November 2006 - Posts

SharePoint Workflow

Eilene Hao, Program Manager, SharePoint has been writing series of posts about SharePoint Services Workflow. You can check out the entire series in the SharePoint team weblog.

Posted by gsusx | 1 comment(s)

Invoking TCP-Hosted WCF Services using BizTalk Server R2

One of the great features that we (TwoConnect) accomplished with the WSE 3.0 adapter for BizTalk Server was the support for non-HTTP transports. The capability of decoupling the Web Services interaction of the transport used for the communication opens a new set of possibilities for BizTalk Server processes.

This transport independence concept comes naturally in WSE 3.0 and is being taken to another level in the Windows Communication Foundation (WCF) channel model. As part of BizTalk Server R2 Microsoft provides a set of WCF adapters that uses a common set of WCF bindings. Among them the WCF-NetTcp adapter abstracts the interactions with WCF services that communicate using TCP as transport protocol. Alternatively we can use the WCF-Custom adapter which also understands the WCF NetTcp Binding

Let’s take the following WCF service as an example:

  

[ServiceContract()]

public interface IMathService

{

  [OperationContract]

  int Add(int param1, int param2);

}

  

public class MathService: IMathService

{

public int Add(int param1, int param2)

{

  return param1 + param2;

}

}

  

This WCF Service is associated with the following binding that declares the use of Tcp as the transport protocol of the WCF Service endpoint. The alternative endpoint is just used in order to have access to the Service description (WSDL).

  

                                     

<configuration>

      <system.serviceModel>

            <services>

                  <service name="MathService.MathService"

                               behaviorConfiguration="CalculatorServiceBehavior">

                        <host>

                              <baseAddresses>

                                    <add baseAddress="http://localhost:8000/servicemodelsamples/service"/>

                              </baseAddresses>

                        </host>

                        <!-- this endpoint is exposed at: net.tcp://localhost:9000/servicemodelsamples/service  -->

                        <endpoint address="net.tcp://localhost:9000/servicemodelsamples/service"

                                      binding="netTcpBinding"

                                      bindingConfiguration="Binding1"

                                      contract="MathService.IMathService" />

                        <!-- the mex endpoint is explosed at http://localhost:8000/ServiceModelSamples/service/mex -->

                        <endpoint address="mex"

                                      binding="mexHttpBinding"

                                      contract="IMetadataExchange" />

                  </service>

            </services>

            <bindings>

                  <netTcpBinding>

                        <binding name="Binding1"

                                     closeTimeout="00:01:00"

                                     openTimeout="00:01:00"

                                     receiveTimeout="00:10:00"

                                     sendTimeout="00:01:00"

                                     transactionFlow="false"

                                     transferMode="Buffered"

                                     transactionProtocol="OleTransactions"

                                     hostNameComparisonMode="StrongWildcard"

                                     listenBacklog="10"

                                     maxBufferPoolSize="524288"

                                     maxBufferSize="65536"

                                     maxConnections="10"

                                     maxReceivedMessageSize="65536">

                              <readerQuotas maxDepth="32"

                                                  maxStringContentLength="8192"

                                                  maxArrayLength="16384"

                                                  maxBytesPerRead="4096"

                                                  maxNameTableCharCount="16384" />

                             

                              <security mode="None">

                              </security>

                        </binding>

                  </netTcpBinding>

            </bindings>

       <behaviors>

                  <serviceBehaviors>

                        <behavior name="CalculatorServiceBehavior">

                              <serviceMetadata httpGetEnabled="true" />

                              <serviceDebug includeExceptionDetailInFaults="False                                " />

                        </behavior>

                  </serviceBehaviors>

            </behaviors>

      </system.serviceModel>

 

</configuration>

  

On the BizTalk Server side we need to generate the types corresponding to the WCF service. We do that using the WCF Adapter Metadata Wizard. Notice that the generated metadata is not related with a particular endpoint.

Finally in order to interact with the WCF service select the WCF-NetTcp adapter from the adapter list in the Send Port and configure the properties as illustrated in the following figure.

 

  

  

Notice the SOAP action header needs to be configured in order to identify the operation to invoke on the service side.

Posted by gsusx | 3 comment(s)
Filed under: ,

Card Space Sample

Vittorio Bertocci has posted an amazing sample that explains how to uses Windows Card Space and Windows Communication Foundation to secure a smart client application.

Posted by gsusx | 4 comment(s)

BPEL WS-* interoperability

A few months ago I coauthored with Clemens Utschig (Oracle SOA Product Manager) an article about Web Services interoperability challenges faced on the design of BPEL-based Business Processes. Last month the article made it to the Web Services Journal. So if you are interested in WS interoperability take a read and send me some feedback. Fragments of that article can also be found in this Oracle .NET Web Services interoperability whitepaper in the Oracle Technology network.

