Trying to get in a habit of doing these when I get up and before getting into work.

Design Patterns/DI/IOC

• Command-Query Separation and Immutable Builders
• Castle demo app: ActiveRecord basics and unit testing
• Prism Vs. Framework XXXX

General

• Christian notes that we will have 12-Core Processors in 2010

ASP.NET MVC

• MVC Storefront, Part 9: The Shopping Cart

Silverlight

• Great Silverlight 2 Demo: Healthcare Demonstrator

SQL Server

• Using SQLCmd to output results

WCF/DI/BizTalk

• Nice pair of posts: Dependency Injection in WCF Services  and Dependency Injection in WCF Services Part 2
• Article Series on BizTalk and WCF: Part VIII, BizTalk Adapter Pack Service Model Patterns

ASP.NET/OR/M/ASP.NET MVC

• EntitySpaces and Silverlight Demo (Part 1)
• MVC Storefront, Part 8: Testing Controllers, Iteration 1

Dave continues his series, "Today I’d like to talk about how you can store your WCF configuration information centrally with Neuron ESB . While it’s great that WCF allows you to move details such as endpoint, binding, and other information out of code and into config file settings, it can still be inconvenient to work with many individual config files. If you are dealing with large numbers of services, you may desire a way to centralize your configuration information. Neuron ESB provides a service repository for this purpose, plus a neat factory for creating WCF clients. Together, they free you from needing local WCF configuration settings."

This is a big part of why this is so.

Identity Management/OpenID/Security/P2P/WCF

• Scott Hanselman has a great post on OpenId
• P2P and WCF: Some Resources - part of a great series. We use Peer Channel in Neuron by default. It's fast!
• Pablo: GetReady for OpenID
• Using IdentityModel: Converting ADFS Security Properties to Claims

Software Development Tools

• Patrick: Diff Tools to See Source File Changes

Smart Client/CAB/SCSF/CAB

• Two nice talks from Brian Noyes at VSLive! San Fran:

• Exploit WPF Graphics without Wounding the Eyes   Slides    Demos

• Build Composite UI Applications with CAB and SCSF    Slides    Demos

David continues, "Today I’d like to talk about the Neuron ESB management experience. Neuron takes management seriously and a lot of effort has gone into providing a one-stop administrative experience for configuration, deployment, activity reporting, operations monitoring, change management, and problem response "

CLR/DLR/Popfly

• IronPython 2.0 Beta 2
• Popfly Game Creator
• Windows PowerShell V2 CTP2

SOA/WCF

• Weekly SOA crumbs #15: Have you seen the latest “mesh”up from Microsoft?
• Service Oriented Architecture, Service Factories and Modeling
• Federation Over TCP With WCF
• 6 New patterns & practices WCF Security How Tos
• Messaging Additions in Orcas, Part 1, Part 2, Part 3, and Part 4

ASP.NET

• April 28th Links: ASP.NET, ASP.NET AJAX, ASP.NET MVC, Silverlight 

ALT.NET/TDD

• The Past, Present, and Future of .NET Unit Testing

I am going to have to name this series something else but can't think of it right now. Anyhow, we're off into Claim-Based Security and I am writing a post, but until then some links:

• Dominick's posts on IdentityModel
• Dominck's LeastPrivilege.IdentityModel library
• Kim Cameron's The Laws of Identity
• Michele's Building a Claims-Based Security Model in WCF Part 1
• Part 2
• Microsoft SAB
• sharpSTS is a C# library for developing Information Card Security Token Servers.
• Dominick's ASP.NET control for Information Cards.
• Whole bunch of resources here
  

Architect David Pallmann, "Today I’d like to provide a very high level view of the Neuron ESB architecture. Understanding this will help put individual features and concepts in context as I describe them in upcoming articles."

I did say we had a bigger announcement and we did. In the last post, I gave the "official" announcement. However, I have a personal and professional relationship with the product and I would like to start a series of posts on it now, as David, the Neuron Architect is doing.

His post gives a detailed paragraph of major features, and indeed, there are a lot! 2.0 has lots of new features over 1.0 and Neuron is a powerful product that enables various scenarios. In designing the product, we didn't want to get religious about what an ESB was. There are plenty of people doing that as well as whether or not an ESB is needed or not. Instead, we wanted to take a practical approach and solve our Microsoft customer problems.

