Tuesday, January 13, 2009

Dealing with Microsoft UDDI services

How do I install and setup Microsoft UDDI Services?

Read the UDDI SOA Howto.

Where to get the UDDI samples?


Microsoft did not include the UDDI samples in the current Windows SDK for Windows Server 2008 and .Net Framework 3.5.

Therefore you need to install the old Windows Server 2003 SDK .

After you installed the Core SDK you find the samples in

%PROGRAMFILES%\Microsoft SDK\samples\UDDI


Where to get Microsoft.UDDI.DLL?

You find it if you install the Windows Server 2003 SDK you find it in

%PROGRAMFILES%\Microsoft SDK\bin

or if you installed .NET 3.0 you find it in

%PROGRAMFILES%\Reference Assemblies\Microsoft\UDDI\v2.1\bin\system32


How to turn on Debugging?


If you want to turn on Debugging use regedit and goto:

[HKLM\SOFTWARE\Microsoft\UDDI\Debug]

set FileLogLevel to the appropriate value. Possible values are:

0 = None
1 = Error,
2 = Warning,
3 = FailAudit,
4 = PassAudit,
5 = Info ,
6 = Verbose

where 6 (Verbose) prints the most information into the file specified by LogFileName

How to configure another virtual directory for UDDI?

Open the IIS Manager, right click on Default Web Site and select New Virtual directory. Select a name for the alias, then select the UDDI/webroot folder (e.g. "c:\inet\uddi\webroot" ). Then select the Read, Run Scripts and Browse permission. After the wizard finishes right click on the virtual directoy and select Properties. Now change the Application Pool to "MSUDDIAppPool". Last thing is to select the ASP.NET tab and change the ASP.NET Version to 1.1.4322.

How to configure Authentication?

Microsoft UDDI offers basically 2 different types of authentication.

Windows Authentication and UDDIAuthentication. The difference is that in Windows Authentication you do not have to specify a Username and Password when you create the UDDIConnection object.

Windows Authentication
In Windows Authentication you do not have to specify a Username and Password. UDDI simply takes the Usercredentials received by the UDDI web service. To configure UDDI for using Windows credentials open the IIS Manager, right click the virtual directory (e.g. uddi or uddipublic), go to the Directory Security tab and click on Authentication and access control. Now make sure "Enable anonymous access" is disabled and Authenticated access is set to Integrated Windows authentication.

Ok, whats UDDIAuthentication?
When you use UDDIAuthentication you specify a Username and Password when you create the UDDIConnection object. However this user has to be a valid windows user account and has to have appropriate permissions. Using UDDIAuthentication the authentication of the account is not enforced by IIS but the UDDI Service will authenticate the user.
To configure UDDI for doing UDDI authentication open the IIS Manager, right click the virtual directory (e.g. uddi or uddipublic), go to the Directory Security tab and click on Authentication and access control. Now make sure "Enable anonymous access" is enabled.

Now use the following pattern:

UddiSiteLocation location = new UddiSiteLocation(
httpServerName + "inquire.asmx",
httpsServerName + "publish.asmx",
httpServerName + "extension.asmx",
"My Site",
AuthenticationMode.UddiAuthentication);

UddiConnection oConnect = new UddiConnection(location, @"Domain\Username", "Password");

oConnect.AutoGetAuthToken = true;

The secret to UDDI Authentication
1.) Try to the current user out the current HTTPContext (Windows Authentication)
2.) Query the Security.Authentication Mode Parameter which is set in the UDDI Database in table UDO_config.
3.) If the Security.Authentication Mode parameter is set to 8 UDDI tries Passport authentication.
4.) Windows Authentication is only used if the current user is not the anonymous user (Anonymous Access is disabled) and you did not specify a username in the connection.
5.) By Default UDDIAuthentication is used.


public AuthToken GetAuthToken(GetAuthToken gat)
{
Debug.Enter();
AuthToken token = new AuthToken();
try
{
IIdentity identity = HttpContext.Current.User.Identity;
int @int = Config.GetInt("Security.AuthenticationMode", 3);
if (8 == @int)
{
if (!(identity is PassportIdentity))
{
throw new UDDIException(ErrorType.E_fatalError, "UDDI_ERROR_PASSPORT_CONFIGURATION_ERROR");
}
Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for Passport based authentication
dentity is " + gat.UserID);
PassportAuthenticator authenticator = new PassportAuthenticator();
if (!authenticator.GetAuthenticationInfo(gat.UserID, gat.Cred, out token.AuthInfo))
{
throw new UDDIException(ErrorType.E_unknownUser, "USER_FAILED_AUTHENTICATION");
}
if (!authenticator.Authenticate(token.AuthInfo, 0x3840))
{
throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_USER_FAILED_AUTHENTICATION");
}
if (!Context.User.IsVerified)
{
throw new UDDIException(ErrorType.E_unknownUser, "UDDI_ERROR_NOT_A_VALID_PUBLISHER");
}
}
else if ((!((WindowsIdentity) identity).IsAnonymous && ((@int & 2) != 0)) && Utility.StringEmpty(gat.UserID))
{
Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for Windows based authentication
Identity is " + identity.Name);
new WindowsAuthenticator().GetAuthenticationInfo(gat.UserID, gat.Cred, out token.AuthInfo);
}
else
{
if ((@int & 1) == 0)
{
throw new UDDIException(ErrorType.E_unsupported, "UDDI_ERROR_AUTHENTICATION_CONFIGURATION_ERROR");
}
Debug.Write(SeverityType.Info, CategoryType.Soap, "Generating credentials for UDDI based authentication");
new UDDIAuthenticator().GetAuthenticationInfo(gat.UserID, gat.Cred, out token.AuthInfo);
}
Debug.Write(SeverityType.Info, CategoryType.Soap, "Windows Identity is " + WindowsIdentity.GetCurrent().Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "Thread Identity is " + Thread.CurrentPrincipal.Identity.Name);
Debug.Write(SeverityType.Info, CategoryType.Soap, "HttpContext Identity is " + identity.Name);
Debug.Verify(Context.User.IsPublisher, "UDDI_ERROR_NO_PUBLISHER_CREDENTIALS", ErrorType.E_fatalError, new
bject[] { Context.User.ID });
Debug.Write(SeverityType.Info, CategoryType.Authorization, "Authenticated user (userid = " + gat.UserID + " )");
}
catch (Exception exception)
{
DispositionReport.Throw(exception);
}
return token;
}


Errors and Solutions

If authentication fails with "Authetication failed" and in the UDDI log you will see.

FAIL AUTH 2009/01/13 18:09:14 System.ArgumentOutOfRangeException: Length cannot be less than zero.
Parameter name: length
at System.String.Substring(Int32 startIndex, Int32 length)
at UDDI.API.Authentication.UDDIAuthenticator.GetAuthenticationInfo(String userid, String password, String& ticket)

Dont forget to put an @ before the string specifying the username so use:

string szUsername = @"Domain\User";

2 comments:

Julie said...

Great information. However, I have another a question: can we create our own back end database and if so where can I find the data base schema and script?
Thanks

elLoco said...

The Microsoft UDDI database comes with a setup package. So I doubt there is any external script.