Jerry Dennany's Occasional Clue

I've always been a fan of the tools from Sysinternals.  Now, I've got even more reason to be happy (besides the fact that the tools are free!)  The latest version of Procexp.exe now enumerates appdomains in a process.

This is actually incredibly useful, as I'm currently working on a project with multiple appdomains.

I attended the local Atlanta .NET users group meeting last night.

The first thing I'd like to mention is that I'm very disappointed that the speaker, Eric Marvets, was a no- show.

However, Doug Ware did an excellent job of extending his talk on "Deploying .Net Applications Using Visual Studio".  Unfortunately for me, this session was a re-run.  It's kind of like never watching Alias, and then you tune in one night, and it's an episode you've already seen?

After re-viewing Doug's presentation, there was one philisophical issue that I disagreed with:

Doug makes heavy use of .vbs scripts as MSI custom actions. However, as I've told anyone who would listen, VBScript sucks.  Rob Mensching, author of WiX, agrees in his rant,  "VBScript (and Jscript) MSI CustomActions suck".

Unless you enjoy support calls that are difficult to resolve, please avoid using VBScript Custom Actions.

Cheers to Doug for presenting (again) a dry but important topic.

On a related note, I'm thinking about dropping by the next Atlanta C# Users Group.  I hear that they cover more advanced topics.

So, while looking for information on the upcoming SQL Server 2000 SP4 release, I noticed that SQL Server 2005 is 'slipstreamable'.  I'm pretty certain that most of the developers here don't really care, but I am also responsible for the build / release cycle on my dev team. Slipstreaming almost crosses over into the 'must have' category.

The SQL Server 2000 installation was a strange mixture of coolness, and archaic.  For example, while the Service Packs are cluster aware and very scriptable, they are launched from a SETUP.BAT file. How 1990s.
It's also worth noting that even for a Y2K software release, Microsoft was still using Installshield 5.x for SQL Server installs, and not the much ballyhood "Windows Installer" engine.

I'll be putting the SQL Server 2005 install through it's paces soon, checking out Cluster installations, as well as silent installs.  I'll keep you posted.

I tried. I really did.

I was a good friend to WSE 2.0, especially when she got all dressed up in SP3.  I took her out for long evening walks through the Pipeline Filters, and I even managed to get to her endpoint without violating any Policy.

Alas, our relationship was not to be.  I mean, I still consider her my friend, but when I discovered that she was really not suited for handling Binary Data, I bolted.  She calls me sometimes, reminding me that she can still do DIME, and she’ll even get dirty with Base64.  But, I’m a little too prudish for all that.

Some of my friends tell me that she’s going to try to reconcile with me.  She’s really turning around, they say, and is even striving for MTOM.  But, it’s too late.  I’ve gone back to my former mistress, Remoting.  She’s reliable (and easy, but don’t tell her that!)  She’s not all that interoperable, but I don’t talk to other frameworks, anyway.  I’m too busy with my professional life to make friends.

So, it’s back to Remoting.  Unless, of course, Indigo asks me out.

The Atlanta .NET Regular Guys (namesake of the ex-Atlanta Radio show duet) post about their lunch with Paul Wilson. Anyone in Atlanta should take Paul up on his lunch offer.  He's a really fascinating person to talk tech with.

As I mentioned a few posts ago, I’ve been spending some time with WSE 2.0.  One of the cool things in the new WS-* specs is WS-SecureConversation.  SecureConversation maintains the ability to enforce authentication and authorization at a per call basis, while lowering the runtime burden of actually performing a full authentication for each round trip call. I’m not going to go too far into details here, as there’s plenty of information on WS-SecureConversation available on the web.

The problem that I had with the Microsoft WSE 2.0 implementation of SecureConversation is that all of the Microsoft examples that I saw used policy files to set up the “Conversation.”  This really works great out of the box, and allows two applications to set up a conversation with little more than wiring up some incredibly complicated XML configuration files.  This conversation is enforced at the AppDomain level. 

However, my application model required that the secure conversation take place at a “user” level from within the application, with the idea that the “client” application must be able to host more than one different user from within the AppDomain during the application’s lifetime.  I performed “Action” level authorization by writing a custom server side filter that analyzed the BaseToken of the SecureContextToken, and that information combined with the “Action” from the SOAP header allowed me to decide whether or not the user was authorized to perform that specific Web Service call. 

The problem with this model is related to the automatic conversation set up by WSE on the client side. If policy is used to enforce SecureConversation on the client, WSE caches the first SecureContextToken issued to it. WSE continues to use this token for the lifetime of the application (or until token expiration).  So, if user “Bob” logs in, logs out, and then user “Alice” logs in, the client application will still assign Bob’s SecureContextToken to the message.  This broke my server side authorization logic, as the filter looked at the incoming SecureContextToken to get the Username BaseToken.

Well, that makes sense, if you understand what is going on.  It’s also relatively easy to fix.  Instead of allowing WSE to manage SecureConversation through Policy as all of the examples show, you may manually implement SecureConversation in your client side proxy code.  It’s not much code, and once you know what you are going for, it’s pretty straightforward. 

The real problem that I ran into, however, is that while the documentation is fairly thorough, it mostly deals with a common use case or model, and when you stray from this, you’ll find yourself in the land of experimentation and ILDASM.

After building an end to end communications platform based on WSE, my team has since thrown it away. We are using a remoting based framework instead.  More on this in a future post.