So I've been working happily on my BizTalk Development VM for weeks now. Auto updates are off in case they sneak anything funny on me ... All has been merry ... until a few moments ago.
Tried to add a new BizTalk project to an existing solution ... Nothing. Nudda.
At first I thought it was TFS being a little emotional as it has been known to do on very odd occasions, so I tried to create a dummy standalone project. Still nothing. Except the very subtle text on the Visual Studio status bar "Creating project ‘project name’… project creation failed".
A quick google search unconvered these links;
http://blogs.msdn.com/biztalkcrt/archive/2009/08/21/visual-studio-2008-fails-to-create-open-biztalk-projects.aspx
and
http://pim.waaijenberg.net/index.php/2009/08/create-biztalk-project-project-creation-failed/
they talk about a reg key going missing / getting corrupt.
But how? Why? I never did anything to my registry.
*sigh*
Because I am reluctant to mucking with my registry, after a number of previous disadterous & fatal mishaps, I opted for a different approach.
I did a repair on the BizTalk installation which seemed to fix the problem. It must've edited the registry for me, which is fine because the BizTalk installer probably knows what it's doing in there, and i don't.
So today has had me ripping out my hair; well it actually started last night but I think today I got on top of it.
I thought I’d post this out there in case anybody else was having the same issues.
When adding a Resolver to an Off-Ramp Extender using the Visual Itinerary designer in Visual Studio 2008 I have selected UDDI3 and entered my service key.
However when I try "Test Resolver Configuration" i get the following error:
Message: Could not connect to service 'http://localhost/ESB.ResolverServices.WCF/ResolverService.svc' with configuration data 'UDDI3:\\searchQualifiers=andAllKeys;categorySearch=;bindingKey=;serviceKey=uddi:esb:teched.demos;'.
Error message = An unexpected error occurred attempting to Resolve.
Error ID = 20eceb66-4af6-4d25-bfb7-713a649feff8
From what i can deduce here it is moaning about KeyValue pairs being empty.
If you look at the UDDI config it is trying to use sure enough there is "categorySearch=;bindingKey=;"
I suspect it is the bindingKey=; part that is causing this error.
Why do I get this though?
I am only trying to lookup the service with the servicekey. Not with a bindingKey.
When looking at some of the sample UDDI configurations supplied with the toolkit I see they following:
UDDI3:\\serverUrl=http://localhost/uddi;bindingKey=uddi:esb:orderfileservicebinding;
Notice the difference here;
This has a serverUrl, mine does not because i could not enter one.
This also has bindingKey=uddi, mine does not.
Actually upon further inspection it is very different.
It appears to be doing a lookup based on bindingKey where I am trying serviceKey; but they SHOULD work in a similar manner.
Here is an image that shows the screenshot of my current configuration
Notice how ServerUrl is also greyed out not allowing me to enter anything ... Not sure if this is important or not.
Just to test that my UDDI is in fact working properly i tried one of the other samples for doing a UDDI CategorySearch as shown here
http://msdn.microsoft.com/en-us/library/ee250104(BTS.10).aspx
And then i tried the example of doing a UDDI BindingKey search as shown here
http://msdn.microsoft.com/en-us/library/ee236713(BTS.10).aspx
And both of these worked fine.
So what gives?
Granted both of these were against the predefined sample UDDI published services.
So maybe the problem is with my service that i published to UDDI perhaps?
So to further test my analogy above, that the problem lies with my UDDI service
I changed back to using Service key and i copied in the value for the same service i tested above out of the UDDI website "uddi:esb:orderfileservicev3"
Right click|test resolver configuration …. and this time it worked!
So does this mean my service is UDDI is poked!?!
If so, what? where? how do i go about troubleshooting this?
i followed the steps as laid out in the MSDN article at
http://msdn.microsoft.com/en-us/library/ee250033(BTS.10).aspx
So now i am confused!
After lots and lots more digging and looking and redoing i think i have found the problem.
well not exactly; but i got it working.
Seems i missed the final steps in the "How to publish to UDDI" link mentioned above.
I had not done the "To configure the binding categorization"
Now that I have done that; I switched back to my original Resolver configuration using just the of serviceKey:uddi:esb:createclient
And now it works.
So is this purely co-incidence?
Why would adding some categorization to a BINDING allow me Resolve to a serviceKey?
