Introducing the WF Security Pack CTP 1 on

Today, we would like to announce the release of the WF Security Pack CTP 1 on  Where did it come from?  Quite simply, from you: real WF 4 customers who have spent time banging their heads against the wall trying to get certain security scenarios working with WF 4.  From your feedback, we’ve put together this Activity Pack to fill in some gaps that you have identified.  Let’s take a quick look at what is covered.

The Microsoft WF Security Pack CTP 1 is a set of 7 security-related activities, designers, and the associated source code based on WF 4 and the Windows Identity Foundation (WIF).  The scenarios we targeted were the following:

  • Impersonating a client identity in the workflow.
  • In-workflow authorization, such as PrincipalPermission and validation of Claims.
  • Authenticated messaging using ClientCredentials specified in the workflow, such as username/password or a token retrieved from a Security Token Service (STS).
  • Flowing a client security token through a middle-tier workflow service to a back-end service (claims-based delegation) using WS-Trust features (ActAs).

Now, my question for you is: are these the right set of scenarios to target for the next .NET framework release?  What is missing?  Which is the most important?  Again, we want your feedback so that we can make the right decisions for the long-term benefit of the product.  Use the Discussions tab, our WF 4 Forums, a carrier pigeon, whatever it takes to get us some feedback.

Ok, here are three great ways to get started:

  1. Download the WF Security Pack CTP 1 from, add a reference to the Microsoft.Security.Activities.dll in your WF 4 project, and check out the “Security” tab in the Toolbox.
  2. Take a quick read through the User Guide introduction to get a feel for what is included.
  3. Download the WF Security Pack CTP 1 Source code, open up the WorkflowSecurityPack.sln, and take a look at the activity APIs and the rest of the moving pieces of the implementation.

In the next couple of weeks, we’ll take an in-depth look at these scenarios and how you can use the WF Security Pack CTP 1 in your projects.  Stay tuned for that content here on The .NET Endpoint & on (special thanks to Zulfiqar Ahmed, Microsoft Consultant, for his help in building this Activity Pack!).

Learning WPF

As a .net developer that has recently spent over a year helping to design and build a SCSF winforms application, I have been looking to branch out into different techniques and technologies to improve my skill set. With Visual Studio 2010 coming out, the latest support for WPF and a push, by Microsoft, toward its […]

New Embedded Database Support with ASP.NET

New Embedded Database Support with ASP.NET

Earlier this week I blogged about IIS Express, and discussed some of the work we are doing to make ASP.NET development easier from a Web Server perspective.

In today’s blog post I’m going to continue the simplicity theme, and discuss some of the work we are also doing to enable developers to quickly get going with database development.  In particular, I’m pleased to announce that we’ve just completed the engineering work that enables Microsoft’s free SQL Server Compact Edition (SQL CE) database to work within ASP.NET applications.  This enables a light-weight, easy to use, database option that now works great for ASP.NET web development.

Introducing SQL Server Compact Edition 4

SQL CE is a free, embedded, database engine that enables easy database storage.  We will be releasing the first public beta of SQL CE Version 4 very shortly. Version 4 has been designed and tested to work within ASP.NET Web applications.

Works with Existing Data APIs

SQL CE works with existing .NET-based data APIs, and supports a SQL Server compatible query syntax.  This means you can use existing data APIs like ADO.NET, as well as use higher-level ORMs like Entity Framework and NHibernate with SQL CE.  Pretty much any existing data API that supports the ADO.NET provider model will work with it.

This enables you to use the same data programming skills and data APIs you know today.

No Database Installation Required

SQL CE does not require you to run a setup or install a database server in order to use it.  You can now simply copy the SQL CE binaries into the \bin directory of your ASP.NET application, and then your web application can run and use it as a database engine.  No setup or extra security permissions are required for it to run.  You do not need to have an administrator account on the machine.  It just works.

Applications you build can redistribute SQL CE as part of them.  Just copy your web application onto any server and it will work.

