Wednesday 25 June 2008

Stunnel and wcf 3.5 https testing, an easy dev setup

Just some quick notes:

Stunnel can act as an https proxy which is very convenient when you need to test / develop against https but don't want to set up or use a proper environment with real certificates etc in the short term.

I wanted to capture some packet traces of WCF3.5 over an https keep alive channel to a Jboss app server serving normal http on the default 8080 - here's what I did:

Download / install Stunnel. The installation process creates a default .pem self signed certificate (sufficient for dev purposes).

Default Stunnel config is in stunnel.conf (or stunnel.cfg on Linux).

For simple https proxying from the standard port 443 to port 8080, the basic condensed configuration in stunnel.conf looks like:

cert = stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = stunnel.log
[https]
accept = 443
connect = 8080

where we can see the default certificate is being used and I've enabled logging. HTTPS listening on 443 and connecting through to HTTP on 8080 (happened to be Jboss in this instance).

Simple enough, what next. Running the WCF client application - it will barf over the certificate not being trustworthy (an error of the form):

login failed Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'


Overriding .NET WCF 3.5 default certificate policy to allow all certs for testing/dev purposes


For test/dev purposes it's often handy to allow all certificates.

What you can do is override the certificate checking policy to "say yes to everything" (Remember to take this out for product release!)

The code looks something like this:

using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;

...

// ***** WARNING - to be removed for release! *****
ServicePointManager.ServerCertificateValidationCallback +=
delegate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{ return true; };


Which is using an anonymous delegate callback to return true in all cases (true = accept) - which keeps the code nice and compact.

If you're specifically testing keep alive then these additional parameters for stunnel.conf control how the proxy behaves in terms of connection persistence:

session = 300
TIMEOUTclose = 0
TIMEOUTidle = 180


Friday 20 June 2008

OpenSolaris 2008.05 & update to >= b90

With the demise of SXDE I thought I'd prepare for life with OpenSolaris...

Currently on build 90, 2008.05 represents build 86.

Installation of OpenSolaris 2008.05 from the Live CD (1 CD) is a breeze, simply boot from the CD (this took some time under VMWare!), have a play then click the install link on the desktop - great!

OS2008.05 uses ZFS and IPS - so this is a good starting point and upgradable using a package management system rather like we've all come to expect from the Linux world :)

Once installed, you can use pkg image-update to udate to the latest build of OpenSolaris, here are some quick notes:

set a timeout to avoid disapointment during the udate process!

#export PKG_CLIENT_TIMEOUT=2000


#pkg refresh


#pfexec pkg image-update



# important - do this before reboot! (or your reboot won't [boot])

http://mail.opensolaris.org/pipermail/indiana-discuss/attachments/20080606/94969481/attachment-0003.txt

Which boils down to:

#beadm list
Check the active on reboot name, e.g. opensolaris-1

#pfexec mount -F zfs rpool/ROOT/opensolaris-1 /mnt

#pfexec /mnt/boot/solaris/bin/update_grub -R /mnt


A guide for OpenSolaris installation under vmware:

http://blogs.sun.com/souvik/entry/getting_started_with_opensolaris_2008

Another good thread: http://opensolaris.org/jive/thread.jspa?threadID=62982&tstart=0

--

Install Java JDK and Netbeans:

http://blogs.sun.com/souvik/entry/getting_started_with_opensolaris_2008



#zcat jdk-6u6-solaris-i586.tar.Z | tar -xf -

#pfexec pkgadd -d . SUNWj6dev SUNWj6cfg SUNWj6man SUNWj6dmo


NB: after installing the 32bit version the 64bit extensions can be installed but don't do this if you want to use applets or web start.

Install FireFox 3:

http://opensolaris.org/jive/thread.jspa?messageID=250311&tstart=0


Installing mysql etc:

#pfexec pkg install SUNWapch22 SUNWmysql5 SUNWapch22m-php5 SUNWphp524-mysql

http://blogs.sun.com/natarajan/entry/how_to_install_apache_php

--

Check platform 32/64 bit:

#isainfo -b

Monday 2 June 2008

Integrating REST POX web services and .NET WCF

Notes:

WCF 3.5 supports REST POX services using the web service model.

WebHttpBinding supports cookies for session support etc, e.g:

WebHttpBinding webHttpBinding = new WebHttpBinding();
webHttpBinding.AllowCookies = true;

using (ChannelFactory cf = new ChannelFactory(webHttpBinding, hostPath))
{ ...

Issues:

  • WebInvoke method POST: post data sent only as JSON or XML - no support for simple form encoded parameters.
  • General inflexibility when mixing types of data or overloading services make it harder to leverage existing services that support existing AJAX/rich Internet systems.


Blogs, articles and useful resources:

http://bitworking.org/news/125/REST-and-WS

HTTP Programming with WCF and the .NET Framework 3.5 - http://msdn.microsoft.com/en-us/magazine/cc135976.aspx

http://msdn.microsoft.com/en-us/library/system.servicemodel.aspx

http://hyperthink.net/blog/2008/01/18/WCF+Web+Programming+Model+Documentation.aspx

http://msdn.microsoft.com/en-us/library/bb412176.aspx

Rick Strahl's excellent articles:

How to consume REST services with WCF - http://blogs.msdn.com/pedram/archive/2008/04/21/how-to-consume-rest-services-with-wcf.aspx

Simple example with DataContract: http://dev.aol.com/node/595

A set of WCF tutorials:

http://dotnet.org.za/hiltong/pages/Windows-Communication-Foundation-_2800_Indigo_2900_-Hello-World-Tutorial.aspx



Interesting problem with XML serialiser quota that you could run into at some point:

http://www.timrayburn.net/2007/10/02/XmlSerializerFormat+Plus+Huge+Schema+Equals+Trouble.aspx