Archive

Archive for the ‘Architecture’ Category

Getting Started with TopShelf

December 31, 2012 3 comments

I am a huge fan and follower of open source project and there have been so many great open source projects which tend to solve our complex problem with such an ease. In fact I love the way open source is becoming main stream and even Microsoft has come to the party. However I have notice not every .net developer is across it at least in Canberra.

Today I am going to talk about an underrated open source project called TopShelf which in my opinion deserve a lot of more recognition in the community and decided to blog about it

So TopShelf is a windows service framework which allows to build windows services with out the pain of what .net/visual studio provides. The project is hosted at Github and can be found here.

In fact if you remember in April of this year I blogged “NServiceBus: The Magic of Generic Host” and showed you how NService Bus installs your handler as a windows service, but the real magic behing Generic host is TopShelf and Enterprise Service Bus like NServiceBus and Mass Transit both use TopShelf internally to install handlers as windows service.

Lets get stated and write some code to use TopShelf. Create a new console application and type the following NuGet Command.

PM> Install-Package TopShelf

NuGet will install ‘TopShelf 3.1.0’. Lets create an interface which will encapsulate the windows service start and stop method and TopShelf itself requires a start method and stop method

IService.cs

public interface IService
{
    void Start();
    void Stop();
}

For a real life example lets pretend we are writing an Email service which polls database every 10 seconds and based on some domain logic processes and sends the email. I am not going to go into the details of polling and threading etc and this is just a demo code for the Email Service.


EmailService.cs

public class EmailService : IService
{
    public void Start()
    {
        Console.WriteLine("Starting Service ...");
    }

    public void Stop()
    {
        Console.WriteLine("Stopping the service ...");
    }
}

Now in our main program we just have to wireup the TopShelf Host factory.

Program.cs

class Program
{
    static void Main(string[] args)
    {
        HostFactory.Run(x =>                                 
        {
            x.Service<IService>(s =>                        
            {
                s.ConstructUsing(name => new EmailService());   
                s.WhenStarted(tc => tc.Start());             
                s.WhenStopped(tc => tc.Stop());              
            });
            x.RunAsLocalSystem();

            x.SetDescription("Email Service to send emails 
                              and proudly hosted by TopShelf"); 
            x.SetDisplayName("Email Service to send emails");                       
            x.SetServiceName("EmailService");                       
        });               

    }
}

 

and that’s it there are no other moving parts or special type of projects or files to include. There are many other useful settings like under which account the windows service should run and on what other services it depends on etc can be easily configured using the fluent apis.The best thing about TopShelf is that as part of your development and debugging you can run it as a normal console application and when you are ready you can just install it as a windows service.

Lets look into installing it as windows service. Launch command prompt as Administrator

and type the following command :-

Topshelf will install the service and will output the following result and which means you have successfully installed your application as a windows service.

Now to verify it open up windows services snap in MMC and you will see your service installed properly with the service name and description. Remember that the display name and description can be anything you want however the windows service name cannot have any spaces as you can see in the above code.

Now you can go ahead and start the windows service. To uninstall it’s again the name of your executable with uninstall option.So for our demo app it will be

TopShelfDemo.exe uninstall

That’s it folks and have a happy coding new year !!!

ADFS 2.0 Setup Guide

September 16, 2012 5 comments

In my previous project I was asked to configure and build and end to end Web Single Sign On (SSO) solution using Active Directory Federation Service 2.0. One of the requirements was to identify whether this is suitable for our architecture design and identify how much customization we need in order to implement our in-house single sign on solutions.

As our scenario was bit different from what standard samples and setup so I had to do a bit of digging and had to go back and forth so many places in MSDN and other resources.

In the end it was all good and I finally decide to write it down so that these steps become much easier if you follow it. Although I am starting the setup guide with prerequisites but my assumption is that you have good in-depth knowledge in the following areas.

