In my last post (Caller Impersonation for WCF Services Hosted Under IIS Appears Broken), I laid out my rationale for why I felt that the security of services impersonating a caller when hosted under IIS was broken. To be responsible, I feel it necessary to follow-up my previous assertion by noting that such a configuration is not a best-practice, ...

There is a security feature of WCF services hosted under IIS that I find poorly implemented. In all honesty, it appears to be broken and non-compliant with its intended purpose. If you’re developing services for use in the intranet environment, then it’s quite reasonable for you to expect that a service can impersonate your Windows identity ...

The following are tips for testing Windows Workflow Foundation instances that contain delay activities (timers) when used in conjunction with a passivation store.  This list of tips is certainly not exhaustive, but I believe that I’ve accumulated enough useful techniques to warrant sharing with others. 1.       ...

I was surprised to receive a ''Property value is not valid'' error dialog when assigning a Ruleset to a Policy activity. There was nothing particularly unusual about this action other than the fact that the workflow itself seems to be pressing the limits of what my poor 1.7 Mhz Centrino Duo CPU with 2-gig of RAM can handle (350+ activities, 1000+ ...

Workflow Foundation (WF) catches the unhandled exceptions of any workflow instance that it’s charged with running. Upon catching the unhandled exception of a workflow instance, WF terminates it and raises a WorkflowTerminated event where it generously includes the exception in the event arguments. At first glance this seemed like a ...