Tuesday, July 28, 2009

Debugging WCF


j_saremi has posted a message in the WCF forum noticing that WCF source code can now be downloaded from Microsoft. The source can be viewed using the reflector since ever - no news here - but now it can actually be used to debug!

Really, see:


What's next? get this blog rss updates or register for mail updates!

Cryptic WCF error messages (part 6 of N)


If you have followed the previous parts of this series you already know it tries to diminish the mystery of WCF errors.

When X.509 certificates are used you might get this error:

The certificate 'CN=localhost' must have a private key that is capable of key exchange. The process must have access rights for the private key.

The second part of the error implies that you may need to set permissions on the private key. I'll deal with that in a separate post.

The first part of the error means that the certificate was created with a private key that is not capable of key exchange. This can happen when you use makecert.exe to create a test certificate without specifying the correct flags. The correct way to use makecert is:

makecert -ss My -pe -n "CN=localhost" -sky exchange


What's next? get this blog rss updates or register for mail updates!

Saturday, July 25, 2009

log4net gotcha: AppDomains


We are using the log4net logging framework in a new project.
In one initialization point of the application we init it:

using log4net;
using log4net.Config;

XmlConfigurator.Configure(new FileInfo("log4net.config"));

And in many other locations we use it:

ILog log = LogManager.GetLogger(typeof(SomeClass));
log.Debug("some debugging message");

In one of my classes the messages I've logged did not appear in the log file (or in any of the other appenders). When I explicitly re-initialized log4net in the same class the messages were written successfully. A short investigation found the reason: This class is called from a different AppDomain than the other classes. log4net's LogManager class is static, which limits its scope to the calling AppDomain.

Conclusion: log4net needs to be initialized once per AppDomain.


What's next? get this blog rss updates or register for mail updates!

Why lawyers make more money than programmers


Recently I have checked the possibility to bring Microsoft's Web Services Enhancements (WSE) 3.0 in the installation of a product I author. I already know that Microsoft products cannot be dispatched as is and I need a special redistributable version. Luckily, WSE3 has a Redistributable Runtime MSI.

So I run this msi and the first stage in the installation wizard is the end user license agreement (EULA). Now I'm not a legalist but the beginning looks promising:

These license terms are an agreement between Microsoft Corporation...and you. You may install and use one copy of the software on your device...

"Microsoft...and you" sounds good, and "you may install" is what I wanted to hear anyway. But the second item is suspicious:

You may not
  • work around any technical limitations in the software;

  • reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law expressly permits, despite this limitation;

  • make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;

  • publish the software for others to copy;

  • rent, lease or lend the software;

  • transfer the software or this agreement to any third party; or

  • use the software for commercial software hosting services.

  • Now wait one second. If I may not transfer the software to any third party, then how can I redistribute this Redistributable Runtime MSI? Or is this EULA just an agreement between Microsoft and the third party, in which case where is the agreement between Microsoft and me? Am I not worth at least one or two vague terms?

    Anyway I passed this to our legal department. I better go work on some legacy code, which comparing to this looks more readable than ever...


    What's next? get this blog rss updates or register for mail updates!

    Friday, July 3, 2009

    Security in SOA


    Prabath gave a great presentation on SOA & web services security in the WSO2 summer school. It is particularily interesting for everyone who wants to understand what stands behind security related WS-* standards such as WS-Security and WS-Trust.


    What's next? get this blog rss updates or register for mail updates!