post-icon CardSpace (InfoCard) samples not working with RC1

date September 7, 2006 18:10 by author Sukesh Ashok Kumar

If you are excited about CardSpace and wants to dirty your hands with .NET 3.0 RC1 bits, you will realize that CardSpace samples are broken. What "broken" means here. All of those samples are meant to work with "Self Issued Cards". But due to change in namespace from RC1 bits, CardSpace Identity selector prompts for a managed card.

Current samples uses the following

<object type="application/x-informationcard" name="xmlToken">
<param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion" />
<param name="issuer" value="http://schemas.microsoft.com/ws/2005/05/identity/issuer/self" />
<param name="requiredClaims" value="http://schemas.microsoft.com/ws/2005/05/identity/claims/givenname
http://schemas.microsoft.com/ws/2005/05/identity/claims/surname
http://schemas.microsoft.com/ws/2005/05/identity/claims/emailaddress
http://schemas.microsoft.com/ws/2005/05/identity/claims/privatepersonalidentifier" />

But starting with RC1 you need to change "schemas.microsoft.com" to "schemas.xmlsoap.org". Just a find and replace is good enough.

So with the changes it should look like

<object type="application/x-informationcard" name="xmlToken">
<param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion" />
<param name="issuer" value="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />
<param name="requiredClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" />

While writing this post, neither sample posted on www.identityblog.com has been updated nor any of the other samples available, including SDK documentation.



post-icon Redirecting from http to https in IIS7

date September 4, 2006 07:20 by author Sukesh Ashok Kumar

I was thinking to write an HttpModule for IIS7 and wanted a simple, useful and easily understandable scenario. Working with IIS customers for last 3 years one of those common scenario came into my mind, Redirecting http traffic to https. Although this is pretty straight forward requirement, till IIS6 it was difficult to achieve. Check the following KB 839357 (specifically for OWA scenario) which explains the cumbersome steps .

(If you are looking for same functionality in prior versions of IIS, find it at the bottom of this post)

HttpModules are not something new if you are an ASP.NET developer. But there are some differences. In IIS7 because of integrated pipeline, HttpModule applies to any request not just ASP.NET and that includes htm,jpg,asp,aspx,asmx,php,jsp...

So let us get into action (I'm using C# for this sample)

  1. Download and Install IIS7 Managed Module Starter Kit
    (Not really a requirement but it would make developing IIS7 modules easier)
  2. Rename the default class name created to "redir.cs" and rename project/solution/namespace to "http2https"
  3. Add the following code in "Init" method

    // register for the BeginRequest event
    application.BeginRequest += new EventHandler(OnBeginRequest);

  4. Add the following method to implement "BeginRequest" event

    //BeginRequest implementation
    public void OnBeginRequest(Object sender, EventArgs e)
    {
    HttpApplication app = (HttpApplication)sender;
    string HttpUrl = app.Request.Url.ToString();

    if (HttpUrl.StartsWith("http:"))                                       //Redirection done only if URL starts with http:
    {
       HttpUrl = HttpUrl.Replace("http:", "https:");
       app.Response.Redirect(HttpUrl.ToString(), true);      //Redirecting (http 302) to the same URL but with https
       app.Response.End();                                                   //We don't want to any further so end
    }
    }

  5. Make sure you have the following in your web.config inside configuration tag
    <system.webServer>
    <modules>
    <add name="redir" type="http2https.redir" />
    </modules>
    </system.webServer>

Your http to https redirection sample is ready!!!


How to deploy the HttpModule
There are multiple ways you can deploy this component (I'm assuming that it's being deployed for "default website")

Method 1
Create a folder called "App_Code" inside "%systemdrive%\inetpub\wwwroot"
Copy "redir.cs" file into "App_Code" folder
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

Method 2
Create a folder called "bin" inside "%systemdrive%\inetpub\wwwroot"
Compile "redir.cs" into "redir.dll" and copy it into "bin" folder (to compile -> csc.exe /out:redir.dll /target:library redir.cs)
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

If you open IIS7 UI and go to Modules you can see your HttpModule listed there.

Redirection options for prior versions of IIS below (you need to search for these)

- ASP.NET URL mapping capability (HttpContext.RewritePath)
- IIS v6.0 Resource Kit includes the UrlRemap tool
- IISRewrite
- ISAPI_Rewrite - includes a "lite" version available for free.
- Mod_Rewrite 2
- Ionic's ISAPI Rewrite Filter

***** Updated code snippet and source download is here *****
http://www.awesomeideas.net/page/IIS7-http2https.aspx 



post-icon ABC's of Appcmd (command line administration in IIS7)

date May 25, 2006 02:50 by author Sukesh Ashok Kumar

So what is Appcmd.exe?

