by community-syndication | Sep 26, 2010 | BizTalk Community Blogs via Syndication
Well the announcement came over a week after I thought it would arrive, but BTS2010
is now officially released. And the developer edition is now free.
However, that doesn’t mean that you can do development for free: you still need to
pay for SQL Server and Visual Studio.
Although having said that, SQL Server 2008 Dev edition is fairly cheap (as in, about
%u00a320 on a select agreement), so the only real cost is Visual Studio… Still, it means
that there won’t be hoards of hobbyist devs out there trying out BTS, unless they
manage to get it running with Visual Studio Express (does that actually work? Never
tried it, but wouldn’t have thought so – might have a go tomorrow). Still, it means
that you no longer need an MSDN license to do BizTalk dev, which removes a huge barrier
for budding/hobbyist BizTalk devs. Especially if you want to start developing with
the AppFabric integration features in BTS 2010.
You can download the dev editions of BTS2010 and HIS2010 from here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=938102b8-a677-4c20-906d-f6ae472b3a6a&displaylang=en
by community-syndication | Sep 26, 2010 | BizTalk Community Blogs via Syndication
As you are probably aware by now, BizTalk 2010 has RTM’d. You can catch the announcement here. I am not going to recap all of the new features as you can read about them here. However, here are a few points worth noting about the new release.
- The BizTalk 2010 Developer’s edition is now free. So if you are curious about BizTalk and getting a licensed copy has been a barrier for you in the past, now is your chance to test drive BizTalk at no cost. Full details and download may be found here.
- For those AppFabric/WCF/WF developers, there is a new compelling feature called BizTalk AppFabric Connect which allows you to leverage BizTalk components such as the BizTalk LOB Adapter Pack and BizTalk Mapper within your .Net projects. This is a true enabler for connecting your WF applications to Line of Business Systems (LOB)
- If you have written applications in the past that have used the traditional line of business adapters, you will now be forced to use the BizTalk Adapter pack when communicating with SQL Server, SAP, Oracle and Siebel. Microsoft had deprecated these adapters in BizTalk 2009 and they have been officially removed in 2010. For the past year or so, I have been using the BizTalk Adapter pack when communicating with LOB systems and there are some subtle differences between the legacy and new LOB adapters. Overall, I am satisfied with the experience and there are no “show stoppers” that we have run into when making the switch. So if you are planning a BizTalk 2010 upgrade and currently use the legacy adapters, ensure migrating these applications to use the BizTalk adapter pack is in your project plan as you will need to regenerate schemas using these new adapters.
by community-syndication | Sep 26, 2010 | BizTalk Community Blogs via Syndication
It takes time to get used to using a distributed SCM, but Mercurial HG visualization sure helps.
Branching default branch to 1.5.1 release and 1.6.1 release.
Created VM for 1.5.1 to build hotfixes if needed.
<target name=”refresh” depends=”clean-test” description=”Update the source from Mercurial”>
<!– create the source directory if needed –>
<mkdir dir=”${source.dir}” failonerror=”true” unless=”${directory::exists(‘source.dir’)}” />
<mkdir dir=”${drop.dir}” failonerror=”true” unless=”${directory::exists(‘drop.dir’)}” />
<exec program=”hg” commandline=’pull -u ${repository.mercurial.rulemanager} -R ${source.dir} -v –branch 1.5.1′ failonerror=”false” verbose=”${verbose}”/>
</target>
by community-syndication | Sep 26, 2010 | BizTalk Community Blogs via Syndication
I installed the new BizTalk Server 2010 Developer Edition, released a couple of days ago, on a Windows Server 2008 R2 virtual image. The installation went very smoothly, but I did notice one problem. Initially I attempted to upgrade the beta version of BizTalk Server.Brian Loesgen reports that this worked OK for him. However, I couldn’t do this.The installer reported that upgrade from the Enterprise Edition to the Developer Edition is not supported. I attempted to uninstall the beta, but got an error message which left my installation in an invalid state.
Fair enough.You have to expect this sort of problem when using betas.That’s one good reason for using virtualisation.
I installed the RTM Developer Edition on a fresh image, and as I say, everything went very smoothly. However, I tried re-running the BizTalk installer and, to my dismay, got a rude message saying:
Cannot uninstall or modify the Dev. edition of BTS 2010
Setup has detected that the Enterprise Edition of BizTalk Server 2010 was installed. Upgrading from the Enterprise Edition to the Developer Edition is not supported.
Please uninstall the Enterprise Edition and then run Setup again.
This is simply not true.This was a completely fresh build of Windows Server on which I have only installed the Developer Edition. I have not tried uninstalling BizTalk to see what happens.
