Archives
-
Monitoring your services with SO-Aware
One of the features that you get out of the box with SO-Aware is the ability of monitoring your services. You can either monitoring the traffic for your REST or SOAP services, and see the details of all the incoming or outgoing messages, or any fault that got generated during the execution. In addition, that data is used to compute some metrics and provide several reports about the service usage.
-
Versioning REST Services with WCF Http Processors
As I discussed in my last post, the new WCF Http Model includes http processors that you can use to inject cross cutting aspects into an existing service. We can use processors for supporting a versioning schema based on content types as it discussed here by Peter Williams.
-
Http Processors in the WCF Web Programming Model
The code drop recently released as part of wcf.codeplex.com introduced a new feature for injecting cross-cutting concerns through a pipeline into any existing service. The idea is simple, when you move to the http world, there are some aspects that might want to move out of your operation implementation. A typical example is content negotiation, in which the http messages are serialized or deserialized into specific entity or object graph expected by the service based on the “content-type” or “accept” http headers. You don’t want to have all that logic spread across all the service implementations or tie your operation to an specific format as it happened with previous model with the WebInvoke and WebGet attributes. For that kind of logic, it’s really useful to have that concern implemented in a specific class that you can test individually and inject into your service to support new message formats.
-
Generating WCF configuration from the SO-Aware Repository
As part of the simplification in service configuration that we want to provide in SO-Aware, we have added two new commands in the PowerShell provider for generating the service configuration at design time in case you don’t want to rely on SO-Aware for resolving all that at runtime.
-
New IQueryable Support for Http Services in WCF
One of the things that caught my attention when WCF Data Service was released a couple of years ago was the ability of using URI segments for passing queries directly to an underline linq provider. This represented a very powerful feature for allowing clients to filter and manipulate a large data result set on the server side with a simple API and without incurring in any unnecessary performance penalty (the queries are performed and resolved in the data source itself most of the times) and having all that logic implemented in the service itself.
-
Getting rid of the magic strings in a WCF Data Service Client
One of the common problems that you might find when using the generated DataServiceContext for consuming an existing WCF data service is that you have magic strings everywhere for handling links (expanding, adding, deleting, etc). The problem with all those magic strings is that they make your code to compile correctly, but you might run into some error at runtime because you used a link that does not exist or it was just renamed.
-
Security Identity propagation for WCF Ajax endpoints in ASP.NET
A UI driven service is usually a service implementation that only makes sense in the context of the UI for solving an specific use case, and not something that you might want to share or expose to third parties. Typical examples of UI driven services are AJAX endpoints, which you build for supporting partial updates in a page. The implementation of this kind of services can take the form of a simple http endpoints, which could adhere to the REST principles or not, or SOAP web services.
-
SO-Aware integration with Visual Studio 2008
I am happy to announce today the support in Visual Studio 2008 for adding new service references from the SO-Aware service repository. We have created a simple plugin that you can register in Visual Studio to support this new functionality.
-
ASP.NET MVC, WCF REST and Data Services – When to use what for RESTful services
Disclaimer: This post only contains personal opinions about this subject
-
The swiss knife for managing X509 certificates in Windows
Raffaele Rialdi, a security MVP from Italy, has just released a very cool tool to manage X509 certificates in windows. X509 certificates has always represent a pain for most developers, as they are hard to deploy or configure correctly with the right permissions. A tool like this is absolutely need when working with frameworks like WCF or WIF that makes an extensive use of certificates.
-
Exposing additional service metadata with WS-Discovery in WCF 4.0
WS-Discovery is not only a mechanism for discovering service endpoint addresses at runtime, but also a way to query for specific service information and metadata. If you look at it from another standpoint, WS-Discovery provides access to a decentralized short-lived service catalog that is available as long as the services are running. It is decentralized because every service expose their own metadata, unless you use a WS-Discovery managed proxy, which act as an intermediary and central location for service discovery. It is short-lived because it is only available when the service is running, and it is not something that clients could use at any time.
-
SWUtil - A new tool for generating service proxies from the SO-Aware repository.
As we announced last week, we are shipping a new Visual Studio plugin for generating service proxies as part of the SO-Aware SDK. The functionality is equivalent to what you find today in the “Add Service Reference” command, but the results are much better as you get a proxy that does not require any WCF configuration, and also knows how to resolve bindings and behaviors from the repository.
