VAN: An evening of Questions and Sharing of group opinions regarding DDD pragmatic concepts facilitated by David Laribee July 22, 2009

Topic

In the spirit of Open Spaces we will be bringing in David Laribee to facilitate a discussion of opinions on Domain Driven Design.

Who is Dave?

He is a coach for the product development team at VersionOne. He has 12 years experience designing and developing enterprise applications and coaching Agile teams. David has worked on internal IT, product development, consulting, and rapid prototyping teams across a wide variety of industries. David is a frequent speaker at local and national developer events. He was awarded a Microsoft Architecture MVP for 2007 and 2008 and writes about Agile and Lean methods, coaching, and software design on the CodeBetter blog network.

Meeting Details

Times below are Central Daylight Time
Start Time: Wed, July 22, 2009 8:00 PM UTC/GMT -5 hours
End Time: Wed, July 22, 2009 10:00 PM UTC/GMT -5 hours
Attendee URL: Attend the meeting (Live Meeting)

del.icio.us Tags: DDD,Open Spaces,VirtualAltNet

Technorati Tags: DDD,Open Spaces,VirtualAltNet

Enabling Kerberos delegation with Application Service Architectures and SQL Server Analysis Services 2005

Introduction

This document describes how to setup Kerberos delegation to authenticate an application windows service HTTP requests to SQL Server Analysis Services 2005. Additionally the steps for configuration that will follow become required when the application host machines are separated but exist within the same domain. More information can be obtained on this here.

Active Directory Setup

When making changes in Active Directory there is a requirement for you to have a System Administrator with permissions to invoke any of the changes needed below.

● The server which hosts your application windows services must be set to 'Trust this computer for Delegation (Kerberos
only)'.
● All your AD user-accounts that will utilize your application windows service should have the setting "Sensitive: not allowed
to be delegated" disabled. This means that all these accounts should be allowed to be delegated.
● Register the Service Principal Names (SPN) described in this document in your Active Directory.

Service Principal Name Registration

If you do not have the Service Principal Name tool or SPN tool is part of the Windows Server 2003 and 2008 Support tools and can be found on your product CD. Alternatively you can download it from here.

Machine hosting your application windows service.

Check the registered SPN’s before you continue with the registration by issuing the following text from the command line:
setspn –l <domainName]\[serverHostName]

This command will list (-l) out the current SPN’s and the only one’s that should show up are as follows:

HOST/<serverHostName>
HOST/<serverHostName>.domain.com

Protocol registration

setspn –a HTTP/<domainName>\<serverHostName> <serviceAccount>
setspn –a HTTP/<serverHostName>.<domainName>.com <serviceAccount>

Application Service registration

setspn –a <appWindowsServiceName>/<domainName>\<serverHostName> <serviceAccount>
setspn –a <appWindowsServiceName>/<serverHostName>.<domainName>.com <serviceAccount>

Note: The <serviceAccount> token we have used above will be referenced as the <serverHostName> token when the services are running as LocalSystem/NetworkService. Otherwise specify the Domain account that the services are running under.

Machine Hosting SQL Server Analysis Services

Check the registered SPN’s before you continue with the registration by issuing the following text from the command line:
setspn –l <domainName]\[serverHostName]

This command will list (-l) out the registered SPN’s. Typically the one’s that will appear are the same as noted above on your Application windows service machine.

SSAS Service registration

setspn –a MSOLAPSvc.3/<domainName>\<serverHostName> <serviceAccount>
setspn –a MSOLAPSvc.3/<serverHostName>.<domainName>.com <serviceAccount>

The <serviceAccount> token notes above equally apply.

