How to setup a WCF service using basic Http bindings with SSL transport level security

In the .net 3.0 world you can use WS Http Bindings for your web services. Where your service has to be interoperable with other clients you can also expose a basic Http binding. This works fine, but you don’t automatically get things like security and passing of user credentials. To enhance the basic binding you can take advantage of different security settings; one of which is TransportWithMessageCredentials, this means that the transport of the messages is secured and so the message can include plain text credentials without compromising security. This requires a secure transport method, in this case https (SSL).

Setting up a Windows 2003 machine to use SSL (in IIS)
There are several ways of doing this, each with their own frustrations. The method below is the one which actually worked for me (after some methods that didn’t!).

• Control Panel | Add or Remove Programs | Add/Remove Windows Components
• Select Certificate Services
• Install as a root
• Open IIS
• Right click on the default web site and select properties
• Directory Security | Server Certificate
• ‘Assign an existing Certificate’
• Choose the certificate with the name that matches your machine name

Make Visual Studio use an SSL enabled host for the WCF Service
It does not appear to be possible to convert an existing Visual Studio website to an SSL one (and allow it to be debugged with SSL). Therefore you should:

• “add existing website” to your solution.
• Choose Local IIS
• Create a new web application where desired
• check the box to enable SSL (Use Secure Sockets Layer)
• Right click the generated website project and select properties
• Add a reference to your implementation project
• Copy any existing web.config and *.svc files to your new website.

Now right click on the host project and select browse. (note: if the address does not include the filename you may need to manually add this in your browser) If you can see the service/wsdl and the address is https you have succeeded!

Modify your web.config to include a basic binding with transport level security
Use the following binding (play around with the different transport/message security modes if you like):

<basicHttpBinding>
<binding name=”basicHttp”>
<security mode=”TransportWithMessageCredential” >
<transport/>
<message clientCredentialType=”UserName”/>
</security>
</binding>
</basicHttpBinding>

Now in your <service> reference the new binding configuration

When is interoperability not interoperable?

Having spent the past few days ‘proving our web service interoperability’ I have found that interoperability is all very well, but it can be a right royal pain. Our web services are WCF services using all the latest .net bells and whistles and custom extensions. What I have found is that yes, our services are probably interoperable at a low level, so if you are happy playing about with SOAP messaging you can work with our web services, and in some cases happy working with even lower level abstractions. However the tooling just doesn’t seem to exist for the majority of platforms to automatically generate client proxies for our kinds of services.  Oh well, at least they’re interoperable at some level I suppose

How many tests should I write for a unit

When coding using Test Driven Development (TDD). It is sometimes tricky to figure out how many tests you should write. (Forgetting about the whole tests vs. asserts debate). I believe the guideline should be that the minimum amount of tests you should write is the number required to get 100% of the unit code covered. This means that every logic branch of the code is tested. From a requirements point of view this will equate to one test per possible type of successful outcome and one test per exception explicitly thrown in the code (failure outcomes). I am sure that this is not true in all cases, and it is really just a minimum.

Consuming a WCF Service using wshttp binding from a C++ client

Recently I have been testing the interoperability of our WCF services. Our services use wshttp bindings, custom security and some WCF extensions. My first target language is C++ and I’m starting off with VC++ in VS2005 with .net 3.0 on the machine.

VC++ does not have the same options for generating service references as C#. There seems to just be one method “Add Web Reference” that uses sproxy.exe behind the scenes. I tried this method first and ran into some problems. I then tried a rather interesting method where the proxy is generated as a C# class library that the C++ client uses to communicate with the web service.

• Create your C++ client in VS2005
• Add a new project to the solution of type C# class library
• In the C# project add a service reference to your web service
• in the C++ project add a reference to the C# project
• in the C++ project add an app.config file
• copy all the gubbins from the C# app.config into the C++ app.config
• follow this guidance to make your C++ client use the app.config

Is consistency of method within a solution essential?

As a developer I find that I am constantly finding out about new development methods, constructs and techniques. I don’t know if this is because I am relatively ‘fresh out of uni’ or that I am working in a ‘new’ technology area (e.g. .net3.0) << how many dots?!>> Or whether this is just how development is.

When I find a new method I tend to implement my current task using the new method leaving existing parts of a solution using the ‘old’ method. This can result in a somewhat inconsistent solution, with different areas of the solution using different methods.

Is this a ‘bad’ thing? probably, ideally you would have implemented the whole system using the ‘better’ method from day 1. But is it better to re-do areas of a solution that are working fine as they are? this will take extra effort, and could introduce bugs unneccessarily. So if you don’t re-work all areas of the solution should you resist using new methods within a solution thereby keeping consistency, but not taking advantage of better techniques. Also introducing new methods can be irritating for other members of a development team as they also must understand the new method to be able to work effectively with the solution.

Is it ok for a single solution to use many different building blocks? lots of different methods all working together? It is probably not ideal and I guess this is the purpose of having lead developers and architects who are aware of the general development community and make educated decisions as to which methods will be used and which will be vetoed. But does this mean that non-lead developers should just be code-monkeys? should they not be interested in promoting techniques and methods that aren’t in the existing architecture?

So what do I think? Hmm well I’m not sure, to be honest I liberally go through existing solutions and use new techniques freely with little consideration for the rest of the solution (of course I check everything still works and I haven’t broken existing tests/functionality). However I think that developers should be encouraged to investigate new techniques, but they should not be introduced to production code without discussing the technique with the lead developer or the rest of the team. I do not think that mixing and matching within a solution is definately bad, and in some ways it is a demonstration of decoupling in a solution. The total number of methods in a solution should be managed so as to maintain the maintainability of the solution, so each new method should be judged and a decision made to do one of the following options:

• Not use the method at all
• Not use the method in existing solutions but use in new solutions
• Use the method in all solutions, without reworking existing areas
• Use the method in all solutions reworking solutions completely to the new method

Whatever choice is made effective communication to the whole development team is essential.