Perhaps I don't understand UDDI well enough to know.
Anybody care to explain this to me?
Ok, either the BizTalk team or the Visual Studio team need to look in to this … and soon would be nice.
There seems to be some compatibility / stability issues with BizTalk 2009 projects and Visual Studio 2008.
I have experienced different issues with different BizTalk Project types (Maps, Orchestrations and Pipelines) but they all seem to stem from the same thing. Or lemme at least say that they all seem to resolved the same way, which leads me to believe they’re the same root cause manifesting itself with different symptoms.
In map projects, when testing a Map I often get the following in the Output window:
Invoking component...
.... Cannot load source/destination schema: Schemas.OrderRequest. Either the file/type does not exist, or if a project dependency exists, the dependent project is not built.
Component invocation succeeded.
In Pipeline projects when trying to access the Properties window to select Document Schemas on Xml Validator or Flat File Assembler components I’ve gotten the following:
The system cannot find the file specified. (Exception from HRESULT : 0x80070002)
In Orchestration projects I often get the compiler moaning about Message Types, Port Types, Operation Types etc being missing.
In all of the above scenarios I am referring to my Schemas with a “Project Reference”. The solution to the above issues on each occasion has been to remove the project reference. Rebuild the referenced project, Re-add the project reference and build that project again. This always seem to fix the problem, up until now.
This seems to indicate that for some reason that Visual Studio 2008 / BizTalk Project files forget that they have a reference to the Schema project.
I know it’s not just me, because it’s happening to other BizTalk’ers that I know of as well. How many others are having these issues?
Anyways … here’s hoping for a HotFix to this issue REAL SOON!
So let me state up front that I still love BizTalk and I think that 2009 brings a lot to the plate; especially ESB Toolkit and the like. I mostly like the new platform support too, sure aint sorry to see the end of Visual Studio 2005!
I did discover one little annoying issue yesterday …
In Visual Studio 2005 when you had multiple projects in the same solution you could Ctrl+Click on each project then right click and select properties
This would load up the custom BizTalk project property window and allow you to set properties that were common for the projects highlighted. Things like the deployment options for example ….
In Visual Studio 2008 when you try this, you get nothing showing up.
No custom property windows, because its now all using the same property pages dialog that regular C# projects use. Nothing useful in the Properties window either.
What this means is that you have to now go set the Deployment options manually for each project. Not a big deal, but when you have lots of projects in one solution (i have a solution with about 20 projects) it becomes tiresome.
When I pointed it out to a colleague he wasn’t even aware that you could set properties for multiple projects simultaneously … so maybe it’s just me that used it before.
Anybody else missing this cool “feature” from previous versions?
Can the dev team (Visual Studio or BizTalk) not put this back in a hotfix?
Pretty please …. it’ll save me like 5 minutes every couple of months! :D
I am very excited to announce that Tech-Ed Africa is almost upon us once again ...
I am also very happy to announce that I will once again be presenting a few sessions on BizTalk.
- Achieving Success with Integration in the Enterprise Using BizTalk Server 2009
Join this session and immerse yourself in a detailed, structured walkthrough of how to plan for and execute on an integration initiative using BizTalk Server 2009. Given the complexity of integration projects, and the number of implementations that fail, it is essential that developers, architects, and executives understand how to approach work of this nature. With the new features of BizTalk Server 2009 as a backdrop, you gain an introduction to each stage of an integration project, from requirements gathering and assessment, through development, testing phases, deployment, and production support. The new features of 2009, including mobile RFID components, expanded EDI capabilities, improved operability with the Microsoft Office system, and broader SOA and Web Service support are introduced and demonstrated. By focusing on the lifecycle of an integration project while introducing new functionality, you'll walk away with a rich understanding of not only what BizTalk Server 2009 has to offer, but also the insight necessary to achieve success with such an implementation.
When: Monday 3 August 10:45 - 11:45
Where: Session Room D4
Level: 200 - Intermediate
Track: SOA and Business Processes
- Introducing the Microsoft Integration Server: BizTalk Server 2009
Optimizing and automating business processes is a hot topic in today's market. In a struggling economy customers want to streamline operations and grow their business with less resources using seamless connectivity and automated business processes. This session gives an overview of BizTalk Server 2009 scenarios and capabilities. We also provide introduction to the enhancements and new features of the 2009 release and to the future roadmap.
