Scott Hanselman

Breaking All The Rules with WCF

June 10, '09 Comments [35] Posted in Web Services | XML | XmlSerializer
Sponsored By

Sometimes, in my job, I go onsite at partners and work with them, sometimes architecturally, sometimes doing proofs of concepts to make sure they're comfortable with things working together.

This week I’m onsite at a large enterprise and one of the things they wanted to see, amongst many, was .NET interoperating with an existing Web Service. It's not important what platform their Web Service is running on, but it's not Windows and .NET. What was important was that they had WSDL and XSDs for the service, which put them above 99% of the Web Services I come upon in the enterprise.

The team here said that this particular web service used WS-Security and was a compliant web service. I figured, and told them, no problem. That's something .NET is good at. Moving angle-brackets around is something both I, and .NET do pretty well. I figured we had a number of options.

In this scenario was I going to be the Client, I could use:

  • WCF - svcutil.exe - good
  • System.Web.Services - wsdl.exe - pretty good
  • WebClient/XDocument/XmlDocument - not so good, but workable.

You get the idea. There were a few things wrong, though.

Bad-ish WSDL

They gave me the WSDL and when I ran svcutil.exe on it, I got this error (the elements have been changed to protect the innocent.)

C:\Users\Scott\Desktop\foo>svcutil foo.Wsdl foo.xsd /config:app.config
Microsoft (R) Service Model Metadata Tool
[Microsoft (R) Windows (R) Communication Foundation, Version 3.0.4506.2152]
Copyright (c) Microsoft Corporation. All rights reserved.

Error: Cannot import wsdl:binding
Detail: The WSDL binding named FooBinding is not valid because no match for
operation GetFooDetails was found in the corresponding portType definition.
XPath to Error Source: //wsdl:definitions[@targetNamespace='urn:foo:v1']/wsdl:
binding[@name='FooBinding']

Error: Cannot import wsdl:port
Detail: There was an error importing a wsdl:binding that the wsdl:port is dependent on.
XPath to wsdl:binding: //wsdl:definitions[@targetNamespace='urn:foo:v1']
/wsdl:binding[@name='FooBinding']
XPath to Error Source: //wsdl:definitions[@targetNamespace='urn:foo:v1']
/wsdl:service[@name='FooService']/wsdl:port[@name='FooPort']

I googled binged around for this to no avail. After staring at the file long enough, I realized that while this is a lousy error message (to be clear) it was telling me (obscurely) what was up all the while.

Here's a snippet of what I was looking at:

    <Type name="FooType">
<operation name="FooSearch">
<input message="tns:FooSearchRequest"></input>
<output message="tns:FooSearchResponse"></output>
<fault name="FooFault" message="tns:FooFault"></fault>
</operation>
</Type>

<binding name="FooBinding" type="tns:FooType">

<soap:binding style="document" trans="http://schemas.xmlsoap.org/soap/http"></soap:binding>

<operation name="FooSearch">
<soap:operation soapAction=""></soap:operation>
<input name="FooSearchRequest">
<soap:body use="literal"></soap:body>
</input>
<output name="FooSearchResponse">
<soap:body use="literal"></soap:body>
</output>
<fault name="FooFault">
<soap:fault name="FooFault" use="literal"></soap:fault>
</fault>
</operation>
...

The key was that their WSDL didn't have the name="" attribute on the input and output elements of the operation. The name needs to line up to the operation name in the binding.

<Type name="FooType">
<operation name="FooSearch">
<input name="FooSearchRequest" message="tns:FooSearchRequest"></input>
<output name="FooSearchResponse" message="tns:FooSearchResponse"></output>
<fault name="FooFault" message="tns:FooFault"></fault>
</operation>
</Type>

Once these new name="" attributes were added, I was able to generate my client-side stubs. I had to edit their WSDL, which sucks. However, you might argue svcutil.exe could chill out. Either way, a speed bump.

Claiming Compliance

I was told the Web Service would use WS-Security and a usernameToken. However, the actual message seemed like it was missing something.