So Neuron came out of real customer scenarios in trying to use the .NET Framework 3.0 (WCF) and other Microsoft technologies. For the purposes One thing we saw was a lack of WCF adoption due to the steep learning curve. People like myself, find it incredibly simpler then the mess of distributed stacks we had to deal with before, but I am in the minority. Moreover, most IT shops don't have developers experienced in this kind of programming. What they have is C# and VB ASP.NET developers, who, as they should be, are focused on delivering business value.

We saw similar pain points in SOA adoption. There are real benefits in SOA but people are either off on vendor exercises or writing a ton of infrastructure code. In either case, the real benefit of Business and IT dynamic alignment and focusing on Business Services has been neglected, leading some people to declare the end of SOA.

We have found, that once you get above a few WCF services, you start to get issues. Services are JBOWS all over the place, instead of being part of an SOA that was developed incrementally with the business drivers and needs. There is no governance. Configs are haphazard. There is no versioning. And so on. So, once you start getting serious about WCF and services, and getting more than five stood up, you start to need infrastructure more and more, putting the "A" in "SOA."

That's a big place I see Neuron fitting in. Let's forget about all the "normal" ESB capabilities for now such as EAI/Integration, Transformation, Mediation, blah, blah. Let's say you are just a WCF or SOA developer. How can I make your life easier? How can I make you 10x or 100x more productive? By taking out the need to write the boilerplate WCF and middleware code, to take out the need for managing config. By taking out all the need to know bindings, transports. What do you really need? You need to get work done! My opinion is that you need Business Events. You need to have infrastructure that says "when this Order comes in, have Microsoft CRM create a customer and have the GP system create a billing record" and have all of that happen without code. In other words, you need to have a Topic Based Publish/Subscribe mechanism with intelligent routing interconnecting endpoints using publish/subscribe messaging and a named topic hierarchy.

You can try to build all this with WCF:

    [ServiceContract(Namespace = "http://Microsoft.ServiceModel.Samples", SessionMode = SessionMode.Required,
        CallbackContract = typeof (ISampleClientContract))]
    public interface ISampleContract
    {
        [OperationContract(IsOneWay = false, IsInitiating = true)]
        void Subscribe();

        [OperationContract(IsOneWay = false, IsTerminating = true)]
        void Unsubscribe();

        [OperationContract(IsOneWay = true)]
        void PublishPriceChange(string item, double price, double change);
    }

    public interface ISampleClientContract
    {
        [OperationContract(IsOneWay = true)]
        void PriceChange(string item, double price, double change);
    }

    public class PriceChangeEventArgs : EventArgs
    {
        public double Change;
        public string Item;
        public double Price;
    }

    // The Service implementation implements your service contract.
    [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)]
    public class SampleService : ISampleContract
    {
        #region Delegates

        public delegate void PriceChangeEventHandler(object sender, PriceChangeEventArgs e);

        #endregion

        private ISampleClientContract callback;

        private PriceChangeEventHandler priceChangeHandler;

        //Clients call this service operation to subscribe.
        //A price change event handler is registered for this client instance.

        #region ISampleContract Members

        public void Subscribe()
        {
            callback = OperationContext.Current.GetCallbackChannel<ISampleClientContract>();
            priceChangeHandler = PriceChangeHandler;
            PriceChangeEvent += priceChangeHandler;
        }

        //Clients call this service operation to unsubscribe.
        //The previous price change event handler is deregistered.

        public void Unsubscribe()
        {
            PriceChangeEvent -= priceChangeHandler;
        }

        //Information source clients call this service operation to report a price change.
        //A price change event is raised. The price change event handlers for each subscriber will execute.

        public void PublishPriceChange(string item, double price, double change)
        {
            if(item == null) throw new ArgumentNullException("item");
            var e = new PriceChangeEventArgs {Item = item, Price = price, Change = change};
            PriceChangeEvent(this, e);
        }

        #endregion

        public static event PriceChangeEventHandler PriceChangeEvent;

        private void InvokePriceChangeEvent(PriceChangeEventArgs e)
        {
            PriceChangeEventHandler PriceChangeEventHandler = PriceChangeEvent;
            if(PriceChangeEventHandler != null) PriceChangeEventHandler(this, e);
        }

        //This event handler runs when a PriceChange event is raised.
        //The client's PriceChange service operation is invoked to provide notification about the price change.

        public void PriceChangeHandler(object sender, PriceChangeEventArgs e)
        {
            if(callback != null) callback.PriceChange(e.Item, e.Price, e.Change);
        }
    }
}

using (Publisher publisher = new Publisher())
 {
                    publisher.Connect();

                 
                    foreach(var change in changes)
                    {
                                     publisher.Send("PriceChange", change);
                    }

Now are down to 3 lines! I would bet that anyone could write that! 

