Blog Home  Sign In RSS 2.0 Atom 1.0 CDF  

  def Softwaremaker() :
         return "William Tay", "<Challenging Conventions />"

  knownType_Serialize, about = Softwaremaker()
 

 Saturday, October 29, 2005

I was told that there appears to be a couple of non-working samples in the Windows Communication Foundation (WCF, previously - Indigo) Sept-CTP drop. I found out (the hard way) that one of them was the BasicSecurityProfile sample.

There is a workaround to it. There are basically 2 bugs in that sample. It may help solve the other bugs in the samples. This will only affect the security samples that uses the WS-Security Specifications in the [basicHttpBinding] bindings.

BUG 1. The affected sample will only work with X.509 Digital Certificates that has the Subject Key Identifier (SKI) installed. Unfortunately, the cert samples, which are used, are being issued by makecert.exe which doesnt generate X.509 certs with the SKI.

  1. You can create test certificates from Verisign. Those test certs will come with SKI
  2. You can set up a Certificate Authority (CA) on Windows 2003 Server. This is not installed by default and you need to add that component into your server setup. This will issue you a cert with SKI.

On a separate note, X.509 Digital Certificates that come with SKI offer the best approach in interoperability, so it is best recommended that you work with certs that comes installed with it.

BUG 2. Once you fix the workaround to BUG 1, and you run the BasicSecurityProfile sample and the client barfs this exception at you:


System.ServiceModel.Security.MessageSecurityException was unhandled
  Message="No signature message parts were specified for messages with action '*'."
  Source="mscorlib"
  StackTrace: [BLAH] [BLAH] [BLAH]
You would have come across the second bug. This is an easy fix.

  1. On the client proxy, change the replyAction = "*"

Once you have these 2 workarounds done up, the BasicSecurityProfile sample should work.

Both these bugs will be fixed in the subsequent WCF drop. I hope this at least helps someone.

Saturday, October 29, 2005 1:13:35 AM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  •  Monday, October 24, 2005

    In Web Services Enhancements (WSE) 2.0, one could exercise some control over what one xml element/fragments wants to encrypt within a soap:Body. Therefore, if I wanted to encrypt the account string in my credit card type, I could do something like this:

    [At your Service Side]


    Public Class SecuredCreditCard
      <XmlElement(ElementName:="CreditCardType")> _
      Public Type As String
      <XmlElement(ElementName:="CreditCardAccount")> _
      Public Account As SecuredString
    End Class

    Public Class SecuredString
      'Set the Oasis Id that our security reference will point to
      <XmlAttributeAttribute("Id", _
    Namespace:=".../2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")> _
      Public ID As String
      <XmlText()> _
      Public Data As String
    End Class

    [At your Calling side]


    Dim a As localhost.IndexWse = New localhost.IndexWse
    Dim b As localhost.SecuredCreditCard = New localhost.SecuredCreditCard
    Dim z As localhost.SecuredString = New localhost.SecuredString

    Dim c As SoapContext = a.RequestSoapContext

    b.CreditCardType = "VISA"
    z.Id = "uri:demoId.softwaremaker.net" 'or some guid
    z.Value = "123-456-789"
    b.CreditCardAccount = z

    c.Security.Elements.Add(New EncryptedData(tok, "#uri:demoId.softwaremaker.net"))

    Note: To reduce headache-inducing typo bugs, you may want to use some WSE Constants such as
    WSUtility.Prefix
    WSUtility.AttributeNames.Id
    WSUtility.NamespaceURI

    The end result of this is a soap:Body on the wire looks like this:


    <SecureCreditCard>
     <CreditCardType>VISA</CreditCardType>
     <CreditCardAccount d4p1:Id="uri:demoId.softwaremaker.net" xmlns:d4p1=".../2004/01/oasis- 200401-wss-wssecurity-utility-1.0.xsd">
      <xenc:EncryptedData Id="EncryptedContent-3d793117-f020-4236-a0a0-0ed545d9bf1a" Type=".../2001/04/  xmlenc#Content" xmlns:xenc=".../2001/04/xmlenc#">
      <xenc:EncryptionMethod Algorithm=".../2001/04/xmlenc#aes128-cbc" />
      <xenc:CipherData>
      <xenc:CipherValue>FRFCiq...+0W5oS4</xenc:CipherValue>
      </xenc:CipherData>
      </xenc:EncryptedData>
     </CreditCardAccount>
    </SecureCreditCard>