When: Monday 3 August 15:30 - 16:30
Where: Session Room D3
Level: 300 - Advanced
Track: SOA and Business Processes
- Dynamic Messaging with Microsoft BizTalk Enterprise Service Bus (ESB) Guidance v2
As organizations look to Service Oriented Architectures to help them deliver flexible, agile and responsive IT environments, the Enterprise Service Bus has emerged as a key architectural pattern to help achieve this goal. In this session, we discuss the Microsoft Enterprise Service Bus Guidance (and specifically the new version 2.0) and how it allows an organization to build a dynamic, flexible, and practical ESB as part of the larger Service Oriented Infrastructure.
When: Tuesday 4 August 11:00 - 12:00
Where: Session Room D4
Level: 300 – Advanced
Track: SOA and Business Processes
So if you’re attending the conference (if not, why not?!?!?) and are interested in BizTalk / SOA / ESB / Dublin / Oslo (if not, why not?!??!) then please do try attend.
In addition to these breakout sessions, I will co-chair’ing with a “Chalk ‘n Talk” session entitled; “Putting it all Together: NET, Dublin, BizTalk Server, Oslo and Azure. Bucket of Bits or SOA Strategy?”
I am particularly excited about this one because to quote a childhood hero, “I love it when a plan comes together. So join myself, Paul Somers and David Robinson for what promises to be an interesting interactive session.
It’s going to be good!
See you there!
… it’s now a toolkit!
The Microsoft ESB Guidance becomes the ESB Toolkit!
It’s official. The ESB Toolkit launches and is available from Microsoft for download here.
I have been actively using the ESB Guidance on top of BizTalk Server 2006 R2 for many months now and love how it extends the already powerful offerings of BizTalk Server.
The first version of the Guidance was a good start, but it really was a guidance and something that required a rocket scientist to install, configure and get working. I am very very happy to say that early looks at the official Microsoft supported toolkit looks like they have done a sterling job!
Great work guys.
If building an ESB on Microsoft technology stack interests you, be sure to check out my “Dynamic Messaging with Microsoft BizTalk Enterprise Service Bus (ESB) Guidance v2” happening at Tech-Ed Africa 2009 shortly!
Guess that session header should be updated :S
… plain and simple!
What am I ranting about now you ask? Well, this http://www.timesonline.co.uk/tol/comment/columnists/jeremy_clarkson/article5821586.ece?Submitted=true
Before you read any further … this is not going to be a friendly, pretend everything is happy kind of post. I try and stay out of these kinds of things but when ignorant pompous idiots shoot their mouths off over things they have no idea about it just makes my blood boil!
I used to like the guy, used to think quite highly of the man, never missed an episode of Top Gear; however I now view the him in a completely different light.
I now think he is an irresponsible twat!
Sure, I know it is probably a publicity stunt to get his ratings up … Same bollocks as when Gareth Cliff, a local saffir radio personality spews forth on his radio show about how he wishes all cyclists would get hit by a car and die …. but I think it is time that public personalities / celebrities start thinking more carefully about the shit they spew!
It is time to consider the actions of your spewing!
“Johannesburg is Milton Keynes with thunderstorms. You go out. You have a lovely ostrich. You drink some delicious wine and you walk back to your hotel, all warm and comfy. It’s the least frightening place on earth. So why does every single person there wrap themselves up in razor wire and fit their cars with flame-throwers…..”
Um what "reality" is this guy from?
I’ll tell you what reality … the kind where you get to stay in only the best hotels in the country. The kind where you get escorted back and forth between your hotel room by an armed guard. The kind where you fly in for a few days, get wined and dined on only the best food that only a tiny percentile of the country can afford and then fly out with warm fuzzy memories. The kind where you are so wrapped up in your little world you fail to understand the real reality!
It's all well and good spewing shit like this when you are a tourist living it up in the best hotels in the country but tell that to the millions of average people living the “rainbow dream”... The millions of people who fought for a cause they believed in only to watch it vanish amidst the constant and incessant political bribery & corruption.
And no, I am not being racist … this has nothing whatsoever to do with race, never has, never will. I am talking about black & white, tall & short, educated & not. These people have a whole different take on what reality is. It's easy for one pompous loud mouthed celebrity to spew garbage he has no idea about and can never ever understand because he spent a few days in the lap of luxury and was fortunate enough to get away unharmed.
