Subscribe: Paolo Pialorsi - Bridge The Gap!
Added By: Feedage Forager Feedage Grade B rated
Language: English
authentication  bytes bytes  bytes  configuration  custom  message  microsoft  net  public  ref message  security  service  wcf 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Paolo Pialorsi - Bridge The Gap!

Paolo Pialorsi - Bridge The Gap!

Living in a Service Oriented World


Microsoft SharePoint 2010 Developer Reference

Sat, 02 Apr 2011 07:31:13 GMT

Starting from today it is available my latest book about SharePoint 2010.


It has been a huge task to write this book and it took me almost 100% of the last year. However, I really like the result and I hope you will enjoy reading it. I’d like also to announce the availability of a new web site and blog about SharePoint 2010 development: .

Here you will find useful information and blog posts about developing solutions with Microsoft SharePoint 2010 and Microsoft Office 365.


In the mean time, I’m looking forward to meet you at the upcoming Microsoft SharePoint & Office Conference 2011 which will take place in Milan from 19th to 21st of April.

Programming Microsoft LINQ in Microsoft .NET Framework 4

Thu, 02 Dec 2010 17:00:00 GMT

It is available my latest book about LINQ in .NET 4.0. You can find it here. It is a complete reviewed edition starting from the previous one. We (I and Marco Russo) wrote 6 new chapters and updated 5 already existing chapter.

The result is a book that I really like. Hope you will like it, too. Now I’m working on the SharePoint 2010 Developer Reference, which will be released in early 2011.

Enjoy your reading!

My TechEd 2008 EMEA Session's demo files: OFC03-IS

Mon, 24 Nov 2008 08:44:15 GMT

Here you can find the demos of my last TechEd 2008 EMEA Session about "Deploying and Updating SharePont Solutions using features and templates". I hope you enjoy them.

Amazing TechEd Online interview about being a book author

Thu, 05 Jun 2008 16:54:36 GMT

On Tuesday I and my friend Marco Russo have been interviewed by Ken Rosen about our book writing experience. In fact a couple of weeks ago became available our last book about LINQ. The interview focuses on the book itselft, but also on the experience to being an author for Microsoft Press.

If you are interested ... please have a look at the video (high res - low res) from TechEd Online officale web site and don't lose the chance to hear our strictly Italian English :-)

WCF Security Guidance: Patterns & Practices

Sun, 18 May 2008 07:53:05 GMT

As you can argue reading this blog, I'm a WCF lover and in particular I'm really crazy for it's security infrastructure and architecture. Some Microsoft guys have made available a set of great contents ("how tos", "application scenarios", "guidelines", "practices" and "Q&A") indeed to help the community of WCF developers to build secure and interoperable WCF Services. The project is really interesting and I suggest you to take a look at it, before implementing a real WCF solution.

WCF configuration default limits, concurrency and scalability

Sun, 23 Mar 2008 17:47:22 GMT

Often I need to enumerate to my customers all the main configuration parameters related to default limits, concurrency and scalability of WCF, thus I decided to keep truck of all those parameters and features in order to have a unique place for reference. From a configuration point of view, WCF provides some parameters that influence the availability and scalability of solutions. These parameters are: configuration/system.serviceModel/behaviors/serviceBehaviors/behavior/serviceThrottling/@maxConcurrentCalls: defines the maximum number of messages actively processed by all the service instances of a ServiceHost. The default value is 16. Calls in excess of the limit are queued. configuration/system.serviceModel/behaviors/serviceBehaviors/behavior/serviceThrottling/@maxConcurrentInstances: defines the maximum number of service instances that can execute at the same time. The default value is Int32.MaxValue. Requests to create additional instances are queued and complete when a slot below the limit becomes available. configuration/system.serviceModel/behaviors/serviceBehaviors/behavior/serviceThrottling/@maxConcurrentSessions: defines the maximum number of sessions that a ServiceHost instace can accept at one time. The default value is 10. The service will accept connections in excess of the limit, but only the channels below the limit are active (messages are read from the channel). These configuration parameters can also be configured by code using the ServiceThrottlingBehavior configuration. Another set of interesting configuration parameters are those related to the default limits of messages, serialization measures, etc. of the various bindings. Here are the main ones, with the default values for each of the main bindings:   Parameter Description basicHttpBinding basicHttpContextBinding netMsmqBinding netNamedPipeBinding netTcpBinding netTcpContextBinding webHttpBinding wsHttpBinding wsHttpContextBinding wsDualHttpBinding ws2007HttpBinding maxBufferPoolSize An integer value that specifies the maximum amount of memory that is allocated for use by the manager of the message buffers that receive messages from the channel. The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  The default is 8 bytes. The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  The default is 524,288 bytes (512 * 1024 = 0x80000 = 512Kb).  maxBufferSize  An integer value that specifies the maximum size, in bytes, of a buffer that stores messages while they are processed for an endpoint configured with this binding. This value cannot be less than the next maxReceivedMessageSize attribute. The default is 65,536 bytes (64Kb). The default is 65,536 bytes (64Kb). Not Available The default is 65,536 bytes (64Kb). The default is 65,536 bytes (64Kb). If the transferMode attribute equals to Buffered, this attribute should be equal to the maxReceivedMessageSize attribute value. If the transferMode attribute equals to Streamed, this attribute cannot be more than the maxReceivedMessageSize attribute value, and should be at least the size [...]

