I have just finished my Soap-less Google post and used Google calendar to remind me of my next post:
A moment later I enter that event to edit it and this is what I see:
I double checked and this issue is consistent. I’m not sure it it’s a long beta thing or just a protobuf Upselling but someone in Google really hates Xml…
A few months ago Google officially retired its Soap search Api and put an Ajax search Api instead. The official reason was that it’s moving to a “new generation” Api, however some comments claimed for a conspiracy where Google is trying to push ads into the results or trying to prevent consumers from reordering them. Since Google’s search engine main business is ads it makes sense for them to reduce the number of non-Html Api consumers.
Google Apps however do not rely solely on ads. When organizations pay to get their domains in apps they expect to get some Api for their calendar, documents and etc. With this Api Google chose to be Rest/Atom based.
And I haven’t mentioned yet Google Protocol Buffers – a proprietary an open source serialization format developed by Google.
It seems Google likes to do stuff its own way. In some cases it’s a commercial trick to force its ads on Api users. This is a legitimate move but as long as they insist the real reason is a better “new generation” we can call it a trick. In other cases Google claim their new format is better than existing ones. protobuf is one example. However it’s a shame that every vendor comes up with its own formats. In this particular case, some of the other encodings in the market include Microsoft binary xml encoding and xml fast infoset.
If you’re really into this Soap & Search thing try the Bing Wsdl…
Sometimes it is useful to look at some of the known xsd schemas. These schemas are the xsd schema itself, the soap schema, the schema of wsdl and much more. If you have VS 2008 installed then check out this folder:
A lot of people prefer the shiny ReSharper test runner over the NUnit GUI. The main reason is of course that it is embedded in the VS IDE.
In some cases this means trouble.
Let's look in this test:
Does this test pass or fail? It depends who you ask.
ReSharper says:
NUnit says:
The reason is that the ReSharper runner does not know the "ExpectedException" attribute of NUnit. Who knows, maybe it's just a version thing and some x.y.z version of ReSharper knows how to work with the u.v.w version of NUnit. The lesson is that when you have two clocks you never know what the real time is...
The following gotcha applies when the server is written in a Java framework (e.g. Axis) and the client is in .Net. When we "add service reference" in VS to create the client proxy from the wsdl we may get this error:
In order to understand what this means we need to take a look at some other (valid wsdl):
This means that the EchoString operation accepts a message that looks like that:
We might expect the proxy class to look something like that:
However the real proxy looks like this:
Why? The reason is that most wsdls use the "document/literal/wrapped" pattern. This means that the first element of the message ("EchoString" here) is just some wrapper that the user does not really care about. What our user cares about is the "s" parameter. So the proxy generated the more useful proxy.
But let's take a look at this schema:
Here the root element "EchoString" is not a dummy wrapper - it can take the form of a few types (since there is derivation). This means the proxy should not omit it.
So how does VS knows which proxy to create?
The answer is in the message definition in the wsdl:
Whenever the name of a part is "parameters" .Net assumed doc/lit/wrapped is used and generates the proxy accordingly. If even though the word "parameters" is used the wsdl is not doc/lit/wrapped (as in the last example) .Net may give us some error. Which error? You guessed correctly: "These members may not be derived". Now we can understand what the error means: .Net tries to omit the root element as it thinks doc/lit/wrapped is used. However this element cannot be removed since it is not dummy - it should be actively chosen by the user out of a few derived types.
Fix The way to fix it is open the wsdl in a text editor and change the part name from "parameters" to "parameters1". Now .Net will know to generate a doc/lit/bare proxy. This means a new wrapper class will appear as the root parameter in the proxy. While this may be a little more tedious api, this will not have any affect on the wire format and the proxy is fully interoperable.
One important attack against web services is a "replay attack": a malicious man-in-the-middle captures a valid message from a client to a server and resends it. This can cause duplicate transactions or denial of service (DOS).
Typically the way to protect here is to have a timestamp on the message and some expiration policy on the server. This is a very simplified description though, here are all the details.
The sending party attaches this timestamp to the SOAP message:
The receiving party can then decide based on some policy how much after the message was created it is suspected as a replay.
But what is this service policy? We can see an "expires" element in the client message itself, then why does the service need an additional policy?
The answer is that there is a duplicate protection against replay attacks. The client can decide its own policy and express it inside the message. The server should respect this policy and also adds its own policy. For example:
In this case the message is considered valid by the service, but the service is expected to respect the client policy and reject the message. the situation gets more interesting when we add real network latency and clocks synchronization into the picture.
In Wcf there are two somehow confusing settings to control the expiration:
There are various other settings which relate to tolerance for clock differences and I will write a separate post on them some other time.
We all love our Fiddler. It is a great Http proxy to use when debugging web services (and html). Fiddler now has a WCF binary encoding message inspector. It allows us to see in clear xml binary messages. This is very usefull especially since binary encoding is the default setting for Silverlight 3 applications.
Recently I had to consume an Axis2 web service using a Wcf client. Axis2 used the rampart module for message security where a mutual X.509 certificate was required. Since I had control over both client and server I was able to fine tune them to reach perfect interoperability.
On the Axis side, I have found the WS-Policy flavor configuration better to work with (interoperability-wise) .
This is the Axis configuration:
and this is the Wcf configuration:
Here is the full Axis2 service (which is based on the rampart SDK sample):
and the wcf client:
You will also need certificates.
Client certificate:
Server Certificate:
If prompt for a password use "adminamdin".
This is the Java key store:
and the password is "adminadmin".
If you want to use your own certificate just make sure the certificates have an SKI.
I have recently needed to delete 100+ comments from my blogger account. Unfortunately blogger only allows to delete one comment at a time. This is really not helping when I need to delete 100+ comments.
The trick is to use a browser that supports tabs (almost all of them today) and to middle click the basket icon near each comment we want to delete. It will now open in a new tab:
We still need to approve the deletion in that tab, but at least we do not need the extra clicks of returning to the original post and finding the next comment.