-
Why ASMX web services are not an excuse anymore with WCF 4.0
ASXM web services has been the favorite choice for many developers for building soap web services in .NET during a long time because of its simplicity. With ASMX web services, you get a web service up and running in a matter of seconds, as it does not require any configuration. The only thing you need to do is to build the service implementation and the message contracts (xml serialization classes), and that’s all. However, when you build a system as a black box with most of the configuration hardcoded, and only a few extensibility points in mind, you will probably end up with something that is very easy to deploy and get running, but it can not be customized at all. That’s what an ASMX web service is after all, you don’t have a way easily change the protocol versions, encoders, security or even extend with custom functionality (SOAP extensions are the only entry point for extensibility, which work as message inspectors in WCF).
-
Managing the SO-Aware Repository with PowerShell
As Jesus mentioned in this post, SO-Aware provides three interfaces for managing the service repository. An OData API in case you want to integrate third applications with the repository. OData is a pure http API that can be easily consumed in any platform using a simple http client library. The management portal, which is an ASP.NET MVC user interface layered on top of the OData API and probably the one most people will use. And finally, a PowerShell provider that also mounts on top of the OData API to allow administrators to automate management tasks over the repository with scripting.
-
Some WIF interop gotchas
WIF is an excellent framework that allows you to develop an STS in just a few minutes if you know exactly what you are doing of course :). In my role as consultant and architect in Tellago, I went through several projects in which some level of customization was required at wire level to accomplish some interoperability between a STS built with WIF and existing federation solutions like ADFS 1.x and OpenSSO.
-
Centralizing Federated Services configuration with SO-Aware
Configuring a WCF service to use federated authentication in an organization is not something trivial as it requires some good knowledge of the available security settings, and more precisely, how to talk to the existing security token services with the right WCF bindings.
-
NHibernating a WCF Data Service
WCF Data Services ships with two built-in query providers, a query provider for Entity Framework that uses the CSL model to infer all the service metadata for the exposed entities and their associations, and another provider, a Reflection Provider that uses .NET reflection over the exposed object model to infer the same metadata.
-
Our WCF Service Repository (SO-Aware) on Channel 9
My colleagues Jesus Rodriguez and Dwight Goins were talking about many of challenges you might find for managing WCF services in the enterprise, and how SO-Aware can help you out in all those aspects. Check it out here.
-
Visualizing Service Dependencies in SO-Aware
A common requirement that we received from some customers while we were in the early design stages of SO-Aware was the ability of tracking static dependencies between services. For instance, Service A calls Service B and Service B calls Service X. This feature is not only useful for documentation but also for helping administrators to determine which services are going to affected with a change in one of the existing service. (In that example, a change in the service X would affect Service A and B).
-
Service Testing in SO-Aware
Service testing is another interesting feature that you will find in SO-Aware. Having a tool for testing a service in the repository is very important for the following reasons,
-
WCF configuration simplification with SO-Aware
As I discussed in the previous post, everything in SO-Aware is exposed as resources via OData. You can simply take a look at this by browsing at the main feed of the service repository.
-
SO-Aware is here. A RESTful service repository
I am very proud to announce today the release of our product in Tellago Studios, SO-Aware, a RESTful service repository based on OData. The main difference between SO-Aware and other existing products is that everything is exposed as resources via OData feeds that can be retrieved or manipulated with standard http verbs like POST, PUT, GET or DELETE (All this is implemented with WCF data services).
-
Specifying mime types for content in WCF Data Services
WCF Data Services provides an specific operator “$value” for retrieving the underline value of any of the properties in exposed resources. Let’s say you have a resource “Configuration” that exposes a field “Xml” whose content should be treated as a mime type “text/xml”. When you execute a query like this to retrieve the value of that field, “myService.svc/Configurations(1)/Xml/$value”, what you get is the content of that field but expressed as plain text (text/plain). This happens because the default behavior for WCF Data Services is to return most of the primitive types as “text/plain” and some others like byte arrays as “application/octet-stream”. So, how do you change that default behavior to retrieve property content with other mime types ?. Here is where the MimeTypeAttribute can be used to change that behavior.
-
Professional WCF 4.0: Windows Communication Foundation with .NET 4.0
The book in which I been working on since last year finally went to the light this week. It has been the result of hard work between me and three other Connected Systems MVP, my friend Fabio Cozzolino, Kurt Claeys and Johann Grabner. If you are interested in learning the new features in WCF 4.0, but also WCF in general and how to apply it in real world scenarios, this book is for you. I dedicated three chapters of this book to one of my favorites topics, Security, from the basics to more complicated scenarios with Claim-Based security and Federated authentication using WCF services with Windows Identity Foundation. You can find more information about the book and the table of contents in the Wrox web site here.