    While I dont know how much of performance benefits this has over one that has the entire SecureCreditCard encrypted (since it is an symmetric-key encryption at its core), I think in terms of latency and throughput, it does offer some benefits especially with a sizable payload (>20-30 kb, for instance ?)

    Windows Communication Foundation (WCF, previously - Indigo) does not currently have that feature build in at the moment (Sept05-CTP or known as the PDC-bits). In other words, in WCF today, you encrypt the entire contents of the soap:Body, lock-stock-barrel. I would still love that WSE feature in there: To be able to exercise finer grain control over what I want to or not to encrypt within a soap:Body.

    Would really like to find out if I am the only odd one out there. Any users using that existing WSE feature out there that would love to see the same in WCF or do you have other better ideas ? Leave a comment or email me via the contact link on the side. Thank you.

    BTW: Whether you encrypt certain elements of the contents or encrypt the entire contents of the soap:Body, both are WS-Security Specifications compliant.
     

    Monday, October 24, 2005 1:00:00 PM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  •  Tuesday, October 18, 2005

    Fellow Singaporean Microsoft MVP, Aaron Seet has a very interesting take on the above subject. It is a definite read.

    Tuesday, October 18, 2005 9:21:11 AM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  • Fellow Microsoft Regional Director from Australia and personal friend, Adam Cogan will be in Singapore to present on 2 topics to the Singapore SQL Server Usergroup and our very own Singapore .NET Usergroup.

    [Starting at 1830 hrs]
    What's new in Reporting Services 2005 + Developing Custom Report Items

    Reporting Services makes viewing your data a breeze and SQL Server 2005 brings database reporting to a whole new level. In this session you will learn how to take full advantage of the new Report Designer that is integrated into Visual Studio 2005. We will discuss the core product improvements, reporting improvements, the better integration, and the richer developer experience.

    You will also discover how to create and implement Custom Report Items - custom data visualization controls that allow you to make powerful reports.


    [Starting at 1945/2000 hrs]
    15 Rules to Better Code + Tools to Keep your Code Healthy (including FX Cop)

    Are you looking to eradicate bugs and ensure consistency? Learn how to take control of your code, ensuring large, complex source code can be simplified, cleaned and maintained. The focus is on the most popular .NET languages (C#, VB.NET) for both Windows Forms and ASP.NET; however, you will learn how to maintain quality code in any language.

    As a project or company grows, managing code standards throughout your team becomes virtually impossible. Consistent code is crucial to future development and maintenance. Learn how to review your web apps and projects.

    The tools he will explore include FX Cop, SSW Code Auditor, and Re-Sharper

    I hope to see you there.

    Tuesday, October 18, 2005 12:36:08 AM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  • Some of my recent project work have been very focused on the Middle-East and therefore, we have to scope out a different set of UIs that deals with Arabic characters which reads from Right-to-Left   Some of my recent project work have been very focused on the Middle-East and therefore, we have to scope out a different set of UIs that deals with Arabic characters which reads from Right-to-Left

    Some of my recent project work have been very focused on the Middle-East and therefore, we have to scope out a different set of UIs that deals with Arabic characters which reads from Right-to-Left   Some of my recent project work have been very focused on the Middle-East and therefore, we have to scope out a different set of UIs that deals with Arabic characters which reads from Right-to-Left

    This is a great resource for authoring Middle-Eastern content:
    http://www.microsoft.com/globaldev/handson/dev/Mideast.mspx

    Monday, October 17, 2005 10:03:10 PM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  •  Monday, October 17, 2005

    I couldnt resist.

