Archive for October, 2009

Excellent, now I can detect Visual Studio design time anywhere in my code. (Make sure to read the comments, they provide a valuable correction.)

I came across interesting issue with one of our controls. I needed a different behavior during design-time and run-time. I was sure that .NET Framework has a nice solution for me, but I found out this is not the case.There is a DesignMode property but according to several sources it doesn’t always work as expected. There seems to be more that one way to solve the issue. I decided to useSystem.Diagnostics.Process.GetCurrentProcess.ProcessNameand check if it equals string “devenv”. If it does, the instance is running inside Visual Studio, which means it’s design-time for our control. For my problem this simple solution worked as a charm.

via Detecting Design-time in C#.

Read Full Post »

I suppose that’s why it’s a “beta” but I honestly only expected the .NET beta to break itself, not other applications. Here’s a better worded post than I feel like writing that describes the issue…

I’ve had a problem on my most recent Windows 7 install with getting the WCF activation to install. I kept getting errors which told me that an error occurred and some of the features were not installed and then I was prompted to restart now or later… Well, great as that was, I was sort of hoping to find a solution…

via Installing WCF Activation on Windows 7 with VS 2010.

Read Full Post »

Want to programmatically access your Sql Server Reporting Services Server? (SSRS) Turns out there’s an app for that! Or more precisely, a SOAP web service.

The Reporting Services SOAP API provides several Web service endpoints for developing custom reporting solutions. The endpoints currently fall into two categories: management and execution. The management functionality is exposed through the ReportService2005 and ReportService2006 endpoints. The ReportService2005 endpoint is used for managing a report server that is configured in native mode and the ReportService2006 endpoint is used for managing a report server that is configured for SharePoint integrated mode. The execution functionality is exposed through the ReportExecution2005 endpoint and it is used when the report server is configured in native or SharePoint integrated mode. The following topics show how these endpoints can be used for developing reporting solutions in Microsoft Windows, SharePoint, and Web applications.

via Integrating Reporting Services Using SOAP.

Read Full Post »

While listening to the latest .NET Rocks podcast I came upon a topic which sounded like something I should know but with which I had very little familiarity: claims-based security/authorization. What I found was a security model that addresses many security-related issues that have affected me as a developer. Perhaps I’ll have a chance to use the Windows Identity Foundation in my next big project?

Here’s some links and snippets from articles that brought me up to speed.

Microsoft announced at WPC the new name for Microsoft codename “Geneva”.  “Geneva” provides companies with simplified user access and single sign-on, for on-premises and cloud-based applications in the enterprise, across organizations, and on the Web to facilitate collaboration, increase security and reduce cost.  Beta 2 of the following components are now available for public evaluation:

  • “Geneva” Framework will become Windows Identity Foundation and provides developers pre-built .NET security logic for building claims-aware applications, enhancing either ASP.NET or WCF applications
  • “Geneva” Server will become Active Directory Federation Services and is a security token service (STS) for issuing and transforming claims, enabling federations, and managing user access
  • Windows CardSpace “Geneva” will become Windows Cardspace for helping users navigate access decisions and for developers to build customer authentication experiences for users

Microsoft Identity Management Developer Home

From an older article regarding WCF and a claims-based security model…

Traditional security models for intranet and Internet applications use some form of username and password to authenticate users. Client-server applications deployed to a common domain often rely on Windows credentials (NTLM or Kerberos), while services exposed to the Internet often require a username and password to be passed in an interoperable format (WS-Security) to be authenticated against a custom credential store. These scenarios are frequently accompanied by role-based security checks that authorize access to functionality. Although popular, role-based security is often too coarse an approach since custom roles are often necessary to represent different combinations of permissions or rights. Thus, applications are usually better off authorizing calls based on permissions granted, using roles to gather the appropriate permission set. This type of permission-based security model will provide a more fine-grained result over role-based security.

WCF introduces a claims-based approach to security at service boundaries, improving on role-based and permission-based security models. Claims can represent many different types of information including identity, roles, permissions or rights and even general information about the caller that may be useful to the application. A set of claims is also vouched for by an issuer such as a security token service, adding credibility to the information described by each claim – something not present in role-based or permission-based models. An additional benefit of using a claims-based security model is that it supports federated and single sign-on scenarios.


