Scalable High Performance Applications (WCF/SOA/ASP.NET)

This document is focused on hosting a WCF service on Windows 2008 service Windows Activation Server (WAS). This service is utilizing tcp net as binding protocol.

Below are the steps:

Enable Network Discovery
Create a folder for your service code in root (c:\ MyService)
Add Roles and features:

Add Web Service Role (IIS) to server, it will require to add WAS feature. (Figure 1)
Add Application Server Role, this will require to install WAS feature. (Figure 2)

Figure 1) Adding Application/Web Server Roles

Figure 2) Adding Application Server Role

Figure 3) Adding WAS Application Server Roles

Figure 4) Choosing Authentication Certificate for SSL Encryption

Select all items under Security
Go to Features Expand .NET framework 4.0 Features, check WCF Activation box.(done in previous section)
Add Network Load Balancing Feature (See Figure 5) There will be another posting to cover setting up NLB.

Figure 5) NLB installation

WCF Setup: (for more information go to: http://msdn.microsoft.com/en-us/library/ms751402.aspx)

"%WINDIR%\Microsoft.Net\Framework\v4.0.30319\aspnet_regiis" –i –enable

"%WINDIR%\Microsoft.Net\Framework\v4.0.30319\ServiceModelReg.exe" -r

Virtual Directory Setup (IIS7.0): (for more information to go to: http://msdn.microsoft.com/en-us/library/ms751432.aspx)

Create Application/virtual directory
Set additional virtual directory properties
Set security:
Add your designated service account myServiceAccount to below User Groups

Performance Log Users
IIS_IUSRS

Firewall setup: http://msdn.microsoft.com/en-us/library/ms751530.aspx

Option 3: Enable a port range in advance. Start the Windows Firewall Control Panel applet

and enable ports 80, 443, 8000-8003 and 9000, which are used by the samples. You can find more detailed instructions in the following procedure. This option is less secure than the others because it allows any program to use these ports, not just the samples

Chose option 3 from above link.
Create new Inbound, Outbound rules (named WCF-WF-TCP-Ports)

Edit site bindings: Run below commands

Command1: %windir%\system32\inetsrv\appcmd.exe set site "Default Web Site" -+bindings.[protocol='net.tcp',bindingInformation='808:*']

Command2:%windir%\system32\inetsrv\appcmd.exe set app "Default Web Site/yourServiceName" /enabledProtocols:http,net.tcp

Use a Meta Data Explorer to explore addresses:

Example client URI for MyService:

Client URI: net.tcp://servername.domain/MyService/MyService.svc

Meta Data URI: net.tcp://localhost/MyService/MyService.svc/mex

install MSMQ service if needed http://msdn.microsoft.com/en-us/library/aa967729.aspx

Thursday, March 3, 2011

Patterns and Practices Symposium - Summary

It's been a while since I've blogged and it's been a while since I've been to this event but still I wanted to blog about it. Back in October 2010 I attended my first Patterns& Practices Symposium (PnP) in Redmond, Seattle. Link to: Patterns & Practices Symposium 2010
It was one of the best tech gatherings that I’ve ever attended and I have been to PDC, DevConnection and TechEd! Great crowd of attendees as well as awesome speakers and sessions
Anyway, below is a summary/abstract of the sessions and concepts that were discussed.

Sessions

Enterprise Library Extending
Parallel Programming
Cloud Computing
Windows Phone 7
OData – sesame data browser

Programming principles/Concepts

- Fluent Interface
- Inversion of Control
- DI – Dependency Injection (Unity, Spring or Castle Windsor)
- AOP – logging, exception handling
- CQRS - Command/Query Responsibility Separation
- M-V-VM
- Object Mother

SDLC Processes

Agile + TDD:

- Incremental improvement is the key to clean the old code and avoid massive redesign.
- Boy Scout rule, leave the camp cleaner than when you got it!
- In every check-in improve slightly.
- The only way to go fast is the go well (write good code pays off)
- Code Clean!
- Suite of tests gives you confidence to make changes improve/re-factored.
- Tests are used as documentation.
- Test needs to be designed well, decoupled.
- Manual test is expensive it grows.

