Rory Primrose

Learn from my mistakes, you don't have time to make them yourself

View project on GitHub

Lying to WCF

There are cases when you need to transmit username/password credentials to WCF without transport security. The times that you should do this are rare because of the obvious security implications of sending credentials over the wire without encryption. One case where this is required is where hardware acceleration is used in a load balancer. The traffic between the load balancer and the client is encrypted, but the traffic between the load balancer and the service host is not. The issue here is that the service still needs the credentials passed to the load balancer from the client.

Drew Marsh has a great write up about how to lie to WCF about the security of the binding that it is using for a service. Nicholas Allen has also posted on the topic here and here.

Read More

WCF Security - Getting the password of the user

A common problem with service security is that username/password security is needed for authentication and authorization at the service boundary, but those same credentials are also required to consume other resources such as a database or underlying service. By default, username/password security will run the authentication and authorization of the credentials but only the username is available to the executing service code. This is typically made available through Thread.CurrentPrincipal.Identity.Name.

Storing username password credentials in a custom principal and identity against Thread.CurrentPrincipal is a really nice way of going. Thread.CurrentPrincipal returns IPrincipal which is a common framework type that will be available to all layers of a service executed by the thread. If Thread.CurrentPrincipal.Identity can return a custom IIdentity, then this is where the password can be made available. Using Thread.CurrentPrincipal frees up business and data access layers from relying on any security design that is tied up with a specific service implementation. The trick is how to get username password information into the thread that executes the service code.

Read More

Implementing IErrorHandler

As soon as I read about IErrorHandler in Juval Lowy’s book, I was sold. This interface in WCF is excellent to use for error handling and shielding at service boundaries. The interface comes with two methods.

  1. ProvideFault allows you to handle the error and determine what is returned to the client. This is where exception shielding comes in. The service implementation or any of the layers in the service can throw an exception. The error handler is the opportunity to determine whether the exception thrown is something that the service understands and is happy for the client to receive or whether the exception needs to be shielded into another exception/fault. A shielded exception would typically be a generic service exception that says that the service encountered an error.
  2. HandleError allows you to process some error specific logic asynchronous to the service call. This means that you could do some tracing/instrumentation or some expensive operation without blocking the client call.
Read More

Code coverage doesn't like foreach loops

I have an interesting scenario that I have just come across in my code. I have a foreach loop that is not getting 100% code coverage in unit tests. Prior to this, I really liked foreach for its ease of use and readability even though there is a minor performance penalty compared to using a for loop.

Here is the situation. I have a flush method that looks like this:

Read More

Outlook has a dialog open, but it doesn't

I was playing with a new profile on my laptop last night as I was wanting to work with Outlook data syncing to my phone without changing the data on my normal profile. After I logged in, I found that Outlook wasn’t responsive. I could use the mouse to do actions, but not the keyboard. I also couldn’t close it. When I tried to add a SharePoint list Outlook would give me a message saying “A dialog is open. Close it and try again.” The great thing was that there was no dialog open.

This frustrated me insanely for 30 minutes. I then remembered something from working at a small IT company about eight years ago. Back then, we had an issue with Word automation from VB6 on a server where the account running the service hadn’t yet logged into the machine. Word was locking up on the dialog that appears asking for your name and initials. We had to log into the machine running the service with the service account, open Word, click Ok, log off and then the service would run the Word automation without a problem.

Read More

Log in form usability problem

I’ve just realised a usability problem with website log in forms. The “remember my password” checkbox is almost always below the log in button. For keyboard support, the sequence goes like this:

  1. Give focus to the username field (any good app would do this for you)
  2. Type in username
  3. Tab to focus on password field
  4. Type in password
  5. Tab to focus on the log in button (with perhaps another tab to get over a cancel button)
  6. Tab to focus on the checkbox
  7. Space to check the checkbox
  8. Shift-Tab to give focus back to the log in button with perhaps another tab if you need to skip over a cancel button
  9. Space to fire the log in button

If the forms where changed to simply have the checkbox above the log in button, then the keyboard sequence would be:

  1. Give focus to the username field (any good app would do this for you)
  2. Type in username
  3. Tab to focus on password field
  4. Type in password
  5. Tab to focus on the checkbox
  6. Space to check the checkbox
  7. Tab to focus on the log in button
  8. Space (to fire the Log in button)

This would read better as the user only traverses down the screen rather than down and then up. It removes unnecessary actions and makes more sense.