So, be careful with the Developer Edition.My experience is that there is a problem with the installer.
by community-syndication | Sep 25, 2010 | BizTalk Community Blogs via Syndication
It’s been a while since I’ve said anything here about Windows Server AppFabric, so I thought I’d do a quick post about some great resources about the technology. I highly recommend both of these.
White paper: If you’re new to AppFabric, or want a better understanding of how the whole thing works at an architectural level, there’s a great new Architecture Guide that just became available at the Windows Server AppFabric site. You can get it here. Great job by my colleagues Emil Velinov of the Windows Server AppFabric Customer Advisory Team (CAT) and Michael McKeown.
Book: Then, if you want to go deeper, there’s a great book from Apress, Pro Windows Server AppFabric, details are here. Written by my colleagues Danny Garber and Stephen Kaufman, they do a great job of covering everything related to AppFabric. Regardless if you’re a BizTalk, WCF or WF developer, this book will have something for you. I particularly liked the “advanced concepts” chapter. Great job guys!
Enjoy!
by community-syndication | Sep 24, 2010 | BizTalk Community Blogs via Syndication
Microsoft has just released BizTalk Server 2010, and it is now generally available! Along with this release comes an updated licensing structure that will be a relief for consultants, and companies managing multiple BizTalk environments. While the cost of the Enterprise edition has increased, the cost of the Developer edition has been eliminated. The Developer edition includes the full capabilities of the Enterprise edition, with the limitation being only that you cannot use it in production.
The pricing and licensing page sums this up saying:
Note: Many customers who deploy BizTalk Server implement separate development, testing, and production environments for their BizTalk Server 2010 solution. For the development and testing environments, you can use the free download of the BizTalk Server Developer Edition.
For the production environment, you need a valid processor license of BizTalk Server 2010 Enterprise, Standard, or Branch Edition for each processor on which you install an edition of BizTalk Server 2010.
I applaud this move by Microsoft, as it could encourage a new generation of developers to download and experiment with this powerful platform. This is a move that could drive adoption while at the same time potentially lower the TCO for those organizations managing multiple environments. Given the nature of BizTalk Server, I trust that this will not result in an equivalent of Eternal September for the BizTalk community, but don’t quote me on that remark.
To further help out developers that are new to BizTalk Server in general, we are offering a major discount on our BizTalk Developer Fundamentals online course. Simply use promo code BT2010 when you register, and you will receive $295 off a self-paced registration. This offer expires at the end of September, so act fast!
Finally, go and get BizTalk Server 2010 while it’s still cached at a CDN server near you!
by community-syndication | Sep 24, 2010 | BizTalk Community Blogs via Syndication
Earlier this week I posted about an ASP.NET Vulnerability, and followed this up with another blog post that covers some Frequently Asked Questions about it.
We are actively working on releasing a security update that fix the issues, and our teams have been working around the clock to develop and test a fix that is ready for broad distribution across all Windows platforms via Windows Update. I’ll post details about this once it is available.
Revised Workaround and Additional URLScan Step
In my first blog post I covered a workaround you can apply immediately on your sites and applications to prevent attackers from exploiting it. Today, we are revising it to include an additional defensive measure.
This additional step can be done at a server-wide level, and should take less than 5 minutes to implement. Importantly, this step does not replace the other steps in the original workaround, rather it should be done in addition to the steps already in it. Below are instructions on how to enable it.
Install and Enable IIS URLScan with a Custom Rule
If you do not already have the IIS URLScan module installed on your IIS web server, please download and install it:
It takes less than a minute to install on your server.
Add an Addition URL Scan Rule
Once URLScan is installed, please open and modify the UrlScan.ini file in this location:
- %windir%\system32\inetsrv\urlscan\UrlScan.ini
Near the bottom of the UrlScan.ini file you’ll find a [DenyQueryStringSequences] section. Add an additional “aspxerrorpath=” entry immediately below it and then save the file:
[DenyQueryStringSequences]
aspxerrorpath=
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, “Courier New”, courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
The above entry disallows URLs that have an “aspxerrorpath=” querystring attribute from making their way to ASP.NET applications, and will instead cause the web-server to return an HTTP error. Adding this rule prevents attackers from distinguishing between the different types of errors occurring on a server – which helps block attacks using this vulnerability.
After saving this change, run “iisreset” from a command prompt (elevated as admin) for the above changes to take effect. To verify the change has been made, try accessing a URL on your site/application that has a querystring with an aspxerrorpath and verify that an HTTP error is sent back from IIS.
Summary
If you’ve already implemented the workaround we’ve previously published, please add the above step to help block attackers from exploiting the vulnerability.
Our team is working around the clock to release an update via Windows Update that fixes the underlying product vulnerability. Until that update is available, you can use the above workaround to help prevent attackers from using the vulnerability against your applications.
Once we release the security update, you will no longer need to implement any workaround steps. You can learn more about this vulnerability and the workaround from:
Please post specific questions about the vulnerability in this forum on the www.asp.net web-site.
