Friday, November 20, 2009

IIS 7 as Web Front End to Systinet UDDI (or any Java Application)

It seems like an easy problem to solve. You have a java application listening on port 8080 (in this case Systinet) and you want to use Microsoft IIS to front end the incoming requests. I found that a number of people had this issue and there was not clear directions on how to solve the problem. HP support had little sympathy and suggested we stay with Jetty (Jetty ships with Systinet).

Some background on the problem that needed to be solved - I have a UDDI registry (java based set of services) on the application server. Test service registry calls to: http://localhost:8080/uddi/inquiry work perfectly fine. In this case the service calls are accessing the registry directly.

The goal is to have the service calls from user community come into IIS and these calls would look something like: http://localhost/uddi/inquiry. In production of course we can substitute the IP for localhost.


Solving the Problem

A lot has been written on the web about solving this problem but everything I read didn't seem to work or was based on a different version of IIS or used another software add-in, such as APE by Helicon. We didn't want to add another piece of software into the mix.

This is how I solved this problem:

First, download and install ARR from Microsoft -- http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=ed922306-0d35-4764-8c2c-a378b54e90e1.

Application Request Routing (ARR) is a IIS module from MS that forwards HTTP requests to application servers. After ARR installs successfully you will notice a number of new features in your IIS management console. For the problem at hand, the Server Farms functionality is a key component to the solution.

The second step is to create a new server farm - right click on server farms and select Create Server Farm:




In this example my server farm is all on one physical server -- Systinet and IIS are on the same server. As you set up the new server farm you will be asked a series of questions. In the second panel of the Server Farm set up wizard - enter server address (in this example localhost) then press the add button. After the new server is added, select the advanced settings link. Then open the application request routing link and change the port to 8080. Then press finish. See screen shot below.





The third step in the process - you have to set up routing rules for the new server farm. In the IIS management console select the new server farm you just created and double click on the Routing Rules (note you have to be in Feature View to see these options):




When you get into the Routing Rules area be sure to select the option that reads Use URL Rewrite to inspect incoming requests and assuming you are not using SSL deselect the option that reads Enable SSL offloading. You may accept all other defaults on this page.

Save the Routing Rules by selecting Apply in the Action pane on the right.

For the last step in the process select URL Rewrite in the Action pane on the right. The URL Rewrite screen should look something like the screen shot below. Be sure that your Action Type is Route to Server Farm and the pattern match is set up correctly.



From the URL Rewrite screen select Add Rules option and add a Blank rule. The Edit Inbound Rule screen will then be displayed. Set up the inbound rule to look like the screen below:





Apply the changes and you are done!

I verified my work by creating a VB.Net test application that makes UDDI calls to the registry. If I connect to the registry with the following connection string - Dim myConn As New Microsoft.Uddi.UddiConnection("http://localhost:8080/uddi/inquiry") the application is accessing Systinet directly and it works fine but does not use IIS.

However, if I use this connection string (notice the absence of port number in connection) -
Dim myConn As New Microsoft.Uddi.UddiConnection("http://localhost/uddi/inquiry") I am accessing the registry via IIS and the request is successfully routed to Systinet on port 8080 via the Server Farm and URL Rewrite Rules that were established above.

I hope this helps....


-npv


Below is an update to this blog entry -- setting up SSL in an IIS server farm - 02-10-2010

The steps that I took to use SSL to protect my web service -- Systinent UDDI -- are defined below.

First, you will need to create your CSR (certificate Signing Request) in IIS.  The steps for requesting and installing the certificate are straight forward and well documented.  One item of caution however, make sure the certificate name which will translate to "issue to" in IIS, matches the site you are calling.  For example; in my test environment I intend to call: https://nick-dell/uddi/inquiry therefore the name of the cert should be nick-dell.

After you have requested and installed the certificate (this is installed at the root level in IIS), your next step is to be sure that the company that has issued your certificate has their root certificate installed in your trusted root store.  This will complete the chain of trust between your certificate and the issuing authority.  The company that issues the certificate will have instructions on doing this.  In general, the company issuing the certificate will give you a link to their root certificate.  You will install the cert on your IIS machine.  Be sure you install it into the trusted root store.

