decided to sharpen the pencil (euh... keyboard) again. The last couple of months I lost a bit of the joy in development and didn't feel like blogging about it, but now I am "back on the blog".
So I cleaned up the site with a new theme for a fresh new start
But ther will be more soon! I am currently checking out new tools and techniques and I will share my findings with you. Some of the things I'm looking at are MyGeneration/ dOOdads and the new Atlas control set. I'm applying these on my personal website (a Formula 1 competition site), which will be accessible in a short while.
If you liked Microsoft's Developer Toolbar you will love the Firefox version. You can download this toolbar here.
It can do all things that you can do with the MS equivalent but also a lot more (the image above just shows a few options). I especially like the Edit CSS and the edit HTML functionality in which you can edit the page's source and stylesheet realtime in Firefox. Great stuff, check it out.
While we're at it, there is another very nice extension for Firefox. For me, the only problem I have with Firefox is in fact Internet Explorer. Some website developers still think that there is only one browser in this world and you can see that very clearly in the sites they build. For this, I now have the IE Tab extension. With one click you can load the page in an IE instance within Firefox. You can also add pages or domains to a list that will load in an IE instance by default. Also a must have.
More Posts
Next page »