Thanks,
Scott
by community-syndication | Sep 24, 2010 | BizTalk Community Blogs via Syndication
Suppose you want to unit test a workflow that has some external dependency like a database, web service, file or some other thing that makes testing inconvenient. The need to eliminate external dependencies when testing has led to a world of mocking frameworks that allow you to automatically generate a mock with pre-defined behavior.
I wanted to do the same thing with Activities in workflows and I’ve now added support for this to the latest release of the Workflow Test Helper project using a technique I call XAML Injection. The idea is that you deploy the .xaml file for your activity and the XamlInjector class uses it as input to create a test version of the XAML with the mock classes instead of the real ones.
For example, here is a test activity that calculates a sum of numbers returned from the various test activities. Each test activity returns the number at the end of its name so TestActivity1 will return 1.
Without Xaml Injection the calculated sum for this activity should be 1+1+1+4+4=13.
Suppose I wanted to replace some of the activities with special Mock activities. In that case I create Mock activities that have the same “interface” (Properties and In/Out arguments) as the activity they are mocking.
Then I create a XamlInjector and tell it about the activity types I want to replace. In the following example I’m going to leave the first instance of TestActivity1 in place, replace the second with TestActivity2 and the third with TestActivity3 and I want to replace all instances of TestActivity4 with TestActivity5. The resulting test version of the activity will calculate a sum of 1+2+3+5+5=16.
[TestMethod]
[DeploymentItem(@"WorkflowTestHelper.Tests\TestInject.xaml")]
public void ShouldReplaceTypesInXaml()
{
var xamlInjector = new XamlInjector("TestInject.xaml");
// The first TestActivity1 will not be replaced - will add 1 to sum
// Replace the second TestActivity1 with TestActivity2 - will add 2 to sum
xamlInjector.ReplaceAt(1, typeof (TestActivity1), typeof (TestActivity2));
// Replace third TestActivity1 with TestActivity3 - will add 3 to sum
xamlInjector.ReplaceAt(2, typeof (TestActivity1), typeof (TestActivity3));
// Replace all (2) TestActivity4 with TestActivity5 - will add 10 to sum
xamlInjector.ReplaceAll(typeof (TestActivity4), typeof (TestActivity5));
var activity = xamlInjector.GetActivity();
Debug.WriteLine(string.Format("Invoking Injected XAML activity {0}", activity.GetType()));
var wiTest = new WorkflowInvokerTest(activity);
// Act
wiTest.TestActivity();
// Total should be 1+2+3+10=16
wiTest.AssertOutArgument.AreEqual("sum", 16);
}
Special thanks to Dan Glick for helping me with the XamlReader/Writer code in this release.
Check it out – download Workflow Test Helper today!
by community-syndication | Sep 24, 2010 | BizTalk Community Blogs via Syndication
Pluralsight is pleased to provide all MSDN Subscribers with a FREE 1-Month Standard Subscription to the entire Pluralsight On-Demand! .NET training library.
The On-Demand! library features a wide range of beginner, intermediate, and advanced training courses on current and emerging Microsoft technologies, authored by our renowned team of Microsoft MVPs and RDs. The library contains courses on ASP.NET 4.0, MVC 2.0, Silverlight 4, Windows Azure, Visual Studio 2010, SharePoint 2010, SQL Server 2008, BizTalk Server 2009, and .NET Framework 4.0. The library also covers topics that will make you a better developer – things like design patterns, coding principles, software practices, and higher-level architecture.
To take advantage of this limited time offer, browse to the MSDN Subscriptions Special Offers page and follow the instructions for the Pluralsight On-Demand! offer. Note: you must be signed in to your MSDN Subscriptions account for this page to work.
by community-syndication | Sep 24, 2010 | BizTalk Community Blogs via Syndication
The way security is often still handled these days with each application keeping track of their own users is somewhat dated. Some form of Federated security, where a single separate server is responsible for the security of a whole series of applications, is the way to go. On the internet there are plenty of examples of this with applications using things like OAuth and leaving their security to others. In windows the preferred form of federated security is through Windows Identity Foundation and it is real easy to secure an ASP.NET site or WCF service using Windows Identity Foundation.
How about securing a workflow service?
As a workflow 4 service is just another WCF service securing it is just as easy as the steps below will demonstrate.
Before we start we need to install Windows Identity Foundation and the related WIF SDK using the two links provided.
To start with I created a small workflow service and a simple client application. No security yet and the client works as expected.
