Monthly Archives: October 2006

Security and Streamed Messages

When I talked about transferring large messages with WCF, I neglected to cover how security interacts with streamed messages.

A number of V1 binding elements require message buffering. For example, WS-RM (ReliableSessionBindingElement) buffers messages so that it can retry sends when they fail. The integrity (signing) protocol provided by WS-Security requires buffering of the message since the signature is stored in a message header (and headers are sent out prior to the streamed body).

The system provided bindings in V1 that support streaming are BasicHttpBinding, NetTcpBinding, and NetNamedPipeBinding. To enable bidirectional transport-level streaming, set the TransferMode on your binding to TransferMode.Streamed. Alternatively, if you only require streaming in one direction, you can set the TransferMode value to TransferMode.StreamedRequest or TransferMode.StreamedResponse.

Transport-level streaming will work with Transport security. It will also work with “mixed-mode” security: where authentication is provided by WS-Security, but confidentiality and integrity are provided by the transport.

If you want to use full WS-Security, then you would need app-level “chunking” or a chunking protocol at the channel-layer.

Using WCF with NLB

There comes a point in time when one server is just not enough. You need to scale your service across multiple back-ends. Enter Windows Network Load Balancing (a.k.a. NLB). By using NLB, TCP connection initiations can be serviced by different machines.

This has an obvious impact on in-memory sessions. If you are using a protocol such as WS-Reliable Messaging (which will reestablish connections during the course of a session) or WS-Secure Conversation (which uses a session-negotiated security token), then you want to make sure subsequent connection requests go to the same back-end server. Similarly, when using a transport such as HTTP (which can in worst case scenarios use a new connection for each request-reply), if you are depending on an in-memory session then you will also need to ensure consecutive connection establishments arrive at the same server. Many load-balancer have an “affinity” setting that you can set to enable this behavior. Alternatively you can write a “state-less” service (from the in-memory perspective), where any app state is stored outside of your process. If you take this approach then you should avoid using WCF Sessions (which may store infrastructure state in-process).

Nicholas gave a nice overview of our Transport quotas. We have a few knobs on the TcpTransportBindingElement specifically targeted for NLB-type scenarios. They are associated with our client-side connection pooling. Nicholas highlights the final object model for these quotas, and I’ll go into a little detail about how these quotas will effect your use of NLB with our TCP transport.

  • IdleTimeout: Controls the amount of time that a TCP connection can remain idle in our connection pool. This is useful for scenarios where you don’t mind connections being reused when you are under load, but when the load dissipates you wish to reclaim your connection. The default value of IdleTimeout is 2 minutes.
  • LeaseTimeout: Controls the overall lifetime of a TCP connection. The lower you set this value, the more likely you will be re-load balanced when you create a new channel. Note that if this timeout expires we won’t just fault an existing connection. We will however close that connection when you Close() the active channel. This setting works well in conjunction with IdleTimeout. For example, if you are cycling through channels, and you are never really “idle”, you can still ensure periodic connection recycling through LeaseTimeout. The default value of LeaseTimeout is 5 minutes.

For HTTP we inherit our connection pooling settings from System.Net, so you can tweak their idle settings in order to control connection recycling frequency over HTTP.

The Herbfarm "Experience" (Woodinville, WA)


The Herbfarm. Mentioned on just about every “top restaurants” page in the Seattle area, I had heard tale of it ever since I moved here. Yet after nine years I hadn’t experienced it personally. My sister helped us fix that with her fabulous wedding present, which included dinner for Lauren and I at the Herbfarm, as well as one night in an “Herbfarm Romantic Suite” at the adjacent Willows Lodge.

We arrived early to fully experience Willows Lodge. Staying at Willows makes you feel like you are at a remote cabin in the North Cascades. The ambience and service was reminiscent of the fabulous Sun Mountain Lodge. We had a relaxing trip to the Spa (they have an 24-hour outdoor sauna and jacuzzi which is a great pre-massage relaxant :)). Our balcony overlooked the garden, so we got to witness a wedding ceremony before heading down a short pathway to dinner.