I would never ever wish this on anybody, but I bet if he felt unsafe driving home alone at night for fear of “smash & grab” incidents around the next corner, if his family were murdered, if his wife was raped, his house broken in to by the private security company you pay money to for protection because the police are incompetent, he'd have a whole different story to tell!
Quite frankly it is fcking irresponsible to tell tourists to ignore common sense and to go to South Africa, and to stroll through the streets alone at night with a camera in plain sight, because it is “tranquil” and . Shit like that will get them killed. Fact. Try tell that to the family of the unsuspecting British tourist who was mugged, abducted, raped repeatedly and then killed only a year or so ago.
I know most saffirs, still living in their home country don't want to hear it and I appreciate that; but it is the truth and more often than not the truth is not a nice thing to hear. Living there faced with this kind of thing on a daily basis you have no choice but to put your head in the sand and learn to cope. For years & years I coped. I pretended that there weren’t problems. I pretended it was all just propaganda. I pretended to ignore the fact that I no longer listened to the news, no longer read the papers because it angered me each time. I pretended us privileged whities were simply over reacting.
But it is not so! It is a problem and the sooner the country stops bullshitting themselves and admits to the problem the sooner something can be done about it.
I recently got the opportunity to work on a project in New Zealand for two years. I left South Africa, not because I was running away, but for the opportunity this project provided …
Since arriving here and settling in I look around me every day in absolute amazement! No houses have burglar bars … anywhere! Let alone electrified fences and razor wire and alarm systems fit for bank. Cars are left unlocked in the shopping centre parking lots. Single woman walk about in town in the middle of the night with the advances of a drunken youth or two their biggest concern. Teenagers are not afraid to hitch and accepting a lift from a stranger is not unheard of. Here littering and drinking in public are the things that consume the most time of the competent, friendly and helpful police force!
In most countries rape / murder / armed robbery is still a big deal. In some countries they are horrified that the number of reported rapes last year has shot up to 50. 50 in a YEAR! I mean shit with 1 rape every couple of minutes in SA that's equivalent to a quiet month!
I love mountain biking … in Johannesburg however you cannot go riding on some of the lovely trails we have alone, because chances are good you will be walking home without your bike, shoes, cycling gear, cellphone … that’s if you’re lucky! In the past year I know of at least 20 incidents of people close to me (ie. not linked by 3 degrees of separation) where they have been bikejacked.
So if you cannot go mtb’ing alone, stick to the roads right? Wrong! With the complete and utter disregard for the laws of the roads in South Africa by an ever increasing number of aggressive gang lord taxi drivers who are set on intimidating all other drivers on the road into submission you’re not even safe there. I refer to the incident just last week where a taxi driver hooted repeatedly whilst accelerating directly at a high school pupil on a scooter, hitting her and killing her instantly. I wouldn’t be surprised to know that this very driver is still out there today intimidating and endangering the lives of others whilst some poor family mourns another senseless death.
The reason people wrap themselves up in razor wire Mr Clarkson is because in order to try protect those dear to you and the things you have worked incredibly hard for, you have to!
On a recent visit back to South Africa in December I was relieved of two laptops, a wallet, a passport in two different incidents in two different cities, in two different provinces. One attempted burglary at our house which we attempted to report to the police who never even bothered to show up followed the very next night by a successful burglary in spite of the razor wire, electrified fences, alarm systems, private security firms which we again attempted to report to the police only to be greeted by a police officer who could barely read or write and took two hours to write down a single A4 page statement which i dictated to him in painstaking detail.
Well Mr Clarkson, feel free to sell your beautiful beach house on whichever island it is you stay and move to the city you apparently love so much … that way you and yours can take wonderful sunset strolls knowing that you’re safe and sound! I’ll trade you any day, as will any one of the hundreds of thousands of saffirs leaving their beloved country every month!
Yes, let the hatred rain down … I’ve got big shoulders, I can take it.
If you don’t like what I have said here just remember it’s my opinion based on the facts as experienced by me …
You’re perfectly entitled to put your head back in the sand and pretend everything is dandy if you wish but it’s not for me. Oh and if you’re a foreigner who has never lived in South Africa for more than a few pampered days … don’t even dare comment on how “tranquil” you think the place is!