SharePoint 2007 workflow tracking service

Complementing my previous post the workflow host in SharePoint 2007 does not implement a tracking service. The tracking of SharePoint workflows is reduced to actions against SharePoint list items (ex: Workflow tasks).   

Posted by gsusx | 2 comment(s)

SharePoint 2007 Workflow Persistence Service

Yesterday a friend asked me about the Windows Workflow (WF) Persistence Service in SharePoint 2007. As you might know SharePoint persists the state of workflows when it hits a persistent point. However the SharePoint WF host does not use the default Persistence Service provided by WF. In other words, you won’t see the Persistence Service database as part of the SharePoint 2007 installation. In that case how does SharePoint 2007 persists the state of long running workflows?

The WF persistence service of SharePoint 2007 is implemented as part of the SPWinOePersistenceService class of the Microsoft.SharePoint.Workflows namespace. This class implements the SaveWorkflowInstanceState and the LoadWorkflowInstanceState of the WorkflowPersistenceService class. The implementation of those two operations calls the SaveInstanceData and LoadInstanceData methods of the SPWinOeHostServices class which in turns calls the methods with the same signature in the SPWorkflowManager class. The following diagram illustrates the calls cycle.

 

Where is the data stored? The data is stored as a compressed binary representation in the Workflows table of the SharePoint content database. The column InstanceData represents the current workflow instance state.

 

Posted by gsusx | 9 comment(s)

.NET Framework 3.0 is out!!!!!

.NET Framework 3.0 RTM is here. Congratulations to the team for more than four years of hard work!!!! Now I have the rest of my week planned out upgrading my WCF channels.

Posted by gsusx | with no comments

TwoConnect award

TwoConnect CEO Javier Mariscal has been nominated Hispanic Business Magazine Entrepreneur of the Year on the info-business category. This is a great recognition to Javier as one of the top executives of technology companies in the country. Congrats Javier

Posted by gsusx | with no comments

WCF Oracle Application Server WS-Security Interoperability Part 2: from Oracle to WCF

By Jesus Rodriguez

This article is part of a series intended to explore interesting Web services interoperability scenarios between Microsoft .NET technologies and Oracle Application Server. The first two articles of this series explored interoperability scenarios  (WS-Security interoperability and WS-Addressing interoperability) between Oracle Business Process Execution Language (BPEL) Process Manager (PM) and Microsoft Web Services Enhancements (WSE) and Windows Communication Foundation (WCF) platforms.

The articles that compose this series are intended to illustrate techniques and architecture and design strategies that address some of the most common scenarios in Web services interoperability between Oracle App Server and Microsoft Web Services platforms. Particularly, this article is focused on how to implement the Anonymous over Certificate WS-Security scenario between Oracle App Server and Microsoft WCF.

In the fist part of this article we implemented the Anonymous over Certificate with an Oracle App Server Web Service and a WCF client. In this article we intend to complement the Anonymous over Certificate interoperability scenario implementing an Oracle App Server client that consumes a WCF Service. A complete description of the scenario can be found in my previous post.

The implementation: From Oracle App Server to WCF.

WCF Service

The WCF service for this example implements a simple mathematical operation as illustrated in the following code.

[ServiceContract()]

[XmlSerializerFormat()]

public interface IMyService

{

       [OperationContract]

       int Add(int param1, int param2);

}

 

public class MyService : IMyService

{

       public int Add(int param1, int param2)

       {

               return param1 + param2;

       }

}

In order to implement Anonymous over Certificate in a WCF Service we need to create a binding configuration that implements message security and does not require any user credentials for authentication. Given that Oracle App Server does not implement WS-Trust, we need to configure the default WS-Trust behaviors (see first part of this article).

<configuration>

            <system.serviceModel>

                        <services>

                                    <service name="MyService" behaviorConfiguration="MathServiceBehavior">

                                                <endpoint contract="IMyService" binding="wsHttpBinding" bindingConfiguration="mybinding"/>

                                    </service>

                        </services>

 

                        <bindings>

                                    <wsHttpBinding>

                                                <binding name="mybinding">

                                                            <security mode="Message">

                                                                        <message clientCredentialType="None" establishSecurityContext="false" negotiateServiceCredential="false"/>

                                                            </security>

                                                </binding>

                                    </wsHttpBinding>

                        </bindings>

 

                        <behaviors>

                                    <serviceBehaviors>

                                                <behavior name="MathServiceBehavior">

                                                            <serviceMetadata httpGetEnabled="true" />

                                                            <serviceCredentials>

                                                                        <serviceCertificate findValue="mycert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />

                                                            </serviceCredentials>

                                                            <serviceDebug includeExceptionDetailInFaults="False" />

                                                </behavior>

                                    </serviceBehaviors>

                        </behaviors>

                        </system.serviceModel>

 

            <system.web>

                        <compilation debug="true"/>

            </system.web>

</configuration>

These are all the steps required to implement Anonymous over Certificate in a WCF service having a high degree of interoperability with a J2EE client. Let’s check now how to implement an Oracle application client that consumes this WCF service.