Credentials are passed in the security headers of a message as security tokens. Each security token in a message is mapped to a set of claims that are added to the security context for the request. A claim describes an individual right or action applicable to a particular resource. For example, an identity claim might describe a username, while a proof of possession claim might describe a role, a right to a particular resource, or some other useful information.

Claims are represented at runtime as a Claim type, from the System.IdentityModel.Claims namespace, with the following key properties:

  • ClaimType: Can be any Uri value identifying the type of claim. A basic set of claims used by WCF can be found in the ClaimTypes static class, but this can be customized.
  • Resource: Can be any type, but should contain the resource being referred to by the claim. For an e-mail possession claim, this would contain an e-mail address as a string.
  • Right: Can be a Uri identifying an identity claim, or a possession claim. The Rights static class contains the correct Uri to use.

(Note that these articles are somewhat out-of-date given recent developments in this space such as the WIF.)


Channel9 video discussing current state of affairs of the Microsoft Federation Gateway (MFG), WIF, and Identity at Microsoft in general…


Microsoft looks to be supporting/integrating claims-based in a variety of ways, including the Claims-Driven Modifier Control (CDMC) that is an ASP.NET server control gives an easy UI for wiring up claims to object properties, such as text or visibility.


Not exactly light reading, Microsoft has a white paper available regarding claims and identity…

Today’s identity-management practices are often a patchwork of partial solutions, which somehow accommodate but never really integrate applications and entities separated by technology and organizational boundaries. The rise of Software as a Service (SaaS) and cloud computing, however, will force organizations to cross such boundaries so often that ad hoc solutions will simply be untenable. A new approach that tears down identity silos and supports a de-perimiterized IT by design is in order.


If the last link was too heavy this looks a little lighter and more directly applied…

Authorization is the process of determining which entities have permission to change, view, or otherwise access a computer resource. For example, in a business, only managers may be allowed to access the files of their employees. Windows Communication Foundation (WCF) supports two mechanisms for performing authorization processing. The first mechanism enables you to control authorization using existing common language runtime (CLR) constructs. The second is a claims-based model known as the Identity Model. WCF uses the Identity Model to create claims from incoming messages; Identity Model classes can be extended to support new claim types for custom authorization schemes. This topic presents an overview of the major programming concepts of the Identity Model feature, as well as a listing of the most important classes the feature uses.


This post on Stack Overflow I think identifies why we should care about this topic, though sadly it doesn’t do much to elaborate on the possible solutions to the issue(s) described. (Aside from “do it gooder!”)

The problem comes in because, as with many systems, different users need access to different functions. Some roles have access to Y button, and others have access to Y and B button, while another still only has access to B. Most of the time that I see this, developers just put in a mish-mosh of if statements to deal with the UI state. My fear is that left unchecked, this will become an unmaintainable mess, because in addition to putting authorization logic in the GUI, it needs to be put in the web services (which are called via ajax) to ensure that only authorized users call certain methods.

so my question to you is, how can a system be designed to decrease the random ad-hoc if statements here and there that check for specific roles, which could be re-used in both GUI/webform code, and web service code.


Another post identifies some advantages of claims-based security…

Claims-based security has the following advantages over role-based and access control lists (ACLs):

  • Single programming model, no matter the authentication scheme used
  • Claims flow across services in a SOA environment easier and in a more standards-compliant way
  • More flexible (you may see that a role is really just another type of claim)
  • No need to reauthenticate when crossing process boundaries

Hopefully this post contains or references enough information to start to have an intelligent discussion about a claims-based security model.

Read Full Post »

Caught an even better than average podcast from .NET Rocks!, this time regarding Team System. Steven covered a lot of material, but I found his discussion around the need for deliberate planning to be particularly useful, as well as his outline of why investing time and resources in TFS is worthwhile. At the end of the session Steven mentions how to get training material for free.

Steven Borg talks about his experiences delivering solutions with Microsoft Team System, with a special focus on automated builds.

Steven BorgSteven Borg is the founder of Northwest Cadence, a Gold Certified Microsoft Partner focused on Visual Studio Team System. He was selected as a VSTS MVP in the first round back in 2005, and has been a Team System MVP even since. He’s little ‘a’ agile, and big on understanding what makes successful development teams tick.

via .NET Rocks!.

Read Full Post »