BrainHzSoftware.com

Brain Hz Software is Dead…

Posted by Scott Reed on September 7th, 2010

… Long live Brain Hz Consulting.  I won’t be posting to this site anymore, so check out www.brainhzconsulting.com.

Posted in Uncategorized | Comments Off

Now officially Brain Hz Consulting, Inc.

Posted by Scott Reed on September 1st, 2010

It took quite a long time to get the corporation to go through (see
processing times). The trick was to hire a courier in Sacremento to submit the articles of incorporation directly in person so that we could take advantage of the expidited processing.
It took us a while to figure that out, now that the articles went through, we are officially a corporation!

We should be moving to a new site soon, and with it doing a little redesign of the look and feel. Keep your eye on http://www.brainhzconsulting.com.

Tags:
Posted in Business | Comments Off

WCF Extensibility

Posted by Scott Reed on August 11th, 2010

This was in the works for a long time, but today I gave a GeekSpeak talk on WCF Extensibility. The hosts were very nice. I have known Lynn for a while now, but it was great to finally meet Glen. Despite the fact that I was extremely nervous I only screwed up once :)

Here are the demos.

Tags: , ,
Posted in Talks | Comments Off

Changing Our Name

Posted by Scott Reed on June 30th, 2010

This has been a long time coming. When my wife and I first filed for a sole proprietorship back in October of 2006 I thought (correctly) that I would be doing the work, and my wife Chantal would be doing the books. As our daughters got a little bit older Chantal started verturing out into the world of consulting as well. These days she is doing almost as much consulting as I am. However – and herein lies the rub – she does not consult in the field of software. Instead, her consulting is all in the field of Bioengineering. It obviously makes sense to use the same tax EIN, but it doesn’t make sense for her to do business as a company with software in the title. Our tax guy said that the time had come for us to upgrade to a corporation instead of a sole proprietorship, so we used the opportunity to change our name from “Brain Hz Software” to “Brain Hz Consulting, Inc.” We got approval to use the name and I reserved the domain. Today, we officially filed for a C-corp with the secretary of state. As soon as that goes through we are going to switch over to the new site.

Tags:
Posted in Business | Comments Off

The WCF REST Family

Posted by Scott Reed on June 26th, 2010

Another year, another San Diego Code Camp :) I signed up for this talk way in advance, and forgot to check up on it. There were a couple of presenters giving similar talks. What I tried to do was demo my way through WCF REST support, WCF Data Services, and WCF RIA Services, explaining what each one was and how it differed from the others. I had a *TON* of questions and so the talk ran a little long, and I didn’t get to do any of my RIA demos. I think I stopped after slide 15. However, I did have a couple people come up to me afterwords and say that my talk was there favorite talk of the whole code camp, so in that respect – mission accomplished! The room was jam packed standing room only, so thanks to everyone who came out.

Here are the Slides and Demos

Tags: , , ,
Posted in Talks | Comments Off

Calling Amazon AWS through SOAP using WCF

Posted by Scott Reed on May 13th, 2010

I knew already that Amazon had two ways of calling their services. The first was by consuming the WSDL metadata and calling through SOAP, and the second was through REST. Of course the REST would be too cumbersome by itself but not to fear – there is a SDK which makes that easier from common languages like Java and .NET. But the SOAP should be brain dead simple to consume right? Wrong. After searching the forums for a while I figured out that somebody had managed to get it working through WSE 2.0 but nobody had managed to get it working from WCF. I thought to myself – “Self, I can’t allowed this to happen”. Myself agreed.

OK the first thing was to get it to work any way I could. While I was searching the forums I came across this post which describes how to call AWS using SOAPSonar. So I downloaded my trial edition and gave it a whirl.Using SOAPSonar enterprise I was able to add a certificate that I had saved earlier called ‘brainhz-cert.cer’ and call the service. Excellent. So now all I needed was to do this same task in WCF.

The first step was figuring out how they were securing their service. After looking through their docs I found a couple of helpful snippets.