At this point your certs are installed and the trust chain is established.  The next steps will configure IIS and the server farm to use the certificate you just installed.  The first step in this process is to bind your certificate to the web site.  In my case, this was not intuitive in that I did not have a web site per se, I was calling a web service on another server -- in this case the certificate has to be bound to IIS's default web site.  Right click on the default web site and select edit bindings; see screen print below:





















The next screen will allow you to bind your certificate to to the https port - 443.  Screen shot below:





















At this point in the process the SSL certificate is bound to your IIS site.  Again, the cert is bound to the default web site not to the server farm.

We are almost done configuring the web site.  The next steps involve changes to the web server farm that we set up in the beginning of this post.  In the current version of IIS there is no way to edit the properties of a server in the server farm so you have to delete the server and re-add with the new properties.

If you have been following this post from the beginning; your next step will be to remove the server from the IIS farm.  If you are installing from scratch then obviously there will be no server to remove.  See delete of server screen shot on left:













When the server is removed a new server must be re-added with the appropriate Application Request Routing rules established.  See Screen shot below:







My web service was listening on 8080 and 8443 so the server in the farm is put on the same ports.  The calls into IIS will come in on the standard 80 and 443.









The last item you should check is the routing rules that we created earlier in the process.  Select your server farm and then select routing rules.  Make sure that the check box for SSL off loading remains unchecked.  In addition, the if you have established URL rewrite rules as I deomstrated above; the "Scheme" for the rule should remain as http not https.

The final item I will mention is the requirement to support  SSL and non-SSL traffic.  IIS makes this very easy option to set.  Select SSL settings for the the default web site.  You will then see a check box that if selected will require the use of SSL.  If you want to support both SSL and non-SSL calls to the site then leave this unchecked.


Your IIS proxy should now work with X.509 certificates.

As always I hope this helps ...

-npv










Tuesday, August 18, 2009

VeriSign Managed PKI and IIS

I was contracted to set up a managed PKI site for a client. We choose VeriSign Managed PKI. All in all VeriSign works well and is easy to set up. I was conducting some tests and hit a couple snags. I thought others would benefit if I documented them and provided a solution:

VeriSign Managed PKI - Enrolling for a Cert

After you have successfully generated a CSR (Certificate Signing Request); I used IIS to create the CSR and the enrollment process to create a certificate on VeriSign's website is straight forward. The questions that are asked are what you would expect.

The one catch -- like a misdirection in a crossword puzzle - I received an error message that read "Error 950b - Invalid State". Hmmm, I start thinking like a computer science guy -- is this an information processing state, a compatible state, or maybe something related to the state of the server?

Then in dawns on me -- oh, a state like in the United States!! I get it. I used the abbreviation for the state of Connecticut (CT) when I created my CSR and that is what VeriSign did not like; you have to spell it out -- so remember no abbreviations for the state in the CSR.


IIS - Installing the Certificate

After I figured out my "state" error and successfully submitted the certificate request, VeriSign then sent the certificate. Installation of the certificate was also somewhat straight forward except for a hiccup with IIS. In IIS, once you have the certificate from the CA you install it by selecting the "Complete Certificate Request" link.

However, in IIS 7.0 when you point to the file name provided by VeriSign you get an error of "Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created." Like any good MS developer, I took this in stride and tried again and got the error message "ASN1 bad tag value". At which point I was stuck. I happened to press F5 refreshing the screen and the server certificate was then presnted in the list box. This should be fixed in subsequent versions of IIS.

I hope this can help others when dealing with VeriSign mPKI and IIS.

-npv

Wednesday, June 24, 2009

Can Silverlight be This Cumbersome?

First off a confession - I am not a front end GUI designer kind of guy. I have traditionally left that to others on my projects but I have done some UI design in my career. Furthermore I am familiar with Flash development so when MS came out with Silverlight (SL) I was intrigued but did not pursue it in detail until recently. I was asked by a client, a Microsoft based enterprise, to do an evaluation of Silverlight for some rich web content development they had in mind. The goal was to determine how easily Silverlight was to work with and how well SL would integrate into their overall application architecture.

