Thursday, December 22, 2011

Influences on the architecture…

What are the key points that, at a high level, mainly have influence on the software architecture?
  • User needs;
  • Business needs;
  • Non functional requirements;
These are all customer-related stuff…but there are a couple more:
  • Supplier skills;
  • teams configuration;
Interesting, isn’t it?
While “supplier skills” can be quite obvious the team configuration sounds strange…
The supplier decided to built a modular, stackable, application, even if none of the customer requirements put in evidence that this is required.
Why?
The supplier teams are geographically distributed and a modular architecture (based on UI Composition patterns) would greatly compensate the costs introduced by the organization costs that geographic distribution (cultural differences, time zones, communication barriers, etc.) brings on the table.
.m
Posted by at No comments:
Labels: ,

Wednesday, December 21, 2011

How async/await will change our world.

well…using Radical AsyncWorker we can write something like:
public void Do()
{
	AsyncWorker.Using( this.Id )
		.Configure( cfg =>
		{
			cfg.Before = e =>
			{

				this.Status = "Running: " + e.Argument;
			};
 
			cfg.After = e =>
			{
				this.Status = "Completed: " + e.Argument;
			};
		} )
		.Execute( e =>
		{
			//something long running...
			Thread.Sleep( 2000 );
		} );
}
Cool, interesting, quite easy to read and a really interesting experiment, for me, in writing a complex and intellisense driven fluent interface…
But…
…in a few months everything will drastically change:
public async void Do()
{
	this.Status = "Running: " + this.Id;
 
	await Task.Factory.StartNew( () =>
	{
		//something long running...
		Thread.Sleep( 2000 );
	} );
 
	this.Status = "Completed: " + this.Id;
}
Amazing Smile
.m
Posted by at 3 comments:
Labels: ,

Saturday, December 17, 2011

Epic (period)

GTAC 2011: Opening Keynote
The whole keynote is simply wonderful, but if you want to hear something astonishing jump to the minute 42… Winking smile
.m
Posted by at No comments:
Labels: ,

Friday, December 16, 2011

Cool, really cool!

Bins (period) Smile
image
4,00€ that worth the money.
.m
Posted by at No comments:
Labels: ,

Thursday, December 15, 2011

Pressure…a sample.

I already told my point of view about “pressing” people, some time ago everything I “hate” happened to me.
We were working on a huge application for a huge customer, we were really near to the first staging release and a requirement dramatically changed the shape…
The application is composed of two main parts: a SharePoint application and a set of WCF services that provides data to a SharePoint web part via JQuery/Ajax requests.
The main point was that the 2 parts are hosted in different web applications because SharePoint must run on .Net 3.5 and the other application requires .net 4.0, so the “pain point” is authentication, how can we authenticate calls coming from the SharePoint web page?
trivial…
Using forms authentication on both ends and sharing the same machine key gave us single sign on, once the user is authenticated by SharePoint the forms authentication cookie will be sent by JQuery to WCF services and the user can be trusted even here using the membership API. So far, so good.
But…
In the development environment, due to lack of time (grrrr…), the SharePoint guys used to deploy the SharePoint application using Windows Authentication…bad thing…and when it comes to the first integration between the to environments the SharePoint guys told us that they cannot switch so easily to Claim Based Authentication due to some problems they are facing (problems that I’m not aware of).
Panic!
The first deploy in the customer staging environment was really near and not being able to switch means that we cannot deploy, period.
Pressure :-/
The requirement rapidly changed and the management asked us if we can change the authentication architecture of the WCF services, basically introducing a mixed mode authentication based on the endpoint, under pressure the first reaction was simply: no, it’s impossible.
Peripatetic
Walking helps me think, I love walking around the office, for me it’s the best way to work. That evening I left the office thinking to the problem and walking to the railway station reduced the pressure…lighting the lamp.
The day after it took two hours of fights with the WCF configuration files and no changes at all in the codebase to support the new requirement, no changes to the codebase, cool, really cool.
The lesson learned is (well are):
  • do all what you can to avoid pressure, it’s a waste;
  • WCF extensibility and flexibility is pure power;
.m
Posted by at 1 comment:
Labels:

Saturday, December 3, 2011

Obtuseness? Blindness? or what else?