TDD+ Validation+ Dependency injection

TDD Side Notes

TDD is the key for high quality code, it guarantees less bugs, it takes a little longer in beginning iterations but it pays off by the end of the project. It enforces developers (junior and senior) to follow the guaranteed path of TDD for quality code.

TDD requires development tool like re-sharper!

Continuous Integration Process:

CI Builds + Runs Test + Runs Code Coverage (95% for BLL, 85% for UI) + Code Analysis

Patterns of Healthy Teams using Visual Studio and TFS

- Turn on Code analysis at CI level, create your custom rule set and store it in TFS to be accessible
- Peer reviews catch about 60% of defects (Barry Boehm)

Options:

         1- Peer review
         2- Pair program
        3- Do micro-reviews, Make check-in notes required, encourages peers to

- Build Notification

- Layer Diagram

         - Document code for new developers
         - Validate Architecture
         - Generate Dependencies
        - Set Validation architecture to true at Project properties, which will generate error at CI

Flicker deploys code every 30 minutes
Gmail pushes new features are deployed in 2 days!

Tools

- Visual Studio Layer Diagram
- Visual Studio scrum templates – TFS installation required
- Instant Feature Builder VSIX
- Re-sharper
- Visual studio productivity tool

Summary

Focus of the conference was Agile + TDD + V-M-VM + Repository + Dependency Injection in Silverlight and WPF.

Wednesday, October 6, 2010

Service Design Considerations

(Excerpts from Application Architecture Guide 2.0a)

Services are flexible by nature and can be used in a wide variety of scenarios and combinations.
The following are key typical scenarios:
• Service exposed over the Internet. This scenario describes a service that is consumed over
the Internet. Decisions on authentication and authorization must be based on Internet trust
boundaries and credentials options. For example, username authentication is more likely in
the Internet scenario than the intranet scenario. This scenario includes business-to-business
(B2B) as well as consumer-focused services. A Web site that allows you to schedule visits to
your family doctor would be an example of this scenario.
• Service exposed over an intranet. This scenario describes a service that is consumed over
an intranet. Decisions on authentication and authorization must be based on intranet trust
boundaries and credentials options. For example, the Microsoft® Active Directory®
directory service is more likely to be the chosen user store in the intranet scenario than in the
Internet scenario. An enterprise Web-mail application would be an example of this scenario.
• Service exposed on the local machine. This scenario describes a service that is consumed
by an application on the local machine. Transport and message-protection decisions must
be based on local machine trust boundaries and users.
• Mixed scenario. This scenario describes a service that is consumed by multiple applications
over the Internet, an intranet, and/or the local machine. A line-of-business (LOB) application
that is consumed internally by a thick client application and over the Internet by a Web
application would be an example of this scenario.

Design Considerations

When designing service-based applications, you should follow the general guidelines that apply
to all services, such as designing for coarse-grained operations, honoring the service contract,
and anticipating invalid requests or invalid request orders. In addition to the general guidelines,
there are specific guidelines that you should follow for different types of services. For example,
with a Service-Oriented Architecture (SOA), you should ensure that the operations are
application-scoped and that the service is autonomous. Alternatively, you might have an
application that provides workflow services, or you might be designing an operational data
store (ODS) that provides a service-based interface.

General Considerations

• Design coarse-grained operations. Avoid chatty calls to the service interface, which can
lead to very poor performance. Instead, use the Façade pattern to package smaller fine-grained
operations into single coarse-grained operations.
• Design entities for extensibility. Data contracts should be designed so that you can extend
them without affecting consumers of the service.
• Compose entities from standard elements. When possible, compose the complex types
used by your service from standard elements.
• Design without the assumption that you know who the client is. You should not make
assumptions about the client, and how they plan to use the service you provide.
• Design only for the service contract. Do not implement functionality that is not reflected by
the service contract. In addition, the implementation of a service should never be exposed
to external consumers.
• Design to assume the possibility of invalid requests. Never assume that all messages
received by the service are valid.
• Separate functional business concerns from infrastructure operational concerns. Crosscutting
logic should never be combined with application logic. Doing so can lead to
implementations that are difficult to extend and maintain.
• Ensure that the service can detect and manage repeated messages (idempotency). When
designing the service, implement well-known patterns, or take advantage of infrastructure
services, to ensure that duplicate messages are not processed.
• Ensure that the service can manage messages arriving out of order (commutativity). If
there is a possibility that messages might arrive out of order, implement a design that will
store messages and then process them in the correct order.