Silverlight 2.0 Set-up

No issues here. I am using VS 2008 on Vista and had no issues downloading or installing SL packages. I then created a a Silverlight project with the intent of creating a basic Silverlight page or two... then the fun began.

Silverlight Issues:

I open up the VS toolbox and attempt to drag a button onto the page and designer does not support that; come again?? I must have done something wrong.... check settings, scratch head, try again... no luck. OK, I am a real man but I will read the manual anyway.... everyone is having this problem -- no drag and drop.

To get the button on the screen you have to hand code the XAML. So I hand coded the button and a text box with of course the corresponding properties.

I did get this small app to work and developed a few more complicated examples as a Proof of Concept for my client.

Microsoft is also offering a free hosting solution for Silverlight applications as a way to test your SL apps. You can sign up for this by visiting: http://silverlight.live.com/. This site worked very well and I had my SL applications up and running for demo in no time.

My next attempt to deal with the cumbersome process of hand coding XAML was to try and port my project to MS Expression Blend with the hope that I could eliminate some of the issues faced in VS 2008.... but no. Expression Blend found all kinds of "errors" in the XAML that VS was fine with. I have since found other reports on the web that indicate that the XAML created in VS is not compatible across Microsoft products.

Navigation

Transitioning from page to page in a Silverlight application should be straightforward, after all we have been doing this with MS tools for a long time. Surprisingly, MS did not supply any built in navigational capabilities within Silverlight. Multiple user controls can be added to a SL application but there is no automated way to transition from one to another. SL does provide a HyperlinkButton control, its purpose is to link between HTML pages. If the user clicks on the HyperlinkButton control then the Silverlight application is unloaded and the user is directed to a new URL. If this new application is a SL app then a new instance of SL is started all over again. While this is cumbersome to code it's undoubtedly a performance problem as well.

A nice feature of Silverlight development is you do not require a separate design tool or different programming language for RIA development. Furthermore, the calling of server-side .Net code is much easier with SL than with Flash.

To address the XAML issues I am told to purchase VS Team Edition and things will work better.... oh well, maybe I will wait for the next version of Silverlight and in the mean time I will stay with CSS and Ajax.

Wednesday, May 6, 2009

TrackMeNot - Obfuscation and Security

Our Searches Define Us

The Atlantic Monthly magazine recently published an article about Internet search privacy -- Atlantic Monthly May 2009; "Without a Trace" (http://www.theatlantic.com/doc/200905/web-tracking). This article got me thinking that it has become a fairly hot topic -- Internet search companies (Yahoo!, Google, MSN etc...) storing our search data, potentially correlating it with our identity, and using it to sell us stuff or handing it over to the government to determine if we have been thinking about doing something illegal. Back in 2006 the NY Times reported that it was fairly trivial task to tie a particular user to their searches that were saved and published by AOL. In the same article the DOJ (Department of Justice) is accused of coercing search companies into handing over search data.

TrackMeNot

Concern over the privacy of searches has lead to tools that will hide search results. TrackMeNot (TMN) is a software Add-on for Firefox that generates a series of fake queries to obfuscate the users real search intentions. TMN was created by Daniel Howe and Helen Nissenbaum both affiliated with New York University. From the TMN site, it is defined as:

"TrackMeNot is a lightweight browser extension that helps protect web searchers from surveillance and data-profiling by search engines. It does so not by means of concealment or encryption (i.e. covering one's tracks), but instead, paradoxically, by the opposite strategy: noise and obfuscation. With TrackMeNot, actual web searches, lost in a cloud of false leads, are essentially hidden in plain view. User-installed TrackMeNot works with the Firefox Browser and popular search engines (AOL, Yahoo!, Google, and MSN) and requires no 3rd-party servers or services." http://mrl.nyu.ed/~dhowe/trackmenot/

Will TMN Work?

Creating noise in the communication channel would make the data mining problem more difficult but would it really stop someone from determining if you were doing something they needed to pay attention to; I don't think so.

Let's say you were interested in researching some illegal activity, such as car theft. In doing your research you used Google to search for something like -- "hot wiring cars", "easiest auto to steal". Now suppose TMN adds hundreds of innocuous false searches like "bird watching", "movie reviews" etc. This noise might bog down an analyst researching these queries using paper and pencil but would it stop a computer program analyzing millions of searches? No it wouldn't. Additionally, it wouldn't matter how many false queries were in the mix if I only cared about hits on "interesting" subjects like automobile theft.