  • Complete knowledge of Active Directory,AD Forests and trusted domains.
  • Windows Kerberos authentication.
  • Architecture of managing Active Directory in the DMZ.
  • Knowledge of DNS Server,forward lookup and reverse lookup zones.
  • How Security Token Services (STS) works.
  • Installing Windows certificate authority.
  • Configuring SSL certificates and securing websites using SSL.
    So I am going to use a fictitious domain name GoodHealth.com and the convention for federation server name will be federation.goodhealth.com and the proxy name will be federationproxy.goodhealth.com. It’s just my naming convention and you could use any naming convention for your implementation as long as they have proper DNS entry and the certificates are generated based on these names, otherwise your certificates will not work properly and ADFS installation will not be completed.Rest is all easy and follow the installation steps.

Prerequisites

  1. 2 Windows Server 2008 R2 servers, one for ADFS Federation Server and another one for ADFS Federation Proxy Server.
  2. DNS entries configured for Federation Server and Federation Server proxy i.e. federation.goodhealth.com and federationproxy.goodhealth.com
  3. IIS web server installed on the two servers.
  4. An ADFS domain service account
  5. SQL Server 2008 for storing ADFS Artifact and configuration information.
  6. Firewalls on the SQL Server are configured to allow the ADFS Servers to connect.
  7. Download ADFS Setup from Microsoft download site http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=10909

Preparation

  1. Launch cmd with admin privilege and run the following command to set service principle for Federation and Federation Proxy Server
  2. Setspn -a host/<<Federation Server>> GoodHealth\serviceAccount

    Setspn -a http/<<Federation Server>> GoodHealth\serviceAccount

    Setspn -a http/<<Federation Proxy Server>> GoodHealth\serviceAccount

  3. Generate domain certificates using IIS Server for federation server and federation server proxy individually make sure the subject name matches the DNS entry for federation and federation proxy server.
  4. Configure the binding to use respective SSL certificates for secure https communication on the two web servers.

Installation

  1. Launch AdfsSetup.exe with admin privilege on Federation Server and choose “Federation Server” in the “Server Role”. This installation will also install all the Prerequisite Software like PowerShell, .Net Framework 3.5 SP1, Windows Identity Foundation etc.
  2. Launch cmd with admin privilege and run the following command to install a federation server on SQL farm.

    FSConfig.exe CreateSQLFarm /ServiceAccount "GoodHealth\serviceAccount" /ServiceAccountPassword "password" /SQLConnectionString "database=AdfsConfiguration;server=<<SQL Server>>;integrated security=SSPI" /AutoCertRolloverEnabled /CleanConfig /FederationServiceName <<Federation Server>>

Once the installation is complete we should be able to see the ADFS 2.0 Federation Service being started as shown in the following figure.

Figure 1: ADFS setup completed

Screen which shows that the entire ADFS 2 Setup went correctly

To install the Federation Server proxy run AdfsSetup.exe as administrator and in the setup wizard choose “Federation Server proxy” and enter the name of the federation service server.

  1. Test the connection to make sure the proxy can connect to Federation server.
  2. When prompted enter the service account credential to establish the trust between the federation server proxy and the federation service.

Configuring Federation Service Server

  1. Launch PowerShell with admin privilege and run the following command to disable automatic rollover of certificate on the Federation Service Server.

    Set-ADFSProperties –AutoCertificateRollOver $False

  2. Launch AD FS 2.0 Management and Under ADFS 2.0\Services\Certificates right-click and select “Add Token-Signing Certificate” and choose the web server certificate from the dialog box.
  3. Right click on the newly added certificate and set it as primary and delete the old certificate which was installed as part of ADFS installation.
  4. Test the metadata page by accessing the metadata at

    https://<<Federation Server>>/federationmetadata/2007-06/federationmetadata.xml

  5. Launch PowerShell with admin privilege and run the following command to switch on the automatic rollover of the certificate.

    Set-ADFSProperties –AutoCertificateRollOver $true

Launch Services and make sure the following services are running in the windows services snap-in.

  1. AD FS 2.0 Windows Service
  2. Claims to Windows Token Service

Configuring Attribute Store

  1. Launch ADFS 2.0 Management and Under ADFS 2.0\Attribute Store right-click and select “Add Attribute Store”.
  2. Enter an appropriate Display Name and choose “SQL” as the attribute store type.
  3. Enter the following connection string in the respective field.


