Monthly Archives: May 2009
Username Authentication over basicHttpBinding with WCF’s ChannelFactory Interface
HTTP/HTTPS holds good (add no session management) for lot of people today & they prefer using them as their transport protocol for WCF Services. Many a time users connecting with your service are outside your domain so you will like to authenticate them with username / password. This is where WCF makes things difficult.
There is some support shown here for self hosted service (but I have my own reservations over that as IIS is the most preferred hosting mechanism when it comes to HTTP). Let me split this post into 2 parts – assigning credentials to client & authenticating those credentials on server (N.B. my writing is on top of custom binding + channel interface, no Add Service Reference used).
1) Adding credentials on client side via channel factory interface:
ClientCredentials is part of System.ServiceModel.Description.ClientCredentials (System.ServiceModel). Problem is ChannelFactory has a readonly ClientCredentials Property (not when you generate proxy by inheriting from ClientBase this is simplified for you). Luckily there is a workaround. To start with you can instantiate it & assign required values
ClientCredentials loginCredentials = new ClientCredentials();
loginCredentials.UserName.UserName = “Niraj”;
loginCredentials.UserName.Password = “Password123″;
Now ClientCredentials are by default endpoint behaviors, so you have remove the default one & attach the newly created one. Below code shows that
var defaultCredentials = factory.Endpoint.Behaviors.Find<ClientCredentials>();
factory.Endpoint.Behaviors.Remove(defaultCredentials); //remove default ones
factory.Endpoint.Behaviors.Add(loginCredentials); //add required ones
2) Authenticating Credentials on Server Side: This is where things get tricky and you need to use something probably you have heard of but haven’t tried yet, a WCF security mode called – TransportWithMessageCredential (N.B. It’s not currently possible to handle this scenario using Basic Authentication of IIS (transport clientCredentialType), though you can easily do it for REST).
Step 1 is your customize your binding (this has to be done on both Server & Client configurations)
<bindings>
<basicHttpBinding>
<binding name=”usernameHttps”>
<security mode=”TransportWithMessageCredential”>
<message clientCredentialType=”UserName”/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Note that the above would force you to use HTTPS but anyways that’s a recommended approach also. Now it’s time to go to your service and specify the service credentials as shown below, here we use custom authenticator but you could as well used provider model of ASP.NET,
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode=”Custom”
customUserNamePasswordValidatorType=”…” />
</serviceCredentials>
public class CustomPass : UserNamePasswordValidator //System.IdentityModel.dll
{
public override void Validate(string userName, string password)
{
//your validation here, throw exception if invalid user
}
}
That’s it. You are all set. Fire you client & you have username authentication over HTTPS. Hope that helps.
(N.B. You can check my blog entry about how to configure HTTPS for WCF on IIS)
Jee Le Baby – Tech Ed India 2009 Memorabilia
An awesome experience!!! There are few events in life which exceed your expectations, Tech Ed India just happened to be one of it. There is a lot to write about but I am going to jot down 5 of my most memorable experiences for this Tech Ed.
1) Steve Ballmer: Being a presenter I was in the same hotel where Steve was staying. In the morning when I went for breakfast with Nauzad, Steve was having his. Just exchanged hello with him but spirits were soaring internally. Only thing I missed was he didn’t show his love for Indian developers like the one here 
(unfortunately I didn’t get hold of Microphone during Q&A). Steve has been criticized by some for displaying extra energy at conferences, but personally to me he just awesome. I mean, take up any book on self development & you will find there a common saying – “Live with energy & enthusiasm”. We all were born like that as child & my daughter reminds me that every day. Thanks to people like Steve who are able to pursue it so long & keep inspiring people like you and me. Also I got to interact with some great guys like Stephen Walther, Don Smith & Blaine Wastell. Conversation with Don helped me for my Refactoring SOAP To REST session.
2) Agnee: What a music… Mind blowing. I saw some videos out there on internet but the feeling which we got inside closed hall is indescribable. Also the way they jazzed up the Steve’s entry on dice, I am sure Steve B. must have felt doubly charged. We again had some music by them on last day which ran almost till 9:30 p.m., and audiences kept asking for more. Theme song was best we techies have got in long time – “SHIFT + DELETE everybody’s troubles”.
