The other day I released a library (BizUnitCompare) for simplifying the testing of integrations in BizTalk using BizUnit.

Let’s say that you know what a message should look like when the integration is working like it’s supposed to. Using BizUnit you could drop a message into BizTalk and let BizTalk have its way with it. When BizTalk is done with it it might put the result somewhere on your file system.

Wouldn’t it be wonderful if you had a tool that compared the message BizTalk just put on your file system with another message containing the data like it should look and then tell you the differences – if there were any? Some of you might say that this is entirely possible using BizUnit as it is. Well, yes. It is possible. But only if you want to put in hours and hours of work configuring an XPath expression for each and every element and attribute with its expected result for your complete message (is that the echo of slowly dying BizUnit tests that aren’t being maintained?).

This is where BizUnitCompare enters the stage. With BizUnitCompare all you have to do is to tell it what the expected result is (a file stored somewhere on your file system), where to look for the newly generated file (created by BizTalk perhaps using BizUnit) and what elements/attributes/parts of a flat file it shouldn’t look at (e.g. time stamps and so on).

The whole idea behind this is that it’s probably less work to exclude the parts of a file you’re not interested in comparing rather than including everything you are interested in comparing.

Now go, get started building your BizTalk tests!

During the past day I’ve been struggling with a rather peculiar problem. It involves the following ingredients:

• BizTalk Server 2006 R2
• WCF (Windows Communication Foundation)
• A web service running on an IIS platform requiring NTLM as the authentication method
  • No authentication requirement for downloading the service metadata (WSDL)

I’ll spill the beans right away – you won’t succeed. At least not without building something involving unmanaged code (see this article for further information). This here, rather lengthy, article aims at explaining the reasons why you won’t succeed – it won’t give you a solution in the end, sorry about that. The only solution which might work is the one previously linked, haven’t tried it though. In the end we ended up opting for another authentication mechanism.

Here’s the whole story:

Due to the fact that generating the WCF client required no authentication the following problem didn’t surface until rather late in our development process, actually as late as when we were doing final tests in the BizTalk test environment.

So, what happens is this: the WCF port in BizTalk tries to send a SOAP message to the web service it’s configured to connect to. The web service states that the client (the BizTalk server in this case) is unathorized (HTTP 401, to be specific). Along with this message it says that the allowed authentication method is NTLM. As a result of the fact that downloading the service metadata required no authentication the generated configuration for the WCF port in BizTalk states nothing about how it should proceed to actually authenticate. What to do?

By now you’ll be digging around the various dialogs in the WCF adapter configuration in BizTalk looking for a place to enter a user name and a password. Depending on the port type chosen (WCF-Custom, WCF-BasicHttp or WCF-WSHttp) and the chosen binding (wsHttpBinding, basicHttpBinding or customBinding) the dialogs might look a little different. How ever, the end result is this:

• For any other port type than WCF-Custom there’ll be a tab called Security allowing you to enter credentials – but only if the authentication method chosen is set to “Basic” (or “Digest”, but that’s not really interesting for this scenario). For “NTLM” the Edit button allowing you to configure the credentials will be disabled.
• If you’ve chosen WCF-Custom as your port type there’ll be a tab named Credentials where you can enter a user name and password. Only problem is that this information will be ignored if you set the clientCredentialType to “NTLM” within the binding configuration for your endpoint. So no luck there either.
• Not even if you add the clientCredentials extension as a behavior and configure that behavior to be used for your endpoint you get settings for user name and password. What you do get though is a truck load of options for configuring client certificate authentication. Yay.

Just for fun one could try to set the authentication method (clientCredentialType) to “NTLM” within the binding, and never mind the fact that won’t be able to enter a desired user name and password. This only gets interesting with web proxy that’ll show you what is exchange between your client and the server. An excellent program to use for this is Fiddler. What you’ll notice after running the test is that the WCF port will try to authenticate with the service using the credentials held by the host process (the BizTalk host instance in this case). Of course the server hosting the web service won’t know anything about that account and therefore it’ll deny the request.