    WomenAndProblems.jpg

    Monday, October 17, 2005 7:10:02 AM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  •  Sunday, October 16, 2005

    I had posted this thought quite a while back on an old blog. Seems like the recent exchange in W3C, more or less, have re-visted my thoughts on this issue.

    Jim Webber sums it well here.

    Sunday, October 16, 2005 9:15:10 AM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  •  Friday, October 07, 2005
    Thursday, October 06, 2005 8:23:33 PM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  •  Wednesday, October 05, 2005

    Mike Taulty is throwing up some very good Windows Communication Foundation (WCF, previously - Indigo) notes via his blog here.

    In one of his post, he asked about what is the ListenerFactory that is analogous to the client-side ChannelFactory. This is a good question and I believe the answer is the System.ServiceModel.ServiceHost.

    There are, however, a few ways to implement a server-side pipe that can process and understand his client-side implementation of his generic ChannelFactory here.

    One of the ways to listen and process the incoming message is actually something he has already cooked up in an earlier post of his. However, to answer his question:- ServiceHost is the answer to the ListenerFactory.

    I took the liberty of writing up some code to wire up some ListenerFactory stacks via the Service.ServiceModel.ServiceHost.


    Module SomeModule
    Sub MyOwnServiceHost
    Dim cBindings As New CustomBinding
    Dim httpTransport As New HttpTransportBindingElement
    Dim textEncoding As New TextMessageEncodingBindingElement
    cBindings.Elements.Add(httpTransport)
    cBindings.Elements.Add(textEncoding)

    Using sh1 As New ServiceHost(Of MyOwnServiceHost)(New Uri("http://localhost:8080/"))
    sh1.AddEndpoint(GetType(MyOwnServiceHost), cBindings, "MyOwnServiceHost")
    sh1.Open()
    Console.WriteLine("Service running ...")
    Console.WriteLine("Press Enter to Exit.")
    Console.ReadLine()
    End Using
    End Sub
    End Module

    <ServiceContract()> _
    Class MyOwnServiceHost
    <OperationContract(Action:="urn:someAction", IsOneWay:=True)> _
    Public Sub DumpWhateverToConsole(ByVal m As Message)
    SomeModule.DumpMessageOutToConsole(m)
    End Sub
    End Class

    Wednesday, October 05, 2005 5:06:29 AM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  • Another speaking assignment that landed at my desk is for me to talk about "Web Services Security: How to track along the Security Standards Jungle" on the 21 October 2005

    Somehow, I tend to attact the dry topics . This event is owned by OASIS and XMLOne Usergroup. More information can be found here.

    If you are around the vicinity, do feel free to drop by and catch up.

    Wednesday, October 05, 2005 12:52:22 AM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  •  Tuesday, October 04, 2005

    I received my Certified Web Services Professional (CWSP) Certificate today in an official business ceremony. I have known this for some time but this is the first time it was made known to the public in an Infocomm Development Authority of Singapore (IDA) Weave Event. I am one of only 8 people who are in the pioneering batch to receive this certificate. The other 7 people come from technology vendors such as SUN Microsystems, IBM, Software-AG and members of the tertiary educations of higher learning academia.

    More on the CWSP:

    The CWSP is announced during XMLAsia 2003 and the Framework is developed jointly by IDA, the National Infocomm Competency Centre (NICC), Singapore Information Technology Federation (SiTF) and XMLOne User Group (UG). It aims to develop Infocomm professionals and re-skill them with Web Services competencies by meeting the career and skills-progression needs of Web Services talent at all levels, ranging from Developers, Professionals, Architects to Consultants.

    Tuesday, October 04, 2005 8:17:35 AM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions

  •  Saturday, October 01, 2005

    I am trying to test out Start.com. It is pretty good so far. I like the "Recent Searches" bit on the left-hand menu.

    It is, however, too early to say that it will displace Google.com for my main search page for all my machines at home.

    It does look promising though ...

    Saturday, October 01, 2005 5:48:12 AM (Malay Peninsula Standard Time, UTC+08:00)  #    Disclaimer 
  • Blog reactions