Op 15 februari vanaf 18u15 geeft Beth Massi een gratis Masterclass Visual Studio LightSwitch. Wees er snel bij, want je kunt je tot 10 februari inschrijven en er is een beperkt aantal plaatsen. Zie de uitnodiging hieronder voor meer informatie.

Programming Amazon EC2 by Jurg van Vliet and Flavia Paganelli is practical in nature and takes you through all the steps to create and configure accounts, develop applications, and deploy applications. If you’re new to Amazon EC2 (and related services) this is definitely a good place to start, because it goes through all the components Amazon offers, such as S3/Cloudfront and RDS for data storage. It also looks at how you can setup your application to scale up and down, and ensure your application has excellent uptime. The book takes you by the hand based on some applications the authors have created themselves. Although this approach makes the book practical, it sometimes reads as (irritating) marketing for their applications.

Workflow Services in .NET 4 allow you to do long running processes. But when you do that, there's an interesting question: when a workflow has been suspended, under which user is the workflow running when it is active again. To answer this question I created a simple workflow that writes the user in the current thread to a log. On the initial call, the user making the call was logged (in this case I used Windows Identity Foundation to authenticate, but this should be the same for all types of authentication). After a Delay of a minute that user was gone, and instead the user in the current thread was unauthenticated. This means that any code you call from the workflow can't rely on Thread.CurrentPrincipal to get the proper authorizations. You have to save the user, and somehow reinstate principal so it runs under the original context. Alternatively you can use some form of delegation.

Working with Windows Idnentity Foundation can be quite a minefield. Solve one issue, and the next creeps up. Because it's all these little tweaks to make it work, I often find myself thinking "How did I solve that last time?" One of those issues is the exception

Could not establish trust relationship for the SSL/TLS secure channel with authority 'somesite.runningunder.ssl'

There are two reasons why you can run into this exception, each discussed below.

The certificate isn't trusted and/or the URL doesn't correspond with the URL in the certificate. If this is the case, you get certificate warnings when you browse to the service WSDL with a browser. The best way to solve the former is to have your (development) environment work with certificates it trusts. This means setting up a Certificate Authority (Active Directory Certificate Services), placing the root CA certificate in the Trusted Root Certificates of the machine your clients (and services) run on, issuing the needed certificates from the CA, and placing these where they are needed. Alternatively, you can just add a single line of code to your client so it ignores certificate issues before you do any service call:

System.Net.ServicePointManager.ServerCertificateValidationCallback =
    ((sender, certificate, chain, sslPolicyErrors) => true);

WARNING! ONLY USE THE ABOVE CODE FOR DEVELOPMENT PURPOSES. IT IS NOT SECURE.

If after you've done the above you still get an exception, the above code is likely not even being hit. That means you (also) have the problem below.

You've setup identity trust in your client, and the certificate reference is incorrect. This often happens when you copied some configuration from somewhere, and forgot to change the corresponding certificate reference. The red stuff in the client configuration below (which is much longer in a real configuration) is the culprit. It should contain the encoded certificate.

<system.serviceModel>
  <client>
    <endpoint address="https://YourServer/Service1.svc"
              binding="customBinding"
              bindingConfiguration="CustomBinding_IService1"
              contract="ServiceReference1.IService1"
              name="Service1Binding">
      <identity>
        <certificate encodedValue="MIIF5jCCBM6gAwIBAgIKYSt2tQA..."/>
      </identity>
    </endpoint>
  </client>
</system.serviceModel>

To solve this, you need to get the base64 encoded certificate string, and paste it in place of what's in there now. To get it you can do the following:

1. Browse to the endpoint with your browser.
2. View the certificate information.
3. Save the certificate to file.
4. Open the certificate with notepad.
5. Copy the encoded value between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- placeholders.
   

I've been working with WCF for quite a while, and every so often I run into this exception:

ArgumentException: The provided URI scheme 'https' is invalid; expected 'http'.Parameter name: via

The problem is obvious. You're trying to access a service under HTTPS, but it's being called with HTTP. Under most bindings you can solve this by adding somehting like this to the client binding configuration:

<binding name="MyBinding"> 
  <security mode="Transport"> 
    <transport clientCredentialType="None" /> 
    <message clientCredentialType="None"
             negotiateServiceCredential="false"
             establishSecurityContext="false" />
  </security> 
</binding>

When you use a (custom) ws2007FederationHttp binding, for instance when working with Windows Identity Foundation, the above won't work. In that case you need to look in the binding for the <httpTransport> element and replace it with <httpsTransport>.

Recently I had the pleasure of diving into audit logging. I’m working on a government project which involves the law making process, so it is imperative that all database changes are completely traceable. That means that we need to be able to trace who made which changes and when. We’re working with latest and greatest version of SQL Server (i.e. SQL Server 2008 R2), which has a feature called SQL Audit. Reading the documentation SQL Audit seemed to do everything we need, except that it doesn’t know which application user is making the changes. This is logical since it is a web application and we’re using delegation. For this reason we were already planning to have the application send along the user id when it does an insert, update or delete, and we decided to only logically delete a record. So far so good.

