Windows Identity Foundation and date formats

I am starting preparation for a WIF-based security solution, and when playing with the STS that is created when you click “Add STS reference”, and “Add new STS project” in Visual Studio, I came across a curious thing.

I was trying to add a couple of more claims to my claims set, and among these were the AuthenticationInstant claim. All the claim types in Microsoft.IdentityModel are strings, so I naïvely converted “DateTime.Now” to a string and thought that was going to do the trick.

FormatException: String was not recognized as a valid DateTime.]
   System.DateTimeParse.ParseExactMultiple(String s, String[] formats, DateTimeFormatInfo dtfi, DateTimeStyles style) +3602766
   System.DateTime.ParseExact(String s, String[] formats, IFormatProvider provider, DateTimeStyles style) +49
   Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateAuthenticationStatement(SamlSubject samlSubject, AuthenticationInformation authInfo, SecurityTokenDescriptor tokenDescriptor) +1132
   Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateStatements(SecurityTokenDescriptor tokenDescriptor) +215
   Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateToken(SecurityTokenDescriptor tokenDescriptor) +114
   Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.Issue(IClaimsPrincipal principal, RequestSecurityToken request) +1580
   Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(SignInRequestMessage requestMessage, IPrincipal principal, SecurityTokenService sts, WSFederationSerializer federationSerializer) +667
   Microsoft.IdentityModel.Web.FederatedPassiveSecurityTokenServiceOperations.ProcessSignInRequest(SignInRequestMessage requestMessage, IPrincipal principal, SecurityTokenService sts) +42
   _Default.authButton_Click(Object sender, EventArgs e) in d:\src\WifTest\BusinessApp_STS\Default.aspx.cs:109
   System.Web.UI.WebControls.Button.OnClick(EventArgs e) +141
   System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +149
   System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +39
   System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +37
   System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +87
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +4226

Boom. No luck. OK, Try more of the standard .NET ToString date formats (, but without any luck.

dotPeek to the rescue. After digging through the Microsoft.IdentityModel dll for some minutes, I come across the following class:

// Type: Microsoft.IdentityModel.DateTimeFormats
// Assembly: Microsoft.IdentityModel, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35
// Assembly location: C:\Program Files\Reference Assemblies\Microsoft\Windows Identity Foundation\v3.5\Microsoft.IdentityModel.dll
namespace Microsoft.IdentityModel
  internal class DateTimeFormats
    internal static string[] Accepted = new string[16]
    internal static string Generated = "yyyy-MM-ddTHH:mm:ss.fffZ";
    static DateTimeFormats()

And then, I ask myself the following two questions:

  1. Why, why, why couldn’t Microsoft use some of the standard date formats when implementing this?
  2. And, if this was impossible, how about actually exposing these date formats, at least the “Generated” string, so that others can use it without having to dig through disassembled code and duping the format to application code.

Well, just a little rant. I hope to have some more blog posts coming up, both on WIF, and a few inspired by NDC2011, which I had the pleasure of attending last week.

Posted in .NET, C#, Uncategorized, WIF | Tagged , | 1 Comment

SAXParser and external DTDs

I am playing a bit with Android in the evenings nowadays, and as a part of this, I needed to parse an HTML file for displaying some of the information. I first used DOM to extract all relevant nodes from the HTML, and then processed the nodes.

Then I thought: “Let’s be a bit cleverer…” We’ll use SAX, because then we don’t have to download the whole file to start processing it. As a sidenote, I am only interested in the first N lines of the file. I’ve used SAX in Python before, and it was blazingly fast. Processed 32.000 files in just a few seconds.

Enter javax.xml.parsers.SAXParser.

After just about an hour or so rewriting my XML parser to use SAX instead of DOM, I was very happy. Time to test. Used a small XML fragment containing a bit more than the number of elements I need. Parsed in a fraction of a second. Happy.

Ok, let’s test this on some real data. I go on the web, save a copy of a relevant webpage, and start unit testing. Extreme slowness. Hmmm…. Strange. Could it be some issues with the FileInputStream reading the whole file before starting parsing? The file was just below 100K, so I couldn’t understand why it could be so slow even though it read the whole file before starting parsing.

After a few hours googling, printing out debug messages, etc, I looked at the HTML source. There is a DTD definition in it…

<!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN" "">

Long shot… Comment out that line. The parsing is performed in under a second…

Seems like the SAX parser used is trying to download the dtd from, but failing, for some reason. After more googling and experimenting with saxParserFactory.setValidating(false), without any luck, I came across a few comments on a few blog posts mentioning the following feature:

SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setFeature("", false);

That did the trick. The parsing time is down to below a second again. Moving onwards into the dark corners of Android development…

Posted in Android, Java | Leave a comment

VB.NET If(condition, truePart, falsePart) != C#’s ?:

The ternary If operator ( was new in VB.NET 2.0 (VS2008). However, I don’t use it much, and I have counted on it being equal to the ?: operator in C#. Today I discovered an interesting difference.