Read More

Xml comments and the include element

I have been doing a lot of work over the last week writing xml comment documentation. I have been compiling the xml output into chm files using SandCastle, SHFB and my own SHFB wrapper application. I have been increasingly been finding that I am writing remarks that I want to reuse across different methods and properties of several classes in an assembly. Today, I had a particular property scattered among several data contracts for a WCF service that are used for the same purpose and have the same xml comments.

For several days I have been doing the very bad practice of writing the documentation and copying what I need to the other locations. I remembered reading about the <include /> element for xml comments and read up on it in more detail (see here and here). After a bit of experimentation today, I can say that the <include /> element is very powerful for three reasons:

  1. You can include the entire xml comment for an item
  2. You can include part of the xml comment for an item
  3. You can include include elements and they will be recursively resolved

Lets look some examples. Here is my initial code:

Read More

ReSharper comment token identification

ReSharper has a handy feature where it will identify tokens in your comments such as todo, note, bug etc. The Visual Studio IDE has a similar feature for TODO where it will identify those comments in the Task List window.

My issue with the ReSharper implementation is that it will identify these tokens even if they are in the middle of the comment rather than just at the start of the comment line. I originally posted an issue into the JetBrains Jira system thinking that this behaviour was not configurable, but then found that ReSharper identifies these tokens with regular expressions. If you open up ReSharper -> Options -> To-do Items, you will see a set of patterns identified.

The patterns defined are Todo, Note and Bug (I added Hack as a duplicate of Bug to support the default Visual Studio HACK token). I modified these regular expressions to ignore words beginning before the token. Instead, I just look for the beginning of the line. For example, the Note pattern was:

Read More

SandCastle Builder Support for Namespace Documentation

At work we have recently integrated building SandCastle documentation into our TeamBuild process using the SandCastle Help File Builder (SHFB) application. I created a wrapper application to achieve the same thing as a local dev process to help authoring the help contents.

One of the issues we had was how to add namespace documentation. The process we were using was to pass all the required information to SHFB instead of using a project file. The SandCastle project file is where the namespace documentation would normally be stored. Instead, we added the namespace documentation to an xml file stored in the appropriate documented Visual Studio project with a known file name format. The xml file was marked as to be copied to the build directory which would also make it available to team build. This file is then passed to SHFB using the -comment switch.

This may change in the near future as it looks like Eric has checked in a change to the latest SHFB beta that will do the same as the old NDoc model for namespace documentation (see here). Soon we will be able to create an internal class called NamespaceDoc in a namespace and SHFB will pull it out for us. This allows us to have documentation nicely stored in the code along with everything else.

Read More

Code coverage not available when debugging unit tests

Yep, this one bit me last week.

I had been writing some unit tests and debugging them. When the tests were finished, I kept wanting to look at the code coverage. All I would see was the message "Code coverage is not enabled for this test run". After trying lots of things and wasting 30 minutes, it turns out that code coverage is not available when debugging unit tests, even though code coverage is enabled through the testrunconfig file and that the build configuration is set Debug.

To avoid this mistake in the future, you can enable a warning message that specifically highlights the problem. Go to Tools, Options, expand the Test Tools node and select Default Dialog Box Action. There is an option called "When starting a remote test run or a run with code coverage under the debugger:". Set this value to "Always prompt". The next time that you run a unit test with the debugger attached, you will get a warning message saying "Debugging tests running on a remote computer or with code coverage enabled is not supported. The tests will run under the debugger locally and without code coverage enabled.".

No more confusion.

Read More