  1. AWS does not implement a full public key infrastructure. The certificate information is used only to authenticate requests to AWS. AWS uses X.509 certificates only as carriers for public keys and does not trust or use in any way any identity binding that might be included in an X.509 certificate. Pasted from
  2. Amazon does not store your private key.  Creating a new certificate/private key pair invalidates your old one.  This only affects your X.509 key used to authenticate AWS requests.  It does not affect the ssh keypairs you use to log into instances (linux) or retrieve their password (windows). Pasted from
  3. The WS-Security 1.0 specification requires you to sign the SOAP message with the private key associated with the X.509 certificate and include the X.509 certificate in the SOAP message header. Specifically, you must represent the X.509 certificate as a BinarySecurityToken as described in the WS-Security X.509 token profile (also available if you go to the OASIS-Open web site). Pasted from

From this I was able to deduce that they were using the WSS SOAP Message Security X.509 Certificate Token Profile 1.0

I guessed that I needed to use Message based security with the Certificate credential type, but I double checked myself on the MSDN website.

WSS SOAP Message Security X.509 Certificate Token Profile 1.0
<basicHttpBinding>
  <security mode="Message">
    <message credentialType="Certificate"/>
  </security>
</basicHttpBinding>

Pasted from

I needed to specify which certificate I was going to use. It looked like I already had one in my Personal store (sometimes called the My store).

<endpointBehaviors>
	<behavior name="cert">
		<clientCredentials>
			<clientCertificate storeLocation="CurrentUser" storeName="My"
				 x509FindType="FindByThumbprint"
				findValue="6b 6a e8 ad b6 61 9c 1d a2 75 21 e4 4a d7 15 53 11 e6 72 27"/>
		</clientCredentials>
	</behavior>
</endpointBehaviors>

After adding that the next error that I ran into was this:
“The service certificate is not provided for target ‘http://ec2.amazonaws.com/’. Specify a service certificate in ClientCredentials.”

OK, so I needed the serviceCertificate. I used FireFox and hit https://ec2.amazonaws.com/ and saved the certificate. Then I imported it into my trusted people store.
Then I went in and added the following in my endpoint behavior:

<serviceCertificate>
	<defaultCertificate storeLocation="CurrentUser" storeName="TrustedPeople"
		x509FindType="FindByThumbprint" findValue="29 ca cd 8f 43 2e ff 31 f2 7f e5 70 e9 2e 1a f3 9e 1b f8 e8"/>
	<authentication certificateValidationMode="PeerOrChainTrust" revocationMode="NoCheck"/>
</serviceCertificate>

I had high hopes, before running this time, but no. The next error was:
“Private key is not present in the X.509 certificate”. When I looked at the certificate in the store, sure enough I did not see the “You have a private key that corresponds to this certificate” at the bottom.
Weird that it worked for SOAPSonar, but whatever. I went to Amazon, created and downloaded another certificate, combined the two and put them in my personal store. I then had to switch the certificate thumbprint to the one starting with 72 46.

After doing all of that I received a very strange error.
“Value (xmlenc#) for parameter Version is invalid. Version not well formed. Must be in YYYY-MM-DD format.”
WTF? I had never seen this one before, and I didn’t really know what sort of black magic was going on beneath me. So I turned on message level tracing, did some searching, and ended up trying two things:

  1. Switching the algorithmSuite from Default (Basic256), to (Basic128).
  2. Switching the OperationContract ProtectionLevel to Sign only.

WARNING: this is a HACK do not do this.
I went into the generated code into Reference.cs and changed the attribute on DescribeImages.

        [OperationContract(Action="DescribeImages", ReplyAction="*", ProtectionLevel=ProtectionLevel.Sign)]

Now fervently praying, I ran again. Bad news and good news.
Bad news was it didn’t work, good news was it was a message size issue, which I have fixed so many times in the past. Because we were using Message security I couldn’t turn on streaming. So I had to just up the maximum.
maxBufferSize=”9999999″ maxReceivedMessageSize=”9999999″

After cranking up the number high enough I got
System.ServiceModel.Security.MessageSecurityException occurred
Message=Security processor was unable to find a security header in the message. This might be because the message was an unsecured fault or because there was a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.