I stumbled across this Windows usability trick today whilst I was searching for a way to hide the recycle bin icon on Windows 2003 … but that is a different story best left for those who like me want a clean, neat and tidy desktop with nothing on it … those who know me will know what i am talking about!
So … this tip then …
Have you ever tried to drag a music / video file in to Media player, or text doc into Notepad whilst they are obscured by the current window? Well that’s relatively simple … drag the file on to the application on the Windows taskbar, hold the button for a few seconds and that application gains the focus now allowing you to drop it. And presto.
Well a similar thing can be acheived when you want to drop a file (actually copy of move and not just create a shortcut) to your desktop … i know i know, it contradicts my clean desktop policy, but bare with me.
If you have 100 windows open you could always hit the “Show desktop” button, change the active window to not be maximised, move one of the borders in a little to expose a portion of your desktop and now you can drag and drop.
OR …
Check out this link …. http://www.petri.co.il/unhide_recycle_bin_when_dragging_and_dropping_files.htm
Now you just drag the file to an empty spot on the taskbar, hold on for a bit and any windows obscuring the desktop will be minimised exposing your super tidy real estate, ready to be polluted with whatever you’re about to drop there.
Wicked!
Well it was news to me ok … jeesh!
Ever since PDC ‘08 and the announcement of “Dublin” the world has gone mad with the buzz. But what exactly is “Dublin”, where does it fit in with BizTalk? Does it replace BizTalk?
All these are valid and interesting questions, questions that have been bugging me for some time.
I just stumbled on this MSDN magazine article by Aaron Skonnard from Pluralsight who sums it nicely by saying:
“In a lot of ways, BizTalk Server inspired many of the features you see in "Dublin" today. Although both technologies provide similar management capabilities, there's a big difference between the two in terms of their focus. "Dublin" adds hosting and management extensions to Windows Server designed specifically for WCF and WF applications, whereas BizTalk Server is focused on application integration with non-Microsoft systems using a variety of different message formats, transports, and mapping techniques.
The primary focus of BizTalk Server has always been and will continue to be integration with non-Microsoft systems (line-of-business applications, legacy systems, RFID devices, and business-to-business protocols). BizTalk Server will remain focused on these core strengths in the years ahead. In general, you'll want to continue using BizTalk Server when you're focused primarily on these types of enterprise application integration (EAI) scenarios”
That kinda sums it up for me …
Must say I am looking forward to learning more about WCF / WF and now of course “Dublin”.
I will however remain a BizTalk specialist as I don’t believe the need for EAI type applications will ever go away … in fact the need continues to grow!
Ok so I guess my previous post about the South African BizTalk user group has been misread somewhat… My profuse apologise! The group has not stopped completely; on the contrary the group has evolved to include aspects and technologies exclusively related to Microsoft BizTalk Server.
As quoted from Nabeel’s announcement on the user group site “broadening the scope of the user group to become an SOA and BPM user group. This is in line with the growing scope of BizTalk's influence within the industry, and with the development of products like "Oslo", "Dublin" and Azure.”
So, is this a good thing? Well I guess it is. at first I was against the idea but looking at the trends of “BizTalk user groups” around the world they all seem to be diversifying the same way; and i guess it makes sense!
At first I thought it felt like I had given up a child; kinda the feeling when you drop your child off at their first day of school and you think; oh my word … now what?
I’m ok with it now!
My baby is growing up, and I’m ok with that!
I’m almost proud!
… It is with much sadness and a tear in my eye that I of the Future of BizTalk Server User Group …
I started this initiative back in April 2007, as from the responses I received initially it was clear that this was something that the local BizTalk community wanted and needed in South Africa. There were many upfront who criticised this (including BizTalk MVPs at the time) and said it would never work but I decided to push on anyways and try, were they right all along?
There were many solo pockets of knowledge floating about and my intent was to start something that could bring these silos of knowledge together and help us as BizTalk professionals in South Africa collaborate, share and grow from each other.
My intent for this group was that it would be community owned and lead. I wanted it to be driven by the community and I was hoping that by involving the community with things like this that I could raise the passion and interest levels amongst the local user base.
Sadly this never really happened.