When it came to testing, we quickly found that SQL Audit logs the SQL statement making the change. Sounds right doesn’t it? Well actually it isn’t. LINQ-to-SQL, LINQ-to-Entities and other O/R Mappers use parameter queries, and in fact if you edit records in the SQL Management Studio UI, the same is true. The problem is that the parameters are not part of the SQL statement being logged! So we can see which database user made what kind of change, but not which data was changed, and hence not which application user made the change either. Back to the drawing board :(.

In reviewing our options, we looked at:

• All logging in the O/R Mapper: Not an option, because we need to know what DBA’s do too.
• SQL Trace: not recommended by Redmond, and it takes a huge performance hit.
• Triggers: in transaction, taking enormous performance hit.
• C2 auditing: tracks all changes, so it gathers huge amounts of data, not easily searchable.
• Change Data Capture: really for BI purposes, deleted after three days, no indication of the user making the change.

All of the above options have some sort of problem associated with it. The conclusion is that there is no single solution, unless Microsoft fixes the SQL Audit issue (you can vote on it here: https://connect.microsoft.com/SQLServer/feedback/details/624935/sql-server-2008-database-audit-on-insert-update-and-delete-actual-sql-and-not-parameter-values).

We now do the following:

1. In the Data Access Layer add the application user that did the insert or update in an extra field on the table.
2. Only do logical deletes (i.e. add a “Deleted” flag to a table).
3. Track all changes using Change Data Capture (which uses the transaction log and therefore has less impact on performance).
4. Export CDC data to an “Audit Database” periodically (like using a data warehouse).
5. Use SQL Audit for all changes done by a database user other than the DB account used by the application.
6. Export SQL Audit logs to the Audit Database periodically.

By cross referencing SQL Audit and CDC data, we can figure out who changed what if the change was made outside the application.

I just upgraded my blog to the latest version of dasBlog. I also moved to another hosting provider. All content has been migrated, but there may be links that are not working on very old posts. I'll check these in the coming days so everything works as it should. If you happen to run ito problems, let me know.

I'm currently working on a project where we have a lot of semi-independent moving parts. One aspect is that we communicate with different applications, in a BizTalk style manner. We do this using Workflow Services to ensure delivery and have fault tolerance when running inside Windows Server AppFabric (see my post What is Windows Server AppFabric and why should I use it?). However, we wanted to ensure that these Workflow Services all provide the same interface from out side of the application, so we can call into them generically. This by the way happens when a status changes occurs on some entity we use. Getting the Workkflow Services to expose the same contract (more or less) is relatively easy. You just ensure that all services use the name namespace, operation name, and parameters. However, calling those generically through WCF was a bigger challenge. Basically we have a table with state transitions, which can hold some string of information about what to do. The choice we made is to have this string be equivalent to the endpoint configuration in the web.config file. Now all we need is a correct WCF contract, and off we go. That took a little tweaking too, but with the help of the below two posts by Ron Jacobs, we were able to pull it off:

• How to make a WorkflowService implement a contract
• How to eliminate tempuri.org from your service WSDL

Thanks Ron!

Yes, HTML is great. HTML5 (now just known as HTML) is going to be great. It will finally bring that much needed functionality it’s been lacking all these years, and cross-platform to boot. All the major browser vendors are saying HTML is great, and that their browser supports it best. So what could possibly be wrong? Well, for one the browser really seems to be an out-of-date mechanism to provide rich functionality. As an application platform it’s coming apart at the seams, because users want applications that work awesome on their device of choice. Forget the clunky, lowest common denominator browser-based interface, users want Apps with a capital A!

So while one side of the industry is focusing on standardizing on HTML, the other side (within the same companies) is moving in an entirely different direction. The amazing number of apps available and the growth rate in the Apple AppStore, and the Android and Windows Phone equivalents, is the best evidence that this is actually working better. Cross-platform? Forget it! Cross-platform is slow(er), one size fits all, and most important… not sexy.

Don’t underestimate the importance of being sexy. Let me explain by example. The Dutch government has all laws published on the web at wetten.nl. That means it works in all modern browsers on all platforms, including tablets and phones. There’s no flash involved or anything, so it is truly cross-platform. Also, this is very much in line with efforts of recent years to have the entire government use open standards and open source (see NOIV at http://noiv.nl/service/english/). With mobile touch devices on the rise, the user interface of wetten.nl might need an update to be more suitable to touch and smaller screens. Since the website is all HTML, CSS, and JavaScript, the obvious and NOIV route would be to make adjustments to suite the upcoming devices. But what happened instead? An iPad App was built. Is this a logical choice? Nope, not even close. Even if you don’t look at NOIV and look at reach. The website has a far wider reach, and if you wanted to do something beyond that, well there’s a whole lot more Windows PCs out there than there are iPads. Not to mention that it leaves other devices out in the cold. So really, that much effort (and tax payer money) to build an App that adds nothing? Yep, that’s what “sexy” does.