So, when you are making an investment in WCF and SOA, think about what you would rather be spending your time on. I know what I would do.


Technorati Tags: WCF,SOAP,ESB,Neudesic,Neuron,Neuron 2.0,Neuron ESB.EDA

New version of Enterprise Service Bus software extends the Microsoft .NET Platform

IRVINE, CALIF. – April 29, 2008 - Neudesic, a leading provider of business solutions that leverage the capabilities of the Microsoft product line, announced today the release of version 2.0 of Neuron-ESB. Neuron-ESB is an Enterprise Service Bus that extends the Microsoft Platform by providing real-time messaging, integration and web service management. Neuron-ESB accelerates SOA adoption by helping companies successfully implement real-time integration across their enterprise, allowing timely response to changing events within their business.

“Neuron-ESB provides the messaging backbone for all of our critical applications,” said Jeffrey Sullivan, Chief Information Officer of ThinkCash. “Neuron-ESB allowed us to leverage our developers much more effectively while providing us the ability to go to market quickly with new solutions. We were able to shift our service development from the architect role to the more ubiquitous developer role while, decreasing our deployment time of new services by 50%. We started with just 1 developer who received 4 days of Neuron-ESB training. Within 6 months and no additional training, we had a 15X increase in the number of our internal developers who were able to use Neuron-ESB.”

Neuron-ESB 2.0 delivers a unique set of capabilities that extend and combine key strategic Microsoft technologies such as Microsoft BizTalk Server 2006 R2 & RFID, Microsoft Office SharePoint Server 3.0, Microsoft SQL Server, Microsoft Dynamics, Microsoft Office, .NET 3.0/3.5, Windows Communication Foundation (WCF), Windows Workflow Foundation (WF), WCF Line of Business Adapters and MSMQ. The synergy between Neuron-ESB and these products empower companies to develop more robust and business-aware applications with far less effort and complexity.

“Neuron-ESB 2.0 represents a significant evolution for the Microsoft Platform while addressing the Enterprise Service Bus needs of every customer running Microsoft Windows.  Our technology allows businesses to effectively leverage their Microsoft investments to deliver real-time solutions,” stated Marty Wasznicky, Vice President of Product Development. “Our product provides a new level of flexibility and ease of use that will help companies increase their productivity while reducing their development and operational costs. Moreover we’ve formed a strategic partnership with SOA Software and achieved certification as a Governed Service Platform through the Open Governance Initiative. Our customers can be confident that Neuron-ESB will enhance the fidelity of their Governance initiatives.”
 
“The Open Governance Initiative is rapidly gaining momentum amongst platform vendors, Governance solution providers, and end-user customers,” said Frank Martinez, Executive Vice President of SOA Software.  “The addition of Neuron-ESB, as a Microsoft .NET and WCF based ESB to the list of Governed Service Platforms highlights the importance of this certification for platform vendors.”

Last time, I talked a bit about SAML and Federated Identity. It turns out this is a subset of a general area, an area commonly referred to as Identity Management. The issue is how to protect and manage credentials across a wide array of network applications that have different authentication methods and requirements. I talked about SSO last time, mostly around SSO in browsers and web applications. As Pablo reminded me, it's not just web browsers; SAML is trying to solve the problem of SSO in general so that the user can log in once for multiple applications. This is, of course, critical in Real-World services or SOA. All of this points to an effective identity management infrastructure.

The Elements of an Identity Management System

Such a solution would be made up of the following capabilities as services [1]:

• Identity Provisioning Services - Set up users easily; Provision users and roles typically in LDAP compliant sources; Policy definition and enforcement
• Identity Data Synchronization Services - This is all about synchronizing identity data across a wide range of heterogeneous apps, directories, databases and other stores
• Access Management Services - SSO access to apps and services across heterogeneous apps, Web Services and resources running on diverse platforms local or network
• Federation Services - This is one place where SAML comes in to provide a federated framework and authentication -sharing mechanism that is interoperable with existing systems
• Directory Services - Above and beyond LDAP
• Auditing and Reporting Services

Wikipedia lists some additional capabilities [4]

One such example of the above, that I have been using is CA SiteMinder, which is a centralized Web access management system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web applications and portals.