3) My Talks: Unfortunately my first talk on – “Refactoring SOAP to REST” started 45 minutes late due to an extended keynote (in fact it wasn’t over then). I as a speaker prefer packed house, people climbing on top of each other , but with comparatively less audience I think my energy was slightly on lower side. Nevertheless I am happy about the theme (Tech Ed 2010) I choose, building something creative over a topic which was largely spoken about with fresh demos. Second talk – “Federated Identity Architectures – Integrating with Cloud” with Ramnish (Architect track) was awesome. With Ramnish being there, possibility of anything going wrong was ruled out. We had a glitch free demo & hopefully the message was conveyed effectively. Who said combo sessions aren’t succesfull ? I am thankful to audiences of both my sessions who made it such a thrilling memorable experience. I love you all.
4) A MCP: I took an MS certification on WCF 3.5 and cleared it. It was an awesome feeling as this was my first certification ever & I did it in close to an hour’s time. Also that made me won a watch in lucky draw.
5) Memento: There was a small trophy gifted to all speakers at end of event. I can without doubt say that it’s one of my most proud possession till date.
As usual any success of yours is always owed to others. I don’t have enough words to thank the entire DPE team at Microsoft who made it so easy for speakers – Ram, Manish, Ramnish, Vikram, Vinod, Harish, Bijoy, Saranya, Sachin, Nahas, Ravi, etc. Thanks you guys.
I will post demos & pptx in a separate post. I will close this one with Video which Ranganathan showed during managerial track (though not exact). Do link this post with your memorable experiences.
JEE LE BABY 8) !!!
Creating HttpContent from a .NET Object – WCF REST Starter Kit
While I was preparing my demo for Tech Ed, I found that it isn’t quite easy to convert .NET Objects to HttpContent (provided with WCF REST Starter Kit) & Vice Versa. Additionally it requires some boilerplate code to be written every time. I thought of abstracting it out in HttpContentHelper class with 2 straight methods – CreateContentFromObject & CreateObjectFromContent. Code is given below:
public static class HttpContentHelper
{
public static HttpContent CreateContentFromObject<T>(T obj)
{
XmlSerializer serializer = new XmlSerializer(obj.GetType());
MemoryStream ms = new MemoryStream();
serializer.Serialize(ms, obj);
ms.Close();
return HttpContent.Create(ms.ToArray(), “application/xml”);
return HttpContentExtensions.CreateXmlSerializable(obj); //update, see comments below
}
public static T CreateObjectFromContent<T>(HttpContent content)
{
return content.ReadAsXmlSerializable<T>();
}
}
Hope you it find it helpful .
Gearing up for Tech Ed India 2009
I haven’t been blogging much lately, mainly due to my upcoming talks at next Tech Ed. It’s happening again in India, after a gap of 2 years (last one was in 2006). If you are there, make sure to attend my talks. I will outline the motivation behind these talks in this post:
Refactoring – SOAP To REST : For me SOAP/RPC with surrounding standards is a classic case of over engineering. Unfortunately, it was the de facto standard of building web services on Microsoft Platform for quite some time. It’s quite possible that once you have realized the benefits of REST and see it fitting your bill, you may want to refactor your SOAP Service to a REST Service. I took the word Refactoring from Martin Fowler’s classic book meaning – “behavior preserving transformations”, which is the intention here. Moreover there were lot of sessions done at PDC / MIX on REST but there wasn’t any exclusive focus on this one (though to be honest I owe my talk to all of them ). A reasonable understanding of WCF is a prerequisite to attend this talk. (Timing: May 14th 2009, 11:00 – 12:15 IST)
Federated Identity Architectures: I am excited a lot about this talk. Firstly, I am doing a combo session with Ramnish Singh (infact my first combo ever ). Ramnish is a certified Security Architect working for Microsoft with an amazing amount of passion and knowledge. Secondly, I have been hit by ‘Federated’ term a couple of times during my sessions on Building Secure Web Services using WCF but I couldn’t touch it in its entirety due to time constraints. We have some cool demos lined up, covering a wide range of business scenarios also showcasing Geneva. (Timing: May 15th 2009, 12:00 – 13:45 IST)
Hope you will find the above 2 exciting enough, to storm my session hall 
. Keep watching this space for slides & demo downloads.