This is "one" command line tool to administer IIS7.  In IIS6 several of admin task were done using several scattered VBS script files. This made it difficult to find out what script needs to be run for eg. to get list of worker processes.

So IIS7 is powered with Appcmd.exe which provides all the options you need to administer IIS7.

Following are the options/categories available from a high level

SITE Administration of virtual sites
APP Administration of applications
VDIR Administration of virtual directories
APPPOOL Administration of application pools
CONFIG Administration of general configuration sections
WP Administration of worker processes
REQUEST Administration of HTTP requests
MODULE Administration of server modules
BACKUP Administration of server configuration backups
TRACE Working with failed request trace logs

Lets see how we can use it with an example

When I installed LH Server Beta (I rebuild my box quite frequently) I wanted to see how it's like to have 1000 websites running on IIS7.

So I created 1000 websites on my box.

Good scenario to use Appcmd.exe and also my MS-DOS experience. No I'm not gone nutts to create it using the UI :)

Steps required

  1. Wanted separate folders for each website
  2. Wanted to use same IP address and port for all websites
  3. Type a command and leave the box to create all the websites

Keep in mind I'm not talking about Server but my desktop machine. Yea its got 2GB RAM though.

Steps below

  1. Created a folder - E:\Websites
  2. I wrote a batch file (createsite.cmd) with the following
    MD E:\Websites\Site%1
    appcmd add site /name:"Site%1" /id:%1 /bindings:http/:*:80:site%1 /physicalPath:"E:\Websites\Site%1"

    appcmd start site "Site%1"
  3. Now the command to trigger the batch file where my MS-DOS experience came handy
    C:\FOR /L %i IN (2,1,5) DO createsite.cmd %i

FOR command is a batch file loop which simply works like 'for' loop in your favorite language

FOR /L %i IN (2,1,1000) DO createsite.cmd %i

is equivalent to the following in C

for ( i=2; i <= 1000; i++ ) 
   createsite( i );

I started value of 'i' from 2 because "Default Website" has Site ID 1.

Hit enter and wait till the folders and websites are created for each iteration.

Bingo !!! 1000 websites ready to be administered or tested.

So the result would be
E:\Websites folder would have folders called Site2, Site3 etc... and in IIS there would be sites with name Site2, Site3 etc...

Lets revisit the appcmd command above once again

appcmd add site
/name:"Site%1" // website name
/id:%1 // Site ID
/bindings:http/:*:80:site%1 // site would have "All Unassigned" including host header with the site name
/physicalPath:"E:\Websites\Site%1"
// Pointing to the physical folder for that site

appcmd start site "Site%1"  // pretty straight forward, it starts the website

What else can I do to extend this scenario?

  • Create Application Pools separately for each website
  • Create a simple ASP page and drop it in every folder created
  • Use TinyGET utility (available with IIS6 Resource Kit) to simulate request

Some other useful command options

Create Backup
C:\>appcmd add backup "backup before screwup"
BACKUP object "backup before screwup" added

List Backup
C:\>appcmd list backup
BACKUP "backup before screwup"

Restore from Backup
C:\>appcmd restore backup "backup before screwup"
Restored configuration from backup "backup before screwup"

Currently Executing Requests
C:\>appcmd list  request
REQUEST "fa00000080000487" (url:GET /highcpu.asp, time:1903 msec, client:localhost)

Will add more of this later...

 



post-icon IIS Community Portal is here... !!!

date May 24, 2006 18:35 by author Sukesh Ashok Kumar

I'm super excited to add this post to announce the release of IIS Community Portal - www.iis.net . To tell you, I've been waiting for it to be public so that I can blog about the site and open up on IIS7 features, tips & tricks.

You might think why a community site for a server product? How are administrators going to contribute to a community site. Will it be asking questions and providing answers ? Then why a portal and why not just a forum?

With the release of IIS7 (available in beta on Vista & Longhorn Server builds) and also on the CTP (Community Tech Preview) releases of the OS, there is a lot of meat added to developers.

Prior to IIS7 it was VC++ developer friend because they could write ISAPI Filters & ISAPI Extensions to extend features of prior versions of IIS till IIS6. Then came ASP.NET and HTTP Handlers & Modules.  But then with the architecture of IIS6, the control of http request processing was handled 1st by ISAPI's (you know why VC guys feel so proud) and then given a chance to .NET counter parts.