SOA Services Considerations

• Design services to be application-scoped and not component-scoped. Service operations
should be coarse-grained and focused on application operations. For example, with
demographics data, you should provide an operation that returns all of the data in one call.
You should not use multiple operations to return subsets of the data with multiple calls.
• Decouple the interface from the implementation. In an SOA application, it is very
important to keep internal business entities hidden from external clients. In other words,
you should never define a service interface that exposes internal business entities. Instead,
the service interface should be based on a contract with which external consumers interact.
Inside the service implementation, you translate between internal business entities and
external contracts.
• Design services with explicit boundaries. A services application should be self-contained,
with strict boundaries. Access to the service should only be allowed through the service
interface layer.
• Design services to be autonomous. Services should not require anything from consumers of
the service, and should not assume who the consumer is. In addition, you should design
services with the assumption that malformed requests will be sent to it.
• Design compatibility based on policy. The service should publish a policy that describes
how consumers can interact with the service. This is more important for public services,
where consumers can examine the policy to determine interaction requirements.

Data Services Considerations

• Avoid using services to expose individual tables in a database. This will lead to chatty
service calls and interdependencies between service operations, which can lead to
dependency issues for consumers of the service.
• Do not implement business rules with data services. Different consumers of the data will
have unique viewpoints and rules. Attempting to implement rules in data access services
will impose restrictions on the use of that data.

Workflow Services Considerations

• Use interfaces supported by your workflow engine. Attempting to create custom interfaces
can restrict the types of operations supported, and will increase the effort required to
extend and maintain the services.
• Design a service that is dedicated to supporting workflow. Instead of adding workflow
services to an existing service application, consider designing an autonomous service that
supports only workflow requirements.

Securing websites from Penentration test

SQL injection

Use stored procedures , use parameterized dynamic SQL queries
Sanitize input parameters which are coming from UI before feeding them into stored procedures or dynamic SQL statements

Use stored procedures as you can
Use parametrized in-line SQL query
SQL safe your queries by : Replace("'","''").Replace(";","")

Cross site scripting

Securing cookies
Turning off cross site scripting HttpOnly
HTML encoding all user inputs before storing in DB

Prevent file system traversal

Allowing filenames containing “../..” could allow the hacker to traverse through file system

IIS 6 vulnerabilities on file extensions

Filename.asp.jpg is ran as an asp page!
Keep your web servers up-to-date with OS patches

Related Links:

Tuesday, August 24, 2010

Tour the JQuery Framework

I found an interesting article about JQuery on DevProConnection magazine (below link):

http://www.devproconnections.com/article/net-framework2/Tour-the-jQuery-Framework.aspx

Getting Started with jQuery
The first step in unleashing jQuery's power is to download the beast. You can download jQuery here. Just like any other JavaScript library, jQuery needs to be referenced before it is used. You can set up the reference in a page's head section, as in the following example:

After referring the library, you are now ready to use it. To understand the workings of the library, we'll start with a very simple application that alerts the type of DIV element on screen. The alert will be invoked when the user clicks the button. The following snippet uses the plain-vanilla JavaScript to accomplish the task.

<script language="javascript" type="text/javascript">

function greetings() {
alert($("#display"));
 }
</script><o:p></o:p></pre>
<div style="margin-bottom: 12pt;">

As expected, the alert box in Figure 1 clearly shows that the object is of type HTMLDivElement, which refers to a DIV element in the DOM tree.

Next, we'll implement the same scenario using the jQuery library, as shown in the following code sample, and examine how it differs from the previous one.

