Using Fiddler to capture SOAP messages between the CS2007 Web services and clients

  • Article

I've found it really useful to utilize HTTP monitoring tools like Fiddler to monitor the traffic between the CS2007 Business User Apps and the Web services.  Fiddler acts like an HTTP proxy server between the client and server, logging the traffic and letting you visualize it in interesting ways.  There are just a few gotchas that prevent this from "just working" with the CS Web service agents and business UI's like it typically does for IE sessions.

Note: I used Fiddler v 1.2.0.7 for this testing.  I installed fiddler on the same box as I was running the clients and servers.

Configuring Fiddler

The first thing you need to do is download and install Fiddler, and configure its options.  By default, Fiddler proxies from port 8888.  That should work just fine assuming you have the port free.  One option I needed to change was to disable the chaining to an upstream proxy so that I wasn't routing traffic through our corporate proxy server which didn't work.  Here's what the Fiddler configuration screen looks like:

Fiddler Options

Note that I allowed remote clients to connect - this is not the default, IIRC.  Also note that you should turn off the "Act as system proxy on startup" for the purposes of this exercise.  If you don't, the .NET client will try to use the default Wininet proxy settings and the initial connection in the next step will fail because you can't disable KeepAlives until the connection exists in the config file.  It's just easier this way and you get more control over which connections will use the proxy and which won't.

Configuring the Business User apps to use the Proxy

Now that you've got fiddler configured, the next step is to create a new connection for the business user apps that will be configured to use the proxy.  Let's start with CatalogManager, it's the simplest since it only involves one connection.   Launch the app.  Create a new connection (use File->New Connection to launch the Site Connections dialog, then click the "New" button).  We'll configure this connection to use a proxy server.  So name it "Proxied" or something that will remind you the connection will be configured to use an HTTP Proxy.

IMPORTANT: Don't enter the proxy server information at this step!  Why?  The connection will fail and CatalogManager will only persist the connection information upon successful connection to the Web service.  We'll need to disable Keep-Alives for the connection first, and you can't do that through the UI.  We'll have to edit the configuration file for that and it's easiest to let the app create the new connection entry in the config file first, then edit it to add the proxy settings.  Your best bet is actually to create the new "Proxied" connection and then revert the connection back to the default connection (this is for reasons we'll see later where the connection information for the "Default" connection gets duplicated in the config file).

Note: Do not use "localhost" in your Web service connections or for the proxy server name; my experience is that it won't work if you do this.

Don't enter a proxy setting yet

Editing the config files: Keep-Alives and NTLM

The default authentication method that is used by the CS2007 Web service agents is NTLM and in order to get NTLM to work correctly with the CS2007 agents and Fiddler, we'll need to disable Http Keep-Alives.  Fortunately we added a feature that makes this possible very late in the development of CS2007.  Unfortunately, we added it too late to expose that setting in the UI's (it is a per-connection setting).  So you'll need to locate the configuration file under your user profile and edit the connection settings there.  First, be sure to close the application if it is still running since it persists settings to the file on exit.

For the CatalogManager the path to the per-user config file is deterministic.  For CustomerAndOrderManager and MarketingManager, the path is not deterministic since it uses the .NET 2.0 settings provider.  The CatalogManager user configuration file path is:

"%UserProfile%\Application Data\Microsoft\Commerce Server Catalog Manager\CatalogManager2007_UserPreferences.xml"

Edit this file in your favorite text or XML editor and locate the settings for your "Proxied" site connection under the <SiteReference> element.  Configure the connection as below, setting the HttpKeepAlive value to False and entering your Proxy information.  Be sure to leave the BypassProxyServer setting to False or it will bypass the proxy for local UNC paths.

<Site Name="Proxied" IsActive="True">
<CatalogWebService>https://myserver/CatalogWebService/CatalogWebService.asmx</CatalogWebService>
<ProxyServer>myserver</ProxyServer>
<BypassProxyServer>False</BypassProxyServer>
<ProxyPort>8888</ProxyPort>
<UserName></UserName>
<Password></Password>
<LoginRequired>False</LoginRequired>
<HttpKeepAlives>False</HttpKeepAlives>
</Site>

Now when you launch CatalogManager with this connection active and with Fiddler running, you will see all of your SOAP traffic being logged.  Very cool!

Why doesn't it work for CatalogAndInventorySchemaManager?

Well, you know how I mentioned we added this feature for enabling configuration control over HTTP Keepalives very late in the process?  Unfortunately we didn't have time to do this for the CatalogAndInventorySchemaManager though it was done for all of the other apps.

Note that if you wanted to make the corresponing setting programmatically in a custom UI built on the CS2007 service agent types, just set the KeepAlive property on the ServiceAgent object to False when you want to use Fiddler.