-
Implementing a generic repository for WCF data services
The repository implementation I am going to discuss here is not exactly what someone would call repository in terms of DDD, but it is an abstraction layer that becomes handy at the moment of unit testing the code around this repository. In other words, you can easily create a mock to replace the real repository implementation.
-
Enabling Service Availability in WCF Services
It is very important for the enterprise to know which services are operational at any given point. There are many factors that can affect the availability of the services, some of them are external like a database not responding or any dependant service not working. However, in some cases, you only want to know whether a service is up or down, so a simple heart-beat mechanism with “Ping” messages would do the trick. Unfortunately, WCF does not provide a built-in mechanism to support this functionality, and you probably don’t to implement a “Ping” operation in any service that you have out there. For solving this in a generic way, there is a WCF extensibility point that comes to help us, the “Operation Invokers”. In a nutshell, an operation invoker is the class responsible invoking the service method with a set of parameters and generate the output parameters with the return value.
-
Getting WCF Bindings and Behaviors from any config source
The need of loading WCF bindings or behaviors from different sources such as files in a disk or databases is a common requirement when dealing with configuration either on the client side or the service side.
-
Integrating WIF with WCF Data Services
A time ago I discussed how a custom REST Starter kit interceptor could be used to parse a SAML token in the Http Authorization header and wrap that into a ClaimsPrincipal that the WCF services could use. The thing is that code was initially created for Geneva framework, so it got deprecated quickly. I recently needed that piece of code for one of projects where I am currently working on so I decided to update it for WIF. As this interceptor can be injected in any host for WCF REST services, also represents an excellent solution for integrating claim-based security into WCF Data Services (previously known as ADO.NET Data Services).
-
ActAs and OnBehalfOf support in WIF
I discussed a time ago how WIF supported a new WS-Trust 1.4 element, “ActAs”, and how that element could be used for authentication delegation. The thing is that there is another feature in WS-Trust 1.4 that also becomes handy for this kind of scenario, and I did not mention in that last post, “OnBehalfOf”.
-
OData to the rescue. Exposing the eventlog as a data feed
In one of the project where I was working one, we used the Microsoft Enterprise Library Exception Application Block integration with WCF for logging all the technical issues on the services/backend in Windows Event Log. This application block worked like a charm, all the errors were correctly logged on the Event Log without even needing to modify the service code. However, we also needed to provide a quick way to expose all those events to the different system users so they could get access to all the them remotely. In just a couple of minutes I came up with a simple solution based on ADO.NET Data Services. ADO.NET data services is very powerful in this sense, you only need to provide a IQueryable implementation, and that’s all. You get a RESTful service with rich query support for free.
-
A good way to handle claim based security in RESTful services
Dominick just blogged what I think is one of the best ways to provide claim based security for RESTful services at the moment. The idea of using simple web tokens for RESTful services I’ve been in my head for a while, but I was not able to find enough the time to implement it. Fortunately, Dominick already did it for us, so it’s really great to have a sample with that.
-
“The system cannot find the file specified” error in the WIF FAM module
The Federation Authentication Module (FAM) shipped as part of WIF protects by the default the session cookies from being tampered with in passive scenarios using DPAPI. As I mentioned in the past, this technique simplifies a lot the initial deployment for the whole solution as nothing extra needs to configured, the automatically generated DPAPI key is used to protect the cookies, so this might be reason to have that as default protection mechanism in WSE, WCF and now WIF.
-
Monitoring your WCF services with AppFabric
Windows AppFabric (Previously known as Dublin) introduces a new built-in mechanism for monitoring the execution of the WCF services, all the events generated during the execution or the interaction with other services. While the message trace capabilities in WCF already provided some detail about the execution and the exchanged messages, it was a feature more suitable for troubleshooting and error diagnosis. The performance counters did not help in this area either, as they provided live service usage statistics, which sometimes resulted very useful to determine possible bottlenecks.
-
ActAs in WS-Trust 1.4
WS-Trust 1.4 introduced a new feature called as “ActAs” for addressing common scenarios where an application needs to call a service on behalf of the logged user or a service needs to call another service on behalf of the original caller. These are typical examples of what is usually resolved with the “Trusted Subsystem” pattern.