September 2003 - Posts
I purchased MSDN Universal off of eBay for a most excellent price and it was activated late last week. For all those people looking to purchase this product, check out eBay first. It takes a few days but well worth the wait.
-Mathew Nolton
I AM IN THE MOOD TO RANT.
Robert McLaws http://weblogs.asp.net/rmclaws/posts/28633.aspx had a nice rant about an article written by "This Guy". I am upset with myself for getting sucked into the “flamewars“ between Microsoft and the rest of the world. But this time I just couldn't help myself. When you see a person make moronic comments in the press you just have to speak up.
For example:
Contrary to Microsoft's claims, open standards does not necessarily mean open environments. Microsoft's Steve Ballmer has said that .Net delivers benefits as a Web services platform through XML (Extensible Markup Language) connectivity extended across clients and servers. The problem with that simplistic view is that while XML and Web services break down barriers when used with open standards, .Net creates insidious new barriers by promoting vendor lock-in for customers.
What vendor lock-in? If he is talking about writing everything in Java, then he is probably going to use a tool from a company with its own set of classes. For example IBM and WSTK (it has been renamed recently) or BEA WebStudio. Now these products have their own classes and proprietary method of doing things. Now they are both java, but they do require you to use their classes. Is this a “proprietary standard”. I think it is, but I'll let him slide for this one. I don't think its valid, but I'll give it to him. But now let's talk about “these barriers” to entry that Microsoft imposes. Which barriers does he mean. He never actually mentioned a single barrier. That really annoys me.
Could he be talking about the fact that .Net doesn't run on Linux (Mono may someday)? But why should it? With Xml Web Services it doesn't matter. The whole point of webservices is that you write them on your platform and let others use it without regard of the underlying platform. I've done this before. It actually works that way (both in Java and in .Net) But wait a minute. There is “His“ issue of “These Barriers”. Which barriers were those again? I keep forgetting.
Now I especially like this statement
Additionally, Microsoft's claim that .Net's Web services platform saves customers money is misleading. Sure, the initial investment is enticing, but how much will it cost when the hard work begins? A recent Gartner report said companies planning to move their old programs to .Net can expect to pay 40 percent to 60 percent of the cost of developing the programs in the first place.
Now what would it cost to move these same services to Java? Its funny these aren't mentioned. Or is he stating that these are Java programs being moved to .Net. Does this mean that for every $1 spent originally writing it in java it only costs 40-60 cents to write it in .Net. Ohhh that would be funny wouldn't it;) Now, if Java costs less to develop in, then Great. Just give me a valid comparison. But then again, there are those darned barriers to entry again. What were they? Help me understand?
I just had to rant,
-Mathew Nolton
PS. No disrespect to any Java developers. I like the language. I just didn't like this particular article.
<cite from=“Duncan's Blog” I took the test Chris has been talking about, ended up as an ENTJ as well... I didn't read the descriptions before or after... but I think I get the general idea.</cite>
ENTJ too. It reminds me of the personality test I took in MBA school. After the test, the prof started asking each of us what we thought of the test. I told the prof I thought the personality test was “hooeeyy”. She then correctly guessed my personality type. Maybe there is something to these tests... ;)
-Mathew Nolton
I finally purchased my own copy of MSDN Universal. I purchased it on eBay for a most excellent price.
-Mathew Nolton
Started using Web Service Studio on GotDotNet. I am impressed with this tool. We are implementing a security scheme based on WS-Security and therefore we are turning off HTTP Post and HTTP Get so that SOAP security is not bypassed. This means that Browser based testing is not possible.
I would love to contribute to this product so if “Sowmy” who started the workspace on GotDotNet is listening out there, let me know (I have already requested to be a member of the workspace). In the meantime I will have to be happy making modifications on my own copy of the code ;)
On the WS-Security front. I haven't had a chance to work much with Version 2.0, Technology Preview, but it does look good. Version 1.0 has done everything I have requested and the design is elegant and unobtrusive. What I appreciate most about it is the ability to inspect and evaluate headers prior to the invocation of the actual WebMethod. This is key. I can then implement a security scheme (or whatever) once and not have to worry about it again.