Handling custom SOAP headers via WCF Behaviors

Mon, 25 Feb 2008 10:13:14 GMT

A few days ago a customer of mine asked me how to define a WCF behavior to add a custom SOAP Header to sent/received messages. The solution is not so far from what I've shown in the previous "Writing a WCF Message Inspector" post. In fact one way of working is to define a custom message inspector that writes/reads the custom SOAP Header. So first of all we need a SOAP Header. Here is the code to define a custom header to handle a random key (as a Guid) injected in every request sent from the consumer to the service: public class CustomHeader : MessageHeader{    private String _key;     public String Key    {        get        {            return (this._key);        }    }     public CustomHeader(String key)    {        this._key = key;    }     public override string Name    {        get { return (CustomHeaderNames.CustomHeaderName); }    }     public override string Namespace    {        get { return (CustomHeaderNames.CustomHeaderNamespace); }    }     protected override void OnWriteHeaderContents(System.Xml.XmlDictionaryWriter writer, MessageVersion messageVersion)    {        // Write the content of the header directly using the XmlDictionaryWriter        writer.WriteElementString(CustomHeaderNames.KeyName, this.Key);    }     public static CustomHeader ReadHeader(XmlDictionaryReader reader)    {        // Read the header content (key) using the XmlDictionaryReader        if (reader.ReadToDescendant(CustomHeaderNames.KeyName, CustomHeaderNames.CustomHeaderNamespace))        {            String key = reader.ReadElementString();            return (new CustomHeader(key));        }        else        {            return null;        }    }} public static class CustomHeaderNames{    public const String CustomHeaderName = "CustomHeader";     public const String KeyName = "Key";     public const String CustomHeaderNamespace = ""; } As you can see it is a type inheriting from MessageHeader class. Notice the OnWriteHeaderContents override, which is invoked by WCF infrastructure to serialize the SOAP Header, and the ReadHeader static method that we will use later. Such a SOAP Header need to be added by the consumer and read by the service. To do this we need a MessageInspector like the following one: public class CustomMessageInspector : IDispatchMessageInspector, IClientMessageInspector{    #region Message Inspector of the Service     public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)    {        // Look for my custom header in the request        Int32 headerPosition = request.Headers.FindHeader(CustomHeaderNames.CustomHeaderName, CustomHeaderNames.CustomHeaderNamespace);    [...]

WCF Security Full Demo

Sun, 16 Dec 2007 15:57:55 GMT

Here you can find the last version of a sample application showing many of the security features and configuration of WCF in the fields of security.
I've just updated it in order to release it during my last WebCast about WCF Security for MSDN Italy.

