NSilverBullet

Complex solutions for simple problems.

  • Feed your aggregator (RSS 2.0)
  • Send mail to the author(s)

SFTP Adapter authentication for BizTalk


Friday 04 July, 2008 (BizTalk | Security | Tips)

There is a nice little SFTP adapter for BizTalk on CodePlex http://www.codeplex.com/SftpAdapter/. I have been trying this out for a couple of days and it works quite nicely. I have been using freeSSHd as SFTP server and WinScp as a client to see that the SFTP functionality works. WinScp comes with PuttyGen for generating key pairs for authentication and there are a couple of guides on the web which offer clues as to how this should all be configured but I still had to resort to trial and error to get the SFTP authentication working. So this is my super concise guide to getting it up and running for local testing (presuming you have installed all the software first).

Generate a keypair with PuTTYGen

Under WinScp in the start menu you have "Key Tools/PuTTYGen"

image

Click "Generate" and move the mouse about. When PuTTYGen has created your keypair enter a comment so that you key is easier to identify, you can use a passphrase for your master key if you like. Save your private key as a .ppk file somewhere safe this is your master file and you can open it in PuTTYGen later if you need to export it again. Export the key (under the Conversions menu) as an OpenSSH key, but remove the passphrase first since the SFTP adapter doesn't currently support passphrases for private keys, save this key somewhere where the SFTP adapter can access it. This key should also be kept safe since it is the equivalent of a password. Select the entire textbox with the public key and copy to the clipboard.

Configure freeSSHd for public key authentication

Open up the freeSSHd settings dialogue and go to Authentication. Enter a directory where the public keys for your users will be stored. Make sure that "Public Key Authentication" is not set to disabled and that "Password Authentication" isn't required.

image

You also need to set a directory under the SFTP tab for storing the files. Add users in the Users tab selecting "Public key (SSH only)" as the authorization method. Also make sure that the SFTP checkbox is selected.

image

Go to the directory that has been configured for freeSSHd keys. Create a text file named "username" ( the users login name and no extension) and paste the public key string from PuTTYGen into it making sure it is all on one line.

image

Test it with WinScp before trying it from BizTalk. Now you should be up and running with your SFTP adapter and an SFTP server.

Comments [0]


Is EDA the way to go?


Tuesday 01 July, 2008 (Architecture | EDA | SOA)

I have been reading a lot about Event Driven Architecture (EDA) in relation to SOA recently and while the ideas are very interesting and the benefits are alluring it adds an additional complexity and uncertainty to the overall behaviour. Two good articles on EDA are http://martinfowler.com/eaaDev/EventCollaboration.html and http://eaipatterns.com/docs/EDA.pdf

From my view the main problem is that when implementing a business process that spans several services (for example entity services) we do not generally want the entity services to react to events and then store or retrieve data based on the events because this means that the services need to have some kind of knowledge of the expected behaviour relating to the process - generally seen as a bad thing in SOA, as the northbound - southbound dependencies get reversed. We also want to have some stability from a callers perspective that the overall flow will be moved forward, traditionally done by issuing a command. If events get turned into commands then I believe we will have problems coordinating the different actors (presuming that the command event was only meant to be acted on once). Jack Hof has an interesting take on the relationship between SOA and EDA especially his extended pdf version has some interesting ideas about how to realise SOA and EDA together which contains a potential solution to the problem, basically by just combining EDA and SOA and knowing when to implement which principles.

A related problem is what should our messages contain - are command messages even required? Two slightly different takes on the problem are presented here and here. Thinking about events and messages has lead me to attempt to create (a very crude) classification system for events that are related to a solution that I am developing for a client.