The first session was superbly well attended and then gradually session by session the numbers died out until there were about 4 regulars left attending the sessions. Even then, the level of involvement was more “let’s come hear an interesting talk and get free beer and pizza at the same time whilst avoiding the hectic Jhb peak time traffic” rather than “I'd like to discuss issue XYZ on an open floor with other passionate skilled people”.
Looking at the number of members registered at the www.biztalkug.co.za site, currently at 43, I’d say there is definite interest … or do people just join user group sites like this because they struggle to sleep at night and wish to read insanely boring posts about topics they have no interest in?
I have since relocated to New Zealand and as such my involvement with this user group has been restricted to purely the virtual space. I was hoping that other members of the community would pick this up and run with it in my absence but this has not been the case up until now. Nabeel has been great in trying to keep it alive, but he works for Microsoft (no offense) and this group was never meant to be run by Microsoft … it was meant to be the community that drove this!
So why this post?
Well I am considering starting a chapter here in Wellington, New Zealand. There is already a group up in Auckland which is run by Thiago Almeida called the Auckland Connected Systems User Group but even with New Zealand being a “tiny” place Auckland is too far for me to commute for the fortnightly meetings.
I am wondering if all the time and effort in setting up and running a group of this nature for a product as “niche” as BizTalk Server is appreciated; or even wanted in the first place.
What went wrong with the SA group?
Was it something I said / did?
Should the focus be broadened to include all things “integration”, like SOA / ESB / BPM or will that just dilute the focus? Perhaps dilution is what is needed.
Should these niche groups be absorbed into broader focus groups such as SA Developer or the Wellington .NET User Group
If you were / are a member of the SA BizTalk user group and would like to share your feelings with me please feel free to comment here, even if anonymously.
I’d like to hear your thoughts, I want to know about what you liked and didn’t like (yes, even if you didn’t like me).
I want to know what we could’ve done better / different to make this more of a success.
… queue the funeral march …
So it is with sadness that I end this chapter, but perhaps where one door closes another will open!
After working on the product for a number of year (more than 8 to be exact) I certainly hope not!
It is often one of the most misunderstood products in the Microsoft stable and has (unfairly) got quite a bad name out there in the market. Just the mention of “BizTalk” in conversation is often justification for a public beating, or a good ole “tar and feather” session; judging by the looks of disdain frowned upon you by your fellow ICT’er.
We live interesting times where our ever busy worker bees from Redmond continue their constant drive toward more innovative products, technologies and solutions making our lives delivering business solutions that much easier. Since PDC ‘08 there has been never ending talk of “Oslo”, “Dublin” and the like that have cast some doubt over the future of BizTalk.
Even before PDC products and technology stacks like WCF and WF have got developers asking the “Well why do I need BizTalk when WCF and WF can do it all for me anyways …”
The reasons behind this bad perception of BizTalk, IMHO, are simple and easy to understand but are best left for another day. The purpose of this post is simply to share some interesting stats regarding the use of the product around the US and the greater globe …
Interesting!
Seems I have not been backing a dead horse for the past 8 years.
Nice to know!
Let’s hope that the CSD team from Redmond will soon clear the mudding waters by firmly positioning the product alongside the rest of its suite of offerings.
Let’s just hope we see the product mature further and take up it’s rightful place as the Microsoft technology of choice when building disconnected SOA type solutions.
In my previous post (Part 1) I introduced the problem and the fact that there didn’t appear to be a known solution out there … oh how we love a challenge!
Considering I was running into all sorts of dead-ends on the BizTalk side of things we switched all our services to run with EncryptAndSign, for now, just so that we could continue with development and functional testing.
We however wanted to be able to cater for changing the ProtectionLevel of the Service Contract on a deployment by deployment basis. The way it stands now, if you want to change your service from EncryptAndSign to say just Sign or None, you would have to change edit the actual service, rebuild and redeploy. Not ideal!
With loads and loads of Googling around we soon discovered that this kind of thing can be done through code ….
