coding


30
Apr 12

wcf rest interface with proper validation status code

I’ve been working on a self-hosted WCF REST service that supports HTTP authentication. I worked my way through all the fun bits, but near the end I ran into an issue with WCF’s handling of SecurityTokenExceptions in my custom UserNamePasswordValidatior. Instead of returning the expected 401 Unauthorized response code, I ended up with a 403 Forbidden response. Not all at what I wanted, nor within HTTP spec.

After searching around, and around, it turns out this was a known issue that Microsoft decided to hotfix with an interesting workaround. To fix the problem, all I needed to do was add an item to the exception I was throwing’s data dictionary, indicating what HTTP response code I really wanted it to return.


public override void Validate(string userName, string password)
{
 if (string.IsNullOrEmpty(userName) | string.IsNullOrEmpty(password))
 throw new ArgumentNullException();

if (string.Compare(userName, "testuser1") != 0 || string.Compare(password, "testpassword1") != 0)
 {
 SecurityTokenException ex = new SecurityTokenException();
 ex.Data["HttpStatusCode"] = HttpStatusCode.Unauthorized;
 throw ex;
 }
 else
 {
 SecurityTokenException ex = new SecurityTokenException();
 ex.Data["HttpStatusCode"] = HttpStatusCode.Unauthorized;
 throw ex;
 }
}

Not the most elegant solution in the world, but it at least gets the job done.


18
Apr 12

on coding

There’s been a minor flurry of activity on the interwebs about coding, specifically about reading code.  Jeff Atwood made a off-hand comment that set some people a-buzz:

“The idea that you’d settle down in a deep leather chair with your smoking jacket and a snifter of brandy for a fine evening of reading through someone else’s code is absurd.”
Jeff Atwood

And we had Scott Hanselman retort with:

“Absurd? Hardly. Nearly every programmer I’ve ever spoken to enjoys reading and discovering new code.”
Scott Hanselman

Jeff’s comment was taken a bit out of context since his post was in fact proclaiming the virtues of “reading the source”, but I can’t help but side with Mr. Hanselman.  You really have to be able to read to write, and if you’re going to do it well you have to want to.  That doesn’t mean that you can’t get away with living in isolation, but you’ll suffer the consequences accordingly.  People grow in response to external stimuli, which means you need to get out there and expose yourself to as much of your intended subject material as possible.  So cruise through SourceForge, Github, CodeProject, and all the rest, it’s the biggest benefit of the open source movement and there’s absolutely no reason not to take advantage of it.

If I had to sum up my own personal take on code slinging, it’s essentially the same as my view on more traditional writing which I think Stephen King put it best in his book On Writing:

“If you don’t have time to read, you don’t have the time (or the tools) to write. Simple as that.”
– Stephen King