In this sample you can see (adding/removing endpoints and configuration elements from the config file):

  • Windows Authentication and Windows Authorization via transport level security on basicHttpBinding
  • Windows Authentication and Windows Authorization via message level security on wsHttpBinding
  • UsernamePasswordToken Authentication with ASP.NET Membership and ASP.NET Role Authorization via message level security on wsHttpBinding
  • UsernamePasswordToken Authentication with custom validator via message level security on wsHttpBinding
  • Authorization using a custom Authorization Policy
  • Impersonation using Windows credentials
  • Custom impersonation of custom Principal and Identity
  • Handling of multiple identities (one Primary plus others)
  • A quick and basic sample of interoperability with ASMX consumers using a custom UsernamePasswordToken over SSL, in the respect of WS-Security and WSS UsernameToken Profile 1.0 by Oasis, without using WSE

Enjoy and feel free to give me your feedbacks or further suggestions.

SharePoint custom authentication with Windows CardSpace

Thu, 30 Aug 2007 17:28:00 GMT

Today I and Roberto Brunetti (Italian Blog) worked on one of the speeches we're going to held at the upcoming SharePoint Conference 2007.

The session is about SharePoint Custom Authentication and we really enjoyed playing with a CardSpace based authentication solution. It tooks a little bit more than half a day to make it working, but the result is really brilliant!

We defined a Publishing Portal with anonymous access and Forms Based Authentication, able to map an InfoCard to the FBA idenditity managed by the configured Membership Provider. Many thanks to Dominick Baier for his great CardSpace Control for ASP.NET that we referenced from our code, in order to make simpler the implementation of this solution.

Here are some screenshoots:






And a brief video of the result:

Writing a WCF Message Inspector

Thu, 23 Aug 2007 20:57:44 GMT

A WCF MessageInspector is a kind of a "message filter" that we can develop on the service or on the consumer side, in order to intercept and inspect the messages coming in or going out of the service layer infrastructure. In order to define a Message Inspector on the consumer side we need to implement the IClientMessageInspector interface, while on the service side we need to implement the IDispatchMessageInspector interface. Here are their definitions:public interface IClientMessageInspector { void AfterReceiveReply(ref Message reply, object correlationState); object BeforeSendRequest(ref Message request, IClientChannel channel); } public interface IDispatchMessageInspector { object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext); void BeforeSendReply(ref Message reply, object correlationState); } As you can see both these interfaces define a couple of methods that allow to access the Message (System.ServiceModel.Channels.Message) just before sending it, regardless it is a Request (IClientMessageInspector) or a Response (IDispatchMessageInspector), and just after receiveing it, again regardless its direction. It's very important to underline that the message provided to this methods is a "by reference" parameter, because this allows our Message Inspector implementations to change the message while it is moving along the service model pipeline. In fact the ref Message parameter can be used to read the SOAP message using one of the methods of the Message type (like ToString(), GetBody(), GetReaderAtBodyContents(), etc.) or can be completely changed using a new Message instance, written through the writing methods of the Message type (WriteBody(...), WriteBodyContents(...), WriteMessage(...), etc.).One of the most useful methods of the Message type is the CreateBufferedCopy one, which allows to create a MessageBuffer instance that is a buffered copy of the source message useful to XPath navigate its content. The MessageBuffer type allows also to recreate a Message instance from the buffer using the CreateMessage() method. Here is an example of a service-side Message Inspector used to output to the Console any received and sent message:public class ConsoleOutputMessageInspector : IDispatchMessageInspector { public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext) { MessageBuffer buffer = request.CreateBufferedCopy(Int32.MaxValue); request = buffer.CreateMessage(); Console.WriteLine("Received:\n{0}", buffer.CreateMessage().ToString()); return null; } public void BeforeSendReply(ref Message reply, object correlationState) { MessageBuffer buffer = reply.CreateBufferedCopy(Int32.MaxValue); reply = buffer.CreateMessage(); Console.WriteLine("Sending:\n{0}", buffer.CreateMessage().ToString()); } } As you can see I create a copy of the message instance, using the CreateBufferedCopy() method, and the I write it using the ToString() of the Message type. Another example of Message Inspector could be the following one, used to write to the console every single SOAP Header contained in the message that moves through the message pipeline:public class ConsoleOutputHeadersMessageInspector : IDispatchMessageInspector { public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext) { MessageBuffer buffer = request.CreateBufferedCopy(Int32.MaxValue); request = buffer.CreateMessage(); Message originalMessage = buffer.CreateMessage(); foreach (MessageHeader h in originalMessage.Headers) { Console.WriteLine("\n{0}\n", h); } return null; [...]