Now with IIS7 the door is open for "Managed Code Developers" as well. Can you believe that?

hmmm so now you're getting some hint on why we need IIS portal and not just a forum. So challenge would be for developers both managed & unmanaged world, to be creative and start developing your ideas into components like never before !!!

So am I just talking about the same HTTP Handlers & HTTP Modules?

Noooo, you can, not only change the way existing stuff works (like before) but also REPLACE default components.... Isn't that awesome power for us (developers) to dive in?

Best example would be the sample Bill Staples showcased on how to change the look and feel of "Directory browsing" with cool image thumbnails... (See the video available at www.iis.net)

But replacing features are not at all limited to the above mentioned sample but your creative thinking. Everything becomes easy because now you can use your favorite .NET language for developing.

 



post-icon Articles (Completed & baking...)

date May 20, 2006 02:52 by author Sukesh Ashok Kumar

Loads of IIS7 related stuff...

  • DebugDiag : Introduction
  • DebugDiag : Troubleshooting Process Crash
  • DebugDiag : Troubleshooting Process Hang
  • DebugDiag : Troubleshooting High Memory/Memory Leak
  • Windbg Basics (Windows Debugging Tool)
  • Live Debugging
  • Critical Sections & Critsec Issues
  • Stack & Stack Overflow/Corruption
  • Heap & Heap Corruption

So stay tuned...



post-icon IIS7 Administration User Interface

date May 17, 2006 21:26 by author Sukesh Ashok Kumar

Here is a glimpse of the new IIS7 UI from my Vista Ultimate Edition. Just keep in mind that there might be changes happening before the release and might look different. Again this is Vista (which means client version) and not the Server version. Click thumbnails to see the rest.

Web Server Level

Web Site Level

Modules (both managed and unmanaged)

SMTP configuration for using email in applications

more of these coming up soon...



post-icon DebugDiag : Introduction

date May 10, 2006 04:35 by author Sukesh Ashok Kumar

When I was a developer (I mean employed as a developer, even now I develop applications, don’t get me wrongJ) before joining Microsoft, I used to get stuck with application issues; whether its process crashing, process not responding or high memory usage. There were not many options for me at that time but to review code for that page or form and figure out the cause myself.  

If there was a tool which I can use to tear the process and see what is going on inside the process I would've saved a lot of my hours (or maybe days). Although Windows Debugging Tools (WinDBG) was available, it was not too easy to learn the commands or understand how all those stuff works when you have development timelines/deadlines (or is it death lines?) to be met. 

Not many developers are aware of what kind debugging I’m gonna talk about. When ever we talk about debugging people assume that it’s live debugging using Visual Studio or so and put breakpoint and walking through the code. Huh! This would be a blessing if we can do the same thing in case of production servers, but on production server applications it’s a completely different ball game. 

Think of a situation where customer has an issue on production box with IIS process(Here IIS process is used just for illustration but below explained issues are true with any other multi-threaded process/service) My Options (being little bit sarcastic)

  1. Send windows source code to customer and we will install Visual Studio to walk through the code and find what the issue is” You know I would loose my job. J
    This kind of debugging works mostly for client applications
  2. What happens if I don’t really know when the issue happens?
    I can employ a person who will sit in front of the server 24x7 watching for the issue to happen Smile
  3. What if the issue happens only for sometime and the issue vanishes?
    By the time my monitoring person yawns, the issue would vanishSmile
  4. What happens if the issue only happens when a specific user sends a post request with some specific string in there which leads the IIS process to get stuck and block all requests?
    Start writing “Debug.Print” or “Response.Write” kind of tracing to find out where it gets stuck. You might not finish your project anywhere in near future Smile
  5. Customer called on my mobile and is screaming because my website is not responding.
    I need to run to the server (maybe even drive, since the server is in a remote place) to take a memory dumps.

All the above options are provided to understand how tools like DebugDiag help us to automate and make our life far better. 

DebugDiag or Debug Diagnostic Tool is not the 1st tool but as far as I know would be the 5th generation of tool for doing post-mortem memory dump analysis. Most of those previous tools were were exclusively used by PSS and were not available on Microsoft Downloads.

Post mortem debugging simply means that we take a snapshot of the process memory when the issue happens and use either DebugDiag or WinDBG to figure out what was going on inside the process when the issue happened and find out the cause for the issue. Since this is technically challenging, it takes a lot of time. Some of our customers think that it's like looking into iislogs to find the request. Let me tell you that its mostly digging deep into thread stack, heap and other memory areas to find out what might’ve lead to the issue. 