Setup the clients

● The URL used to connect to the Application service web application http://<serverhostname>.<domainname>.com/) should be added to the trusted sites list in Internet Explorer
● To use Windows Integrated Authentication, the option ‘Automatic logon with current username and
password’ must be selected in the Security settings dialog box for the trusted sites zone, (Section:User authentication -Logon)

Team City Addin for NUnit

Recently at our Virtual Alt.Net group I ran through getting a basic project up and running within Team City 4.0. During the demonstration we were lucky to have a couple of key insiders from Jet Brains join us in the discussion. During the presentation I was painfully hitting the proverbial brick wall of "fail", namely around getting my NUnit test results integrated into Team City's build reports. To save all of you from having to watch the video and to concisely put this rather simple issue to rest quickly, I have concluded at the bottom of this post steps requiring action to have your NUnit tests integrated within Team City. I would like to thank Yegor Yarko and Eugene Petrenko and all participating attendees who offered their assistance in getting this to work!

In order to integrate the NUnit Test runner, Team City requires a bit of additional configuration and the documentation is not as forthcoming as I would like. Hopefully this post will assist others who want to integrate their testing statistics into their build server's dashboard reporting.

Jet Brains indicates that they provide support for NUnit via an addin. The addin provides on-the-fly test coverage reporting integrated within Team City.
The screen to the left appears as an additional chart located within the Settings tab indicating Test Count.

The screen shot below is indicative proof that test reports are not configured correctly. The build itself however is successful. Notice that there are four tabs displayed, there should be five with a Tab named Tests.







When the NUnit test runner integration is correct the screen will appear as follows:












Click on the Tests tab and you can filter the tests by ignored, successful, failed, or all. Additionally you can view your tests by classes, suites, namespaces/packages, or all. This filtering capability is directly above the listing of tests in the screenshot below.








Configuration Steps

It is important to note that with the ensuing steps integration of the NUnit test runner is supported only from versions 2.4X and higher of NUnit.

• Locate the nunit.console.exe.config file for the version of NUnit that you will be using. In this case I chose to use NUnit 2.4.8. The path to the file is C:\Program Files\NUnit 2.4.8\bin. Add the following XML to the config file save and close the file.
  

• I defined a property for locating the NUnit console runner for version 2.4.8. This is optional of course I just find this a cleaner approach as I can reference this location with less noise later in the build script. Additionally its also worth noting that the version for NUnit's console runner does not have to match the version of NUnit referenced within your project's test assembly.
  

• Copy the dll and pdb files for the Team City Nunit AddIn to the location defined above for the nunintconsole property and place the files within the newly defined directory of addins that is created within this task. Then the tests are executed by NUnit.

The Team City test runner for NUnit will work only for version's 2.4x and higher for NUnit. If anyone has some alternative configuration that has worked for them I would love to hear them.

Tricks for dealing with Assembly changes in DocProject

I have been working with Steve Bohlen of late in evaluating a couple of API documentation engines that are being considered for inclusion with NHibernate's API.  

One issue that was bothering me was how to best deal with detecting assembly changes in a Project. As many of you know NHibernate has a rather extensive API that undergoes many regular changes and additions. DocProject is one tool that is being evaluated to perform the documentation requirements. During the initial project setup a wizard prompt requests you to select your assembly targets for inclusion. These assemblies then appear as reference dependency inside of your DocProject project. So the question that was bothering me was what happens if you create new assemblies? Having to manually added these new assemblies to DocProject would become a nuisance as it would be easy to forget to do this step. 

Stephen suggested the following which worked quite nice!

Step 1

Remove the reference assemblies from DocProject

After removing the dependencies, you need to specify an external location where they can be located by DocProject.  Below this is done within the DocProject Properties window supply we supply the External sources location for the source of the assemblies and the XML documentation files. 

Step 2

Create a post build event that copies the Assemblies to the projects output directory which in this case we have created a folder output target called Help. This folder content is also automatically cleaned and scrubbed by the projects build script during the compile task. We added the following macro command in the Project Properties | Build Events section defining a post-build event.

 

Checking the noted changes caused a fail to the build. We need to automate the creation of the Help folder.

Hence I added a make directory task to my compile target in the project's build script.