.NET 3.5 June CTP and ADO.NET EF June CTP

Mon, 02 Jul 2007 05:43:00 GMT

Today have been published the new June CTP refresh of .NET Framework 3.5 and ADO.NET Entity Framework. Many new features and changes are available in this last CTPs, in particular in the fields of ADO.NET EF.

Acropolis, CAB + WPF, PageFlow. What should I suggest to use?

Fri, 08 Jun 2007 00:07:09 GMT

I'm going to be confused. During the last three days we've seen:

  • Acropolis: a set of tools to make it easier to develop UI based solutions. Seems to be a good idea to make able every developer to write code as markup, regardless of what's happining under the cover. One of the annunced features is workflow support and integration, in order to drive UI through workflows. Sounds good.
  • PageFlow: today Matt Winkler (what a great guy!) annunced on his blog a new workflow template, called PageFlow, that allows to define workflow driven UI solutions, able to control Windows Form, ASP.NET and WPF UI independently. Sounds good too.
  • CAB+WPF: yesterday have been announced the availability of CAB + WPF, i.e. a CAB / SCSF that support WPF. It's good, but in Acropolis overview session the speaker said that Acropolis, on a long time schedule, will replace SCSF. Also Gleen Block said the same thing on his blog. So CAB + WPF sounds good too, but how long it will be good and available?

To summarize we have three different solutions, somewhere overlapping, somewhere not, all coming from Microsoft, all apparently not fully supported because they're not boxed solutions, but "models" downloadable, like patterns and practices and software factories. What should I suggest to my customers to use?

Probably the best suggestion I can give to my customers, as I always do, is to take inspiration from all of these solutions and to build his own one, just to be sure that it will be supported on a long time schedule. On the other side it would be great to have a unique and affordable direction from Microsoft.

What's going on with C#, XAML and .NET: we can see just the top of the aisberg ... I'd like to touch the whole future that's coming

Wed, 06 Jun 2007 19:36:10 GMT

Today, like many other TechEd attendee, I attended the session of Chris Anderson. It was a very effective presentation, about how to leverage XAML markup serialization to represent code with markup. The idea is obviously smart, above all because you can imagine a software written in markup and compiled and executed on a case by case basis, using WPF, SilverLight, whatever ... depending on the client environment, but with always the same XAML code under the cover.

By the way I think this is not the only positive side effect of markup programming (let me call it this way). The real power of this new technique of programming is that you can concentrate on what you want (write message, save customer, load report, sell product, etc.) and you don't need to focus on how to achieve your result. This means not only declarative programming, but also multi-platform support and above all parallel programming, transparent to the developer. WF programming represents a first step toward this goal.

I guess what we've seen today was just a drop in the sea of what's going on ... I'd like to see more ... :-)

WF hosting in BizTalk 2006? Sure!

Tue, 05 Jun 2007 23:37:41 GMT

Today was announced at TechEd 2007 the availability of a new tool to host WF workflows into BizTalk Server 2006. Sounds a good idea and confirms, like in this post of Paul Andrew, that WF will have a main role in future releases of BizTalk Server.

Many times, when I teach WF, people ask me what about BizTalk overlapping. I always answer that BizTalk Server is an application server to orchestrate messaging solutions, while WF is a base framework to build your own workflow solutions, but I also admit that a WF based BizTalk could be a good solutions to have a "zero-implementation-cost" hosting solution for real and scalable workflows defined with WF.

ADO.NET Synchronization Services

Tue, 05 Jun 2007 15:06:26 GMT

I've just attended a session about Smart Client development with Visual Studio Orcas. One of the most interesting new features are Synchronization Services, because you can leverage SQL Server Compact Edition 3.5, to manage offline data cache, with automatic synchronization with a backend SQL Server. Sounds a good idea, by the way I'm wondering if there's a way to enpower this infrastructura with entities rather than with DataSet and typed DataSet.