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility" xmlns:tns="urn:foo:v1" xsi:schemaLocation="http://www.w3.org/2003/05/soap-envelope http://www.w3.org/2003/05/soap-envelope/soap-envelope.xsd urn:foo:v1 com.foo.messages.v1.xsd">
<soapenv:Header>
<wsse:Security>
<wsse:UsernameToken>
<wsse:Username>secret</wsse:Username>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<tns:FooRequest>
...

It's been a while (about 18 months) since I did any WCF and WS-Security, but UsernameToken really needs to have a Password element also. Additionally, when you're using WS-Security, you typically get WS-Addressing, etc along for the ride. There's other headers I'd expect to see.

I trudged on, built up the message and tried to send it off. First problem was that the endpoint URI I had was http, not https. It's not possible to send a UsernameToken in plain-text - the system explicitly forbids it. However, their system was setup to default to basic HTTP. Some gnashing of teeth and I found an SSL endpoint I could use. However, it's a hassle to debug SSL traffic. I usually use ProxyTrace or TCPTrace but with SSL, not so much.

Sniffing SSL Traffic with a Proxy

I ended up using Charles, an HTTP Proxy that can act as a man-in-the middle, issue an SSL cert, then decrypt the traffic, and forward it along to the real endpoint. However, the SSL Cert Charles issues isn't from a certificate authority, so I had to make a Policy to blindly (temporarily) accept all certificates:

internal class AcceptAllCertificatePolicy : ICertificatePolicy
{
public AcceptAllCertificatePolicy(){}

public bool CheckValidationResult(ServicePoint sPoint,
X509Certificate cert, WebRequest wRequest, int certProb)
{
return true; //Always accept
}
}

Then I apply it in this (obsolete, but easy) way:

ServicePointManager.CertificatePolicy = new AcceptAllCertificatePolicy();

Now I can run all my traffic through my local man-in-the-middle. I can set the proxy in my config file:

<basicHttpBinding>
<binding name="FooBinding"
...
proxyAddress="http://BigAssLaptop:8888"
useDefaultWebProxy="false">

or in my own binding:

WSHttpBinding oldBinding = new WSHttpBinding();
oldBinding.ProxyAddress = new Uri("http://BIGASSLAPTOP:8888");

FooPortTypeClient svc = new FooPortTypeClient(oldBinding, new EndpointAddress("https://example.com/foo/v1"));

This let me see the outgoing request. I noticed immediately that my WCF client was sending a LOT more stuff that I needed.

Breaking the Rules

It was hard for the client to hear, but here's the deal. They were using the usernameToken element, alone, in the WS-Security namespace in the style of an apiKey. You often see these kinds of APIs in the Web 2.0 world, when intense security isn't needed. You get a key that's unique to you, basically a GUID, and it also acts as a tracker for the provider.

However, this isn't how WS-Security usernameTokens work, or are supposed to work. Perhaps a better way would have been for them to use a custom soap:header, rather than trying to tunnel "apikey" semantics into an existing token.

At this point, regardless of relative-wrongness, I still need to get the WCF client to talk to this unusual endpoint. I could use one of the other XML mechanism available, or, gasp, a StringBuilder, but since I wasn't having trouble with the body of the message, just the envelope.

This essentially means that I wanted WCF to do something incorrect, on purpose. After a call to Steve Maine and team, along with some general freaking out, I was able to get WCF to spit out JUST a usernameToken, like this.

WSHttpBinding oldBinding = new WSHttpBinding();
oldBinding.Security.Mode = SecurityMode.TransportWithMessageCredential;
//Just the username
oldBinding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
//And basically nothing else
oldBinding.Security.Message.NegotiateServiceCredential = false;
oldBinding.Security.Message.EstablishSecurityContext = false;

//oldBinding.ProxyAddress = new Uri("http://BIGASSLAPTOP:8888");
//oldBinding.UseDefaultWebProxy = false;

//remove the timestamp
BindingElementCollection elements = oldBinding.CreateBindingElements();
elements.Find<SecurityBindingElement>().IncludeTimestamp = false;

//sets the content type to application/soap+xml
elements.Find<TextMessageEncodingBindingElement>().MessageVersion = MessageVersion.Soap12;
CustomBinding newBinding = new CustomBinding(elements);
FooPortTypeClient svc = new FooPortTypeClient(newBinding, new EndpointAddress("https://example.com/foo/v1"));
FooRequest req = new FooRequest();
//...etc...now it's just request and response.