Now any assemblies newly added within my projects namespace will be automatically detected for documentation. The post-build task can be tweaked to limit the project assemblies you would like to document. 

 

DocProject fails to build when checked into Subversion

I found this error condition occurring after introducing a documentation project to my code project and checking this into source control. When the build server attempts to build the solution from source control the following error occurs:

The actual error message is:

C:\Program Files\Dave  Sexton\DocProject\bin\DaveSexton.DocProject.targets(40, 5): Access to the path 'all-wcprops' is denied. 

Its resolved by ignoring the build output folders for DocProject from being included as source control content.

Namely ignore the following folders:

buildhelp, Help\Html and Help\Html2

Now the build is green once again and life is good!

Over here I found assistance to fix this issue

Solving slow parameterized query plans with SQL Server

This morning I was listening to Stack Overflow podcast#45 in which Jeff Atwood indicated he had uncovered situations involving poor performing parametrized query's. The solution involves optimizing for 'UNKNOWN' as an optional hint when dealing with parametrized queries.

Example:

@p1=1, @p2=9998,

Select * from t where col > @p1 or col2 > @p2 order by col1

option (OPTIMIZE FOR (@p1 UNKNOWN, @p2 UNKNOWN))

This optional optimization is available for SQL 2008 only. The option forces the query optimizer to look at all available statistical data to come up with a more intelligent deterministic view of what values the local variables used to generate the query plan should equate to rather than using the parameters being passed in by the application. The workaround alternatives do not really offer any good alternatives to solve this issue most notably when dealing with dynamic parameters.

Workarounds

1. Recompile every time the query is executed using the RECOMPILE hint - This can be very CPU intensive and effectively eliminates the benefits of caching query plans. ex. option(RECOMPILE)

2. Un-parametrize the query – Not a viable option in most cases due to SQL injection risk.

3. Hint with specific parameters using the OPTIMIZE FOR hint (However, what value(s) should the app developer use?) This is a great option if the values in the rows are static, that is; not growing in number, etc. – However in my case the rows were not static.

4. Forcing the use of a specific index

5. Use a plan guide – Using any of the recommendations above.

Implications with NHibernate or other Object Relational Mappers's

I am a user of NHibernate. At present NHibernate does not provide support for the SQL 2008 dialect and recommends using the SQL 2005 dialect configuration option to deal with SQL 2008 data sources. I am wondering if anyone in the NHibernate community has come across this issue with slow parametrized SQL? Is this an issue that an ORM needs to be aware of when supporting a given database dialect? My view is yes. However I am still somewhat of a newb with NHibernate.

Catch SSL Certificate errors from HttpContext Request

A recent task was to try and redirect user entry points to an address that our web site's SSL certificate had been assigned to. An example follows to illustrate the problem.

User wants to get to a secured page quickly without going through the site's internal navigation links. From the browser's Address bar they enter https://example.com/accounts/ and the Certificate returns an error code that when looked up indicates:

Error code: ssl error bad cert domain

The certificate was issued to www.example.com and indicates that example.com uses an invalid security certificate.

I was hoping to be able to catch the request in the Application_BeginRequest event but the SSL error occurs before this. The only way that the Application_BeginRequest event is invoked is when the user clicks through the certificate error message to Proceed Anyway.
Here is an image of what to expect in Google Chrome.


The solution to this is simple but many System Admins prefer to have Dev implement a band-aid solution of redirecting traffic from the typical landing page. In other words look for a host request from example.com and redirect to http://www.example.com/ The true solution is to fix the certificate! Contact your SSL certificate provider and have them re-issue a certificate that includes a SubjectAlternativeName (SAN) entry. In our example this means theat traffic coming from either example.com or www.example.com would be correctly named and known to the certificate. In most cases the certificate authority's will do this at no additional cost. Lesson's learned!

In researching this issue it was a surprise to see that even Google has not fixed this issue yet! Again, no charge so fix it already!