1: var endpointAddress = new EndpointAddress(
2: new Uri(endPoint),
3: EndpointIdentity.CreateDnsIdentity("Operator A"),
4: (AddressHeaderCollection) null);
5:
6: ChannelFactory<IHelloWorldService> factory = new ChannelFactory<IHelloWorldService>(
7: GetNewBindingForSecurity(), endpointAddress);
8:
9: factory.Endpoint.Behaviors.Add(
10: new MessageProtectionBehavior() { Level = ProtectionLevel.Sign }
11: );
12:
13: factory.Credentials.ClientCertificate.SetCertificate(
14: StoreLocation.CurrentUser,
15: StoreName.My,
16: X509FindType.FindBySubjectName,
17: "Operator A");
18:
19: factory.Credentials.ServiceCertificate.SetDefaultCertificate(
20: StoreLocation.CurrentUser,
21: StoreName.My,
22: X509FindType.FindBySubjectName,
23: "Operator A");
24:
25: factory.Open();
So WCF is supposed to be extensible right …. RIGHT! If it can be done through code, and WCF is extensible then perhaps we have our solution!
Enter … custom endpoint behaviors.
This post helped me and put us on the right path; http://www.winterdom.com/weblog/2006/10/02/CustomWCFBehaviorsThroughAppConfig.aspx
So, we set out and built ourselves a quick custom endpoint that simply put, applies the ProtectionLevel of the service at runtime and exposes the ProtectionLevels as an enum that can now be configured in the web.config and the client’s app.config.
1: public class MessageProtectionBehavior : IEndpointBehavior
2: {
3: /// <summary>
4: /// Gets or Set the level of message protection.
5: /// </summary>
6: /// <value>
7: /// One of <see cref="ProtectionLevel"/> enumeration values (None, Sign or SignAndEncrypt).
8: /// </value>
9: public ProtectionLevel Level { get; set; }
10:
11: #region IEndpointBehavior Members
12:
13: public void AddBindingParameters(ServiceEndpoint endpoint, BindingParameterCollection parameters)
14: {
15: endpoint.Contract.ProtectionLevel = Level;
16:
17: parameters.Remove<ChannelProtectionRequirements>();
18: var requirements = new ChannelProtectionRequirements();
19: parameters.Add(requirements);
20:
21: MessagePartSpecification unprotectedBody = new MessagePartSpecification();
22: MessagePartSpecification protectedBody = new MessagePartSpecification(true);
23: switch (Level)
24: {
25: case ProtectionLevel.None:
26: requirements.OutgoingSignatureParts.AddParts(unprotectedBody, "*");
27: requirements.IncomingSignatureParts.AddParts(unprotectedBody, "*");
28: requirements.OutgoingEncryptionParts.AddParts(unprotectedBody, "*");
29: requirements.IncomingEncryptionParts.AddParts(unprotectedBody, "*");
30: break;
31:
32: case ProtectionLevel.Sign:
33: requirements.OutgoingSignatureParts.AddParts(protectedBody, "*");
34: requirements.IncomingSignatureParts.AddParts(protectedBody, "*");
35: requirements.OutgoingEncryptionParts.AddParts(unprotectedBody, "*");
36: requirements.IncomingEncryptionParts.AddParts(unprotectedBody, "*");
37: break;
38:
39: case ProtectionLevel.EncryptAndSign:
40: requirements.OutgoingSignatureParts.AddParts(protectedBody, "*");
41: requirements.IncomingSignatureParts.AddParts(protectedBody, "*");
42: requirements.OutgoingEncryptionParts.AddParts(protectedBody, "*");
43: requirements.IncomingEncryptionParts.AddParts(protectedBody, "*");
44: break;
45: }
46: }
47:
The magic happens on lines 9 where we expose our custom “Level” property and then on line 15 we set the ProtectionLevel of the Contract which was the piece we’ve been needing to do.
We have effectively (and successfully) extended the standard WCF behaviour.
Once we had this, the rest was easy …
http://msdn.microsoft.com/en-us/library/cc952299.aspx
A bit bummed out that we have to place this in the machine.config though; I tried in my application’s config file and even in the BTSNTSvc.exe.config but it doesn’t pick it up anymore; it seems it has to be the machine.config.
Once this behaviour was registered in the machine.config we could get at it in the configuration of the WCF-Custom adapter.
Switching the behaviour in our service to Sign, and matching this setting in the BizTalk configuration everything worked!
Checking the output of the WCF diagnostics log files I can confirm that the message is signed, and that the body of the message is in clear text.
Switching to EncryptAndSign, WCF Diagnostics logs clearly shows the expected result; the message is signed as before, but this time the body part is encrypted.
Switching to None, well yup you guessed it …. still works!
Now BizTalk and WCF and ProtectionLevel can play nicely together!
What a relief!