Visual Studio 2005 Extensions for WSS3 v. 1.0

Tue, 05 Jun 2007 00:50:12 GMT

I've just attended a practical session about the RTM of VS2005 Extensions for WSS3. This Visual Studio Add-in allows to define Web Part, Site Definition, List Definition and SharePoint solutions, easily and quickly working within Visual Studio 2005. Sounds interesting the SharePoint Solution Generator utility, useful to convert a concrete site definition, defined using SharePoint Designer, into a Site Definition to deploy many times. Here you can download it.

Pay attention: the product works only with WSS3 installed on the same machine.

TechEd 2007 - First Day is going to finish

Mon, 04 Jun 2007 20:11:15 GMT

Today was not very exciting. The Keynote was not so brilliant, without any announcement or beta preview. By the way we know that TechEd is not a "wow" event like PDC, and this year PDC is under rescheduling ... so probably there's nothing really exciting at all.

Windows Server 2008 is almost known and available as CTP and beta; SQL Server 2008 (aka Katmai) has been released today, but without any public announcement during TechEd keynote. The Microsoft innovation wave will arrive at the end of the year with Orcas, Windows Server 2008 and SQL Server 2008, plus a lot of management tools and services like MOM, Forefront, Microsoft virtualization platform, etc.

I attended also a couple of sessions about WCF distributed transactions support, through WS-AT, and design principles for maintainable SOA services. Both were sessions about well know contents. Probably tomorrow will be more interesting.

WCF Custom Authentication and Impersonation: demo source code

Sun, 05 Feb 2006 22:36:00 GMT

Related to my last sample of custom authentication and impersonation within a WCF service, here is the sample code.
It works and compiles under GoLive WCF license. I hope you'll find it useful and interesting.

Italian version - Versione italiana

UPDATE: WinFx February CTP edition of this sample: coming soon ... sorry for the delay.

WCF Custom Authentication and Impersonation

Thu, 08 Dec 2005 10:29:00 GMT

During the last days I needed to develop a custom Authentication and impersonation mechanism for Indigo. It was not so easy, due to the lack of documentation, since we're still in early betas/ctps. By the way I handled it and here is what I've discoverded, in case someone else is looking for this.Of course, because I'm just a WCF lover and I'm working with it because I need to use it in a real project of a customer of mine, please if someone (eventually from Indigo team...) has any kind of comment or errata corrige about this post ... please do it, I will really apreciate it. Thanks. WCF support many different authentication techniques and here you can see a sample WCF host configuration file: Pay attention to the message section inside the netTcpBinding configuration named MyServiceBinding. Here I declared that I'm going to use "UserName" clientCredentialType. It means that the consumer needs to provide a UsernameToken to the service, in order to be authenticated.Later in the config file, inside the behaviors section, I declared a custom behavior named MyServiceBehavior where I defined the way I'd like to handle the UsernameToken, in order to get an IPrincipal for the user, configuring the principalPermissionMode attribute of the serviceAuthorization element. Possible values - also suggested by intellisense - are: None: it's clear. UseWindowsGroups: uses Windows users database and WindowsPrincipal and WindowsIdentity UseAspNetRoles: refers to ASP.NET 2.0 MembershipProvider, with its IIdentity and IPrincipal implementations. Custom: a custom mechanism (the one we're going to use). The configuration file above declarese a Custom mechanism, but there's also the configuration for using a MembershipProvider, just in case you'd like it (see userNamePassword element inside the behavior configuration). If you define a Custom principalPermissionMode you have to define and configure a custom ServiceAuthorizationBehavior. Follows a sample to do that by code: using (ServiceHost host = new ServiceHost(typeof(MyService))){ServiceAuthorizationBehavior sa = host.Des[...]

WCF missing CAS

Mon, 05 Sep 2005 00:05:00 GMT

My experiments with WCF, during summer time, seem to be confirmed by Christian Weyer ones. As Christian states WCF (aka Indigo) is apparently affected by a lack of support for Code Access Security. If you run your code in a Fully Trusted environment it works great, otherwise it simply doesn't work!

Ok, ok. I know that we're working with an early beta and I'm sure (I guess!) that they (Microsoft) will support CAS before the RTM ... but I think that's not a good message, to the community of developers, that Microsoft development lifecycle of a big and great product like WCF makes security and sandoboxing at least in the second half of its development. I think that every product manager and every developer should take care of security from the beginning of the project.