Real World SOA Course

My SOA series on Pluralsight has been published:

  • Real World SOA: Analysis and Design – Covers the strategic goals of SOA and how to identify business-aligned services. It covers the building blocks of a SOA reference architecture; all within the context of a practical case study
  • Real World SOA: Design and Implementation – Jumps into the detailed design and implementaiton aspects of SOA services. It covers design principles, messaging reliability, security, transactions, asynchronous patterns, and more…

Custom WCF MessageHeader – Set MustUnderstand

In a recent implementation, I was building a WCF intermediary which receives messages and does some processing and then route these messages to a set of services that are not under my control.

One of the requirements, was that in specific cases I had to edit the incoming Security header and set misunderstand to 0 instead of 1. As I said, I have no control over the destination services, therefore I cannot use the ValidateMustUndestand service behavior nor the fine grained UnderstoodHeaders property of the message headers to bypass validation at these services.

So in the intermediary I built an inspector which intercepts the message just before being sent to the destination services. It then removes the incoming Security header after it preserves the content, then creates a custom header with mustunderstand set to false, then injects this header instead of the old one.

Here is the header definition:

public class SecurityHeader:MessageHeader
{
private const string HeaderName = “Security”;
private const string HeaderNamespace = “http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”;
private bool mustUnderstand;private string content;
public override string Name
{
get { return HeaderName; }
}public override string Namespace
{
get { return HeaderNamespace; }
}

public override bool MustUnderstand
{
get { return mustUnderstand; }
}

public SecurityHeader(string content, bool mustUnderstand)
{
this.content = content;
this.mustUnderstand = mustUnderstand;
}

protected override void OnWriteHeaderContents(XmlDictionaryWriter writer, MessageVersion messageVersion)
{

writer.WriteRaw(this.content);
}
protected override void OnWriteStartHeader(XmlDictionaryWriter writer, MessageVersion messageVersion)
{
writer.WriteStartElement(“o”, “Security”, “http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”);
if (this.mustUnderstand)
writer.WriteAttributeString(“s:mustUnderstand”, “1”);

}
}

The OnWriteStartHeader overridden method allows us to have fine-grained control over the how the Security element itself will look like. Here I do the changes I want.

The OnWriteHeaderContents overridden method gives us control over the content of the header. Here I just use the WriteRaw method of the writer to write the same content I preserved before. You can get this content in the inspector using request.ToString() from inside the inspector’s BeforeSendRequest method, and then do some manipulation to get the contents inside the Security header. Alternatively you can an XmlReader or XmlDictionaryReader to parse the message and get the required content.

Inside the inspector, you can use the following code to first remove the original security header, then add the one with the updated header:

request.Headers.RemoveAll(“Security”, “http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd”);

SecurityHeader head = new SecurityHeader(content, false);
request.Headers.Add(head);

 

ADFS 3.0 Setup Gotchas

I was setting an ADFS 3.0 lab setup and thought I would share couple of gotchas – nothing particularly new here but could save someone some time.

Gotcha #1: Use Different Federation Service Name

In my case, I wanted to set my federation service on the same domain controller machine. This is of course not realistic in a production setup, but it’s common in a lab setup as you’d be preparing a POC or just playing around with stuff.

In this case, you cannot have the Federation Service name the same as the server name. In other words, my machine FQDN is “dc1.lab1.local”. Therefore I cannot have my federation service URL as: https://dc1.lab1.local/adfs/ls.

Instead I need to create a different service name; say for example “fs1.lab1.local”. So the URL will be https://fs1.lab1.local/adfs/ls.
Continue reading

BizTalk Business Process Scenario (3) – Process 1 (Part 2)

In the previous post we saw the main bill upload process. What I left out was the process that handles failed message routing.

Download Solution

http://1drv.ms/1P5X4b8

The Famous Failed Routing Error

In the previous post, I showed you how correlation is vital for the correct operation of a business process. However, this correlation – being based on matching field values – is subject to failure.

For example, in our process, say that the bank sent the Bill Confirmation Rq, with a wrong AsyncRqUID. Using correlation BizTalk will try to route the message to running Ox instance but it won’t be able to do so.

In order to see this, drop a bill request message into the folder. Now while the process is waiting for the confirmation rq message, edit the asyncrqid. Now drop the message in the confirmation request folder. If you examine now the event log you will see the famous error: “The published message could not be routed because no subscribers were found”. This happened because BizTalk was not able to match the correlation and no other subscribers were found for the message.
Continue reading

WS-* in WCF (8) – Transactions

DTC and the 2 Phase Commit Protocol

Transaction Managers

Atomic Transactions rely on automatic commit and rollback actions. Therefore they need a system to manage these actions implicitly. The name of this system is Transaction Manager.

There are multiple kinds of transaction managers, each used for a certain transaction protocol. For a detailed discussion check my WCF Transactions Pluralsight course. But for the sake of this discussion, we care about the WS-AT protocol, and a particular Transaction Manager – called the Distributed Transaction Coordinator – or DTC.

DTC is familiar to most developers, and is capable of managing transactions across process and machine boundaries.

DTC and Atomicity

So DTC has a tough challenge: while the Consisteny, Isolation, and Durability attributes are managed by Resource Managers (RMs), DTC must preserve the atomicity attribute, and it must do this over multiple participants that are most probably distributed over multiple machines.
Continue reading

WS-* in WCF (7) – Claims Security Part 2

In the previous article we understood WS-Trust and WS-Federation and saw briefly how they are used with WCF. Now let’s see an example of how to configure a WCF service to delegate authentication to an STS.

Service Configuration

Here I will configure my WCF service to delegate authentication to ADFS. The federation service namespace is “fs1.lab1.local”.

The following section sets the service certificate; the one that will be used to access the service over SSL (this is a self-signed certificate using makecert):

1
Continue reading

Serialization in .NET 4.5 Course

Course Serialization in .NET 4.5 has been released.

This course equips viewers with essential knowledge about serialization in the .NET Framework. No matter what .NET technology developers are using – whether it’s ASP.NET, WCF, Web API, or desktop applications – they will definitely encounter situations where serialization is needed. This course helps them understand the different alternatives and what is the best choice in each scenario.

Watch it here:

http://www.pluralsight.com/courses/serialization-dotnet-4-5