So how would you go about overriding the credentials sent by the WCF adapter in BizTalk? Should you be presented with this problem in a regular .NET run time environment (such as a console application or windows service) you’d probably end up doing it in one of the following ways:

• Creating a class which inherits the ClientCredentials (MSDN link) type in which you would explicitly set the Windows.ClientCredential.Username property along with the Windows.ClientCredential.Password property and the Windows.ClientCredential.Domain property to what ever you like. This type would then be pointed out in your WCF client configuration as the type to be used by the clientCredentials behavior extension for providing credentials (see this link for documentation about the ClientCredentialsElement.Type property, and see this screenshot for an explanation of how to set it up).
• Another way of doing it is to do it directly on your generated client proxy within your applications code. A slightly more hard coded approach, but certainly viable:

serviceProxy.ClientCredentials.Windows.ClientCredential.UserName = “HelloKitty”;

Trying to send a SOAP message from your regular .NET application using any of these methods will result in the WCF client sending the correct (as in, desired) credentials to the server and thus succeeding in authenticating.

Why all the fuss with putting the user name and password in code and not in the WCF section (<system.serviceModel>) of your configuration file? Well, it’s been decided that giving the option of declaring credentials in a configuration file is insecure and therefore should not be supported out of the box. Not a totally stupid thought, actually. Worth noting here is that your code implementing any of the two solutions above could of course read the user name and password from anywhere you want – a database, a text file, basically anything.

Considering that the actual WCF configuration in BizTalk allowed me to specify a custom type for providing clientCredentials (as seen in this screenshot) I decided to go with the first alternative. Now that I had created a type that inherits the ClientCredentials (MSDN link) type I added it to the GAC, I added the fully qualified assembly name to the type-property of the clientCredentials extension for the newly created client behavior which I had added to the endpoint (screenshot shown again here). After doing all these things the setup is ready for another test. Nota bene: these configuration options require you to use WCF-Custom as your port type.

This test will fail! The Event Viewer will have an entry in its Application log saying this:

System.InvalidOperationException: The ClientCredentials cannot be added to the binding parameters because the binding parameters already contains a SecurityCredentialsManager ‘System.ServiceModel.Description.ClientCredentials’. If you are configuring custom credentials for the channel, please first remove any existing ClientCredentials from the behaviors collection before adding the custom credential.

Yes, this will be confusing to you (and me) since we in the configuration are only allowed to specify one custom type for providing our ClientCredentials. So where did the other instance come from, and why did it get there before our custom one?

Thinking about this I came to the following conclusion: the developers of BizTalk had a problem they needed to overcome. Remember what I said about storing user names and passwords in WCF configuration files? Since this was deemed to be unsafe by the WCF team this meant that the developers building the WCF adapter for BizTalk weren’t able to solely rely on the WCF configuration file structure to provide all the data needed for the WCF port to actually execute, especially if any credentials would be required by the service in the other end. You might also remember that you, as a developer configuring the WCF options of your WCF port in BizTalk, are allowed to enter credentials if “basic” is chosen as the authentication method. My guess here is that those credentials entered in that dialog end up somewhere in the SSO database used by BizTalk. But how do they get from the SSO database to the WCF runtime when the WCF port needs to send a message?

This is where the secret sauce enters the stage! The only explanation I’ve come up with is that the wrapper code for the WCF adapter in BizTalk dynamically generates a ClientCredentials instance which is populated with any data entered by the BizTalk administrator in the port configuration. This instance is then added to the generated WCF client in BizTalk and thus disabling any other instances of the same type to be added to the same client.

So, to sum this up I’d say the following:

• The credentials implementation for the WCF adapter in BizTalk 2006 R2 is broken. Possibly in more ways than one:
  • It won’t allow you to successfully specify user name and password for NTLM authentication.
  • It won’t allow you to successfully specify a custom type providing credentials for NTLM authentication.
  • It seems to have a hard coded behavior where it insists on sending the host processes’ account details as authentication credentials when NTLM is chosen as the authentication method. This may be by design or standard – I don’t know.
• The decision to deny developers the ability to store credentials in an application configuration file is not bad – but it should be more “out in the open” that there is a security reason behind this decision. During these days I’ve seen dozens of forum threads with people trying to figure out why they can’t find a place to configure their user name and password for the service they’re accessing, all of them assuming that they have missed something, somewhere.

The solution (which I said I didn’t have)?