Consider the following code in C#:

using System;
using Microsoft.VisualStudio.TestTools.UnitTesting;

namespace TernaryCsharp
    public class UnitTest1

        public void TestMethod1()
            Int32? valueToSet = null;
            Int32 valueToSetFrom = 0;
            valueToSet = valueToSetFrom != 0 ? valueToSetFrom : null;

            Assert.AreEqual(null, valueToSet);

and the following code in VB.NET:

Option Strict On
Option Explicit On

Public Class UnitTest1

    Public Sub Test_That_Value_Is_Set_To_Nothing_With_If()
        Dim valueToSet As Integer? = Nothing
        Dim valueToSetFrom As Integer = 0
        valueToSet = If(valueToSetFrom <> 0, valueToSetFrom, Nothing)

        Assert.AreEqual(Nothing, valueToSet)
    End Sub

    Public Sub Test_That_Value_Is_Set_To_Nothing_Directly()
        Dim valueToSet As Integer? = Nothing
        Assert.AreEqual(Nothing, valueToSet)
    End Sub

End Class

The code looks equivalent, right? Is it? I’m afraid not. The intent is to set the variable valueToSet to null/Nothing in both VB and C#. However, this is not what happens. The code in VB compiles fine, but when you run it, the variable valueToSet is set to 0, not null.

In C# the code doesn’t even compile, and reports that there is no implicit conversion between ‘int’ and ‘null’. This is fine. The arguments to ?: need to be convertible to one another. The compiler tells me that I can’t rely on this to work. VB, however, gives the impression that this is going to do what I want, but does quite the opposite…

Whether this is a bug or indeed intended behaviour is left as an exercise to the VB.NET team at MS.

Observe also that the second unit test, which sets the Integer? value to Nothing in VB.NET, behaves exactly as you would expect, and actually sets the value to Nothing.

I rest my case.

Posted in .NET, C#, VB | Leave a comment

TFS2010 – Build including a shelveset

We recently upgraded our TFS server to TFS2010. And there are small bits and bobs that are not 100% equivalent to TFS2008, one of these being that MSBuild 4.0 is used to build the solutions.

MSBuild 4.0 should use the compatibility level specified on the projects when building, however, there are some small gotchas including functions not returning a value on all paths, etc.

However, that is not the topic of this post.

Having performed the changes I expected would make the solutions build on the build server, I would really like to verify that the code would actually build on the build server before checking in. And, voilà. TFS2010 and VS2010 have the solution, right there in the “Queue new build” window:

Queue new build windowSuddenly you can verify that the changes build on the actual build server without checking it in, and fix any potential errors.

This gives developers the opportunity to verify their changes against the checked-in solution, on the build server, running all unit and integration tests, without actually checking in the code.

I like it. A lot.

And, you also have the opportunity of checkin in if the build is successful. Nice.

Posted in TFS | Tagged , | Leave a comment

On Social Media

Rather interestingly, my first real blog entry ever, is about social media and its perticularities (as I see it). I have been a rather light user and adapter of social media since the beginning (depends on when you start counting, of course), starting with Facebook after being convinced by a friend that it was totally hip sometime around easter 2008.

I have been a computer user for many years, and have used BBS-es, Usenet, mail, IRC, etc. However, the new social media apps come in a new category, in my opinion.

Bulletin Board systems, Usenet and IRC are all one-to-many communication channels. The previous two are focused on question-reply-style communication, or discussion of a particular topic. You ask a question, you get an answer, someone dislikes the answer, and comments it, and you have a big discussion going. IRC is focused on live discussion, in some cases just for socialising, in some cases for discussing a problem or a certain issue.

Facebook, Twitter, and “status” features of other networking sites à là LinkedIn , come in a different category, I think. They are not focused on any particular purpose or issue, and even though they are one-to-many communicative, they have no explicit purpose. You don’t twit or update your Facebook status because you seek an answer to a problem. You just tell people what you think, what you’re feeling, or something else. What purpose does this serve? It’s like opening up your window and shouting out into the street “I’m going to work now, ” or “I’m sick and tired of reading for my exam.” Well, OK, but does anyone care?

Personally I haven’t found either Facebook or Twitter to be extremely interesting. I follow a few people on Twitter, I have lots of friends on Facebook (some I really care about and some added just for old time’s sake). But what does this have to offer? I think I really prefer someone calling me on the phone to find out how I am instead of reading it on my Facebook status.

Another question is how you separate your personal and business life. I started out thinking: LinkedIn is for professional use, Facebook for personal use. And I tried keeping the two separate, and never mix what kind of status I wrote on one or the other. For example. I could update my LinkedIn status to “Working on SCM strategies, ” which could be interesting to business partners, colleagues, etc. On my Facebook status I would state that I’m tired after a day at work. But I wouldn’t want my business partners to read this, they don’t care, or maybe I don’t want them to know.

But then things get complicated. I find myself receiving lots of Facebook friend requests from business associates, clients etc. Should I reject them? Would they be bothered if I don’t add them as friends? And the same with Twitter. After Oprah discussed Twitter, a load of my clients and business associates starts following me on Twitter. Do they care if I have been skiing in the weekend (does anyone care, for that matter? And my friends, do they care whether I’m implementing a fancy .NET solution for a client?

So, where does this leave me? Where do I update my personal status? Where do I update my business status? And how about Twitter? Do I mix, do I create separate accounts, or what?

I’m a bit at a loss… maybe I’m just not cut out for socialising online 😉

Posted in Uncategorized | Tagged , , , | Leave a comment