<input onclick="greetings()" type="button" value="Greet" />

<div id="display">
</div>
<script language="javascript" type="text/javascript">

 function greetings() {
    alert($("#display"));
}
</script>

Figure 2 shows the result: The object returned is not of the type HTMLDivElement but an object. By investigating further, you'll realize that the object is of type jQuery. This is where the jQuery library really shines. Instead of returning the type of the DOM element that was requested, the jQuery library returns the jQuery object. The jQuery object contains many different functions and attributes that can be used in different scenarios. This also makes it easy to add custom plug-ins to the jQuery library.

jQuery Syntax

jQuery uses a combination of XPath and CSS selector syntax to access elements inside the DOM tree. The selector syntax allows jQuery to manipulate the HTML elements as a group or as an individual element. Take a look at the following selectors in jQuery that are most commonly used in an application.

Fetching by element ID: The hash (#) sign is used to fetch the element using the element ID. This is the equivalent of using the document.getElementById function. For example:

$("#myTextBoxId")  //

returns the control whose ID is myTextBoxId.

Fetching by class name: The period (.) operator is used to retrieve the element by using the class name. For example:

$(".greenColorTextBoxes") //

returns all the controls whose class name is greenColorTextboxes.

Fetching by element type. The element tag name indicates that the element will be fetched by its type. This is equivalent to using the document.getElementsByTagName function. For example:

$("p") //

returns all the p elements on the page.

$("p.display")

returns the

element with the class display.

$("p#display") returns the first
element with the ID display.

jQuery uses the XPath syntax to select elements using their attributes:
•   $("[href]") selects all the elements having the href attribute.
•   $("[href='#']) selects all the elements having the href attribute #.
•   $("[src='.jpg']") selects all the image elements with the source attribute ending in .jpg.

Now that you're familiar with different retrieval strategies using the jQuery library, we'll move on to discussing how to use jQuery effects.

Effects in jQuery
The jQuery framework comes with several built-in effects. If you need to create more advanced effects, you can do so using the jQuery UI library, which you can download at jqueryui.com. The effects that alter the appearance of elements are mostly UI based. The code in Figure 3 uses the built-in effect to show and hide a div element.

Creating animation effects. There are times when jQuery built-in effects are not enough. In such cases, you can use the power of jQuery's animation class, which lets you create custom animations. The animation can be performed on properties consisting of numerical values—for example, width, height, and margin. You can even perform animation on color properties by assigning the color in the color code format. The following example shows how to perform animation on a simple DIV control and change its width property.

  $(document).ready(function() {

        $("#btnAnimate").click(function() {

            $(".block").animate(

            {

                width:"100%"

            }

            );

    });

});

You can even move the DIV across the screen using the marginLeft and marginRight properties, as the following example shows:

  $(document).ready(function() {

        $("#btnAnimate").click(function() {

            $(".block").animate(

            {

                marginLeft:"40%"

            }

            );

    });

});

jQuery can also manipulate color properties of the element if they're used in the form of color codes instead of names, as you can see in the following example. Note that the color animation works only when the jQuery UI reference is added (as mentioned previously).

$(document).ready(function() {

        $("#btnAnimate").click(function() {

            $(".block").animate(

            {

                marginLeft:"40%",

                backgroundColor:'#ffbfff'

            }

            );

    });

});

The previous code also demonstrates the use of multiple properties in the animation function. The animation function provides most of the features to create custom animation, but sometimes we need to plug in our custom animation function in the jQuery framework. In the next section, I'll show you how to extend the existing jQuery functions and how to successfully add your own behavior.

Creating Custom Effects by Extending jQuery
jQuery is an open extension framework that enables developers to easily extend the functionality in the existing the API. For instance, if you're interested in creating a FadeInFadeOut effect, you can easily extend the jQuery.fn class to include new methods and add custom behavior. Take a look at the following code, which demonstrates how to extend jQuery.fn to include FadeInFadeOut effects.

jQuery.fn.fadeInFadeOut = function(speed) {

        return $(this).fadeIn(speed,

        function() {

            return $(this).fadeOut(speed);

         });

    }

Finally, we can use our new function by employing the following code:

$("#divMessage").html("Item has been saved").fadeInFadeOut(3000);

This shows how easy it is to leverage the existing jQuery functionality and create new effects.