Use any other authentication mechanism than NTLM, atleast if the host process account has no chance of being granted access to the target service. Or try out the linked article in the beginning of this post. Good luck!

I had the opportunity to assist one of my co-workers today in troubleshooting a web service + Silverlight client I had built for a customer a while back. The combination of the two enables users to upload large files to a server over intermittent internet connections. My co-worker mentioned that she got an error message in a message box from the Silverlight client stating that something was wrong with the parameters sent to it.

In the end it turns out that the parameter for the maximum file size allowed to upload had been set to 3 GB. The specification I received when building this stated that the maximum file size that the system should be able to handle would not exceed 1 GB. So I figured a regular int would suffice for managing the maximum file size restriction.

So what this malconfiguration gave was that the Silverlight client tried to stuff the value of 3GB into an int – this is a no go. My co-worker is not to blame for this, she just got this particular setup handed to her from someone else.

What you specify is what you get.

While preparing my MacBook Pro which I bought for myself on my 30th birtday this Wednesday one of the things to get done was to get the 3G-modem to work. Having used the modem on my various Windows-machines before I knew that a OS X installer was lying around on the internal memory, so I just fired it up. Sadly it turned out that the Launch2Net installer failed, so I proceeded to uninstall it.

After awhile I found a newer version of Launch2Net which allegedly is Snow Leopard compatible (I need to learn that 10.x releases actually differ quite a lot internally from time to time), so I downloaded that one and installed it. Only problem now was that even though the manual claimed that the software would fire up automatically when the modem was inserted nothing happened! No matter how many times I uninstalled the software, rebooted or removed it with AppCleaner and then re-installed it. No go.

By now I started wondering if the rollback of the first installer hadn’t ended cleanly. Long story short, after learning that drivers aren’t what drivers are in Windows but are rather installed as kernel extensions I began looking for where these extensions are stored, the answer is: /System/Library/Extensions. Well, lo and behold – even after having uninstalled all visible traces of the software there were extensions left (named NMSonyEricsson[...]). After having manually deleted these extensions (which actually are folders containing binaries and other stuff) I rebooted and then installed the latest version of Launch2Net SonyEricsson Edition (the link is specifically for the modem I have (SonyEricsson MD400) which in my case happens to be 1.9.1.0 and then rebooted again.

Now it all works! The software fires up when I plug in the modem and it configures itself according to the network the SIM card belongs to and I’m able to connect. I’ve been listening to Spotify for the past 40 minutes now without a hitch – so I’m happy!

What I’m taking away from this is that I continue to not be surprised by the crappy quality a lot of cell network providers have to live with when distributing hardware for which someone else provides the software. Especially when we’re talking about a niche operating system like Mac OS X.

Now that I’m in between assignments I thought I’d take the opportunity to install Windows 7 on my work laptop (a HP 8510w) in order to get better performance in my virtual machines. Several colleagues have already installed Windows 7 on their laptops of the same model, so I figured I’d take the plunge.

A colleague recommended that I should use a USB drive to install from as this would save me a lot of time and since I had read about the tool that Microsoft har released for this I figured that I would give it a go. Turns out that I had to download the tool from a CNET server because the tool has been pulled by Microsoft due to a license problem. Went ahead and prepared my 4 GB USB stick with the ISO and rebooted.

After having clicked the “Install Now” button all I get is a dialog telling me that I’m missing a CD/DVD device driver and tells me that I should browse for a location containing the drivers needed. That is misses a working driver is, in my view, utter bullshit. Why? Because when I browse for the drivers (which I don’t have by the way, because who needs drivers for a CD/DVD drive nowadays?) I can browse my hard drive (so it’s not a problem with not having a working hard drive to install to), a CD inserted into the CD drive, and the contents of the USB stick containing the Windows 7 installation.

Googleing the problem shows a bunch of people having this problem due to faulty burns of their DVDs, but this doesn’t apply to me since I’m using a USB stick to install (but I did re-prepare the USB stick three times just to be sure). The few people I’ve found that have had this problem haven’t had it with earlier versions of Windows 7 (betas and release candidates) and some of them seem to have cured the problem by changing the SATA configuration in their BIOSes (i.e. changing from SATA mode to IDE mode). One Microsoft site even suggests that the controller in the computer is not compatible with the AHCI driver provided by Microsoft. How the heck could it not be compatible when it’s been working without a problem in Windows Vista? Actually I thought about changing SATA settings in the BIOS, but I didn’t find any settings which solved this problem.