BizTalk Server 2006 R2 has brilliant support for WCF out of the box; in fact I use it’s WCF based adapters almost exclusively now, unless I have a specific line of business system, like S.A.P / Microsoft Dynamics to connect to.
It is really painless to both host your orchestration (publish schemas actually) as WCF services, and equally easy to consume a WCF from within your business processes.
Up until now everything that I have been able to do with WCF when consuming a service in a regular .NET client I have been able to do with BizTalk. The WCF-Custom adapter gives you so much control with option after option after option allowing you to build up your regular app.config with a relatively intuitive GUI …
So, if it’s all that easy and straight forward then why the purpose of this post? Well … as you probably gathered from the title not everything is as peachy as it first appears.
On a project I am currently working on; [can’t tell it’s top secret :P] we have written a number of WCF services and are using BizTalk as the glue that ties everything together (amongst other things of course). We’re using certificates for signing each service call. In some deployments of this product we’d also want to use certificates for encrypting the message payload as well, in addition to offering transport level security like Https etc. Yes, the data that is being moved around is very very sensitive data! On other deployments where all the services operate within the boundaries of a protected and secured environment we want to be able to remove encryption to get rid of the additional overhead associated with encryption / decryption of every single service call.
In WCF you can set the ProtectionLevel on your service contract
1: [ServiceContract(
2: Namespace = "http://ws_test1",
3: Name = "ServiceContract",
4: ProtectionLevel = ProtectionLevel.Sign
5: )]
6: public partial interface IServiceContract
7: {
8: ...
9: }
Nice.
So for the first round of development and testing we were running with EncryptAndSign; and everything worked real nice! Until one of the developers used Sign only. When he did this suddenly BizTalk complained.
“Message body part was not encrypted.”
This was found on the receive shape of the two way send port talking to the service. I checked all the logs on the service and it was definitely called and it built up the response and sent it out fine. For some reason BizTalk was expecting the response to be encrypted!?!?! But Why?
I hunted through piles and piles and piles of different options in the config of the WCF-Custom adapter. Checked behaviours, bindings, everything we could think of and nothing seemed to work.
With the same BizTalk config if we just redecorated the service to EncryptAndSign … presto BizTalk was happy. Fiddler and WCF diagnostics confirmed that the service was encrypting the response and obviously BizTalk was happy with this.
Am I the only person in the world thus far to try this?
I Google’d and found two posts that were about the same thing, so clearly others have tried but failed …
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=4022638&SiteID=1
&
http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=1935360&SiteID=1
but sadly on closer inspection these posts cross-reference each other, both saying to check out the other one for a solution.
I posted many requests to the BizTalk newsgroups and forums
http://groups.google.com/group/microsoft.public.biztalk.general/browse_thread/thread/76557fd301851c9a/de1bd9974a056fb5?lnk=gst&q=EncryptAndSign#de1bd9974a056fb5
&
http://groups.google.com/group/microsoft.public.biztalk.server/browse_thread/thread/5699ce6a8ed0ee31/a5a118bc3cf1a03c?lnk=gst&q=EncryptAndSign#a5a118bc3cf1a03c
But no useful response from anybody on the forums.
This can’t be!
Stayed tuned for more … because a solution has been found and I busy writing this up and will post here once it is done and tested.
So we're running our development environment on a virtual environment and the team that setup the environment setup one Windows 2003 server as a base and then cloned this multiple times. One of these clones became our BizTalk server and another one became our SQL Server.
So .... Install works fine but when trying to run the config wizard we ran into all sorts of problems.
After struggling for hours I found this article http://www.architectingwith.net/2007/08/13/quotWarningTheCIDValuesForBothTestMachinesAreTheSamequot.aspx which details the EXACT same problem.
Turns out the problem stems from the shortcut taken upfront by cloning the machine. The CID of the MSDTC service was the same on the two machines and this was causing all the issues.
A simple uninstall | reinstall of MSDTC as detailed in that article fixed the problem.
Damn; I wish i had found that earlier ... might've saved me some hair!
Lessons learnt
a) Google sooner
b) Don't take shortcuts that might save you an hour or two upfront when it ends up costing you 8 hours further down the line.
Who knows how many of these other little quirks are hanging about under the covers that we'll only find out about after many hours of frustration!?!!?!
More Posts
Next page »