This was starting to make me mad. I was saying things that are unfit for children’s ears to my computer. After tracing, I discovered that this was related to the fact that Amazon messages are only secured one way.
The responses, or this response anyway, seemed to be unsecured. After some searching I found a hotfix for this issue in WCF.

http://support.microsoft.com/kb/971493

However, it required a customBinding. ARRGH!

Now the next step was to figure out which of the properties needed to be set so that it matched what I was doing before.
I created a program that created the two bindings, and compared the binding elements using reflection. The outcome of that program was the following binding declaration:

<binding name="customWithUnsecuredResponse">
	<security authenticationMode="MutualCertificate"
		 allowSerializedSigningTokenOnReply="true"
		 defaultAlgorithmSuite="Basic128"
		 messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
		 enableUnsecuredResponse="true"
		 securityHeaderLayout="Lax"
		 />
	<textMessageEncoding />
	<httpTransport maxBufferSize="9999999" maxReceivedMessageSize="9999999" />
</binding>

I particularly liked the message security version which has to be high on the list of longest names in all of .NET. Also notice the enableUnsecuredResponse = true.

After running one more time…

I bet the suspense is killing you…


IT WORKED!!!

I spent the next several minutes whooping it up. After having done it, I can honestly say that may be the only person in the world that has been stupid enough to try and get this working :)

Tags: , , , ,
Posted in Cloud | Comments Off

Amazon AWS in .NET

Posted by Scott Reed on May 11th, 2010

I gave a webinar for DevelopMentor today on Amazon AWS in .NET. The first half of the talk was on Amazon and some of the services it offers, and the second part of the talk was on using the APIs. I decided that although it might be more convenient for the attendees, giving a webinar is kindof a pain in the ass for the presenter. One problem is that you don’t get any feedback. I am used to being able to look around the room and decide if I need to pick up the pace, or slow down, or make a joke or change the medium to wake people up. This was just me talking to my computer screen for one and a half hours. Not an incredibly enjoyable experience. I really appreciated the few people who actually asked questions.

Here are the Slides and Demos

Tags: , ,
Posted in Talks | Comments Off

Amazon vs. Azure

Posted by Scott Reed on March 9th, 2010

I spoke tonight at the San Diego .NET User Group Connected Systems SIG on Amazon vs. Azure. I reused some of the slides I presented at the Fullerton Code camp. I really enjoyed the talk and all of the great questions I received as well.

Tags: , ,
Posted in Talks | Comments Off

Fun with Attributes for the Novice and Expert

Posted by Scott Reed on March 2nd, 2010

Tonight I gave another fundamentals talk at the San Diego .NET Developers Group. As I did last time (when I was talking about lists) I wanted to make sure that I had something for both novices and experts.
I started off with the fundamentals and I showed how to write one from scratch. Then I went on a mission to show some of the places throughout the framework where there are used (including System.ComponentModel.DataAnnotations and MEF).

The slide are here: Attributes

Afterwards a bunch of us went out to Red Robin and had a beer. I really enjoyed the conversation.

Tags: ,
Posted in Talks | Comments Off

Survey of the Cloud for Developers

Posted by Scott Reed on January 31st, 2010

I drove up to Fullerton yesterday to give a talk on Cloud Computing at the Southern California Code Camp. My talk was first thing in the morning which was nice. Llewellyn was recording me, and Steve Evans dropped by as well. I ran out of time, but everyone said it was a great talk. Here are the slides.

I attended the following talks:
10:00 Richard Campbell – Scaling
12:15 Michele Bustamante – Implementing Claims Based Security
1:30 Chris Love – WCF and jQuery
2:45 John Miller – Introduction to the T4 template language
and finally I stopped by
4:00 Aaron Skonnard – What’s new in WCF/WF 4.0

Aaron has always been one of my heroes and I had never seen him speak before, so I dropped by to check him out.

Unfortunately that night I got food poisoning and had to miss the second day.

Tags:
Posted in Talks | Comments Off