  • State-change events: no messages are published as long as the underlying values are not updated, the message is related to a specific instance of an entity or service. There is no expected behaviour for the recipient.
  • Scheduled events: messages are published at a certain frequency whether the values are updated or not, all available data should be published simultaneously within a single message or as multiple messages. There is no expected behaviour for the recipient.
  • Request or reservation events: these messages are requests for behaviour. A receiver may safely ignore the message, send a negative response if it cannot fulfil the request or a positive response if it can fulfil the request. The event needs to have a predefined response message which the event source can understand and the response needs to be able to be routed back to the source without the listener needing to have prior knowledge of all sources. This is basically an event which initiates a dialogue between two parties based on the reservation pattern. It is the requestors responsibility to coordinate the possible responses and outcomes. There is an expected behaviour for recipients who return a positive response but no prescribed behaviour for those who ignore the event or actively return a negative response.
  • Command events: This must be an anti-pattern since a command denotes that the sender expects the recipient to perform some specific task and thus exhibit an expected behaviour, which is impossible in a loosely coupled, event-driven, service oriented world since the sender does not know who is listening.

The first two event types are just statements, the third (reservation) is really just a variation of a state-change event with additional semantics attached to it. Using EDA the expected behaviour that is needed for a specific business process must be realised with the help of some kind of process controller (notification server in Jack Hof's world) which follows the traditional Command and Control (call stack) approach for coordination but uses events to track what stage the overall process or task is at.

Comments [0]


Remember to always have a static customErrors page


Thursday 26 June, 2008 (.Net | Fixes | Ramblings | Web)

I was just surfing around on http://forums.microsoft.com and got a yellow screen of death!

msforumsyellowscreenofdeath

I must say I was slightly surprised. In web projects that I have been involved in we have always added two customErrors pages one to handle generic errors which redirects to an errorpage.aspx page and then a static html page errorpage.html which is only used when an error occurs on the dynamic error page... A sample configuration using location follows:

<configuration>

<system.web>
<customErrors mode="on" defaultRedirect="errorpage.aspx"/>
</system.web>

<location path="errorpage.aspx">
<system.web>
<customErrors mode="on" defaultRedirect="errorpage.html"/>
</system.web>
</location>

</configuration>

That way if we have a problem with our application that affects the entire site, for instance menu and navigational rendering, we can still show a nice error page with a message like "The site is temporarily unavailable, please try again in a few minutes."

Comments [0]


Duplicate User Accounts in Active Directory


Thursday 26 June, 2008 (.Net | Bugs | Fixes | Team System)

We have just had a major Active Directory issue that has affected the Team Foundation Server instance that all the developers at the client that I am working at use. The problem occured when some users where erased in the Active Directory and were subsequently recreated with the same user names. These new user accounts cannot access the Team Foundation Server.

A large part of the problem was solved by just removing users from TFS and then putting them back in again. This recreates all the wiring under the surface in TFS so that the users can access the server but all their existing workspace info, pending checkins and so on are lost locally yet exist in Team Foundation Server with a different Owner under the same user name... The only way to tell them apart is by their SID and that the original account may get suffixed with a number in workspace lists: AD\username:61.

My first thought was to remove all the workspaces and pending checkins and let people manually resynch their projects. When I clicked undo pending change for a bunch of changes in Attrice Sidekicks an unhandled exception popped up: "Object reference not set to an instance of an object". I just can't undo these changes, there is a clue to the problem when I try to unlock a changed file, I get an Unlock error: 

Failed to unlock $/Project/Path/file (TF14061: The workspace COMPUTERNAME; AD\username does not exist.)

I can't search for workspaces by username either, even doing a simple TFSSecurtiy /i "ad\username" /server:TFSName for one of the affected accounts returns "Error: The identity cannot be resolved." Since the original accounts have been removed from Active Directory I cannot easily get hold of their SIDs for querying with TFSSecurity. Attempting to delete the workspaces from the command line return the following error: 

TF14061: The workspace WORKSPACENAME;AD\username does not exist.

Things seemed pretty messed up... I found some clues as to what was required to get things working again:
http://support.microsoft.com/kb/948679
http://support.microsoft.com/kb/823278
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=454060&SiteID=1

According to the KnowledgeBase articles trying to create a new project while TFS is in this state may result in the following error:

TF30170: the plugin Microsoft.ProjectCreationWizard.WorkItemTracking Failed during task WITS from group WorkItemTracking

Basically Team Foundation Server has a bug that causes deleted accounts to not be resynched correctly and SharePoint doesn't handle recreated user accounts at all - you have to resynch them manually. Unfortunately in addition to this there is a bug in TFS SP1 which prevents TfsAdminUtilI from correcting the SIDS! You get the following error:

ERROR: Could not access database.