Unfortunate, but I'll put this configuration of a custom binding, and hopefully when they fix it, it'll be a configuration change. This at least got us to a point where I can reliably call their web services.

Long day, but interesting stuff.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Building your own Arcade Cabinet for Geeks - Part 7 - Success and Conclusion

June 6, '09 Comments [17] Posted in Arcade
Sponsored By

This is the seventh part of a multi-part series I'm going to do about assembling an Arcade Cabinet for my house. This series has two disclaimers:

Software Disclaimer 1: There's all sorts of legal issues around emulating arcade games. This series of posts has nothing to do with that. I do own some original arcade boards, but if you want to emulate arcade games with MAME (Multiple Arcade Machine Emulator), you can search the 'tubes. What I'm doing here is putting a computer in a pretty box.

Hardware Disclaimer 2: Many folks that build arcade cabinets have a purist view of how these things should be done. They will prefer original Arcade CRT monitors and more expensive, higher quality parts. I am more of a pragmatist. I also have no idea what I'm doing, so I've also got ignorance on my side.

Video Tour

Here's a short HiDef Video shot with my Creative Vado HD showing the Arcade Cabinet:

Tour of the Complete System - Building your own Arcade Cabinet from Scott Hanselman on Vimeo.

What I Learned

I learned:

  • You can cut corners, save money and still end up with a nice system, as long as you set your goals up front.
  • Steel is hard to cut. Know what you're doing, or get a pro.
  • Acrylic is hard to cut. Know what you're doing, or get a pro.
  • Painting and sanding something is the easiest way to make it look nice.
  • Making stuff with your hands is very satisfying and easier than you think (if you're a coder and you think this stuff is hard).
  • I could do it way better next time. ;)
  • I, myself, prefer to refurb old stuff rather than make new stuff.

All in all, the wife is amazed it looks so good, and she's said I can bring it into my den/office. She's nixed the living room...for now!

Total Cost: US$441

The Complete Series

  1. Cabinet and Power
  2. Monitor and Mounting
  3. Control Panel
  4. Sound and Lights
  5. Paint and Art
  6. Computer Hardware and Software
  7. Success and Conclusion

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Building your own Arcade Cabinet for Geeks - Part 6 - Computer Hardware and Software

June 6, '09 Comments [2] Posted in Arcade
Sponsored By

This is the sixth part of a multi-part series I'm going to do about assembling an Arcade Cabinet for my house. This series has two disclaimers:

Software Disclaimer 1: There's all sorts of legal issues around emulating arcade games. This series of posts has nothing to do with that. I do own some original arcade boards, but if you want to emulate arcade games with MAME (Multiple Arcade Machine Emulator), you can search the 'tubes. What I'm doing here is putting a computer in a pretty box.

Hardware Disclaimer 2: Many folks that build arcade cabinets have a purist view of how these things should be done. They will prefer original Arcade CRT monitors and more expensive, higher quality parts. I am more of a pragmatist. I also have no idea what I'm doing, so I've also got ignorance on my side.

Hardware

I, like most geeks, have a number of old computers lying around. I picked the best one, a Pentium 4 I used to use as a Media Center. It has a gig of RAM, runs Windows XP SP3 and has a nice fast ATI video card. I figured since I am just as interested in regular games as I am in Arcade Classics, it'd behoove me to have a decent machine in there.

IMG_0108 IMG_0300

The insides are HUGE as I yanked out the original arcade guts. There's lots of room and the back has two holes cut with screendoor material over them. I haven't had a heat problem yet, but I suspose I could easily add a small desk fan to blow air out the back. It would turn on with the rest of the equipment.