Dining at the Herbfarm is not for the gastronomic faint of heart: it’s a nine-course, full evening affair with wine and a pre-dinner tour of the herb garden. On a blustery October evening, we sampled garlic chives (the flowers taste like garlic, it’s amazing), lemon verbena, and other herbs that were to be featured in the evening’s dinner. Every meal at the Herbfarm has a theme, and ours was A Mycologist’s Dream: a.k.a. mushrooms galore.

A Funghi StartFollowing the garden tour (which was a little kitsch, but at the Herbfarm you need to learn to embrace kitsch), we settled in for some herb-infused champagne and our first course: A Fungi Start. This trio included a crispy, light tempura Angel Wing mushroom, a savory Morel mushroom flan, and a Matsutake mushroom consomme with a spot prawn. The tempura was fried to perfection with a light breading and paired well with its lemon thyme soy sauce. The flan was a very unique mushroom creation: it had a creamy texture that you would expect for dessert, but the flavor was rich with savory mushrooms. The consomme was intended to be a simple presentation reflecting the flavor of the Matsutake. Perhaps they should have used more mushrooms, as I found it quite plain.

In between the first and second course our champagne glasses were topped off (it turns out that the meal not only includes generous wine pairing pours, but also fill ups as the waitstaff wonders about), the lights dimmed, and the introductions began.

The chef and his mushroomsAs I mentioned earlier, the Herbfarm consists of a certain amount of cheese. This was in full force when the red curtains close on the open kitchen and the staff are lined up shoulder to shoulder. The owner, Ron Zimmerman, introduces each one of the kitchen and serving staff, including their credentials and accolades. Imagine if before each Broadway show they decided to read you a shortened version of the “Who’s Who in the Cast”. Ugh, drink up.

Following the staff introductions, the chef (Jerry Traunfeld) and the sommelier went over the details of the menu. Jerry had samples of all the evening’s mushrooms (he is displaying a huge Cauliflower mushroom in the picture here). This part was actually quite interesting. I was very impressed with Jerry. Here is a world-acclaimed chef who has been at the Herbfarm for 16 years, yet seems very down to earth. He described the thought process behind each dish and how the mushrooms were to be incorporated. During the meal preparations he was an active participant in the kitchen, in a very player-coach type role. If he hadn’t been pointed out as the executive chef, you would think he was another “normal” member of the kitchen staff. Very cool. The sommelier on the other hand took herself a little too seriously. But she gave us lots of tasty wines so I’ll cut her some slack 🙂

Crab and King Bolete HandkerchiefsAfter the introductions finished, the curtains reopened and (relatively speaking) normalcy resumed. Our table was located in the first row of tables in front of the open kitchen, so we were able to witness the herculean efforts of the staff preparing 100 simultaneous meals. Our second course consisted of crab and King Bolete mushrooms inside of light pasta “handkerchiefs”. Simple and well executed preparation of very fresh and tasty ingredients. The wine paring was a Ken Wright Cellars Chardonnay that was more of a Burgundy-style Chardonnay (yay!) even though it was from California.

Third course: Soy Marinated Roasted Black Cod with Cauliflower Mushrooms. Served with a side of Quince and Savoy Cabbage. This was the best course of the meal. Black cod is also known as sablefish, and is a completely different beast from “regular” cod. It was rich, the perfect amount of oily, and melted in your mouth. Cauliflower mushrooms were a great crunchy complement. The quince tasted like a cross between an apple and a pear (I bet “pearple” wouldn’t fly with the marketers).
Roasted Black Cod

For the main course (#4 for those counting along), Jerry said he wanted to “fully feature the mushrooms”, and the result was a “Red, White and Blue Mushroom Tower.” Lobster mushrooms were the “Red”, Bear’s Tooth mushrooms were the “White”, and Blue Chantrelle mushrooms were the “Blue.” Lots of mushroomy goodness served with a Sungold tomato sauce.
Red, White, and Blue Mushroom Tower