    Data Source=<<SQL Server>>;integrated security=SSPI;database=<<Attribute Database>>

    and click “OK”. The attribute database is the name of the database which you gave when you run the FSConfig command from the command prompt.

Adding a Replying Party

  1. Launch ADFS 2.0 Management and under ADFS 2.0\Trust Relationship right-click and choose “Add Relying Party Trust”.
  2. Enter the replying party URL in the “Federation metadata address (host name or URL)”
  3. Click next and in “Choose Issuance Authorization Rules” select “Permit all Users…” and click next and complete the wizard.

Enabling ADFS 2.0 Tracing

  1. Launch Event Viewer under Application and Services Logs\AD FS2.0\Admin right-click and select “View”.
  2. On “View” sub menu check “Show Analytic and Debug Logs”
  3. Browse to Application and Services Logs\AD FS 2.0 Tracing\Debug to view ADFS tracing information.
  4. Open Service snap-in and restart “AD FS 2.0 Windows Service”.

I hope if you followed the steps correctly you will have a proper ADFS environment up and running and with federation proxy server you will have that extra level security.However once this solution goes into a real public facing environment (i.e. in the DMZ) you will to purchase a proper certificate from the approved certificate authority like Verisign, Thawte etc.

Happy ADFS & SSO !! 🙂

NServiceBus: The Magic of Generic Host

April 29, 2012 2 comments

I have done a few posts on NServiceBus and have talked in great details about how it works with messages and MSMQ. However I haven’t talked much about the Generic Host and today’s post is just about that.And hope you will find quite amazing and valuable for your SOA development.

As you had seen in my previous post that it is a means to host your NServiceBus application, whether it’s the client sending a message to the bus or the server reading the message from the queue they both are assemblies and are hosted in this executable called the “Generic Host Process” for NServiceBusIt is this host which takes of wiring up messages, handler and endpoints to MSMQ etc.

When we run the generic host using command line we can see some interesting options as shown below.

NServiceBus Generic Host options

This means that you can configure any message endpoint as a Windows Service and Generic host will take care of installation. You don’t have to do a windows service host application, installer etc. All the plumbing and hard work is taken care by the generic host and you have to focus on writing your messages,message handlers and endpoints.

Let’s try installing the server component in the Full-Duplex sample as a windows service.

Installing NServiceBus component as a windows service

The Command Line:

NServiceBus.Host.exe /install /serviceName:MyServer.dll
/displayName:"My Super Duper service"
/description:"My server installed by NService Magic"

As you can see the command line is very self-explanatory, we have an assembly called MyServer.dll which implements a handler of a specific type and we want it’s display name to be My Super Duper Service and the description to be My server installed by NService Magic.

Lets verify this by opening the Windows Service Management Console and we can see our NServiceBus Server component installed as a windows service. When i did this for the first time it was not less than a magic.

Viewing service in windows services management console

To test whether it is doing what it is supposed to do I am going to run the Client only project from Visual Studio and our message gets picked by the windows service and our handler processes it successfully.

That’s it for now and I hope you guys will find a lot of value in using NServiceBus 🙂

NServiceBus Integration Pattern – Part 2

April 16, 2012 1 comment

Continuing with my previous post on NServiceBus in this part I am going to implement what we had discuss about integration and how NServiceBus can be used. Based on the previous architecture diagram I am doing to drill into component architecture and for easy illustration I am going to use the FullDuplex example which is part of the samples provided by NServiceBus.

NServiceBus Component Architecture

And let’s see how it looks from the visual studio.

NServiceBus VS Solution Explorer

And when we look into the project properties you can see that the project type is an output library and it is configured to run with an external program which is the NServiceBus.Host.exe.

NServiceBus VS Solution Explorer

So let’s run a typical failover / offline scenario and run the client application in isolation

Running client with out the server

and as you can see in the above diagram that the client can send messages even if the server is not running.

Let’s run the server application with debugging and mimic as if there is a failure. For example the finance system is down, exchange server in unavailable or any system to system integration failure. So in this scenario when we run the server application we see this exception thrown and seen like this in the console window.

NServiceBus exception

Interesting thing is that if you have a break point in the server application set correctly you will see that the code gets retried 5 times before the exception is shown in the console.
This happens due to the fact that the server application is configured to use transactional queues and in the config file it has been configured to retry 5 times.