Drag-and-Drop Operations Using jQuery
If you've ever written plain old vanilla JavaScript to create drag-and-drop effects, you're aware of the pain you need to go through to make it work. jQuery makes it easy to perform drag-and-drop operations. The drag-and-drop operations are contained in the jQuery.UI framework.

The first task in implementing jQuery drag and drop is to create a draggable item. We will be dragging a simple DIV element. The definition of the DIV element is as follows:

The DIV uses the style "draggableElement" defined by the following code:

  .draggedElement

    {

 

   border: 2px solid #0090DF;

   background-color: #68BFEF;

   width: 100px;

   height: 100px;

   margin: 10px;

   overflow:auto;

   padding:1em 1em 1em 1em;

   z-index:9999;

   cursor:move;



    }

Next, to make the DIV draggable we need to use the jQuery draggable function. Here's the implementation:

And that's it! Now run the application in your browser, and you'll be amazed that by adding a single line of code you can drag the element.

Although we are able to drag the DIV element, we're dragging the original element. In most cases you do not want to drag the original element but the clone. Not to worry, since jQuery provides attributes to add this feature. To make a clone of the dragged element, just use the helper attribute, as in the following example:

This code creates a clone of the dragged element, which is easily visible because of the opacity. Figure 4 shows the clone of the dragged element.

At this point we have implemented only the functionality for the dragged element. But this is only half of the story. The dragged element eventually needs to be dropped. This is where drop zones come into action. A drop zone is an area where a draggable element can be dropped. Creating a drop zone is straightforward, as it can be represented by a simple DIV element:

$(".dropZone").droppable();

The .dropZone class is used to decorate the drop zone with styling features:

  .dropZone

   {

           background-color: #e9b96e;

 border: 3px double #c17d11;

   width: 300px;

   height: 300px;

   margin: 10px;

   overflow:auto;

   position:absolute;

  top: 5px;

  right: 30%;

  padding: 1em 0 0 0;

  

   }

Just as we initialized the draggable element, we need to initialize the drop zone. This is accomplished by using a single line of code:

$(".dropZone").droppable();

Although the drop zone has been initialized, we still need to provide it with additional information so that it knows what kinds of elements are accepted in the drop zone. The following code accomplishes this:

        $(".dropZone").droppable(



        {

            accept: '.draggedElement',

            hoverClass: 'dropZoneHover',

            drop: function(ev, ui) {

            }

        }

        );

The accept attribute represents the class that is accepted by the drop zone. This means any element having class draggedElement can be dropped into the drop zone. The hoverClass attribute represents the class that will become active once the draggable element hovers over the drop zone. Take a look at Figure 5, which shows the drop zone becoming active once the draggable element hovers over it.

Now, let's take a look at the most important feature of the drop zone, the drop function:

$(".dropZone").droppable(



        {

            accept: '.draggedElement',

            hoverClass: 'dropZoneHover',

            drop: function(ev, ui) {

                var droppedItem = ui.draggable.clone().addClass("droppedItemStyle");

                $(this).append(droppedItem);

             }

        }

        );

Inside the droppable function, we have used JavaScript closures to handle the drop event. The $(this) refers to the DIV element that acts as a "DropZone" and is consuming the ".dropZone" class. The dropped item is decorated with droppedItemStyle. Once the dropped element is dropped, it is added to the drop zone element as a child. Figure 6 shows the dropped element added in the drop zone.

The jQuery drag-and-drop API is very useful for creating interactive applications. The ease of use of the drag-and-drop framework lets a developer build complicated client-side applications more quickly.

jQuery AJAX API
jQuery not only provides a strong DOM manipulation library, it also includes a very handy AJAX API. jQuery provides a couple different methods to make an AJAX call, as I'll demonstrate.

The $.ajax function is the most flexible of all jQuery AJAX functions, since it allows a developer to indicate the options manually. Here is a small piece of code that invokes the Greetings web service method and returns a message to the user.

