A few months ago I was presented with a problem that took me a while tofigure out.  I had lost my notes but just found them and hence the postnow.

Theissue that I had was that I had a web service that provided a method tosee if a file existed on a remote server from some parameters passed toit that through a function mapped to a file name on those storagesystems.  Existence of the file was done with the File.Exists methodwhich was passed a UNC representing the file.

This all workedfine as the web service server and the file server where in the samedomain.  This all changed when the moved the web services into a serverin a different domain, and one that didn't have a trust.

Ioriginally thought that this was interesting as I had the web servicesetup to impersonate the user account in the domain of the file serverthrough the web.config impersonation, as that was needed just to passsecurity checks as access is limited to a few accounts on the domain. However, because there was no trust, the impersonation didn't work!

Aftermuch research, what I did not find any real solution, but I did findtwo half solutions that needed to be stitched together into a singlesolution.

The first part of thte solution is to create anapplication pool to run your web service within.  We'll configure thisappliation pool to run as a different identity than the rest ofASP.NET.  After you've created your application pool, select Properties-> Identity -> Configurable, and enter the account from your webservice server domain that you want the account to run under.  It isvery important that this account be named the same and have the samepassword as the account in the remote domain (the one without thetrust) use to access the resources with.  Now, configure your webservice to run in that application pool.

If you try to accessyour web service, you will get the infamous ‘Service Unavailable Page’page with big red letters.  What's going on?  Well, this is the secondhalf of the solution as you've created the application pool, but thatapplication pool doesn't have the permissions to access .net systemfiles.  Doh!

To solve this, add your account to theIIS_WPG group, and then assign this account the following user rights:

• Adjust memory quota for a process
• Replace a process level token

And we're not done yet.  You still have to give the IIS_WPG group fullcontrol to the following directories (and all sub items):

• C:\windows\temp
• C:\windows\Microsoft.NET\Framework\v.2.0.50727\Temporary ASP.NET Files
• And the folder where your web service is located.

Restart IIS and you should be able to access yourweb service, and have it access the resources in the remote but nottrusted domain.

Technorati Tags: .Net

I was upgrading software for a client today so that it wouldperiodically take a snapshot of the CPU utilization so that we couldmonitor the workload.  With some google based research, I came up withthe following code to return the cpu utilization:

private static PerformanceCounter pc = new PerformanceCounter("Processor", "% Processor Time", "_Total");


Unfortunately,when I deployed this to the servers (it runs as a service), the servicewould not start.  Puzzled for a while I took a look at the event logand found the following error:

Servicecannot be started. System.TypeInitializationException: The typeinitializer for 'TNSMI.ArchiveServer.WatcherServiceImpl' threw anexception. ---> System.UnauthorizedAccessException: Access to theregistry key 'Global' is denied.
   at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
   at Microsoft.Win32.RegistryKey.InternalGetValue(String name, Object defaultValue, Boolean doNotExpand, Boolean checkSecurity)
   at Microsoft.Win32.RegistryKey.GetValue(String name)
   at System.Diagnostics.PerformanceMonitor.GetData(String item)
   at System.Diagnostics.PerformanceCounterLib.GetPerformanceData(String item)
   at System.Diagnostics.PerformanceCounterLib.get_CategoryTable()
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String category, String counter, Boolean& categoryExists)
   at System.Diagnostics.PerformanceCounterLib.CounterExists(String machine, String category, String counter)
   at System.Diagnostics.PerformanceCounter.Initialize()
   at System.Diagnostics.PerformanceCounter.....

Turnsout the service is running under a limited account that did not havepermissions to access the performance counters.  The solution after alittle trying was to make the user account a member of the "PerformanceMonitor Users" group.

Technorati Tags: Performance, Security

Technorati Tags: Agile

Workflow for delivering commands from the user to a peer in p2pSB.

Client side

1. User issues command (ie. ConnectToNetwork)
2. Service host looks up the appropriate service.  In this case, ConnectToNetworkService.
3. Execute is triggered on the ConnectToServiceObject.
4. AvailablePeers are retrieved, and ConnectToNetworkMessage delivered to each by the following process.  Note that Redezvous Servers are considered peers in this list.
5. The list of known transport types for each peer is identified from the PeerConnectionInfo class associated with the peer.
   
6. ConnectToNetworkMessage is sent to each peer via that transport.  Note that this is an asyncronous action and considered fire and forget.
7. The message is places in the message store for correleation of connect messages.

Server Side

1. ConnectToNetworkMessage is received by a listener.
2. Decrement TTL, and if 0 dispose of message.
   
3. Message is routed to the message node.  Message node "touches" the message.
   
4. Message node routes it to the ConnectToNetworkService.
5. Connect to network service acknowledges the message with a response back through the incoming message node.
6. An entry in the peer list is made for this node.
   
7. The message is forwarded to all peers on this servers peer list that are not already on the visited peers list.

Technorati Tags: p2pSB