Concord Grape InfusionAt this point we were halfway through the meal. After 3 glasses of wine we were also getting a bit tipsy. The proprieters encourage you to tour the house in between courses, and we took advantage of the pre-intermezzo lull to walk around. There is a library upstairs. It overlooks the dining room and has a large array of cookbooks from chefs and restaurants around the world. The entire house is pretty ecclectic and reflects Ron’s fascination with eBay. We returned to our table for the intermezzo, which was a disappointment. The warm “Concord Grape Infusion”, with lemon verbena and rosemary, tasted like Manischewitz Concord Grape wine. Lame.

Muscovy Duck with MushroomsCourse #6 was our singular meat course of the evening. A three part presentation a la the first course, this plate consisted of mushroom-braised duck leg with a red wine reduction, mushroom and gizzard strudel, and a mushroom-crusted duck breast with rosemary. It was paired with our final wine of the evening, a local syrah from the Boushey vineyard. I don’t remember much of the details at this point, but do remember enjoying this course immensely 🙂

Quillisascut Goat Cheese TartAt this point in the evening we had wined and dined heavily and it was time to start the final approach: cheese and dessert. First up, a Quillisascut Goat Cheese Tart, with fruit compote and roasted chestnuts. A rich, savory cheesecake texture with sweet, slightly carmelized fruits.

By all counts I am quite full at this point, but dessert and coffee (which also included some “small treats”) remained. Dessert was yet another trio. No mushrooms here, though the Pear Edulis with its merengue top was presented in the shape of a funghi. To round out the group was an Apple souffle with orange-thyme custard sauce and a pumpkin-bay sundae with homemade marshmellows. The sundae was my favorite.
Sonata to Autumn Desserts

Lauren and bonus dessertAll I have to say about the coffee and tea is that if you order the “Smart Tea”, you get a set of small puzzles to make your drunken way through while you munch on various small treats. After lingering over your coffee and tea you’ll be glad that you have a room at the Willows Lodge across the street so that you only need to cover a couple hundred feet to a very comfortable bed with late checkout 🙂

If you’ve read this far, for what its worth I’ll mention that the entire experience of the Herbfarm plus Willows Lodge makes for a very enjoyable and indulgent vacation for Seattle-ites without any of the typical vacation travel overhead. Enjoy!

The Herbfarm and Willows Lodge
14590 NE 145th St.
Woodinville, WA 98072

Thur-Sun: Single Seating (Dinner only)

Vista and Http services

Vista is coming soon, and one of its new security features bears special mention due to its effect on the execution of Http-based services. User Account Control is a new feature that will have many former administrators running as a “standard user” by default. Running as a non-admin, developers can hit a permissions issue when opening an Http standalone service:

AddressAccessDeniedException: HTTP could not register URL http://+:80/myService/. Your process does not have access rights to this namespace (see for details).

That is because http.sys restricts the root namespace (i.e. “/”) to administrators only. By using the http.sys namespace security mechanism, you can delegate portions of the global namespace to be accessible by different groups (i.e. all local Users, Power Users, a single user such as REDMONDkennyw, etc). Traditionally this security integration would be done by your setup program at install time.

System.Net does not currently expose any managed APIs to manipulate http.sys security reservations, but Keith has posted some sample code on using these APIs from managed code.

In addition, on Vista administrators also have access to a brand new netsh extension. This extension is very useful for both diagnostics and configuration issues such as namespace delegation. It also takes care of simple SDDL conversion, so you can now have commands such as:

netsh http add urlacl url=http://+:80/myService user=DOMAINuser

Rather than having to use oh so readable SSID strings like D:(A;;GX;;;S-1-5-20).

Note that your code which is running either the netsh extension or the configuration APIs needs to be running under an administrator account in order to setup this reservation. Once the reservation (ACL delegation) has been made, future registrations (usages) of your URI can occur while running under any account that was authorized by the reservation.