Oracle Client

In order to consume the WCF Service we need to generate a Web Service proxy. Typically, this can be done using the Standard Web Service Proxy project template in JDeveloper. Another required step is to import the required certificates into an Oracle compatible certificate store. To find out more information about managing Oracle certificate stores, read Administering Web Services Security in the Oracle App Server documentation.

After implementing the above preliminary steps, we can create a typical Oracle client application that looks like the following:

 

public class ClientApp {

        public ClientApp() {

        }

        public void Test()

        {

        try

        {

            WSHttpBinding_IMyServiceClient proxy= new WSHttpBinding_IMyServiceClient();

            int i= proxy.add(34, 57);

        }

        catch(Exception ex){}

        }

public static void main(String[] args) {

                ClientApp clientApp = new ClientApp();

                clientApp.Test();

        }

}

Next, you configure the WS-Security settings for the WCF service proxy. This can be done using the Secure Proxy option on the generated proxy.

 

Figure 1: JDeveloper Secure Proxy configuration wizard

After completing the wizard the configuration security settings file should look similar to the following:

<oracle-webservice-clients xsi:noNamespaceSchemaLocation="META-INF/oracle-webservices-client-10_0.xsd"

                                                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

      <webservice-client>

            <service-qname namespaceURI="http://tempuri.org/" localpart="MyService"/>

            <port-info>

                  <wsdl-port namespaceURI="http://tempuri.org/"

                                        localpart="WSHttpBinding_IMyService"/>

                  <runtime enabled="security">

                       <security>

                             <key-store name="" store-pass="test123" path="C:\Oracle\companionCDHome_2\jre\1.4.2\bin\test2.jks"/>

       <signature-key key-pass="test123" alias="myca"/>

        <encryption-key key-pass="test123" alias="myencca"/>

                             <inbound>

                                   <verify-signature>

                                          <signature-methods>

                                               <signature-method>DSA-SHA1</signature-method>

                                                <signature-method>RSA-MD5</signature-method>

                                               <signature-method>RSA-SHA1</signature-method>

                                          </signature-methods>

                                          <tbs-elements>

                                                <tbs-element local-part="Body"

                                                                         name-space="http://schemas.xmlsoap.org/soap/envelope/"/>

                                          </tbs-elements>

                                          <verify-timestamp created="true" expiry="28800"/>

                                   </verify-signature>

                                   <decrypt>

                                          <encryption-methods>

                                               <encryption-method>AES-128</encryption-method>

                                               <encryption-method>AES-256</encryption-method>

                                               <encryption-method>3DES</encryption-method>

                                          </encryption-methods>

                                          <tbe-elements>

                                                <tbe-element local-part="Body"

                                                                         name-space="http://schemas.xmlsoap.org/soap/envelope/"/>

                                          </tbe-elements>

                                   </decrypt>

                             </inbound>

                             <outbound>

                                   <signature>

                                         <signature-method>RSA-SHA1</signature-method>

                                          <tbs-elements>

                                                <tbs-element local-part="Body"

                                                                         name-space="http://schemas.xmlsoap.org/soap/envelope/"/>

                                          </tbs-elements>

                                          <add-timestamp created="true" expiry="28800"/>

                                   </signature>

                                    <encrypt>

                                          <recipient-key alias="wcfcert"/>

                                         <encryption-method>3DES</encryption-method>

                                          <tbe-elements>

                                                <tbe-element local-part="Body"

                                                                          name-space="http://schemas.xmlsoap.org/soap/envelope/"/>

                                          </tbe-elements>

                                   </encrypt>

                             </outbound>

                       </security>

                 </runtime>

                  <operations>

                        <operation name="add"/>

                  </operations>

            </port-info>

      </webservice-client>

</oracle-webservice-clients>

 

 

As you can see in the highlighted section, this client does not provide any credentials for authentication and uses certificates to sign and encrypt the message. Given that the WCF service is not implementing any key negotiation by default, using WS-Trust client application it’s able to successfully invoke the WCF Service explained on the previous section. The messages produced from the interactions between the Oracle clients and the WCF services are WS-Security 2004-01 compatible messages.

Conclusion

These two articles have explained the techniques used to implement the Anonymous over Certificate WS-Security scenario between WCF and Oracle Application Server. Specifically, this article complemented the first part explaining how to invoke a WCF Service that implements Anonymous over Certificate from Oracle App Server.

 

Open World

Oracle Open World was a huge success this year. Unfortunately I was not able to attend but I followed very close the new releases specially the SOA Suite. My friend Clemens Utschig posted a great summary of the conference.

Posted by gsusx | with no comments
More Posts