$(document).ready(function() {

        $("#btnGreet").click(function() {

            $.ajax(

            {

                type: "POST",

                contentType: "application/json",

                data: "{}",

                dataType: "json",

                url:"AjaxService.asmx/Greeting",

                success: function(response) {



                    alert(response.d);

                 }

            }

    );

The $.ajax function defined in this code calls the Greeting method contained in the AjaxService.asmx web service. Here's the implementation of the web service:

  [System.Web.Script.Services.ScriptService]

    public class AjaxService : System.Web.Services.WebService

    {

        [WebMethod]

        public string Greeting()

        {

            return "Hello World";

        }

    }

Greeting is a simple method decorated with the [WebMethod] attribute. Another important thing to note about the AjaxService is that it's decorated with the [System.Web.Script.Services.ScriptService] attribute, which allows the web service to be called from the client-side code. Figure 7 shows the result.

You can also return XML just by changing the contentType to support XML, as shown by the following:

$(document).ready(function() {

        $("#btnGreet").click(function() {

            $.ajax(

            {

                type: "POST",

                contentType: "application/xml",

                data: "",

                dataType: "xml",

                url:"AjaxService.asmx/Greeting",

                success: function(response) {

                    alert(response.childNodes\[0].firstChild.textContent);

                 }

            }

    );

It's a good idea to return the result as JSON format. JSON makes it easy to parse the object and usually represents the structure similar to the domain model.

Sending Parameters Using jQuery's AJAX API
In the previous examples, we invoked the methods and returning the results on the client side without sending any input parameters. In real-world applications, our result will depend on the parameters passed to the web method.

In the following example, our result will be based on the parameters sent by the client. We'll use the SQL Server Northwind database, since it's available on most machines. A user will be allowed to select a category from the DropDownList. When the category is selected, the related products are fetched using an AJAX request.

The following code shows the implementation of the GetProductsByCategoryId. The example uses LINQ to SQL as the data access layer, but you may use whatever data access mechanism you want.

 [WebMethod]

        public string GetProductsByCategoryId(int categoryId)

        {

            var json = new JavaScriptSerializer();



            using(var db = new NorthwindDataContext())

            {

                var products = from p in db.Products

                               where p.CategoryID == categoryId

                               select p;



                foreach(var p in products)

                {

                    p.Category = null;  // removing the circular reference!

                }



                return json.Serialize(products);

            }

        }

The JavaScriptSerializer object has a limitation in that it cannot detect and ignore the circular references. For this reason, I've manually eliminated the circular references by setting the Category object to null. You can also return an anonymous type with the required properties to the client.

Figure 8 shows the implementation of the getProducts function, which is used to fire the AJAX request and create the product list display. In the code in Figure 8, note that the name of the parameters matches exactly with the parameter names of the web method. This means that if the web method parameter is called categoryId, then the AJAX call should specify categoryId as the parameter. Additionally, we've used a jQuery plug-in to evaluate the JSON string as an Object. Figure 9 shows the output.

jQuery Support in Visual Studio 2010
The jQuery library is already supported in Visual Studio 2008, but to get the IntelliSense feature working, you need to download a Meta file and place it in a special location. In Visual Studio 2010 jQuery is treated as a first-class citizen, and the IntelliSense support is activated by default. This creates an easy way for developers to discover the jQuery API without having to refer to the documentation.

Wrapping Up
jQuery is a fascinating JavaScript library that has grown exponentially since its inception in 2006. In 2008 Microsoft embraced the popularity of this powerful library by giving it space in Visual Studio. jQuery's ease of use and advanced UI-manipulation features put it at the top of the stack of your choices of a client-side framework for any web application.

Scalable High Performance Applications
(WCF/SOA/ASP.NET)

Wednesday, November 23, 2011

Code Camp - USC Campus October 2011

Thursday, April 14, 2011

How to configure Windows Server 2008 to host WCF services in IIS 7/WAS

Thursday, March 3, 2011

Patterns and Practices Symposium - Summary

Wednesday, October 6, 2010

Service Design Considerations

Securing websites from Penentration test

Tuesday, August 24, 2010

Tour the JQuery Framework

Search This Blog

Blog Archive

About Me

My Blog List

Followers