Database Files are Stored on Disk

SQL CE stores databases as files on disk (within files with a .sdf file extension). You can store SQL CE database files within the \App_Data folder of your ASP.NET Web application – they do not need to be registered in order to use them within your application. 

The SQL CE database engine then runs in-memory within your application.  When your application shuts down the database is automatically unloaded.

Shared Web Hosting Scenarios Are Now Supported with SQL CE 4

SQL CE 4 can now run in “medium trust” ASP.NET 4 web hosting scenarios – without a hoster having to install anything. Hosters do not need to install SQL CE or do anything to their servers to enable it.

This means you can build an ASP.NET Web application that contains your code, content, and now also a SQL CE database engine and database files – all contained underneath your application directory.  You can now deploy an application like this simply by using FTP to copy it up to an inexpensive shared web hosting account – no extra database deployment step or hoster installation required.

SQL CE will then run within your application at the remote host.  Because it runs in-memory and saves its files to disk you do not need to pay extra for a SQL Server database.

Visual Studio 2010 and Visual Web Developer 2010 Express Support

VS 2010 and Visual Web Developer 2010 Express will add SQL CE 4 tooling support for ASP.NET scenarios in an update we’ll be rolling out in the future.  This will enable you to add SQL CE database files to your ASP.NET projects, use the Visual Studio Server Explorer to create and edit tables in them, and use higher-level designers like Entity Framework (see below) to model and map the database to classes that you can then query and program against using LINQ.


This means that in addition to using the same data APIs you know today, you will also be able to easily use the same development tools you already know with SQL CE.

Supports Both Development and Production

SQL CE can be used for both development scenarios and light-usage production usage scenarios.  With the SQL CE 4 release we’ve done the engineering work to ensure that SQL CE won’t crash or deadlock when used in a multi-threaded server scenario (like ASP.NET).  This is a big change from previous releases of SQL CE – which were designed for client-only scenarios and which explicitly blocked running in web-server environments.  Starting with SQL CE 4 you can use it in a web-server as well. 

There are no license restrictions with SQL CE.

Easy Migration to SQL Server 

SQL CE is an embedded database – which makes it ideal for development and light-usage scenarios.  For high-volume sites and applications you’ll probably want to migrate it to use SQL Server Express (which is free), SQL Server or SQL Azure.  These servers enable much better scalability, more development features (including features like Stored Procedures – which aren’t supported with SQL CE), as well as more advanced data management capabilities.

We’ll ship migration tools that enable you to optionally take SQL CE databases and easily upgrade them to use SQL Server Express, SQL Server, or SQL Azure.  You will not need to change your code when upgrading a SQL CE database to SQL Server or SQL Azure.  Our goal is to enable you to be able to simply change the database connection string in your web.config file and have your application just work.


SQL CE 4 provides an easy, lightweight database option that you’ll now be able to use with ASP.NET applications.  It will enable you to get started on projects quickly – without having to install a full database on your local development box.  Because it is a compatible subset of the full SQL Server, you write code against it using the same data APIs (ADO.NET, Entity Framework, NHibernate, etc).

You will be able to easily deploy SQL CE based databases to a remote hosting account and use it to run light-usage sites and applications. As your site traffic grows you can then optionally upgrade the database to use SQL Server Express (which is free), SQL Server or SQL Azure – without having to change your code. 

We’ll be shipping the first public beta of SQL CE 4 (along with IIS Express and several more cool things I’ll be blogging about shortly) next week.

Hope this helps,


P.S. In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at:

Help Make WCF Interop Even Better

Speaking of Interop, the .NET Windows Communication Foundation (WCF) team is planning its next set of features and wants to hear from developer’s experiences about how we can make WCF interop better and easier. For that purpose, we have provided a quick, to-the-point survey for you to provide developer-to-developer feedback.

We are early in the product cycle, but need your feedback by July 15th to truly make the impact we all want.