Upon close inspection of error queue this is what it looks like

NServiceBus error queue

And when we click to open the message you will see this is how the message looks like.

Detailed error message

Next thing we have to do is fix the problem and whether the problem was due to hardware, software infrastructure failures let’s pretend those problems are resolved. So now what we have to do is put the message(s) back into where they belong and run our server component and there is exactly a tool called “ReturnedToSourceQueue” in the tools folder.Let’s run the tool.

Return to Source queue

This first thing you have to enter is the name of your error queue and after that you can specify a specific message with the Guid or all of it. For demonstration sake I’ll specify the keyword ‘all’ and you will see the message gets disappeared from the error queue and reappears in the server input queue.

Returning all message to their source queue
and the message reappears in the input queue.
message back to its source queue

And now when we run our server component you will see the message gets processed.

Message processed successfully

As you can see we can fine tune and design these components to integrated different integration points and have that failover/durability scenario taken care by NServiceBus, we can take the message and transform into different type and let the handler of the new type take care of it.

For example our FinanceMessageHandler talks to the Finance system and processes the order if it fails to do so the order remains in the error. We don’t have to hack into some database or ask user to reenter the order. As soon as we resolved the Finance system failure/downtime the message will be processed successfully.On succesfully processing of this business process we can transform the message into an Email message and puts it into EmailQueue.

Now our EmailMessageHandler picks up the message and tries to process and if it encounters any problem with the mail server the message gets routed to the error queue that’s it. This is like creating a messaging eco-system where each system talks to each other in terms of a message and we are building this orchestration.This is what I meant by “Pass the Parcel (message)” pattern in my previous post.

That’s it for now and in my next post I am going to talk about the Generic host and what wonders it can create for your enterprise.

NServiceBus Integration Pattern – Part 1

March 31, 2012 2 comments

A couple of months ago I gave this NServiceBus integration presentation/walk through to my colleagues and thought about blogging it but for some unforeseen circumstances I couldn’t and today here I am with the presentation.

If you have no idea of what NServiceBus please read my previous post here.

Coming to the point straight lets start with an architecture diagram.

NService Architecure

So the idea behind this architecture is that we will be building services which listens for a particular message and based on the message and it’s content it interact/performs an atomic operation and on completion forwards new message back into the queue.

For example in my project the “System A” is a finance system and as a result of an online financial transaction the “Message A” gets written to our Queue.As part of our NService infrastructure this message gets automatically picked by a handler, as in NService Universe for every message there has to be handler and each of these service interaction happens through a message.(We will see these handlers and message code in the second part)

Once our service has accomplished the task it simply writes a new message say “Message B” and it’s job is finished. In my case the “System B” is an enterprise wide emailing system and as soon as it gets an acknowledgement that Finance system operation is completed we are ready to send some emails and do some more interaction with other systems.

For me this is the core of designing integration system and what we are seeing here is that these services are autonomous and has no dependency on each other or the other systems.

For example if the online order submitted by a user is successful and the message gets written to the “Finance Queue” and at that time if the finance system is down still we don’t have any problems as the service will fail to perform its operation and the message will be sitting in the “Error Queue”, then as soon as Finance system is up and running we move the message from error queue to its processing queue and our job is done .

After this if for instance the Email system is down due routine updates , system failure etc still our message is sitting in the error queue and it’s going nowhere. This is exactly what one of the four tenets of Service Oriented Architecture is…

  • Boundaries are explicit
  • Services are autonomous
  • Services share schema and contract, not class
  • Service compatibility is based on policy

This is what I call as “pass the parcel” (Message) and MSMQ and NServiceBus will take care of all the infrastructure work. I don’t have to think about transactions failure and how to overcome them in case of catastrophic failures, as an architect my main job is to focus on business needs and how best to implement them.

This concludes the first part of it and I guess with this I have given you some context to the so-called “SOA” and how we can design our “SOA”, I know I didn’t cover anything substantial about NServiceBus but at times some architecture principle and theory are important before we can build the architecture.

Part 2 follow soon …. 🙂