CA SiteMinder Web Access Manager is an example of enabling SSO via a portal, implementing a security token that is presented on each request. The portal can then use the security token to verify the user's identity across all the apps/services within it.

This is done by utilizing an intercepting agent as identified in the Intercepting Web Agent Pattern [2]. As stated, this is a specialization of the GOF Proxy Pattern "helps protecting Web based J2EE applications through a Web Agent that intercepts requests at the Web Container and provides authentication, authorization, encryption, and auditing capabilities."  [3]

Intercepting Web Agent

Problem

Retrofitting authentication and authorization into an existing Web application or Service is cumbersome and costly (yah think? :))

Forces

• You do not want to or cannot modify the existing web application
• You want to completely decouple the authentication and authorization from an existing application
• You want to leverage out-of-the-box security from a reliable third-party vendor rather than try to implement your own

Solution

Use an Intercepting Web Agent to provide authentication and authorization external to the application by intercepting requests prior to the application.

The win here is that the app or service is protected by providing authentication and authorization from outside of the service instead of modifying or rewriting the code.

Participants and Responsibilities

See below

CA SOA Security Manager/CA Site Minder

An example, as I have mentioned that I am using today, with WCF Services, is CA SOA Security Manager + CA SiteMinder. So, SOA Security Manager provides a manifestation of the Intercepting Web Agent Pattern with its SOA XML Agents. These guys intercept incoming calls, check with the Policy Server for authentication/authorization, construct a SAML Assertion that is injected/inserted (based on SiteMinder protected login session) into the XML message (I should say Header), and finally pass the message onto the target Web Service. Notice, that this, and SAML, allow Web Service calls to be "chained."

Back to SAML..what do we got? We have SAML Authentication, Attribute, and Authorization Assertions as part of a WS-Security message inserted into the header.

So Now What?

So, now we need to peel out the SAML token and deal with it. That brings us into dealing with the world of Claims and Claims Based Security, the subject of Part 3. Then we'll delve into the wacky world of WS-Trust, STS's, and Federated Security.

[1] Core Security Patterns: Best Practices for J2EE, Web Services, and Identity Management, Sun/Prentice Hall, 2006

[1] Core Security Patterns: Best Practices for J2EE, Web Services, and Identity Management, Sun/Prentice Hall, 2006, Section 8.5

[3] http://www.coresecuritypatterns.com/patterns.htm

[4] http://en.wikipedia.org/wiki/Identity_management

Seeing Scott's impressive milestone made me realize that I forgot to celebrate my 6th year milestone on March 20th! Those were heady days. There were only two other .NET bloggers at the time, Simon Fell (who is still going) and Peter Drayton (who isn't). Simon and Peter "convinced" me to start blogging at the first Sells Web Services DevCon. The CLR was new. There were a bunch of us on the old CLR list at DM: Don Box, Chris Sells, Tomas Restrepo, Brad Wilson, Chris Taveres, Brent Rector and a bunch more. I miss those days. Discussions were more "system" focused and CLR focused. We were all trying to figure this thing out!

Repeating.................... mostly for myself....         

Yesterday's big announcement was just a start. We have an even bigger one, hopefully today. Meanwhile, my Neudesic East team celebrated our big 1st year in the East by going to the Tropicana in Atlantic City. We had 36 people, gosh I remember when there were only 6 people.

WCF/ADFS/Federated Security

• Michele has been busy! She has created a proxy wrapper for WCF clients that illustrates how to swallow timeout exceptions and recreate channels automatically when there is an exception that faults the channel. This was the #1 WCF problem that Steve Eichert and I dealt with through two years of WCF at Algo.
• In a formerly internal thread, Michele talked about ADFS. Now she has made those results public with a Step By Step Guide for ADS FS - Errata Comments.
• Last, but not least, she has released a boatload of great code from her talks at DevConnections!
• Dr. Nick gathered up all the Messaging Additions in Orcas

CodeRush/Refactor Plus/Dev Tools

• Mark Miller has posted 16 tips for getting up to speed with CodeRush and Refactor! Pro