May 27, 2011

Implement AJAX & Backend Services

Way to implement Ajax:
  • use Sys.Net.WebRequest to call backend service (ASPX, ASMX or ASHX)
  •  server side ajax enabled WCF service
    • use asp:servicereference to emit script proxy for client script to call WCF service
  • client side Ajax Library:
  • Ajax Toolkit (server side Ajax controls)

What backend services to call?

  • WCF/REST: Async friendly, abstract complexity (serialization/deserialization etc) web friendly, Binary, format of choice (Json/xml/image etc.), end to end
  • Session Http cookies
  • SOAP based web service asmx: overhead, xml only, computing distribution

May 20, 2011

configure ASP.NET impersonation authentication in IIS 7 and forward user credentials

If you just add  in  web.config aiming to configure impersonation for a IIS 7 web site, the site will be broken immediately with a HTTP 500 error.

The reason is that Application Pools in IIS 7  have  "Managed Pipeline Mode" defaulted as "Integrated", under which impersonation doesn't work. Changing from "Integrated" to "Classic" is the fix. If you check all application pools for sharepoint application, they are all set as "Classic".

Since IIS 7 use Kernel Mode for authentication, and if you are using server BIOS name as URL, you get Kerberos authentication for free (see this blog for details). Does this mean, with impersonation in place,  you can forward logon user's credential to next hop? for example, setting credential before calling web service such as:

svc.Credentials = System.Net.CredentialCache.DefaultCredentials; 
You still need delegation right for your service account (or machine account?) to make that hop happen. Otherwise you simply forward a empty credential to the web service, and if the web service is not anonymous, the call will fail.
In case of NTLM authentication, logon users' credential can not be forwarded by any means.

May 18, 2011

Change SharePoint Application Binding, easier than thought

Recently I need to install Fiddle on one of my test servers to trace down an authentication issue, the server has SSP hosting application running at 8888, which blocks Fiddler. So I want to see how difficult to move this application to a different port.

I know I have to change port number on IIS and  also have to change AAM, but surprisingly that is all needs to be done. SSP picks up automatically its new hosting app and everything runs like a champion.