The survey is here:

If you have any questions on the survey, please contact Abu Obeida Bakhach, Interoperability Program Manager at


New Web Services Interop site on MSDN

Interoperability has been a primary goal of the web services standards from the beginning.  After all, why would you go to the trouble to form a cross-industry initiative to essentially re-invent advanced distributed programming protocols like CORBA and DCOM, unless you could create standards that were broadly supported and truly interoperable?  Interoperability is also fundamental to the whole promise of service-orientation.  From it’s inception, WCF was created to enable this interoperable, service-oriented vision. 

Achieving something of this scale on an industry-wide scale is not an easy task.  It’s been a long road, but Microsoft and the other platform vendors have stuck with the vision of SOAP and WS-* and the end result is solid and getting better with each release of the various platforms that support it.


We’ve just published a new page on MSDN to be the one place you can go to learn about web services interop.  We have information there about current interop test results between WCF in .NET 4 and the latest releases of the major Java web services stacks.  We also have white papers that show specific scenarios that are supported and How-To guidance for developers.  And we have information about the various interop activities and communities Microsoft is involved in.  Check it out.

New Sample: Consuming ACS and Service Bus from Flash

As part of the Windows Azure AppFabric July Release, we have added support for cross-domain policy files to enable cross-domains calls to Service Bus and Access Control Service from Silverlight and Flash clients. This new sample demonstrates how to consume the AppFabric Access Control Service (ACS) and the Service Bus’s Message Buffer API from a Flash application.

You will find the sample as an attachment to this post.  Enjoy!


If you have any issues/questions/feedback with this sample, please address them in the Windows Azure AppFabric forums

BizTalk 2009 Project System – Repair or no repair?

Hi all

I just had the funniest (NOT) experience (AGAIN) with the new BizTalk 2009 project

Somehow I had gotten into a situation, where I could add all the usual artifacts to
a BizTalk project except schemas. I could add orchestrations, send pipelines, receive
pipelines, maps, flat file schemas, property schemas, and flat file wizard schemas.
So the only thing I couldn’t add was “normal” schemas.

I thought: Who cares? I can just add either a property schema or a flat file schema
instead and then change the necessary properties on it to make it a normal schema,
and that worked for me for some time.

Then, I was contacted by Microsoft to test out a new QFE package that they have created
to fix an issue I have reported. The QFE package wouldn’t install, so i thought it
might have something to do with my project system being broken, so I chose to repair
my BizTalk installation.

The result was, that now I can add “normal” schemas, but I can’t add orchestrations
and property schemas. Also, naturally, the QFE package still doesn’t install 🙁 So
I ended up unconfiguring, uninstalling, reinstalling and reconfiguring. Everything
seems normal now. But for how long?

I really hope they have improved the project system for BizTalk 2010.


System.Web.Routing RouteTable not working with IIS?

Most of the time I write simple apps that run in the local ASP.NET development server.  I noticed when I started working with IIS more because of Windows Server AppFabric that my routes were not working when the web application is deployed in IIS.

For Visual Studio 2010 / .NET 4 and IIS 7.5 here is what I’ve learned.

Step 1 – Make sure that you have installed the HTTP Redirection feature

This one was the killer for me.  I didn’t realize that this is not setup by the Web Platform Installer.

Step 2 – Modify your web.config

You are going to need the following


<modules runAllManagedModulesForAllRequests="true">
<remove name="UrlRoutingModule"/>
<add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
verb="*" path="UrlRouting.axd"
type="System.Web.HttpForbiddenHandler, System.Web,
Version=, Culture=neutral,


Step 3 – Create your routes


new ServiceRoute("AdventureWorks",
new DataServiceHostFactory(),

WCF Messages Not Getting Closed

I spent some time yesterday evening tracking down an issue with a custom WCF transport channel. This particular channel would support the IInputChannel channel shape, but with a twist: it would return a custom implementation of System.ServiceModel.Channels.Message instead of one of the built-in WCF implementations.
There’s nothing wrong with that and it was working just fine […]