Merge pull request #18 from NileshGhodekar/master

v2.16.0710.0

ChangeLog.md

@@ -8,6 +8,20 @@ All notable changes to MIMWAL project will be documented in this file. The "Unre
 
 ------------
 
+### Version 2.16.0710.0
+
+#### Changed
+
+*  RunPowerShellScript User for can now be specified in the UPN format. The Domain\UserName or UPN format is also only required if "Impersonate PowerShell User" option is selected.
+*  Iteration in CreateResource, DeleteResource and UpdateResources activities now re-evaluates not only `[//Value]` expressions but also `[//WorkflowData]` expressions.
+
+#### Added
+
+* `FormatMultivaluedString` function now supports more than one list of strings as input to format.
+* `ConvertToUniqueIdentifier` now supports a Guid in byte[] format as input.
+
+------------
+
 ### Version 2.16.0320.0
 
 #### Changed

src/Scripts/EncryptData.ps1

@@ -1,16 +1,23 @@
 <#
     This script demonstrates how the credentials can be encrypted for the RunAs user in the RunPowerShellScript Activity.
 
-    If the password is encrypted using certificate based encryption, please make sure that you deploy that certificate on the the FIMService nodes. It can be an auto-genenrated cert.
+    If the password is encrypted using certificate based encryption (recommended due to ease of deployment), please make sure that you deploy that certificate on the the FIMService nodes. It can be an auto-genenrated cert.
     If the password is encrypted using DPAPI, ensure that you export and import the RSA machine keys. Follow the steps documented for web farm scenario mentioned in the article
     at http://msdn.microsoft.com/en-us/library/ms998283.aspx (How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA), but for the FIM Service account.
+
+	NOTE: Edit the Version and PublicKeyToken of the WAL AssemblyName to match the one that you have deployed in GAC.
+	Also edit the $encryptionCertThumbprint of cert to be used for certificate based encryption.
 #>
 
 $Error.Clear()
 
+$walAssemblyVersion = "2.16.0710.0"
+$walAssemblyPublicKeyToken = "31bf3856ad364e35"
+$encryptionCertThumbprint = "9C697919FB2FB2D6324ADE42D5F8CB49E8778C08" # cert to be used for encryption (from the cert:\localmachine\my\ store).
+
 Add-Type -AssemblyName "System.Security"
 # use the full name for WAL assembly to eliminate need to assembly redirects for dependent assemblies.
-Add-Type -AssemblyName "MicrosoftServices.IdentityManagement.WorkflowActivityLibrary, Version=2.16.305.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
+Add-Type -AssemblyName "MicrosoftServices.IdentityManagement.WorkflowActivityLibrary, Version=$walAssemblyVersion, Culture=neutral, PublicKeyToken=$walAssemblyPublicKeyToken"
 
 if ($Error)
 {
@@ -20,18 +27,17 @@ if ($Error)
 
 function TestCertificateBasedEncryptionDecryption
 {
-    $thumbprint = "9C697919FB2FB2D6324ADE42D5F8CB49E8778C08" # cert to be used for encryption.
 	$outFile = Join-Path -Path $PWD -ChildPath "cert-p.txt"
 
-    $base64EncodedPublicKeyXml = [MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.Common.ProtectedData]::GetCertificatePublicKeyXml($thumbprint, "My", "LocalMachine")
+    $base64EncodedPublicKeyXml = [MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.Common.ProtectedData]::GetCertificatePublicKeyXml($encryptionCertThumbprint, "My", "LocalMachine")
 
     $secretToEncrypt = "Pass@word1"
 
     $secret = ConvertTo-SecureString -AsPlainText $secretToEncrypt -Force
 
     $encryptedData = [MicrosoftServices.IdentityManagement.WorkflowActivityLibrary.Common.ProtectedData]::EncryptData($secret, $base64EncodedPublicKeyXml)
 
-    $encryptedDataConfig = "cert:\localmachine\my\$thumbprint,$encryptedData"
+    $encryptedDataConfig = "cert:\localmachine\my\$encryptionCertThumbprint,$encryptedData"
 