Obfuscation is not Computer Security

Users who are serious about privacy will use an anonymization software product -- products such as: Tor, JonDo, or Anonymizer.




Saturday, April 4, 2009

ASP.Net - Model View Conrtoller (MVC) Framework

Microsoft Download

Microsoft is providing a very useful download for creating MVC applications using ASP.Net 3.5 run time. The install is very straight forward and I did not experience any issues. I am using VS 2008 Professional Edition on Vista.

Get the download from Microsoft:

http://www.microsoft.com/downloads/details.aspx?FamilyID=53289097-73ce-43bf-b6a6-35e00103cb4b&displaylang=en

Model View Controller Pattern

The MVC framework has been used for a long time now. It was first defined in the late 70's but came into its own in the 1990's and is widely used today. It's a great way to separate business logic from the user interface. Do a quick web search should you need to convince yourself of the utlity of this pattern.

Using the Framework

ASP.Net MVC 1.0 -- with this framework Visual Studio will generate the inital code for the models, views, and controllers. Much of the code framework is in place for you and your job is to expand on that code.

I used the framework to quickly create a intranet application that a client needed to query a dB, retrieve rows, and allow the client to update that data. In very short order I had a well designed application -- becasue we all know a customer asks for a very quick thing and it then can take on a life of its own and pretty soon you have a large application that is around for many years -- that could be built upon later if need be.

Getting Started:

I would highly recommend checking out this site:

http://www.asp.net/learn/MVC/tutorial-21-vb.aspx.

It is an ASP.Net tutorial that takes you step by step through using the MVC framework. I had no problems setting up and using the framework. One thing I did change with this tutorial is I used SQL Server Enterprise Edition not Express because that was easier for me. The steps for using EE are pretty much the same as if you were to use Express.

Give it a try....


-npv

Friday, January 9, 2009

Microsoft Data Access -- It's Getting Confusing

Well in actuality Microsoft data access has always been confusing due to too many choices. A decision theory paradox is that too many options causes decision paralysis and that has been the case with Microsoft data access methods for a very long time -- many will recall RDO, ADO, ODBC, and now we have LINQ, ADO.Net Core, ADO.Net Data Services Framework, ADO.Net Entity Framework .... Add to this that Microsoft and some other who may be just stirring the pot have published that LINQ may not be a strategic dirction for the Redmond Gods... What is an architect or development lead to do... ??

I have always found it difficult to read the tea leaves regarding technology direction. It would see that the best an architect can do is follow the advice provided by Microsoft in their Application Architecture Guide. This is part of the Pocket Guide Series collection. The use case based advice they provide is:

ADO.NET Core

Consider using ADO.NET Core if you:

• Need to use low level API for full control over data access your application.
• Want to leverage the existing investment made into ADO.NET providers.
• Are using traditional data access logic against the database.
• Do not need the additional functionality offered by the other data access technologies.
• Are building an application that needs to support disconnected data access experience.

ADO.NET Data Services Framework

Consider using ADO.NET Data Services Framework if you:

• Are developing a Silverlight application and want to access data through a data centric
service interface.
• Are developing a rich client application and want to access data through a data centric
service interface.
• Are developing N-tier application and want to access data through data centric service
interface.

ADO.NET Entity Framework

Consider using ADO.NET Entity Framework (EF) if you:

• Need to share a conceptual model across applications and services.
• Need to map a single class to multiple tables via Inheritance.
• Need to query relational stores other than the Microsoft SQL Server family of products.
• Have an object model that you must map to a relational model using a flexible schema.
• Need the flexibility of separating the mapping schema from the object model.

ADO.NET Sync Services

Consider using ADO.NET Sync Services if you:

• Need to build an application that supports occasionally connected scenarios.
• Need collaboration between databases.

LINQ to Data Services

Consider using LINQ to Data Services if you:

• Are using data returned from ADO.NET Data Services in a client.
• Want to execute queries against client-side data using LINQ syntax.
• Want to execute queries against REST data using LINQ syntax.