I setup a Microsoft Wireless Desktop 6000 mouse and keyboard (to avoid cords) and I may mount a sack or something on the back to hold them. I also plugged in a Wireless Xbox Controller and Xbox USB Gaming Receiver for games like Far Cry.

Software

I put lots of emulators for classics like C64, SNS, Ataris and other old hardware I have lying around. I set a few important BIOS settings that you shouldn't miss.

First:

  • Set your Power BIOS setting to "Always On" or "On After Power Loss."
  • Set your BIOS to "quick" or "silent" in order to speed up the boot.
  • Use "msconfig.exe" to set the time that Windows waits to boot up to some small number like 3 seconds.
  • Configure XP to automatically logon as some user of your choice, per KB3152321.

There's a number of popular "Front Ends" that you can put in your Startup Folder. Some folks replace Explorer.exe as the shell, but I think that's excessive. I just set my launcher to start immediately .

If you're looking for the prettiest, most "art focused" front end, then there is no other front-end than HyperSpin. It uses a file-based system of transparent PNGs and AVIs along with a compositing engine to make a truly beautiful circular menuing system.

Software is one of those things I'll spend the next year getting just the way I want it.

Next Up: Success and Conclusion

  1. Cabinet and Power
  2. Monitor and Mounting
  3. Control Panel
  4. Sound and Lights
  5. Paint and Art
  6. Computer Hardware and Software
  7. Success and Conclusion

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Building your own Arcade Cabinet for Geeks - Part 5 - Paint and Art

June 6, '09 Comments [1] Posted in Arcade
Sponsored By

This is the fifth part of a multi-part series I'm going to do about assembling an Arcade Cabinet for my house. This series has two disclaimers:

Software Disclaimer 1: There's all sorts of legal issues around emulating arcade games. This series of posts has nothing to do with that. I do own some original arcade boards, but if you want to emulate arcade games with MAME (Multiple Arcade Machine Emulator), you can search the 'tubes. What I'm doing here is putting a computer in a pretty box.

Hardware Disclaimer 2: Many folks that build arcade cabinets have a purist view of how these things should be done. They will prefer original Arcade CRT monitors and more expensive, higher quality parts. I am more of a pragmatist. I also have no idea what I'm doing, so I've also got ignorance on my side.

Paint is pretty easy. Two coats people say. I am a believer. ALWAYS two coats. For this project I also did a few other things. John suggested that we use the orbital sander to really give the wood a little texture so the paint would grip. The sander also took off the side art nicely.

Paint

I sanded the heck out of it. I used some wood putty to fill in some holes and nasty parts, let them dry, then sanded over them. Then I used a small foam roller (brushes are too slow, and I really don't like the texture they often leave) to do a first coat with a "Killz" tinted primer. This stuff is amazing. It really covered stains and stickers and all sorts of crap.

IMG_0036 IMG_0332

Then I taped off all the important bits with blue painters tape. The Killz Tinted Primer is nice because I only needed an hour or so (I waited 2) to put the first coat of paint.

Cost: US$35
Cost So Far: US$341

I waited overnight for the second coat of black and let me tell you, it really took the paint to the next level. It looks cleaner, smoother, sharper, and the coverage is perfect. Really, people. Two coats. It's like flossing. If you don't floss, don't even bother brushing. Two coats, or don't bother. I'm a believer.

Art and Marquees

I went over to Mame Marquees to get the side art. I've heard nothing but nice things about their work. They often have sales and overstock, and while I was originally planning on custom "Hanselcade" art, I fell line love with this classic "atomic blue" design.

DSC_0139DSC_0141

Cost: US$100
Cost So Far: US$441

The side art came with a sticky back and was surprisingly easy to install without any bubbles. You just start at the top, remove an inch of the back, and slowly remove the back pulling down as you smooth from the top. I would say it was skill, but the decals are very think vinyl and of high quality. I don't know what kind of printer he has but it's worth the money. The art really gave the project "pop!" IMHO.