Now for my obligatory rant.
I tried using IBM's WSTK in order to test interoperating. What a pain in the a@#$. No documentation on their security policy file. Now I am the type of developer who appreciates it when someone writes something down so I can just “Look It Up”. Or if there is no documentation, then make it intuitive. Now working with the WSTK and notepad files means that it is probably not intuitive. Now I have no problem working with Notepad. Sometimes I actually prefer it, but I will need documentation. Use BEA Workshop if you are using Java. Its free too.
Jan Tielens in his blog brought up an approach http://weblogs.asp.net/jan/posts/27835.aspx he used to create SoapExceptions. The code/concept is similar to something I wrote here where I am working. However, we added a twist that I thought was kindof interesting and worth sharing. Specifically, our web services are basically a service facade into an underlying business tier. This is nothing new to anyone. We also make it a point to say that all exceptions emanating from our business tier are derived from ApplicationException and defined also within our tier. This means that we have total control of the definition of all of our exceptions. Again, a relatively common practice and probably nothing new to many of you.
Now, since we own the definitions of all of these exceptions, we created several custom attributes that let us use a SoapFactory I wrote to create a SoapException from any of our Business Exceptions. This simplifies our WebMethod code tremendously. For example:
[ WebMethod ( Description = "Removed for brevity") ]
public CustomerProfile GetXXXX( string identifier )
{
try
{
return Customer.CreateXXXFromYYY( identifier );
}
catch( Exception e )
{
throw CybralSoapException.Create( e );
}
}
And the definition code for one one of my exception look like this. You will notice that I decorated the exceptions with two new Attributes CybralSoapFaultCode and CybralSoapErrorCode.
CybralSoapFaultCode allows me to decorate the XmlQualifiedName consistently anytime a specific exception is thrown.
CybralSoapErrorCode is an attribute that allows me to populate the detail block of a SoapException with a common key defined in the enumeration ProfileSoapKeys. By using an enumeration to fill in the key and providing it in the Attribute I can do typechecking to make sure that there are no misspellings. This means that I don't have to worry about misspellings in my keys and a client can be certain that I did spell it right when they evaluate the Detail block in order to figure out any application specific error information ( a small thing but worth the trouble ) (Also using the Enumeration was the idea of a coworker of mine. He had a bug where a misspelling occurred and he vowed he never wanted it to happen again;):
[Serializable]
[CybralSoapFaultCode( "ClientFaultCode" )]
[CybralSoapErrorCode( typeof(ProfileSoapKeys),"DataSourceUnavailable")]
public class DataSourceUnavailableException : BaseApplicationException
{
protected const string _message = "A requested datasource is unavailable.";
public DataSourceUnavailableException() : base( _message ){}
public DataSourceUnavailableException( Exception inner ) : base( _message, inner ){}
public DataSourceUnavailableException(string message) : base(message){}
public DataSourceUnavailableException(string message, Exception inner) : base(message,inner){}
protected DataSourceUnavailableException(SerializationInfo info, StreamingContext context) : base(info, context){}
}
Now the CybralSoapException factory method code looks like this:
public static CybralSoapException Create( Exception ex )
{
MemberInfo info = ex.GetType();
// get the errorCode
object[] attributes = info.GetCustomAttributes( typeof( CybralSoapErrorCodeAttribute ), false );
Enum errorCode = (attributes.Length > 0) ? ((CybralSoapErrorCodeAttribute)
attributes[0]).ErrorCode : CybralSoapExceptionKeys.UnexpectedSystemError;
// get the faultCode
attributes = info.GetCustomAttributes( typeof( CybralSoapFaultCodeAttribute ), false );
XmlQualifiedName faultCode = (attributes.Length > 0) ? ((CybralSoapFaultCodeAttribute) attributes[0]).FaultCode : SoapException.ServerFaultCode;
// THIS CONTRUCTOR MERELY FORMATS THE DETAIL BLOCK FOR ME. // Also this class is derived from SoapException which means it gets caught correctly by all clients as a SoapException
// Of course it will lose all reference to CybralSoapException and will be formatted as a regular SoapException, but thats ok.
