ADO.NET Data Services / Astoria Feed

You think WCF needs more of ‘you’? Go and vote for your most desired features now

The WCF team has set up a uservoice page for voting on WCF v-Next features. Go ahead and influence WCF!

thinktecture StarterSTS now officially ‘powered by Windows Azure’

A few hours ago I got the final notice that StarterSTS is now officially allowed admittance to the Azure Cloud olymp:


OK, Dominick: up to releasing 1.5… Smile

Hosting WCF services (with HTTP endpoints) in Windows Azure worker roles

There is a big buzz around all things Cloud Computing – and obviously Microsoft also wants its part of the cake. We at thinktecture have been spending a lot of time researching the Windows Azure platform offering, including all relevant parts like Windows Azure Compute, Windows Azure Storage, SQL Azure, Claims-based security & identity management and the Windows Azure platform AppFabric with the Access Control Service (ACS) and the Service Bus.
For those people interested into getting more insight into the Windows Azure family, we partnered with DevelopMentor and dm is offering a course “Cloud Computing for .NET Developers: The Windows Azure platform”. Go and check it out.


Note: The approach outlined below currently only works with Internal endpoints, not Input endpoints.

Anyway, let’s hop over to the actual problem I ran into the other day. My goal was to self-host some of my WCF services with HTTP-based endpoints in a Windows Azure worker role – should be easy, eh?
Turned out that it was easy. Once you consider using the Azure API to get the actual endpoint to listen on (which obviously you need to specify/model in the service’s .csdef file), like this:

using System;
using System.Diagnostics;
using System.Linq;
using System.Net;
using System.ServiceModel;
using System.Threading;
using Microsoft.WindowsAzure.Diagnostics;
using Microsoft.WindowsAzure.ServiceRuntime;
using Services;
namespace WCFWorkerRole
    public class WorkerRole : RoleEntryPoint
        private ServiceHost host;
        public override void Run()
            Trace.WriteLine("WCFWorkerRole entry point called", "Information");
            while (true)
                Trace.WriteLine("Working", "Information");
        public override bool OnStart()
            ServicePointManager.DefaultConnectionLimit = 12;
            RoleEnvironment.Changing += RoleEnvironmentChanging;
            return base.OnStart();
        public override void OnStop()
        private void StartWCFService()

IPEndPoint ip = RoleEnvironment.CurrentRoleInstance.InstanceEndpoints[


            Uri baseAddress = new Uri(String.Format("http://{0}", ip));
                host = new ServiceHost(typeof(HelloService), baseAddress);
            catch (Exception ex)
                Trace.WriteLine(ex.Message, "Error");
            Trace.WriteLine("WCF Hello service running...");                       
        private void StopWCFService()
            if (host != null)
                catch (Exception ex)
                    Trace.WriteLine(ex.Message, "Error");
        private void RoleEnvironmentChanging(object sender, RoleEnvironmentChangingEventArgs e)
            if (e.Changes.Any(change => change is RoleEnvironmentConfigurationSettingChange))
                e.Cancel = true;

Make sure you start your WCF service in OnStartSteve has a good explanation why.

When I run the worker role in the dev fabric everything looks fine:

WCF service in worker role in local dev fabric


Cool – so let’s deploy it into the cloud.

Deploying WCF Service worker role from VS2010

 <17 minutes later… />
Argh – we get an exception when our WCF service wants to start in Windows Azure! What happened?

IntelliTrace when trying to start WCF service in Windows Azure

OK. The root cause of this problem is that Azure creates an “IP-bound Weak Wildcard” HTTP reservation using the IP address of the modeled endpoint. But by default, WCF attempts to bind to the “Strong Wildcard”, leading to a reservation problem as seen in the exception text. Our WCF binding must be compatible with the reservation. Currently, the only known way is to use the Exact hostname comparison mode.