CustomerAndOrdersManager and MarketingManager configuration

As mentioned above, the CatalogManager config file is here:

"%UserProfile%\Application Data\Microsoft\Commerce Server Catalog Manager\CatalogManager2007_UserPreferences.xml"

The other two (MarketingManager and CustomerAndOrdersManager apps) use the .NET settings provider, and so you will find the config files under a subfolder here:

"%UserProfile%\Local Settings\Application Data\Microsoft_Corporation\"

For example, mine are:

CustomerAndOrdersManager._StrongName_3mb1ccmqsifja4zex4l3jyde4dcgmrof\6.0.1.0\user.config

and

MarketingManager.exe_StrongName_kxy0aqggpha01yxhz4sldhsz3p2hukkw\6.0.1.0\user.config

Note: Due to the way the settings provider is used, the default connection settings will show up in there twice, once under the <DefaultConnection> element and again under the <ArrayOfConnectionInformation> element.  If you didn't listen to my advice above and revert to the default connection before closing the app then you'll need to edit both copies of the configuration - you can just configure it in one place and cut and paste the settings into the other location.  Yeah- 'smugly.

You'll notice the configuration here looks just a little different from the above, but is essentially the same.  Again, the only setting that you can't change through the UI is KeepAlive, which you must set to false for the proxied connection.

<ConnectionInformationItem>
<ConnectionName>Proxied</ConnectionName>
<CatalogWebServiceUrl>https://myserver/CatalogWebService/CatalogWebService.asmx</CatalogWebServiceUrl>
<OrderWebServiceUrl></OrderWebServiceUrl>
<ProfileWebServiceUrl></ProfileWebServiceUrl>
<MarketingWebServiceUrl>https://myserver/MarketingWebService/MarketingWebService.asmx</MarketingWebServiceUrl>
<ProxyServerName>myserver</ProxyServerName>
<ProxyServerPort>8888</ProxyServerPort>
<BypassProxyServer>false</BypassProxyServer>
<ProxyRequiresAuthentication>false</ProxyRequiresAuthentication>
<ProxyServerUserName />
<ProxyServerPassword />
<KeepAlive>false</KeepAlive>
</ConnectionInformationItem>

The CustomerAndOrdersManager application and SSL

For security reasons the CSR UI will by default only connect to the Profiles and Orders Web services over SSL (think - resetting user passwords, etc).  For debugging or troubleshooting you may want to see your traffic unencrypted and so you'll want to disable the SSL requirement on the client.  To do so, you'll need to edit the application configuration file:

C:\Program Files\Microsoft Commerce Server 2007\Business User Applications\CustomerAndOrdersManager.exe.config

Change the AllowHTTP setting to True:

<setting name="AllowHTTP" serializeAs="String">
<value>True</value>
</setting>

Be sure the app isn't running, or restart the app after this config change.  Now you can use non-SSL URL's where you could not before.

While we're on the topic of SSL, if you ever want to test the business user applications with Basic authentication but not over a secure SSL channel, you'll need to configure the AllowBasicAuthOverNonSecureChannel setting to true in the application config files (it doesn't appear in the config files by default).  Again this policy is there by default for security reasons.

Sample Capture

Here's an example of a capture from the "RAW" view of the Fiddler session inspector (this is the first request-response pair you see with MarketingManager, for example):

POST /MarketingWebService/MarketingWebService.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.42)
Content-Type: text/xml; charset=utf-8
SOAPAction: "https://schemas.microsoft.com/CommerceServer/2004/02/WebServices/GetServiceVersion"
Authorization: NTLM TlRMTVNTUAADA.....
Host: myserver
Content-Length: 339
Expect: 100-continue
Proxy-Connection: Close

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="https://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="https://www.w3.org/2001/XMLSchema"><soap:Body><GetServiceVersion xmlns="https://schemas.microsoft.com/CommerceServer/2004/02/WebServices" /></soap:Body></soap:Envelope>

HTTP/1.1 200 OK
Date: Sun, 03 Dec 2006 02:08:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Length: 484

<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="https://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="https://www.w3.org/2001/XMLSchema"><soap:Body><GetServiceVersionResponse xmlns="https://schemas.microsoft.com/CommerceServer/2004/02/WebServices"><GetServiceVersionResult><MajorVersion>5</MajorVersion><MinorVersion>0</MinorVersion></GetServiceVersionResult></GetServiceVersionResponse></soap:Body></soap:Envelope>

Conclusion

Fiddler and other HTTP/SOAP traffic monitoring tools are an effective and useful means of debugging and troubleshooting a number of functional and performance issues that may occur in a CS2007 deployment.  It's also just really interesting to see the messages being exchanged and can help you understand what functions are being accessed from any given screen and how Commerce Server works in general.