The console app is real simple and looks like this:
static void Main(string[] args)
{
try
{
var proxy = new ServiceClient();
var data = proxy.GetData(42);
Console.WriteLine(data);
}
catch (Exception ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine(ex.Message);
Console.ResetColor();
}
Console.ReadLine();
}
The service web.config is also standard and pretty short:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings />
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
This just works as expected and when I run I see the following output:
Securing this service using Windows Identity Foundation
First thing we need when we want to use WIF is a Security Token Service which will handle the actual security checks and provide the application with the required claims. There is an add-on for Active Directory on Windows 2008 we could use but in this case I am going to use the StarterSTS Dominick Baier wrote. Instead of hosting this myself I am going to use a publicly available instance hosted here by Thinktecture.
Adding the STS to the service is quite easy. With the WIF SDK another VS2010 menu option and wizard was installed to guide us through the process. One important thing is that VS2010 must run as administrator else this wizard will fail to complete.
The first page wants to know about the config file and the service URL used.
In the next page select existing STS and enter the address where the STS federation metadata is located, in the case of the Thinktecture StarterSTS this is https://identity.thinktecture.com/stsdm/FederationMetadata/2007-06/FederationMetadata.xml
Next specify to use encryption, using a default generated certificate will do just fine now.
And that is all we need, click through and select finish. If Visual Studio isn’t run in admin mode this will result in an error, if this happens just restart VS2010 with admin privileges and do it again.
After this wizard has completed the web.config file will contain quite a bit more data and look something like this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
</system.web>
<system.serviceModel>
<bindings>
<ws2007FederationHttpBinding>
<binding>
<security mode="Message">
<message>
<issuerMetadata address="https://identity.thinktecture.com/stsdm/users/issue.svc/mex" />
<claimTypeRequirements>
<!--Following are the claims offered by STS 'http://sample.thinktecture.com/trust/stsdm'. Add or uncomment claims that you require by your application and then update the federation metadata of this application.-->
<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" isOptional="true" />
<add claimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" isOptional="true" />
<!--<add claimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" isOptional="true" />-->
<!--<add claimType="http://sample.thinktecture.com/claims/office" isOptional="true" />-->
</claimTypeRequirements>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<federatedServiceHostConfiguration />
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<!--Certificate added by FedUtil. Subject='CN=DefaultApplicationCertificate', Issuer='CN=DefaultApplicationCertificate'.-->
<serviceCertificate findValue="CB484E11B065E559BB9D7221F0178E3C12848381" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<extensions>
<behaviorExtensions>
<add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</behaviorExtensions>
</extensions>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
</protocolMapping>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<microsoft.identityModel>
<service>
<audienceUris>
<add value="http://localhost:1533/Service1.xamlx" />
</audienceUris>
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<trustedIssuers>
<add thumbprint="7974900A2BB2829BE987C17D2F4503F07C321032" name="http://sample.thinktecture.com/trust/stsdm" />
</trustedIssuers>
</issuerNameRegistry>
</service>
</microsoft.identityModel>
<appSettings>
<add key="FederationMetadataLocation" value="https://identity.thinktecture.com/stsdm/FederationMetadata/2007-06/FederationMetadata.xml" />
</appSettings>
</configuration>
The most important part is the <microsoft.identityModel> section which contains the Windows Identity Foundation setup.
If we run the client now we will see an exception with the following text:
Content Type text/xml; charset=utf-8 was not supported by service http://localhost:1533/Service1.xamlx. The client and service bindings may be mismatched.
No big surprise as the client isn’t aware yet of the new security measures and still sends a request using the BasicHttpBinding. To get the client to work we need to do an update service reference on the generated proxy. This will generate a new customBinding with all required Windows Identity Foundation settings.
Because the STS Dominick Baier has running supports multiple ways the user can authenticate, either username/password or certificate, we still need to fix the configuration a bit. Locate the <issuedTokenParameters> element used and replace it with the first one from the <alternativeIssuedTokenParameters> block using https://identity.thinktecture.com/stsdm/users/issue.svc/mixed/username address.
Running the client application now results in the following error:
SOAP security negotiation with 'https://identity.thinktecture.com/stsdm/users/issue.svc/mixed/username' for target 'https://identity.thinktecture.com/stsdm/users/issue.svc/mixed/username' failed. See inner exception for more details.
This makes sense as re haven’t specified any user credentials for the client yet. Adding the user student with password abc!123 through the client proxy solves this. The client code now looks like:
static void Main(string[] args)
{
try
{
var proxy = new ServiceClient();
proxy.ClientCredentials.UserName.UserName = "student";
proxy.ClientCredentials.UserName.Password = "abc!123";
var data = proxy.GetData(42);
Console.WriteLine(data);
}
catch (Exception ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine(ex.Message);
Console.ResetColor();
}
Console.ReadLine();
}
And now the client can work just fine with the secured service thanks to the StarterSTS hosted by Dominick.
Enjoy!
www.TheProblemSolver.nl
Wiki.WindowsWorkflowFoundation.eu