     $encryptedDataConfig | Out-File $outFile
 
@@ -41,12 +47,12 @@ function TestCertificateBasedEncryptionDecryption
 
     if ($plainText -eq $secretToEncrypt)
     {
-        Write-Host "`nEncryption and Decryption test using certificate '$thumbprint' succeeded!`n"
+        Write-Host "`nEncryption and Decryption test using certificate '$encryptionCertThumbprint' succeeded!`n"
         Write-Host "`nThe password config is saved in '$outFile'`n"
     }
     else
     {
-        Write-Error "`nEncryption and Decryption test using certificate '$thumbprint' failed!`n"
+        Write-Error "`nEncryption and Decryption test using certificate '$encryptionCertThumbprint' failed!`n"
     }
 }
 

src/Scripts/Register.ps1

@@ -85,6 +85,10 @@ function RegisterAssembly
             throw ("Error Registering assembly to skip strong name verification: '$assemblyName' " )
         }
     }
+	elseif ($executionStatus -eq "")
+	{
+		Write-Warning "Execution status of gacutil.exe was not confirmed. Make sure that you have correct version of the gacutil tool."
+	}
  }
 
 function RegisterActivity
@@ -428,4 +432,4 @@ net start FIMService
 
 iisreset
 
-Write-Host -ForegroundColor green "Review script console output for any errors. Once the deployment is successful on all the servers, update the assembly version in MIMWAL XOMLs by executing UpdateWorkflowXoml.ps1 script."
+Write-Host -ForegroundColor green "Review script console output for any errors. Once the deployment is successful on *ALL* the servers, update the assembly version in MIMWAL XOMLs by executing UpdateWorkflowXoml.ps1 script."

src/Scripts/Sign.cmd

@@ -7,7 +7,7 @@ set walUIAssembly="%~dp0\MicrosoftServices.IdentityManagement.WorkflowActivityLi
 set snkFile="%~dp0..\WAL.snk"
 set snExe="%~dp0sn.exe"
 
-if not exist %walAssembly% echo ERROR: File '%walAssembly%' Not Found. You need to compile WAL solution first! & (goto exit_error)
+if not exist %walAssembly% echo ERROR: File '%walAssembly%' Not Found. You need to compile WAL solution first! Make sure you use REBUILD Solution menu. & (goto exit_error)
 if not exist %walUIAssembly% echo ERROR: File '%walUIAssembly%' Not Found. You need to compile WAL solution first! & (goto exit_error)
 if not exist %snkFile% echo ERROR: File '%snkFile%' Not Found. You need to specify correct path to your strong name file! & (goto exit_error)
 

src/VersionInfo.cs

@@ -22,7 +22,7 @@ internal static class VersionInfo
         ///      Build Number (MMDD)
         ///      Revision (if any on the same day)
         /// </summary>
-        internal const string Version = "2.16.0320.0";
+        internal const string Version = "2.16.0710.0";
 
         /// <summary>
         /// File Version information for the assembly consists of the following four values:
@@ -31,6 +31,6 @@ internal static class VersionInfo
         ///      Build Number (MMDD)
         ///      Revision (if any on the same day)
         /// </summary>
-        internal const string FileVersion = "2.16.0320.0";
+        internal const string FileVersion = "2.16.0710.0";
     }
 }

src/WorkflowActivityLibrary.UI/ActivitySettings.resx

@@ -658,7 +658,7 @@
     <value>PowerShell Script User</value>
   </data>
   <data name="PowerShellUserHelpText" xml:space="preserve">
-    <value>Specify the user in the format domain\userName to be used to construct PowerShell Credential object.</value>
+    <value>Specify the user to be used to construct PowerShell Credential object. When impersonating, the user name must be in the domain\userName or UPN format.</value>
   </data>
   <data name="PowerShellUserPassword" xml:space="preserve">
     <value>PowerShell Script User Password</value>
@@ -670,7 +670,7 @@
     <value>Specify UserName and Password of the impersonated user.</value>
   </data>
   <data name="PowerShellUserFormatValidationError" xml:space="preserve">
-    <value>Specify the PowerShell user in the format domain\userName.</value>
+    <value>The PowerShell user must be specified in the domain\userName or UPN format when Impersonate PowerShell User option is selected.</value>
   </data>
   <data name="RequestActorValidationError" xml:space="preserve">
     <value>Authorization Policy cannot be applied when Request Actor is Service Account</value>
@@ -807,4 +807,7 @@
   <data name="ResolveDynamicGrammarHelpText" xml:space="preserve">
     <value>The activity can be configured to resolve / evaluate lookups and expressions in the values returned by the expressions in update definitions. Example: The string returned by [//Queries/EmailTemplate/EmailBody] will be parsed and all lookups will be resolved.</value>
   </data>
+  <data name="PowerShellUserPasswordValidationError" xml:space="preserve">
+    <value>Specify the PowerShell user password.</value>
+  </data>
 </root>

src/WorkflowActivityLibrary.UI/Forms/RunPowerShellScriptForm.cs

@@ -554,15 +554,18 @@ public override bool ValidateInputs()
 
                 if (!string.IsNullOrEmpty(this.powerShellUser.Value))
                 {
-                    if (!this.powerShellUser.Value.Contains(@"\"))
+                    if (this.impersonatePowerShellUser.Value)
                     {
-                        this.controller.ValidationError = ActivitySettings.PowerShellUserFormatValidationError;
-                        return false;
+                        if (!this.powerShellUser.Value.Contains(@"\") && !this.powerShellUser.Value.Contains("@"))
+                        {
+                            this.controller.ValidationError = ActivitySettings.PowerShellUserFormatValidationError;
+                            return false;
+                        }
                     }
 