DSC_0135   DSC_0136

As I mention in the Control Panel section, the vinyl for the control panel was sandwiched between the steel and the acrylic. No adhesive was used as the 19 buttons and the pressure of the outer screws hold it all in place.

IMG_0172IMG_0179

Now, I get to put the computer inside and hook it all up!

Next Up: Computer Hardware and Software

  1. Cabinet and Power
  2. Monitor and Mounting
  3. Control Panel
  4. Sound and Lights
  5. Paint and Art
  6. Computer Hardware and Software
  7. Success and Conclusion

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Building your own Arcade Cabinet for Geeks - Part 4 - Sound and Lights

June 6, '09 Comments [0] Posted in Arcade
Sponsored By

This is the fourth part of a multi-part series I'm going to do about assembling an Arcade Cabinet for my house. This series has two disclaimers:

Software Disclaimer 1: There's all sorts of legal issues around emulating arcade games. This series of posts has nothing to do with that. I do own some original arcade boards, but if you want to emulate arcade games with MAME (Multiple Arcade Machine Emulator), you can search the 'tubes. What I'm doing here is putting a computer in a pretty box.

Hardware Disclaimer 2: Many folks that build arcade cabinets have a purist view of how these things should be done. They will prefer original Arcade CRT monitors and more expensive, higher quality parts. I am more of a pragmatist. I also have no idea what I'm doing, so I've also got ignorance on my side.

The sounds and lights part was the easiest part of the whole thing so far. After the challenging control panel, this was a nice change of pace.

Sounds

This was pretty straight-forward. There's a compartment at the top of the cabinet. I took some zip-ties and essentially lashed some computer speakers, facing down, to the sides of the inside of this area. There's speaker-shaped drilled holes in the bottom of the top, so the sound can get out. There's a subwoofer in very bottom of the machine, next to the computer.

IMG_0086 IMG_0108

The speakers and sub were just old computer audio stuff I had lying around. I could have reused the tinny speakers that were already in it, but I wanted to punch up the sound a smidge. You can see the subwoofer in the right-hand side picture, sitting on a sturdy shelf, next to the coin collection box.

Cost: US$0 (Had speakers lying around.)
Cost So Far: US$306

Now, lights.

Lights - Marquee

In the top compartment, we put in a small 18" florescent light tube. Then when we ordered the art from Scott at Mame Marquees, we made sure it was translucent and that he'd throw in the Plexiglas for free. I didn't want to cut any more of that again. :)

IMG_0073IMG_0299

Then I threaded the AC cord and plug down the inside-back of the cabinet and plugged it into the smart Power Strip. This was clean, easy and had a big pay off. It looks bright in the picture because of the camera, but wait until the end. It looks niiiice.

Lights - Coin Door

In every write-up of every Arcade Cabinet I've ever read, folks have fun doing the coin door lights. You can't have one of these without doing it. It's just required. It also requires some thought, which I forgot.

I started by going to Radio Shack and buying two random, but bright-looking LEDS. Then I tool an old USB cable, which I knew was 5 volts and I hooked it up directly to the LED. It was bright for about 5 minutes then died. Then I remembered I was an idiot. I was so excited I just went nuts and forgot about resistors.

I went to an LED Calculator and put in the source voltage, 5V, the LED voltage, 3.5V and their current, 20mA. There would be two LEDs, so it spit out this recommendation for two 82 ohm resisters in parallel.

image

I got my multi-meter out and found an 85 ohm resister I had lying around. I figured that was close enough. I busted out the soldering iron and got to work.

IMG_0346 IMG_0347 IMG_0348

I plugged my old USB cable into an old cell-phone BlackBerry AC adapter that put 5V and .5A through the USB cable and there was light!

Cost: US$5 (Resisters, Solder, Random Radio Shackiness.)
Cost So Far: US$311

Ok, time to paint.

Next Up: Paint and Art

  1. Cabinet and Power
  2. Monitor and Mounting
  3. Control Panel
  4. Sound and Lights
  5. Paint and Art
  6. Computer Hardware and Software
  7. Success and Conclusion

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.