UsernameToken Profile vs. WCF

The WS-Security UsernameToken Profile 1.0 defines how the username and password can be encapsulated into a security token. The profile defines two different ways to transmit the password (or password equivalent): ·         wsse:PasswordText: the password is sent in clear-text ·         wsse:PasswordDigest: a digest derived from the password is sent As documented on MSDN, only the…

5

Override AtlThrow with care

ATL allows you to replace its stock routine, AtlThrow, for communicating an error back to the caller using exceptions. This is documented on MSDN here: http://msdn.microsoft.com/en-us/library/z325eyx0.aspx. Most of the time, when ATL encounters an error and you overrode AtlThrow with a custom implementation, the latter will be called (as expected). However, a customer reported that…

0

WIF on Windows Server 2003

I was setting up Windows Identity Foundation (WIF, formerly known as Geneva) on Windows Server 2003 to reproduce a customer’s problem. However, I got the following exception, even when trying one of the WIF SDK samples: CryptographicException – Object identifier (OID) is unknown System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid) +0   System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid) +37   System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str) +61   System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[]…

0

Garbage collection vs. expression evaluation

A few months ago, a customer contacted us with a problem that seemed to be related to WCF. As it turned out, its roots were deep within the CLR… The error was indeed thrown by WCF: it was a System.ServiceModel.CommunicationObjectAbortedException: “The communication object, System.ServiceModel.Channels.HttpChannelFactory+HttpRequestChannel, cannot be used for communication because it has been Aborted.” There…

0

Tool of the month: Microsoft Service Trace Viewer

I was quite busy during the last two months, but today I’m back with a new post. If you use WCF, you’ve probably already come across this tool, which is mostly marketed as WCF’s troubleshooting companion. However, it’s actually a very useful utility for general .NET troubleshooting. Note that this post does not aim to…

0

CAtlHttpClient and NTLM authentication

I’m working on a customer problem that revolves around NTLM authentication. To cut a long story short, it seems that customer’s client (which builds on ATL Server*) stopped authenticating its requests with IIS. While the actual cause of customer’s problem is still being investigated, I’ve already found one possible reason for such a behavior. This…

0

WCF Performance Counters

WCF offers its own set of performance counters, which allow you to observe the live performance of your services, from various aspects. However, WCF does not publish performance counter data by default, and even when enabled, you can choose which categories of counters are published. As you expect, this is designed so with a reason….

0

Avoid using Assembly.LoadFrom

On MSDN, there’s a warning that using Assembly.LoadFrom() has disadvantages. The following could be a good illustration of the problems that may arise. Not long ago I had a customer who was using Assembly.LoadFrom() to load types into their web service on-demand. Intermittently, he received HTTP 500 errors on the client, which he tracked back…

0

Visual Basic 6 and .NET COM Interop

This is a quite popular topic on the Internet, and this has a reason: a lot of developers need to integrate legacy components written in Visual Basic 6 with .NET.COM Interop is or should be one of the easiest ways to bring these two worlds together. The problem begins when multiple threads, apartments or custom…

5