                     if (string.IsNullOrEmpty(this.powerShellUserPassword.Value))
                     {
-                        this.controller.ValidationError = ActivitySettings.PowerShellImpersonationSettingsValidationError;
+                        this.controller.ValidationError = ActivitySettings.PowerShellUserPasswordValidationError;
                         return false;
                     }
 

src/WorkflowActivityLibrary/Activities/CreateResource.cs

@@ -703,9 +703,9 @@ private void PrepareIteration_ExecuteCode(object sender, EventArgs e)
                         }
                     }
 
-                    // Pull any [//Value] expressions from the expression evaluator's lookup cache for
+                    // Pull any [//Value] or [//WorkflowData] expressions from the expression evaluator's lookup cache for
                     // resolution during iteration
-                    foreach (string key in from key in this.ActivityExpressionEvaluator.LookupCache.Keys let lookup = new LookupEvaluator(key) where lookup.Parameter == LookupParameter.Value select key)
+                    foreach (string key in from key in this.ActivityExpressionEvaluator.LookupCache.Keys let lookup = new LookupEvaluator(key) where lookup.Parameter == LookupParameter.Value || lookup.Parameter == LookupParameter.WorkflowData select key)
                     {
                         this.ValueExpressions.Add(key, null);
                     }

src/WorkflowActivityLibrary/Activities/DeleteResources.cs

@@ -456,9 +456,9 @@ private void PrepareIteration_ExecuteCode(object sender, EventArgs e)
                         }
                     }
 
-                    // Pull any [//Value] expressions from the expression evaluator's lookup cache for
+                    // Pull any [//Value] or [//WorkflowData] expressions from the expression evaluator's lookup cache for
                     // resolution during iteration
-                    foreach (string key in from key in this.ActivityExpressionEvaluator.LookupCache.Keys let lookup = new LookupEvaluator(key) where lookup.Parameter == LookupParameter.Value select key)
+                    foreach (string key in from key in this.ActivityExpressionEvaluator.LookupCache.Keys let lookup = new LookupEvaluator(key) where lookup.Parameter == LookupParameter.Value || lookup.Parameter == LookupParameter.WorkflowData select key)
                     {
                         this.ValueExpressions.Add(key, null);
                     }

src/WorkflowActivityLibrary/Activities/RunPowerShellScript.cs

@@ -988,10 +988,13 @@ private PSCredential GetPowerShellCredential()
                 return null;
             }
 
-            string[] userParts = this.PowerShellUser.Split(new string[] { @"\" }, StringSplitOptions.RemoveEmptyEntries);
-            if (userParts.Length != 2)
+            if (this.ImpersonatePowerShellUser)
             {
-                throw Logger.Instance.ReportError(EventIdentifier.RunPowerShellScriptRunScriptExecutionFailedError, new WorkflowActivityLibraryException(Messages.RunPowerShellActivity_InvalidUserFormat, this.PowerShellUser));
+                string[] userParts = this.PowerShellUser.Split(new string[] { @"\" }, StringSplitOptions.RemoveEmptyEntries);
+                if (userParts.Length != 2 && !this.PowerShellUser.Contains("@"))
+                {
+                    throw Logger.Instance.ReportError(EventIdentifier.RunPowerShellScriptRunScriptExecutionFailedError, new WorkflowActivityLibraryException(Messages.RunPowerShellActivity_InvalidUserFormat, this.PowerShellUser));
+                }
             }
 
             SecureString password = ProtectedData.DecryptData(this.PowerShellUserPassword);

src/WorkflowActivityLibrary/Activities/UpdateResources.cs

@@ -552,9 +552,9 @@ private void PrepareIteration_ExecuteCode(object sender, EventArgs e)
                         }
                     }
 
-                    // Pull any [//Value] expressions from the expression evaluator's lookup cache for
+                    // Pull any [//Value] or [//WorkflowData] expressions from the expression evaluator's lookup cache for
                     // resolution during iteration
-                    foreach (string key in from key in this.ActivityExpressionEvaluator.LookupCache.Keys let lookup = new LookupEvaluator(key) where lookup.Parameter == LookupParameter.Value select key)
+                    foreach (string key in from key in this.ActivityExpressionEvaluator.LookupCache.Keys let lookup = new LookupEvaluator(key) where lookup.Parameter == LookupParameter.Value || lookup.Parameter == LookupParameter.WorkflowData select key)
                     {
                         this.ValueExpressions.Add(key, null);
                     }