Is it possible to define a standard ServiceHostFactory foreach 'workflow' service (xamlx)
Our customers can make there own workflows (xamlx) using a custom workflow designer. We force the workflowservices into having a WS2007FederationHttpBinding with TransportSecurity. We turn of ServiceMetadataBehavior of for the WorkflowService and finally add a DataContractResolver that does some type resolving.
The ServiceHostFactory
public class MyServiceHostFactory : WorkflowServiceHostFactory
{
protected override WorkflowServiceHost CreateWorkflowServiceHost(
System.ServiceModel.Activities.WorkflowService service,
Uri[] baseAddresses)
{
WorkflowServiceHost host = base.CreateWorkflowServiceHost(service, baseAddresses);
foreach (Uri adres in baseAddresses)
{
if (adres.Scheme == "https")
{
WorkflowCreationEndpoint endpoint = new WorkflowCreationEndpoint(
new WS2007FederationHttpBinding("IWorkflowService_ws2007FederationHttpBinding"),
new EndpointAddress(adres));
host.AddServiceEndpoint(endpoint);
PageflowDataContractResolver.AttachDataContractResolver(endpoint);
}
}
var metadataBehavior = host.Description.Behaviors.Find<ServiceMetadataBehavior>();
metadataBehavior.HttpGetEnabled = false;
host.WorkflowExtensions.Add(new WorkflowInstanceTracking());
return host;
}
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
{
return base.CreateServiceHost(constructorString, baseAddresses);
}
protected override WorkflowServiceHost CreateWorkflowServiceHost(System.Activities.Activity activity, Uri[] baseAddresses)
{
return base.CreateWorkflowServiceHost(activity, baseAddresses);
}
}
The workflows exist in a database as Ron Jacob wrote in this blog. 'Consultants' and/or end users can create workflows using a custom tool, but each time they do they must not forget to add a serviceActivation element in the web.config which is not wanted.
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="false">
<baseAddressPrefixFilters>
<add prefix="http://localhost" />
</baseAddressPrefixFilters>
<serviceActivations>
<add relativeAddress="~/Workflows/test.xamlx" service="Workflows/test.xamlx" factory="Foo.Bar.MyServiceHostFactory" />
</serviceActivations>
</serviceHostingEnvironment>
<protocolMapping>
<add scheme="https" binding="ws2007FederationHttpBinding" />
</protocolMapping>
..
I think it would be correct to rephrase your question as:
Is there a way to change the default WorkflowServiceHostFactory for a web application so that config-less xamlx activation will use my WSHF instead.
If I have understood your question correctly then I don't think there is a way to do this. I had a quick look to see if there is a place you can override it but couldn't see any. Another way to achieve this is to modify the web.config as necessary when a user uploads a new workflow. Editing the web.config in-flight should result in any currently running pulses of execution being serviced by the existing AppDomain while a new AppDomain is created to service new requests to the web application. Thus no loss of workflow processing should occur. This of course would require some testing and verification.
UPDATE
It looks like this might be possible. If you add the following to your web.config (which is from the default config for workflow activation).
<?xml version="1.0"?>
<configuration>
<configSections>
<sectionGroup name="system.xaml.hosting"
type="System.Xaml.Hosting.Configuration.XamlHostingSectionGroup, System.Xaml.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<section name="httpHandlers"
type="System.Xaml.Hosting.Configuration.XamlHostingSection, System.Xaml.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</sectionGroup>
</configSections>
<system.xaml.hosting>
<httpHandlers>
<add xamlRootElementType="System.ServiceModel.Activities.WorkflowService, System.ServiceModel.Activities, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
httpHandlerType="System.ServiceModel.Activities.Activation.ServiceModelActivitiesActivationHandlerAsync, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<add xamlRootElementType="System.Activities.Activity, System.Activities, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
httpHandlerType="System.ServiceModel.Activities.Activation.ServiceModelActivitiesActivationHandlerAsync, System.ServiceModel.Activation, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</httpHandlers>
</system.xaml.hosting>
</configuration>
The class ServiceModelActivitiesActivationHandlerAsync that this default config uses is implemented as follows:
internal class ServiceModelActivitiesActivationHandlerAsync : ServiceHttpHandlerFactory, IServiceModelActivationHandler
{
// Methods
public ServiceHostFactoryBase GetFactory()
{
return new WorkflowServiceHostFactory();
}
}
Then instead of using the ServiceModelActivitiesActivationHandlerAsync, provide an implementation yourself which instantiates your own WorkflowServiceHostFactory in the GetFactory method. Update the web.config above to point to your new httpHandlerType and you should be done.
I haven't tested this at all. It's possible IIS will not like the web.config overriding the system.xaml.hosting section.
Related
I have a Web API (.Net 4.6) which authenticates my users using the FederatedAuthentication (System.IdentityModel.Services), and now I am trying to port it to ASP.Net Core 2.2 Web API.
Here is my existing code to generate the FedAuth token cookie:
1. AuthController.cs
//... Create new Identity and Claims Principal.
ClaimsIdentity claimsIdentity = new ClaimsIdentity(User.Identity);
ClaimsPrincipal claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
claimsIdentity.AddClaims(__getClaims());
claimsPrincipal.AddIdentity(claimsIdentity);
//... Create a new Session Security Token.
var token = FederatedAuthentication.SessionAuthenticationModule.CreateSessionSecurityToken(
claimsPrincipal, "MyAPP", DateTime.UtcNow, DateTime.UtcNow.AddMinutes(expirationTime), false);
//... Write a cookie.
FederatedAuthentication.SessionAuthenticationModule.
AuthenticateSessionSecurityToken(token, true);
And in the Web.config:
<configSections>
<!--WIF 4.5 sections -->
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<modules>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</modules>
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</securityTokenHandlers>
</identityConfiguration>
</system.identityModel>
Since Claims Identity and Claims Principal is used by all of my relying applications, I want to continue using the same in ASP.net core too.
So, my question here is that, what is the way to create a session security token
(cookie) with claims Identity in ASP.net core web API?
Thanks a lot!!
I believe I got what I was looking for;
Here are the two good articles I found out to start with:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/cookie?view=aspnetcore-2.2
https://jonhilton.net/2017/10/11/secure-your-asp.net-core-2.0-api-part-1-issuing-a-jwt/
EDIT: The second link was updated by their author that resulted in 404 error. I found the working link and updated back here.
NOTE: The reason I have posted only links here to answer my own question is that they are long articles and has to be read in length to understand the subject.
I'm developing Windows-authentication claims-based MVC application. I've implemented the IHttpModule (aka "ClaimsTransformation Module", which interceps the Identity) and custom ClaimsAuthenticationManager (which adds additional claims to this identity), as shown below. Page loads, and I can retrieve newly added claim, but there few serious issues...
The problems are:
Even on initial page load my custom RomesClaimsAuthenticationManager.Authenticate method gets called 27+ times (I assume some calls are parrallel/async).
The FedAuth (SessionToken) cookie check never returns true, even though right after SAM (SessionAuthenticationManager) writes SesstionToken to cookie - I can see it, but at the next call (still during original page load) it's gone - same thing happens if I open other pages.
public class RomesClaimsAuthorizationModule : IHttpModule, IDisposable
{
public void Init(System.Web.HttpApplication application)
{
// intercept PostAuthenticationRequest to add custom logic
application.PostAuthenticateRequest += TransformPrincipal;
}
private static void TransformPrincipal(object sender, EventArgs e)
{
var context = ((HttpApplication)sender).Context;
// PROBLEM HERE - this is always false, even after cookie has been set
// check if cookie with auth info about curr user already exists
if (FederatedAuthentication.SessionAuthenticationModule != null &&
FederatedAuthentication.SessionAuthenticationModule.ContainsSessionTokenCookie(HttpContext.Current.Request.Cookies))
{
return;
}
else
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
// this will pick up our custom Romes.Adminn.Security.RomesClaimsAuthenticationManager
// it is specified in web.config, so our app will use it as default
// which will add our custom additional claims to our principal
var transformer = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.ClaimsAuthenticationManager;
if (transformer != null)
{
var transformedPrincipal = transformer.Authenticate(context.Request.RawUrl, context.User as ClaimsPrincipal);
// generate cookie
SessionSecurityToken sst = new SessionSecurityToken(transformedPrincipal, TimeSpan.FromHours(8));
sst.IsReferenceMode = true; // used when there are a lot of claims - will be faster
sst.IsPersistent = true;
// write cookie to session
FederatedAuthentication.SessionAuthenticationModule.WriteSessionTokenToCookie(sst);
// write to context
context.User = transformedPrincipal;
Thread.CurrentPrincipal = transformedPrincipal;
}
}
}
}
}
Custom ClaimsAuthenticationManager:
public class RomesClaimsAuthenticationManager : ClaimsAuthenticationManager
{
// PROBLEM - THIS GETS HIT 27+ times on original page load
public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
{
if (incomingPrincipal != null && incomingPrincipal.Identity.IsAuthenticated == true)
{
((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(new Claim(ClaimTypes.Email, "myTestEmail#email.com"));
// i will be making a db call here to get add'l user info from DB, and then convert it into claims
}
return incomingPrincipal;
}
}
Web.config file:
<configSections>
<!--this is required for custom ClaimsAuthorizationManager-->
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
<!--this will allow us to write ClaimsPrincipal to a cookie, saving from calls to db on each request-->
<section name="system.identityModel.services" type="System.IdentityModel.Services.Configuration.SystemIdentityModelServicesSection, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
...
<system.identityModel>
<identityConfiguration>
<claimsAuthenticationManager type="ROMES.Admin.Security.RomesClaimsAuthenticationManager, ROMES.Admin" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler mode="Default" requireSsl="true" />
</federationConfiguration>
</system.identityModel.services>
<system.web>
<authentication mode="Windows"/>
...
<authorization>
<allow roles="WINDOWS\ROMES_Admins"/>
<deny users="*" />
</authorization>
<!--must be in both here and system.webServer/modules-->
<!--see here WHY: https://msdn.microsoft.com/en-us/library/gg638734.aspx-->
<httpModules>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</httpModules>
</system.web>
<system.webServer>
<!-- same as in system.web/httpModules-->
<modules>
<add name="RomesClaimsAuthorizationModule" type="ROMES.Admin.Security.RomesClaimsAuthorizationModule"/>
<!--this module will handle reading and writing cookie for identity/claims - so that there will be no need to call db every request for user info-->
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</modules>
...
</system.webServer>
My main issues are:
(1) why is my Authenticate block gets called so many times and
(2) Why is Session Security Token cookie does not persist - seems like such a waste of resources.
In here
FederatedAuthentication.SessionAuthenticationModule.ContainsSessionTokenCookie(HttpContext.Current.Request.Cookies)
change to
FederatedAuthentication.SessionAuthenticationModule.ContainsSessionTokenCookie(context.Request.Cookie)
and see if the condition started to be true and your code returns.
EDITED after David's comment: context replaced with context.Request.Cookie
We have a WCF service that listens to an Azure servicebus queue using the NetMessagingBinding. However we are finding that sometimes the service seems to stop being notified when messages arrive, ie we see the queue build up but none of our instances process the messages.
If we then reboot the instances they immediately start receiving messages from the queue again.
The code which opens the WCF service in our worker role:
var endpoint = new ServiceEndpoint(ContractDescription.GetContract(typeof(ICacheKeyExchangeWithSession)))
{
Address = new EndpointAddress(new Uri(baseAddress + QueueNames.Cache)),
Binding = new NetMessagingBinding(),
};
var endpointBehavior = new TransportClientEndpointBehavior
{
TokenProvider = TokenProvider.CreateSharedSecretTokenProvider(id, secret),
};
endpoint.EndpointBehaviors.Add(endpointBehavior);
host = new ServiceHost(typeof(DataService), new Uri[] { });
host.AddServiceEndpoint(endpoint);
host.Open();
and we have no specific config in the app.config for the NetMessagingBinding:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<extensions>
<behaviorExtensions>
<add name="transportClientEndpointBehavior" type="Microsoft.ServiceBus.Configuration.TransportClientEndpointBehaviorElement, Microsoft.ServiceBus, Version=1.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</behaviorExtensions>
<bindingElementExtensions>
<add name="netMessagingTransport" type="Microsoft.ServiceBus.Messaging.Configuration.NetMessagingTransportExtensionElement, Microsoft.ServiceBus, Version=1.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</bindingElementExtensions>
<bindingExtensions>
<add name="netMessagingBinding" type="Microsoft.ServiceBus.Messaging.Configuration.NetMessagingBindingCollectionElement, Microsoft.ServiceBus, Version=1.8.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</bindingExtensions>
</extensions>
</system.serviceModel>
Any ideas?
From what you've described, it sounds like you may be victim of your IIS configuration: you need to ensure iis isn't configured to automatically recycle your application pool that runs your app. If you don't also have application initialization configured in iis, your service won't restart automatically and resume processing messages
I am trying to add a dropdownlist to a strongly typed razor view. ASP.Net MVC 4.0, Razor View engine version 2.0.0.0
#using System;
#model SampleApp.Models.ServiceRequestModel
#{
ViewBag.Title = "ServiceRequest";
}
#Html.DropDownListFor(m=>m.CategoryID, Model.Categories)
and the Model is as below:
public class ServiceRequestModel
{
public int ID { get; set; }
public int CategoryID { get; set; }
public SelectList Category { get; set; }
}
it is always showing an error in intellisense in CSHTML file as:
System.Web.WebPages.Html.HtmlHelper' does not contain a definition for 'DropDownListFor' and no extension method 'DropDownListFor' accepting a first argument of type 'System.Web.WebPages.Html.HtmlHelper' could be found (are you missing a using directive or an assembly reference?)
and also it is giving errors for :
Error 3 The name 'model' does not exist in the current context
I have checked the web.config in View folder:
<system.web.webPages.razor>
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
<pages pageBaseType="System.Web.Mvc.WebViewPage">
<namespaces>
<add namespace="System.Web.Mvc" />
<add namespace="System.Web.Mvc.Ajax" />
<add namespace="System.Web.Mvc.Html" />
<add namespace="System.Web.Routing" />
</namespaces>
</pages>
The below line of config code had to be changed to 4.0.0.0
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, **Version=3.0.0.0**, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
changed to
<host factoryType="System.Web.Mvc.MvcWebRazorHostFactory, System.Web.Mvc, **Version=4.0.0.0**, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
I spent over a day on this error and it ended up being a data type clash with the VM data source for the dropdownlist (ie it wasn't a list of type IEnumerable). For some reason VS2012 thought the error was with the namespace even though it appeared in Intellipath.
I had this exact issue (only with html.displayFor).
I'm not sure how it started but i solved it by replacing the following:
<appSettings>
<add key="webpages:Enabled" value="false" />
</appSettings>
with
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
</appSettings>
in the View folder's Web.config file.
Found my solution here
I have a WCF REST service that exposes a method in class GreetService:
[ServiceContract]
public class GreetService
{
[WebGet(UriTemplate = "greet/{name}")]
public String GreetName(string name)
{
return "Hello " + name;
}
}
Also, I registered a route in Global.asax:
RouteTable.Routes.Add(new ServiceRoute("GreetService", new WebServiceHostFactory(), typeof(GreetService)));
Now when i run this directly from visual studio, I am able to leverage the UriTemplate and invoke this method using a GET call to
http://localhost:5432/GreetService/greet/JohnDoe
However, after deploying this to IIS7 by creating a Greet.svc file for it, I am observing the following behavior:
I can call http://localhost:5432/Greet.svc and it says that a service has been created
I can point wcftestclient to http://localhost:5432/Greet.svc?wsdl to generate a test client which can call GreetName() directly
However, I can't call http://localhost:5432/Greet.svc/GreetService/greet/JohnDoe nor http://localhost:5432/Greet.svc/greet/JohnDoe although I expected to be able to since I specified an empty relative endpoint address in the corresponding web.config file prior to hosting it in IIS7.
Any ideas why the WebGetAttribute is not working in IIS? Or is there something else I am doing wrong?
EDIT:
This is the ServiceModel part of my web.config file which resides in the directory that IIS uses:
<system.serviceModel>
<!-- <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/> -->
<standardEndpoints>
<webHttpEndpoint>
<!--
Configure the WCF REST service base address via the global.asax.cs file and the default endpoint
via the attributes on the <standardEndpoint> element below
-->
<standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" />
</webHttpEndpoint>
</standardEndpoints>
</system.serviceModel>
EDIT 2: For completeness' sake here is my full web.config file:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="UrlRoutingModule"
type="System.Web.Routing.UrlRoutingModule,
System.Web, Version=4.0.0.0,
Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</modules>
<handlers>
<add name="UrlRoutingHandler"
preCondition="integratedMode"
verb="*" path="UrlRouting.axd"
type="System.Web.HttpForbiddenHandler,
System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
</system.webServer>
<system.serviceModel>
<!--<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>-->
<standardEndpoints>
<webHttpEndpoint>
<!--
Configure the WCF REST service base address via the global.asax.cs file and the default endpoint
via the attributes on the <standardEndpoint> element below
-->
<standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" />
</webHttpEndpoint>
</standardEndpoints>
</system.serviceModel>
</configuration>
If you've defined your route to be:
new ServiceRoute("GreetService", .....
then you should be able to call your service at
http://localhost:5432/YourVirtualDirectory/GreetService/greet/JohnDoe
and if your web app is deployed to your IIS root (not in a virtual directory), that would be:
http://localhost:5432/GreetService/greet/JohnDoe
When defining a ServiceRoute, that's done to get rid of having to specify the Greet.svc file, really - the ServiceRoute entry already contains all the information IIS needs to instantiate your service and call it - no need for having the *.svc file involved in your URL (the svc file basically contains the same info your ServiceRoute entry has).
Change the line in your global.asax.cs to read:
RouteTable.Routes.Add(new ServiceRoute("", new WebServiceHostFactory(), typeof(GreetService)));
and put the following in your web.config right under the root <configuration> node:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="UrlRoutingModule"
type="System.Web.Routing.UrlRoutingModule,
System.Web.Routing, Version=4.0.0.0,
Culture=neutral,
PublicKeyToken=31BF3856AD364E35" />
</modules>
<handlers>
<add name="UrlRoutingHandler"
preCondition="integratedMode"
verb="*" path="UrlRouting.axd"
type="System.Web.HttpForbiddenHandler,
System.Web, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
</system.webServer>
(do make sure you're using the right .NET version) and see what that does for you.
NOTE: please post the web.config, at least the system.servicemodel part.
You normally use either the Route-based configuration or a .svc file, not both, but that's orthogonal to your problem. FWIW, you should be able to kill the .svc file once you get the service working and just use the route.
Since you're able to generate WSDL and call it, that sounds like you might not have webhttp as an endpoint behavior?
Make sure you have an endpoint behavior defined like this (can be a diff name of course)
<endpointBehaviors>
<behavior name="webHttpBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
and then make sure your service endpoint includes behaviorConfiguration="webHttpBehavior"
The problem is machine config missing the following section
<configSections>
<sectionGroup name="system.serviceModel" type="System.ServiceModel.Configuration.ServiceModelSectionGroup, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="standardEndpoints" type="System.ServiceModel.Configuration.StandardEndpointsSection, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</sectionGroup>
</configSections>
Add it on top of web.config (after the opening tag of <configuration> ) should fix this problem.