In the end I managed to correct all the problems, here are the steps required:

  1. Contact Microsoft Support and request the hotfix for http://support.microsoft.com/kb/934216
  2. Install the hotfix...
  3. Follow the steps in http://support.microsoft.com/kb/948679 to resynch the users SIDs in TFS
  4. Follow the steps in http://support.microsoft.com/kb/823278 to resynch the users in SharePoint
  5. Recycle the TFS App Pool to force an update of all users and groups in TFS.

Look out with users who have their workspaces mapped to "c:\documents and settings\" the new user accounts cannot necessarily access their old files there since they now log on with a new account (which just happens to have the same name).

Comments [0]


Jim Webber: "Business people are spaghettiheads!"


Thursday 29 May, 2008 (Architecture | Interviews | SOA)

This is a guest post by Herbjörn Wilhelmsen @ Objectware

After working for years with business people and SOA Jim Webber has come around to thinking that fighting against real world complexity is neither successful nor valuable.

Jim Webber handling spaghetti?

Dr Jim "World Wide" Webber - an author as well as global architecture lead for Thoughtworks - gave an interview last month after finishing his "Guerilla SOA" presentation at the Developer Summit 2008 conference in Stockholm.

Watch the interview to see Jim Webber

  • Say that business people are spaghettiheads, tell us why business people scare him and that business people should be the architects of our projects!
  • Come down hard on message oriented middleware (ESB’s) and WSDL
  • Give his definition of a what a service should be
  • Talk about why MEST and SSDL makes for better SOA
  • Describe how MEST and SSDL helps you handle versioning problems in an SOA
  • Talk about his next big thing: Middleware! (despite his grudge for ESB’s)

Jim does a great job - he explains things that seem contradictory in a very smooth and straightforward way and in the end you just can't help yourself: You have to like him!

Thanks for the interview Jim!

I also want to thank my colleague Joshua Anthony (the owner of this blog) for standing behind the camera and doing a lot of post production work!

Update:
During the interview Jim talked about the SOYA project and a case study. Here are some links:

  • SOYA @ sourceforge
  • A description of the LIXI case study can be found inside Patric Fornasier’s master thesis

Comments [1]


«Older Posts Newer Posts»

Blogroll

[Feed] Arman Kurtagic
[Feed] Clemens Vasters
[Feed] Jesper Fernström
[Feed] Scott Hanselman

Sites

Home
dasBlog
CodePlex
Objectware
Blog Flux Directory

Recent

Disclaimer

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Sign In

Tag Cloud

.Net (25) About (1) Agile (2) AJAX (1) Architecture (4) BizTalk (4) Blogging (12) Bugs (11) Business (2) dasBlog (9) EDA (1) Fixes (12) FlexWiki (1) Games (1) Geek (4) GTD (2) Humor (4) Interviews (1) Java (2) Office (1) Ramblings (8) Reviews (7) Scrum (2) Security (1) SharePoint (6) SOA (4) Speaking (2) Team System (10) Tech Ed 2008 (1) TechEd 2006 (5) Tips (4) Vista (1) Visual Studio (2) Web (11) Web2.0 (1) XP (1)

Archive

November, 2008 (2)
October, 2008 (3)
July, 2008 (2)
June, 2008 (2)
May, 2008 (4)
April, 2008 (6)
February, 2008 (1)
December, 2007 (1)
January, 2007 (2)
December, 2006 (3)
November, 2006 (26)
October, 2005 (1)
August, 2005 (2)

Locations of visitors to this page

Information

Total Posts: 55
This Year: 0
This Month: 0
This Week: 0
Comments: 10

Copyright © 2008 Joshua Anthony  |  All Rights Reserved

Design by 1234.info | Modified for nSilverBullet | Powered by dasBlog | Media Player by Jeroen Wijering | XHTML 1.0 | CSS 2.0

SiteUptime Web Site Monitoring Service