return new CybralSoapException ( ex.Message, faultCode, errorCode, System.Web.HttpContext.Current.Request.Path, ex );
}
I could get into the code of the attributes, but I am starting to annoy myself with the length of this blog. As always, feedback is appreciated.
-Mathew Nolton
A coworker and I just got into a most excellent discussion about the need for a Logging ApplicationBlock similar to the ExceptionManager Block except that it would log types other then Exceptions. This would enable me to log something and based upon my filters in my configuration file, it would show up in 1, many, an email to an administrator or if we deem it not worthy - no logs. It sounds like a fun exercise and something that will come in handy.
-Mathew Nolton
The other day I posted asking anyone for any additional information regarding the syntax of the policy file that you can create with IBM WSTK Version 3.3 to sign, encrypt, add a username Token, etc. to a SoapHeader on an outgoing Soap from a java client so that you can interoperate with .Net following the WS-Security specification put together by Microsoft, IBM and Verisign. Didn't get any. That's ok.
Frustrated, I searched for another avenue and I came across BEA Worshop Version 8.1. It was awesome. I downloaded it, installed it, created a project, imported my WSDL, and called my web service following an implemented security policy in like 3.5 hours. So if others out there are interested in checking out the interoperability for themselves, I recommend Workshop. You will actually notice some high-level similarities b/w Visual Studio and Workshop.
Mathew Nolton
Note: If the documentation on how to put together the policy file with WSTK (renamed to ETTK in August) was right in front of my nose, my humblest apologies. I do believe interoperability is important, so please set me straight. Seriously.
Recently I had to determine if a user exists in a particular group in a particular domain. Since I am not using ActiveDirectory/LDAP I couldn't use the System.DirectoryServices.DirectorySearcher (which limited my options a great deal).
I found a number of examples of people recommending that you retrieve Members Collection of a Group DirectoryEntry and then enumerating through the list. The problem with this approach is that as the list of members grows, so does the time it takes to evaluate the list. So I needed a better method. Fortunately, you can create a DirectoryEntry object and invoke one of its underlying ( COM ) methods. So, if in your DirectoryEntry construction, you specify a valid group path, you can invoke the IsMember method off of the internally contained object that implements IADsGroup.
In other words, two lines of code will enable you to determine if a user is a member of a WinNT Group. This example checks against a local group.
// Construct a DirectoryEntry object pointing to a group local to my machine ( this could be a domain group).
DirectoryEntry groupEntry = new DirectoryEntry( "WinNT://MyMachineName/MyLocalGroupName,group" );
// Now invoke the IsMember method
bool val = (bool)groupEntry.Invoke( "IsMember","WinNT://CORPORATEDOMAIN/MNolton");
As with any of my postings, feedback is appreciated.
Mathew Nolton
Does anyone know where a person can get documentation on the syntax of wssecurity-client.xml and wssecurity-server.xml files?
These are the files used to configure security using WSTK by IBM for interoperability between Xml Web services. Microsoft uses Web Service Enhancements ( i understand this ) and IBM uses a configuration file typically called wssecurity-server.xml (for the web-service) and wssecurity-client.xml for the client (although you can call it whatever you want). The problem I am running into is that there is ABSOLUTELY NO documentation that I can find on the syntax of this file. I can find some examples of its use but I can find nothing that tells me how to define one.
I found a post @ IBM.com by Christian Weyer asking the same question and he was told there was none but to download the WebSphere Trial and look in the examples ( i am doing this now ). Does anyone know of some documentation that I am overlooking.
Mathew Nolton
More Posts