Tomorrow I’ll try to install from a DVD which is known to have worked for a bunch of my colleagues and see what happens then. But somehow I don’t really beleive in success. After having re-prepared the USB stick three times the corruption problem is most likely not what’s causing this, so it’s more likely that i’ve got a weird hardware revision of the laptop which screws this up.

Things like this want me to get a MacBook Pro and just forget about problems like these! Atleast there’s a greater chance to get Windows working virtually…

So, as a part of my current consulting assignment I’ve been asked to work out a way of documenting the integrations that are deployed in the BizTalk 2006 platform I’m working with. I’ve stumbled across a tool called BTM2HTML/BizTalk Map Documenter (a codeplex project), but the main problem with this tool is that it only documents BizTalk maps. Orchestrations or pipelines and so forth are left out of the equation. Also the presentation of the mapping wasn’t really useful to us, it was somewhere in between technical and end user friendly. A developer wouldn’t be happy with it because it’s too much of a user presentation and the user wouldn’t be happy with it because he/she wouldn’t understand it fully.

What I set out to find was some tool that would help me extract the generated XSLT from a BizTalk map (either from the .btm-file or the assembly) and preferably not require me to manually load over 1500 projects in one instance of Visual Studio (and then right-click every single map to select “Validate map”). After asking around I got this tip: BizTalk Server 2006 Documenter (also a codeplex project). This looked exactly like what I wanted! Everything in my BizTalk platform would be documented in detail and neatly packaged into one comprehensive file. Only problem: it threw an exception when I tried to document my local BizTalk server!

It turns out that the application (or well, rather the base library that the application uses (BizTalk OM, yup – another codeplex project)) has issues with multiple versions of the same binary being installed on the same BizTalk server (i.e. in the servers assembly cache (GAC)). For some weird reason a design decision was made to store the map names, orchestration names, pipeline names, schema names and assembly names without version information as keys in a hashtable. It comes to no surprise that when confronted with a second version of for example a pipeline the application will encounter an exception due to the fact that the name already exists as a key in the hashtable storing pipelines for the current BizTalk application.

So for the last couple of days I’ve tried to spend as much time as possible extending the base library so that it will be compatible with BizTalk installations that have multiple versions of the same map names, pipeline names, orchestration names and assembly names. To be brutally honest my solution isn’t the most elegant, but it works. All it does is append the version of the artefact in question to its name when the instance of the type is created. What should be done is rather some re-engineering of the way the class library is built and how the inner collections are stored. Also, I don’t know if I’ve missed some artefact type which should be extended in the same manner just because it isn’t used in our server.

I’ll see if I can get in touch with the persons responsible for the various bits and pieces I’ve changed in order to add my efforts to the project or atleast receive some feedback. If you should feel that my changes would make your life better before I’ve managed to add them to the official project you can always contact me through this blog and I’ll be happy to send you the code (or even the packaged installation) – the license permits this from what I can see.

(Of course there’s a slight chance that I’ve completely missed something about all this multi-version yahoo which solves my initial problem with the exception, but if so – I haven’t found it yet).

Today I’m going to do something that is against my standards. I’m going to deploy stuff to a production environment on a friday.

Generally it’s a bad idea to deploy things in to production on fridays and some readers might wonder why. Well, do you like working weekends? Thought so. If something can go wrong with the package you’re deploying it most certainly will go wrong if you’re deploying it on a friday – it’s like asking for it!

Ah well, sometimes you just can’t choose. As I like to say: The money always wins. And by that I mean that the people in charge of the money always tend to win, and if they want the deploy on a friday they get the deploy on a friday.

If you’re in the same business as me – try to stay away from deploys on fridays if possible, but don’t break your back over it. Because that’ll be you dying, not them. =)

Found this post which most definitely is going to help me next time I have to debug slow running or seemingly dead processes/threads. If I have to I’ll get a dump of the process and analyze it, but to be honest I wouldn’t mind not having to . =)

This is what it looks like: