As Dare Obasanjo writes, there are a number of things you have to give thought when implementing OpenID on your website.

The real question you’ll have to answer is: how easy do I make it for users to participate on my website and how hard do I make it for spammers to flood my website.

But by delegating authentication to an OpenID provider, your implicitly trusting that provider to do the right thing when authenticating a user. Since, as Tim Bray speculated, there is nothing stopping a provider from “succesfully authenticating” any user URL, you can’t blindly trust any OpenID provider. So depending on the requirements you have for the authentication of your users, you can white-list providers you trust (like HealthVault), or if you’re only worried about bots, you can ask them to solve a Captcha. So the consequence is: since you can’t really trust all OpenID providers, so you force your user to register for a specific one (making their OpenID no longer their single online id) or make them to jump through hoops (by proving they are human).

Does OpenID really make it easier for a user to use your site? Or does it make it easier for you (the developer), since you can drop in a control and think you don’t have worry about authentication.

See also: OpenID is too hard & The problem(s) with OpenID

Generate your own on the websequencediagrams site.

On Wednesday Lutz Roeder announced he has reached an agreement with Red Gate Software to continue the development of Reflector. It looks like this will prove to a good move for the product: Red Gate is able to make resources available for the future development of the product and has already opened a forum to get suggestions.

So thanks Lutz for this great tool and good luck to the team at Red Gate Software with the future development!

More info in this interview on Simple Talk.

Earlier today .NET Framework 3.5 and Visual Studio 2008 SP 1 were released. I wrote about the new features earlier and this still looks like an amazing service pack. Some of the highlights:

1. The improved performance of the installation of the service pack compared to the vs2005 sp. And the fact that the final sp will install over the beta, no need to uninstall. Update: The final version won't install over the Beta SP, you have to run the "Service Pack Preparation Tool" first.
2. Inclusion of the Entity Framework, this is no longer a separate download. Some of the fixes in this version of the Entity Framework include support for SQL Server 2008 and improved support for iterative development (the "Update model from database" wizard).
3. Inclusion of ADO.NET Data Service Framework (Astoria)
4. Improvements to DataContracts in WCF. The serializer now supports types that aren't annotated with any serialization attributes and better support for object references (and circular references) in DataContracts.

Update: the MSDN Library for Visual Studio 2008 SP1 is also available for download.

This book (Understanding Windows CardSpace by Vittorio Bertocci, Garrett Serack and Caleb Baker) is not a guide how to implement Windows CardSpace in your website or webservice, but this book helps you understand the reasoning behind Windows CardSpace and how it fits in the Identity Metasystem. As such it is a much better book, than a book which just explains how to add a widget to your website to authenticate users, could ever be.

The parts of the book follow a logical structure. Part 1 discusses the problems we face on the Internet: identity theft, phishing and others and a technology independent solution is proposed. Finally in part 2 CardSpace is introduced and the implementation of CardSpace (both managed and self-issued) in websites and webservices is discussed. Part 3 shows the practical and business considerations when working with the Identity Metasystem and Windows CardSpace.

Even if you're a regular reader of Vittorio's blog, and are familiar with the Seven Laws of Identity, this book still has value. If you're not familiar with one or the other, you really should read this book, since it's the first book which really made me understand the problems we face on the Internet today with respect to identity and why and how Windows CardSpace provides a solution.

With the release of Zermatt this book really has proven it's value: Zermatt makes it much easier to implement a Security Token Service and a Relying Party, but it won't help you understand the concepts behind them or why you need to implement them (or not).

Since the beta of sp1 for Visual Studio and the .NET Framework has been released earlier this month, there have been a number of articles about what's included. What makes this service pack more interesting than for example the service pack for Visual Studio 2005, is that new features have been added. New features have not only been added to Visual Studio but also to the .NET Framework.

Since a lot of posts have been made about the changes and improvements, I won't compile another list. I'll just point out some of the more interesting changes. (If you are interested in a list of changes, Scott Gu has a pretty complete list.)

The most interesting changes and additions for me are:

1. The improved performance of the installation of the service pack compared to the vs2005 sp. And the fact that the final sp will install over the beta, no need to uninstall.
2. Inclusion of the Entity Framework, this is no longer a separate download. Some of the fixes in this version of the Entity Framework include support for SQL Server 2008 and improved support for iterative development (the "Update model from database" wizard).
3. Inclusion of ADO.NET Data Service Framework (Astoria)
4. Improvements to DataContracts in WCF. The serializer now supports types that aren't annotated with any serialization attributes and better support for object references (and circular references) in DataContracts.

Additional info about the service pack here (yes, more lists ):

• The official VS 2008 sp 1 page
• WPF Performance Blog
• Web Development Tools Blog
• Brian Harry about TFS Improvements
• Introducing the .NET Framework Client Profile
• .NET Framework Client Profile by Justin Van Patten (the list of files included in the client profile)
• Introducing the Third Major Release of Windows Presentation Foundation
• We are pleased to bring you new features in .NET 3.5 SP1 lists all changes to WCF
• KB for Visual Studio 2008 sp1
• KB for .NET Framework 3.5 sp1 

Update: Scott Hanselmann used nDepend to see what API's have changed with this servicepack. All changes are additive, so the service pack shouldn't break any existing applications. Patrick Smacchia has a complete list of changes.

Recently a client wanted to import binary files with metadata into SharePoint 2007 from a directory. Because BizTalk was available and I suspected there would be some scaling issues if I would go the custom NT service route, I decided to prototype the solution in BizTalk first. The prototype was finished in just 2 days, which is a lot faster than a custom solution which is as scalable and reliable.

Customer question

The customer wanted to import scanned documents and metadata from their OCR scanners into a SharePoint document library. A scanned document consists of a PDF file and an XML file with the OCR results, both files have the same name (with a different extension) and are uploaded to a fileshare.

Solution

The solution consists of a BizTalk server which uses a File Receive Adapter to monitor a specific directory for a combination of a PDF and XML file, those are combined in an orchestration and send to a document library using the WSS Adapter.

The BizTalk solution consists of several pieces:

1. A schema to describe the received XML file,
2. An orchestration, to receive the files, create the new message and send that to the document library,
3. A pipeline component to rename the received files (and 2 pipelines to host it),
4. A custom component to encode the values send in the metadata.

The schema

The schema can be any valid XML-schema, but to make it easier to add the properties to the WSS message I set the type of the nodes to string and promoted them. Note that if some of the fields are nullable, we have to take care when accessing those.

The orchestration

The orchestration consist of 3 steps:

1. Receiving the file,
2. Creating the new message,
3. Sending the message.

Step 1: Receiving the file

There are 2 receive ports, one for each of the file types, both match to a receive action and are able to start the orchestration. Between the receive actions exists a correlation, which correlates the received messages on their (normalized) filename. The filenames are normalized using a custom pipeline component, see below. Only when both ports have received a file the next step of the orchestration is started.

Step 2: Creating the new message

Creating the message consists of 2 steps to make it easier to organize the code. In the first step, "SetWssProperties", a global variable is filled with a string containing an XML node with the custom properties send to SharePoint. All values are encoded using a custom component, the PropertyEncoder, see below.

WssProperties = "" 
+ "Team" 
+     ""+ Paulb.PropertyEncoder.Encode( InvoiceXml.fields.Team ) + "" 
+     "Client" 
+     ""+ Paulb.PropertyEncoder.Encode( InvoiceXml.fields.Client )+ "" 
+     "Document_x0020_type" 
+     ""+ Paulb.PropertyEncoder.Encode( InvoiceXml.fields.DocumentType )+ "" 
+    "Gross_x0020_amount" 
+     ""+ Paulb.PropertyEncoder.Encode(InvoiceXml.fields.TotalAmount) + ""; 
if( false == System.String.IsNullOrEmpty(InvoiceXml.fields.InvoiceDate)) {
      WssProperties = WssProperties + "Invoice_x0020_Date" 
      + ""+ InvoiceXml.fields.InvoiceDate + ""; 
}

WssProperties = WssProperties +    "Invoice_x0020_Number" 
+     ""+ Paulb.PropertyEncoder.Encode( InvoiceXml.fields.InvoiceNumber )+ "" 
+    "ScanID" 
+     ""+ Paulb.PropertyEncoder.Encode( InvoiceXml.fields.ScanID )+ "" 
+    "Vat_x0020_number" 
+     ""+ Paulb.PropertyEncoder.Encode ( InvoiceXml.fields.VatNumber )+ "" 
+ ""; 

In the second step, the incoming PDF message is copied to the outgoing WssMessage and it's properties are set. The filename is encoded using the custom ProperytEncoder component to meet the requirements for a filename in a SharePoint Document Library.

InvoicePdfMetaData = InvoicePdf;
InvoicePdfMetaData(WSS.Filename) = "FLT" + Paulb.PropertyEncoder.EncodeFileName(InvoiceXml.fields.ScanID) + ".pdf";

InvoicePdfMetaData(WSS.ConfigPropertiesXml) = WssProperties;

Step 3: Sending the message

Sending the message is the final and simplest step: create a Send object and link it to the port. The configuration of the port is done using BizTalk Administration Console after deploying the solution to the BizTalk server.

The Pipeline

The solution involves 2 receive pipelines, one for each of the filetypes (xml and pdf). It is necessary to create 2 pipelines because the pipeline for the xml file requires the XML disassembler to recognize the schema and match it to the receive action. Both pipelines contain the custom FixFileName component, which normalizes the filename for the incoming file (it removes the path and the extension).

The actual work is done in the Execute method of the IComponent interface, the remaining interfaces either must be implemented, but are not used (IPersistPropertyBag) or are used by the designer environment (IComponentUI). The IBaseComponent interface supplies basic information about the component, such as Name and Version.

IBaseMessage IComponent.Execute(IPipelineContext pContext, IBaseMessage pInMsg)
{

    // make sure we have something to work with
    if (pInMsg == null)
    {
        return pInMsg;
    }

    string receivedFileName = pInMsg.Context.Read("ReceivedFileName", "http://schemas.microsoft.com/BizTalk/2003/file-properties") as string;
    if (string.IsNullOrEmpty(receivedFileName))
    {
        // nothing we can do
        return pInMsg;
    }

    string newFileName = Path.GetFileNameWithoutExtension(receivedFileName);

    pInMsg.Context.Promote("ReceivedFileName", "http://schemas.microsoft.com/BizTalk/2003/file-properties", newFileName);

    return pInMsg;
}

One thing to remember, is to Promote the property you're writing otherwise you're not able to use it for routing.

Another thing about pipeline components is: BizTalk expects them to be deployed to a specific location on the filesystem, the Pipeline Components directory of the BizTalk installation directory (the default location is: C:\Program Files\Microsoft BizTalk Server 2006\Pipeline Components).

FixFileName.cs

Custom component for encoding properties

The component for encoding the properties is a standard .NET assembly. It is not necessary to implement any interfaces, all assemblies work when they are referenced in the BizTalk orchestration project. The only requirement is that the assembly is deployed to the GAC.

This project required some additional encoding of the XML values, beside the normal HTML encoding, to encode the characters used by BizTalk macros and to strip characters which are illegal in filenames in a document library.

PropertyEncoder.cs

See also:

Information about convoys

Developing pipeline components

A nice surprise today when the mailman brought 4 new books:

1. Programming Pearls, 2nd Edition by Jon Bentley
2. The No Asshole Rule by Robert I. Sutton, PhD
3. Mastering Regular Expressions, 3rd edition by Jeffrey E.F. Friedl
4. Code Complete, 2nd Edition by Steve McConnell

1,2 and 4 I consider required reading for any serious developer, allthough I have only read Code Complete myself.

Now the only thing left is to actually read all the books I have collected in the last couple of weeks.

I was supprised with the last results from the XmlWriters and compression stream performance post and figured I did something wrong. So today I re-ran my test and got the results I expected after some data manipulation. The results aren't shocking; writing to a memory stream is about 8% faster when you increase the intialcapacity from 256 bytes to 131072 bytes, further increasing doesn't improve the performance further. Naturally this depends on the data, only 6 xmldocuments I used in this test were greater than 131072 bytes.

Methodology:

I saved each xml document to the memorystream 100 times for each initial capacity and removed the 10 best and 10 worst results. The results are relative to the performance of the stream with an initial capacity of 256 bytes.

Notes:

My data is not your data; always do your own testing to determine the 'best' initial capacity for your situation.

My current development reading list:

JavaScript: The Definitive Guide

Programming Windows, Fifth Edition

Debugging Microsoft .NET 2.0 Applications

Practical Common Lisp

Applications = Code + Markup: A Guide to the Microsoft Windows Presentation Foundation

Developing More-Secure Microsoft ASP.NET 2.0 Applications