We’ve spoken about pressure…one side-interesting-thing that happens when a team is under pressure is that, if there is a team, the team synergy increases at its top.
Team is the keyword.
.m
Posted by at No comments:
Labels:

Friday, December 2, 2011

Is he reading in my mind?

…or is he peeping through the keyhole of my office…? Smile
One more wonderful post: http://blogs.msdn.com/b/eric_brechner/archive/2011/12/01/that-s-not-funny.aspx
.m
P.S.: my current email signature:
image
Posted by at No comments:
Labels:

WCF: IAuthorizationPolicy

When it comes down to WCF security, especially custom security, WCF authorization policies are a life saver, they are pure power.
Back to the beginning
From the early period of .net 1.0 CAS guys told us that imperative and declarative security are a good thing. Writing this kind of code is really important:
[PrincipalPermission( SecurityAction.Demand, Authenticated = true, Role = "Managers" )]
public void ReallySecureMethod()
{
   //something that only "Managers" can do
}
we have learned that code execution policies and code access security prevents the execution of that method if prerequisites expressed by the attribute are not met.
So?
If you try to apply the attribute to a WCF operation you always get a security exception basically because the current principal never meets the security assertions expressed by the permission attribute, the reason is fairly simple: when it comes to services the concept of principal is not so clear in the end, at the service level there are at least 2 different possible principal:
  1. the user running the code: e.g. if you are running inside IIS the application pool identity;
  2. the user the calls the WCF operation;
If the service, for example, is authenticated, you can end up having 2 identities how can WCF choose one for you and use it as the current principal? The are tons of different configuration that can lead to have multiple identities on the service side, WCF configuration is a real pain that can lead to really complex and complicated cumbersome situations.
Uhm…
Have you ever tried WIF (Windows Identity Foundation)? If you tried it you noticed that the above code works fine, the WCF service instance has a valid current principal out-of-the-box that matches the current claim identity.
Why?
Basically WIF ads a custom authorization policy to the authorization policies pipeline of WCF. What the hell is the authorization policies pipeline?
Authorization policies in WCF are an extension point that lets you take custom decisions about security, they are called in an early stage of the WCF operation call stack so you can do a lot of different thing in this stage but as the name implies they are thought for authorization purpose. Policies are handled in a first come first served manner, following the order in which policies are added to the WCF endpoint behavior configuration.
An authorization policy is class that implements the IAuthorizationPolicy interface, the implementation is trivial and the only point of interest is the “Evaluate” method:
public bool Evaluate( EvaluationContext evaluationContext, ref object state )
{
    if( !evaluationContext.ContainsIdentity() )
    {
        evaluationContext.SetPrincipal( Helper.GetAnonymousIdentity() );

        return true;
    }

    return false;
}
…what are we doing?
  1. first we check if the current call contains any identity information (ContainsIdentity is an extension method that deals with WCF evaluation context properties that contains the identities list);
  2. if none is found we setup (SetPrincipal is another extension method) an anonymous identity that suites our business logic needs and return true;
  3. Otherwise we return false;
returning true means that the policy did its job, returning false means that the policy has nothing to do. At least one authorization policy must return true, so in this sample this authorization policy is the last in the stack and all the others before will ensure that all the expected cases are handled.
Adding policies is really easy:
<behavior name="">
	<serviceMetadata  />
	<serviceDebug  />
	<serviceAuthorization principalPermissionMode="Custom">
		<authorizationPolicies>
			<add policyType="MyWcfAuthorizationPolicy, MyExtensions" />
			<add policyType="MyAnonymousAuthorizationPolicy, MyExtensions" />
		authorizationPolicies>
	serviceAuthorization>

behavior>
After the stack execution we are sure that the current principal has a value that suites our business needs and that meets the CAS requirements that let us write declarative security.
Cool Smile
.m
Posted by at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)