LINQ to DataSets
Consider using LINQ to DataSets if you:

• Want to execute queries against a Dataset, including queries that join tables.
• Want to use a common query language instead of writing iterative code.

LINQ to Entities
Consider using LINQ to Entities if you:

• Are using the ADO.NET Entity Framework
• Need to execute queries over strongly-typed entities.
• Want to execute queries against relational data using LINQ syntax.

LINQ to Objects
Consider using LINQ to Objects if you:

• Need to execute queries against a collection.
• Want to execute queries against file directories.
• Want to execute queries against in-memory objects using LINQ syntax.

LINQ to XML
Consider using LINQ to XML if you:

• Are using XML data in your application.
• Want to execute queries against XML data using LINQ syntax.

LINQ to SQL Considerations

LINQ to Entities is the recommended solution for LINQ to relational database scenarios. LINQ to SQL will continue to be supported but will not be a primary focus for innovation or
improvement. If you are already relying upon LINQ to SQL you can continue using it. For new
Rich Internet Application Architecture solutions, consider using LINQ to Entities instead. At the time of this writing, this is the product group position:

“We will continue make some investments in LINQ to SQL based on customer feedback.
This post was about making our intentions for future innovation clear and to call out the fact that as of .NET 4.0, LINQ to Entities will be the recommended data access solution for LINQ to
relational scenarios.”

Keep reading and keep watching...

'

Wednesday, December 10, 2008

The Missing LINQ

I recently returned from a Microsoft training session for the data access technology called -- LINQ (Language Integrated Query). In short, I am impressed.

Ever since graduate school I have been thinking about and working through the issue commonly known as impedance mismatch. In software engineering impedance mismatch is the difficulties that arise between a programming language and the relational database system used to persist data. In an OO language there is disconnect between the language and the dB constructs. This mismatch occurs at various levels -- data structure, data types, data models, and the way in which the engineer programs in an OO language vs. SQL. This mismatch is exacerbated when you add additional data stores -- how we access a RDBMS is different than how we access LDAP, which is different from how we access XML, and they are all different from the language that we are programming in, VB.net for example.

The Missing LINQ

LINQ is not a new programming language. LINQ is integrated into the .net languages -- VB.net, C#. The beauty of LINQ is that once you learn its syntax and concepts the methods by which you access data are the same (or at least very similar) across data sources. This has two key benefits -- one, the language that you access the data source with is the same as the language you are programming in and two, disparate data sources are accessed using very similar syntax.

The diagram below provides an overview of the LINQ architecture. Click on image for clearer view.



Support in multiple .net languages integrate with LINQ.

LINQ engine provides interface between the programming language and the LINQ providers.

LINQ providers support multiple data sources so the developer can use the same concepts and syntax to access data stored in different formats.

Closer language integration means easier coding and testing.





Will LINQ Fly

As a technology LINQ is fabulous and will only get better. Will LINQ take hold with developers and IT departments? If you were developing a system from scratch you would be much more likely to use the technology, however the "L" word (Legacy Code) is bound to be an issue. As companies add LINQ to their technology toolbox their will be a point that adding another technology for data access will be just too painful. I would hope that architects and designers begin to steer their companies towards this compelling technology. I have a few customers that have dabbled with LINQ but as of yet I have not seen a big push to the technology... Time will tell.



Some books I have found helpful when learning LINQ are:

Programming Microsoft LINQ by Paolo Pialorsi and Marco Russo

http://www.amazon.com/Programming-Microsoft%C2%AE-PRO-Developer-Paolo-Pialorsi/dp/0735624003/ref=pd_bbs_sr_3?ie=UTF8&s=books&qid=1228942086&sr=8-3

ProLINQ: Language Integrated Query in C# by Joseph Rattz Jr.

http://www.amazon.com/Pro-LINQ-Language-Integrated-Windows-Net/dp/1590597893/ref=pd_bbs_sr_1_s9_rk?ie=UTF8&s=books&s9r=8a02b541179b7cc00117aa39be1302e0&itemPosition=1&qid=1228942086&sr=8-1


As more of my clients begin to use LINQ I will share my experiences.