We can do this in code or in config. Let’s – for the sake of simplicity - just use BasicHttpBinding to illustrate this:

var b = new BasicHttpBinding
  HostNameComparisonMode = HostNameComparisonMode.Exact 

Or in config:

    <binding name="basicHttp"
       hostNameComparisonMode="Exact" />

And as I am a big fan of custom bindings this is what I had to do to get my sample from above working with my custom binary-over-http binding:

    <binding name="binaryHttp">
      <binaryMessageEncoding />
         hostNameComparisonMode="Exact" />


Hope this helps someone.

Some important and helpful security-related fixes for WCF (.NET 3.5/3.5 SP1)

Just found on

FIX: A hotfix that adds a SecurityBindingElement.AllowInsecureTransport property that allows the mixed-mode secured message to be sent over an unsecured transport in WCF is available for the .NET Framework 3.5 SP1 (KB971831)

The hotfix that is described in the article adds an AllowInsecureTransport property in the SecurityBindingElement class for the Microsoft .NET Framework 3.5 Service Pack 1 (SP1). The default value of this property is set to False. When the property is set to True, the mixed-mode secured message can be sent over an unsecured transport in Windows Communication Foundation (WCF) services, such as HTTP. The property should be set to True only when the client and service are in a trusted environment.

A hotfix is available that adds an endpoint behavior that lets services use multiple threads to receive secure messages in the .NET Framework 3.5 SP1 (KB975955)

In the .NET Framework 3.5 Service Pack 1 (SP1), you can use only one thread to receive secure messages in a Windows Communication Foundation (WCF) service that uses message security. This hotfix adds the dispatcherSynchronization endpoint behavior that lets you use multiple threads to receive secure messages at the same time. Additionally, the behavior contains the maxPendingReceives property. This property enables you to set the maximum number of threads that receive secure messages at the same time.

FIX: The WCF security stack does not support the SHA-256 hashing algorithm in the .NET Framework 3.5 (KB973975)

In the Microsoft .NET Framework 3.5, the Windows Communication Foundation (WCF) security stack supports the SHA-1 hashing algorithm but does not support the SHA-256 hashing algorithm. This hotfix enables the WCF security stack to support SHA-256 so that service endpoints can support SHA-256 for SOAP messages.

.NET Framework 4 migration issues: What you may stumble across

Just in case you wonder what may go wrong when moving to the .NET Framework 4: .NET Framework 4 Migration Issues

Interview on WCF Services Ecosystem from TechDays 2010 Sweden

Swedish Microsoft evangelist Dag König recorded several podcasts at the 2010 edition of TechDays Sweden in Örebro.
Here is the interview with me chatting about the WCF Services ecosystem, covering

  • WCF Core SOAP services
  • WCF WebHttp Services
  • WCF Data Services
  • WCF RIA Services
  • WCF Workflow Services


Conference session materials from DevWeek 2010

Thanks a lot to everybody who came to one, two or all three of my sessions at DevWeek 2010. Much appreciated, and it was fun, again :)
As promised, here are the slides and the samples used during the sessions – see you next year in London!

  • WCF tips & tricks from the field  - a selection [Slides]   [Demos]
  • WCF4: what’s new? … what’s better, what’s worse? [Slides]   [Demos]
  • Communicating through the Cloud: Windows Azure platform AppFabric Service Bus [Slides]   [Demos]

Off to TechDays Sweden next week…

Free PDF Book Download: A Guide to Claims-Based Identity and Access Control – powered by thinktecture

Get it now.

thinktecture’s Dominick Baier has spent quite a lot of time helping to build this fantastic official Microsoft guide. If you need to grok the concepts and technical details about how to do claims-based identity and access control on the Windows and .NET platform, that is the PDF you should carry around all day.

Dominick put all his vast and deep experience into this project. Thanks Dom.

 p&p guide claims-based identity & access control

Creating a database in SQL Azure (aka 'provisioning')

People do not always want to rely on UIs to do database jobs.
At a command prompt with SQLCMD in the path type the following:

SQLCMD –U [MyUsername]@[MyServername] –P [MyPassword] –S [MyServername] –d master

So, nothing spectacular - just for the records.