But wait, isn’t Microsoft betting on HTML with Windows 8? Maybe, but I’m not 100% sure about that one yet. Also, Microsoft isn’t known for its choices when it comes to mobile devices. Microsoft sort of invented the tablet almost 10 years ago, but Apple has taken the credit. Microsoft phones haven’t done particularly well, although Windows Phone shows promise. I love mine actually, but I rarely open the browser on that thing. It’s all apps (yup, guilty!)

Where does this leave us? Well, HTML is going to be around for a long long time, but as things are going it will go back to its original purpose: browse information, and primarily for PCs. PCs which are some are already saying are “legacy devices” (I personally believe we’ll move more to hybrid devices, and different devices connected like with Dropbox, Skydrive, iCloud etc.) For the development community this is actually great. Where previously users were complaining about stuff not being cross-platform, they are now actually demanding customized apps for the specific platform they are using, and the government actually tramples over its own guidelines. This means developers have an excuse to have to build an app for at least two or three platforms, so we won’t be out of a job anytime soon. That said, it means that what’s going on at the server is getting more important, because we have to reuse functionality at some level for the costs not to get out of hand. Enter cloud computing, which is great for developers like me: graphically impaired. This by the way is also great for internet providers, providing they can keep up with the bandwidth demand.

As a developer all I can say is thank you Mr. Jobs for putting users with their nuts in the bear trap, and loving it.

In recent years the development story for Internet Explorer wasn't particularly appealing. If you wanted to fix CSS and JavaScript errors, IE was definitely not the tool you wanted to use. Also, seeing what was going over the wire wasn't possible with IE, and as a result developers flocked to FireFox and other browsers offering (plugins) to help with these issues. You don't have to be a genius to understand that in the long run this wasn't helping IE in terms of market share. And with the renewed focus on webbased (HTML5) apps, Microsoft has stepped up and produced built in developer tools, also known as the F12 developer tools. So, what's in there and what can you do with it?

What's taking so long?

As with IE8, there are inspector tools for HTML, CSS, and script. Since I am by no means an HTML/CSS guy, I'm not the best judge when it comes to these tools, but for what I need from those I've been pretty satisfied. For me, the new profiler and network tools are much more interesting, because they respectively hook into the browser rendering engine and what's going over the wire with HTTP. If you've been using tools such as Fiddler or HttpWatch, the latter of the two should be more or less familiar. As you can see in the image below, it shows all the HTTP requests going out to the server, when in the timeline these requests were going out, and how long that took. If you've never seen something like this, you can see that this provides great insight into what goes down under the covers.

If you need more details about the timing information, you can select one of the items, and see more. As you can see below, that information doesn't only include HTTP information, but also information about the time it took to render and JavaScript to fire. If there's a page that is slow to appear in the browser screen, this will give you great insight into where your time is going.



Is this functionality better than commercial tools such as HttpWatch? Not at this time, but I have a feeling Microsoft isn't done yet. Tools like that are specialized, and Microsoft is playing catchup. One annoying thing I found is that if I have multiple requests bouncing back and forth, filling in a form, etc. IE9 tools will only show me the last interaction. It could be I'm missing something, but I haven't been able to figure out how to see the whole list of requests since I started capturing, and I'm too lazy to figure it out. That means I find myself going back to HttpWatch for that (at the moment). That said, the tooling is good, so if you don't want to spend the extra dime for other tooling, this will do in most cases. Except of course that this only works in IE9, whereas some of the tools out there work in multiple browsers. But wait... there's more.

What I'm I getting?

An interesting question is always: what HTML will a certain browser actually get. This is where the F12 tools have another nice new feature. You can change the user agent string the server is receiving, and as a result inspect what happens on the HTML, CSS, script side when other browsers come in. Obviously this doesn't make IE9 behave itself as one of the other browsers, but it can provide nice insights nonetheless, especially to tweak what robots are seeing.

How will it look?

The last thing that I fond really useful is the ability to change the browser so you can check the user experience for users with different settings. As you can see from the image below, you can disable css, script, and the pop-up blocker. In the environment I'm working in now, there's often the need to see whether everything still works if JavaScript is disabled, and there this is a great tool. It definitely beats going into the browser settings and changing these settings every time you have to test.



Last but not least, you can easily resize the browser screen to fit a certain size. I always used Windows Sizer for this, but having this built in is better, because I rarely use it for anything but webdevelopment.

What's more?

There's a whole bunch of stuff I haven't gone into here, so I advise you to play around with the F12 tools for a while. I'm also betting we'll see a lot more where this came from in the not too distant future. Microsoft is investing heavily in HTML5, and is actually trying to use "the best HTML5 support" as a unique selling point for Windows.