Freezing query plan with SQL Server

Lets presume that you have a 3rd party application that just runs a query against the SQL Server. You see in the profiler that the query does not performs well and can see the way to optimize the query, however it is the 3rd party application.

Is it a dead-end or still there are chances to do something about it?

Very nice article here (in Russian language)

P.S. It is also quite funny to read as long as you know Russian language well 🙂

WCF certificate authentication under Windows Vista

Security is always A topic, because you have to maintain multiple gates. IIS and WCF is a good example of that. When you want to configure security settings for WCF – you’ll have to change the web.config file appropriately and … most probably the IIS configuration as well.

This post will serve me as a reminder as well on what I have to do in order to achieve the necessary results. So, let’s get to the topic.

The goal: To configure WCF service to allow only HTTPS and clients must be authenticated using client certificate using the basicHttpBinding (sounds simple, doesn’t it?).

The configuration:

Ok, the first things first – we need to configure basicHttpBinding to request SSL and request client certificates. For that we need to add binding section like this:

<basicHttpBinding>
 <binding name="SSLBinding">
  <security mode="Transport">
   <transport clientCredentialType="Certificate" />
  </security>
 </binding>
</basicHttpBinding>

Generally it means that we will be securing communications at Transport level and the client credentials will be Certificates.

Second, we want to have access to metadata and map the certificates to Windows accounts. For that we will need to configure behaviors section:

<behavior name="SSLBehavior">
  <serviceMetadata httpsGetEnabled="true" />
  <serviceDebug httpHelpPageEnabled="false" includeExceptionDetailInFaults="true" />
  <serviceCredentials>
    <clientCertificate>
      <authentication certificateValidationMode="PeerOrChainTrust" mapClientCertificateToWindowsAccount="true" />
    </clientCertificate>
    <windowsAuthentication includeWindowsGroups="true" allowAnonymousLogons="false" />
  </serviceCredentials>
</behavior>

After this one is done – there is the last step to configure the service itself. Nice and easy:

<service behaviorConfiguration="SSLBehavior" name="Namespace.Implementation">
 <endpoint address=https://localhost/Implementation/Implementation.svc binding="basicHttpBinding"
  bindingConfiguration="SSLBinding" name="TheService" contract="Namespace.IContract">
  <identity>
   <dns value="Server" />
   <certificateReference x509FindType="FindBySubjectName" findValue="localhost" />
  </identity>
 </endpoint>
</service>

Setting up SSL with Windows Vista is too easy, just take a look: http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx 

So far so good, but there is one more thing – to configure the SSL and map windows accounts to certificates. In Windows 2003 – there is a UI in the IIS management console, but You won’t find one in the Vista. Help comes from here: http://blogs.iis.net/ulad/archive/2007/01/19/vbscript-to-configure-one-to-one-client-certificate-mapping-on-iis7.aspx

It will configure your applicationHost.config file and add similar section:

<security>
  <access sslFlags="SslRequireCert,SslNegotiateCert" />
  <authentication>
    <anonymousAuthentication enabled="true" />
    <windowsAuthentication enabled="true" useKernelMode="true" />
    <iisClientCertificateMappingAuthentication enabled="true" oneToOneCertificateMappingsEnabled="true">
      <oneToOneMappings>
        <add enabled="true" userName="computerusername" password="[enc:AesProvider:Encrypted password:enc]"
            certificate="Certificate content" />
      </oneToOneMappings>
    </iisClientCertificateMappingAuthentication>
  </authentication>
</security>

Now lets get back to the bad parts:

First, you probably already noted that the service configuration is missing the IMetadataExchange endpoint, which is usually added to the service configuration. If you’d leave it, then you would receive errors like: "The SSL settings for the service ‘None’ does not match those of the IIS ‘Ssl, SslNegotiateCert, SslRequireCert, SslMapCer".

Also, you will need to enable anonymous authentication, because otherwise you will receive something like: "Security settings for this service require ‘Anonymous’ Authentication but it is not enabled for the IIS application that hosts this service."

And finally, couple of references I’ve used when going through all these issues (big thanks to authors):

MCTS: TFS

I "felt"  that something has changed in my MCP profile. I went to check it out and found new item in my list:
  • MCTS – Microsoft Team Foundation Server: Configuration and Development

This is a result of taking Beta exam in February this year.

Visual Studio 2005 SP1

Finally, it is released and available at http://msdn.microsoft.com/vstudio/support/vs2005sp1/.
As it looks like, not all of the bad stuff got fixed in this SP release, but apparently – development will get a bit more easier.
Also, you can see that there is a link over to the beta of Visual Studio update for Windows Vista. Though, at least for now, this link points to nowhere ("The download you requested is unavailable"), but I’m waiting for it as I am using Visual Studio on Vista already for a while.
To keep things short – I like developing on Vista.

Tool list

I have added new list of tools that are quite nice/useful/must be on a developers desk.
Some of the tools I am not using, but still under certain circumstances I would choose to use them for their purpose.
So far, I promise to add some more links to useful tools these days, so keep checking out.
And don’t forget to check the list of tools from Scott.

Some new things lately

Ok, some time ago I have posted the item from Microsoft Word 2007 (beta of course), but this post is written using a free tool, called "Windows Live Writer". Important thing – it is free and you can get it from here. It looks pretty cool and I hope that it will work … well, it’s still beta.

Another thing I’ve seen lately in the blog posts – the InstallPad, software that helps to install things. Normally, downloading things takes a while and this piece of software looks quite promising (I haven’t tried it yet, but soon I will).

One more thing – Patterns & Practices Guidance Explorer. I looked at the first releases and though there were a lot of empty places, but still the idea is catching. To get all those Do’s and Don’t do’s into a single place. You can check it out now.

And finally sentence about the freedom: “Freedom is not the right to do what you want, but the liberty to do what is right.”

Tools that really help developers

Today I’ve found two nice products, which are either free today or almost free.
If you have to create PDF’s from .Net code, then webSupergoo ABCpdf is very attractive component to do that. And, check out the licensing .
Another GREAT tool, which is luckily free until 1st of september, and a "must have" for developer is SQL Prompt. Have you ever thought about intellisense in SQL editor?? You got it …