What is Debug Diagnostic Tool?

DebugDiag is a post mortem debugging tool which has analysis capabilities, so in simple words there is 3 parts for this tool.

  1. Capture memory dumps for different types of issues (Hang/Crash/Memory)
  2. Run basic analysis on the captured dumps and generates a report to understand the results. It also provides very good pointers to issues mostly for expert eyes.
  3. Exposes an object model which can be used to easily access the information available inside the memory dump file (memory dump file extensions are usually DMP / PDMP / MDMP)


What are the main components?

  1. Debug Diagnostic Service (dbgsvc.exe)
  2. DebugDiag UI (debugdiag.exe)
  3. DebugDiag Host (dbghost.exe)

Debug Diagnostic Service
This is the service which is the heart of DebugDiag. Why should it be a service? In the past we used AD+ (Auto Dump+) for troubleshooting most of those debug scenarios. AD+ is executed from the command line and client side program. This simply means that it runs under the context of the logged-in interactive user.  

Let’s take an example. Assume that we are trying to track an issue which happens intermittently, say for example process crash and it happens once in a week or month.  

So we setup AD+ (KB 286350) from command prompt. Since this tool runs from command line if you logout from the console AD+ stops monitoring. So if your organization has multiple administrators who look after the server they need to be informed not to logout from the console till we track and get a good set of dumps for the issue. This becomes extremely difficult specially because we find out that someone did a logout only after the next issue occurrence and by then its too late. Then we start monitoring again and sleep till we get another repro. Keep in mind, in some cases a repro might take seconds, minutes, hours, days, weeks or even months. 

Another issue with AD+ like tools is that you cannot use it through Terminal Service sessions which most of those administrators are too used to J AD+ provides a lot of customization options and its powerful in that way, and it was “the” tool we used in the past (and I see people using it even now). To get around the above mentioned issues DebugDiag runs as a service as “Local System” so that it’s not dependent on the logged on interactive user session.  

So how do we configure this service since windows services cannot have UI? 

DebugDiag UI
DebugDiag user interface is used to create rules for capturing different types of issues by creating rules and also the interface to run the analysis portion of the tool. 

DebugDiag like I mentioned before (did I mention?), has a scripting host built-in using which we can customize and extend the features according to the requirements. The main script file called “DbgSVC.vbs” (we call it as controller script) is present in scripts folder inside installation folder. This script gets modified when you make changes in the UI related to Hang or Memory Leak rules.  This script file contains (or exposes) some events which you can use to extend and customize the working of DebugDiag. 

Open the Controller Script (“DbgSVC.vbs”) in notepad and see for yourself. 

Rules are nothing but simple way of configuring DebugDiag to work according to your requirements for specific scenarios. Rules contains information about the location where you want the memory dumps files to be stored etc and also contains Events you can further use. For example if you create Crash Rule, DebugDiag creates a script file called “CrashRule_IIS.vbs” in the scripts folder. 

Open the Crash Rule Script (“CrashRule_IIS.vbs”) in notepad and see for yourself. 

Now with DebugDiag you loose the functionality like we had in AD+ to run it from command line. Do we? Not really! Continue reading… 

DebugDiag Host
So how do I know what’s available under the hood?

Go to Command prompt and type
C:\>dbghost /? (Obviously you should try from the installation folderJ) 

I can analyze the dumps myself? Oh really?
DebugDiag provides analysis feature which you can use from the DebugDiag UI tab called “Advanced Analysis”. By default, right now we have scripts available for analyzing “Crash/Hang Analyzers” and “Memory Pressure Analysis”. 

Analysis Scripts are nothing but .ASP pages inside “Scripts” folder which uses somewhat ASP kind of scripting style and uses VBScript to iterate through the structures inside the dumps (which is nicely exposed using an object model) and try to find out known issues or easily identifiable issues so that for simple issues troubleshooting can be done by yourself without calling MS PSS. 

More to come which includes Script customization, specific steps to be taken for scenarios like Hang/Crash/Memory related issues etc...

 



Author

Sukesh Sukesh Ashok Kumar
Works @ Microsoft
More...

Chat with me!
who's online

Disclaimer

All opinions posted here are those of the author and are in no way intended to represent the opinions of his employer. All posts are provided "AS IS" with no warranties, and confers no rights. © Copyright 2010

Recent Comments

Comment RSS

Sign in