Tag | Security Posts

I’d like to provide you with a SilverBullet™, a small snippet of Silverlight, a class or namespace hidden in the silverlight .NET framework, to help you out in times of need. It’s not to learn, but something to keep in your pocket. Just remember it’s there and you’re safe. Although the Silverlight security model prevents access to the local file system, it is very easy to open and save or import and export files to and from the file system. It is not possible to gain any information about the local ...
I recently heard a presentation from David Chappell talking about how SOA is failing in many organizations. Below is not a summary of what he talked about but my own new thoughts on a subject I am still learning much about while listening to his presentation..... I have to give it to David Chappell. He has a way of bringing together concepts in a very simple and engaging way. At a recent architecture conference ( video http://channel9.msdn.com/po... ...
I was banging my head against the wall over this one for a few days. There was a particular AD security group (over 1000 users) that sharepoint could not resolve. Nothing about it (so I thought) was different than any of the groups that sharepoint could resolve. Same setup, OU and everything. Finally, I realized that the Alias name was not the same as the standard object name which is called the "Pre-Windows 2000" name in Active Directory. In 99% of all the cases, these are the same. For some reason, ...
What is Kerberos Authentication? Kerberos (or Cerberus) was a three-headed dog in Greek Mythology which guarded the gates of Haides (King of underworld God of Death). Kerberos was responsible to prevent ghosts of the dead from leaving the underworld. The Kerberos Protocol was created by MIT as a solution to network security problems like: 1) Insecure unencrypted password over the internet 2) Firewalls, which assumes that the bad guys are outside the network, what about the Bad Guys within the network. ...
The following post is taken from an article that explore the differences, pros, cons and usages scenarios of the Server empowered web architecture of Visual WebGui and on the other side the Client empowered web architecture features by solutions such as Classic AJAX, Flex/Flash, Classic Silverlight, Java Applets. Both server and client empowered solutions can support any kind of UI look & feel using Silverlight or rich AJAX. Client empowered applications support the highest performance in applications ...
If you have not heard there is an updated MS SDL Starter Kit available for download. This kit provides a compilation of baseline developer security training materials on core Microsoft Security Development Lifecycle (SDL) topics. The core Microsoft Security Development Lifecycle (SDL) topics include: Secure design principles Secure implementation principles Secure verification principles SQL injection Cross-site scripting Code analysis Banned application programming interfaces (APIs) Buffer overflows ...
Today the news about Google coming out with its own operating system "Chrome" is all over the Internet and I was wondering can they make an in-road into the OS field which is basically been dominated by Microsoft for decades. And the answer to that is possibly yes, if not as a full fledge OS for desktops and servers but for portable devices. There are 2 things that I hate most about windows OS first it takes forever to boot the OS, since I had SP1 installed on my Vista it takes more than 5 minutes ...
This is an analysis that was written by Peter Brockmann, President of Brockmann & Company, a high tech marketing consulting company which is featured on the company's website. "Faster development of a rich media experience for web applications that are secure in operation has been a particularly elusive goal for many enterprise application developers since the debate about thin client and thick clients a decade ago. Until now. ...Visual WebGui brings the ultimate simplicity to the .NET development ...
The source code can be downloaded: Download Source Code In Windows CE: Creating a Control Panel Applet, I wrote about creating a Control Panel Applet that displays OEM versions including the OEM Build Number, Bootloader Version and a CPLD version. In this article, I will discuss the code that makes that Applet run. It might be good to first discuss a little about Control Panel applets and what make them unique. The following are some facts about Control Panel Applets: · Control Panel Applets are ...
Usually as a developer I am logged with a user with more rights than a usual user. Even if I am not using the Admin account often I have to create one or more user with associated groups to simulate my target environment and log with those user and test my application. This is time consuming for me and i want to be sure I can retest those cases as often and as fast as I want. The idea may seem strange as those tests looks more like integration tests, but i don't want to deploy my application, test ...
/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans... mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-... ...
I’m building out a Windows SharePoint Services 3.0 (SharePoint 2007) site for my client. The site uses two different methods of authentication, one for intranet users and one for extranet users. The intranet users will be logging onto their workstations using their corporate domain based username and password. We have one Url in SharePoint for these users, which is set to the out of the box Windows authentication. When the user goes to this Url, IE6 is set to send the credentials to the site, so ...
Using the SDL? if not, you should be considering it… Having blurred the line between development and Test Engineering at our organization, I am finding out how little our development team(s) knows about secure development practices. Not a good thing. Recently, Microsoft released the SDL process template for VSTS and I think it’s going to help. So, if you have not seen this it is a nice start at helping ensure secure development practices are used by your team. Hmmm, amazing what a little process, ...
Many organizations are faced with the threat of data theft, from which legal battles, hefty fines and negative publicity can arise. Interestingly enough stealing data is not always that difficult. In this post we will review certain aspects of data masking, a technique used to disguise personable and sensitive information. Data masking encompasses two key areas: in-flight and at-rest. In-flight data masking is different than encryption; the goal of this technique is to temporarily transform data ...
With ASP.Net MVC, you can easily use AuthorizeAttribute to control access to controllers and actions. I found it limiting within the context of Windows Authentication. First, I wanted to configure the roles outside of an attibute. Properties of AuthorizeAttribute, as with all attributes, must be set a design-time, such as [Authorize(Roles = “MyCompany\AppAdmin”)]. I want to break that out to configuration so I can have [Authorize(Roles = “Editor”)] and configure the Editor role like this EditorRole=”MyCompany\AppAd... ...
I have had the good fortune to test both the Palm Pre and Apple iPhone 3Gs. In my day job I am an architect with responsibilities over messaging and mobility – hence I get to try a lot of new devices in order to evaluate their applicability for our enterprise users. One thing I have come to regard as a universal truth is that ranking mobile devices is almost a waste of time. They are so subjective depending on the personal habits and preferences of the person using them. There are some things that ...
I decided to write this simple demo because this issue has been asked many times at the forums. Hidden columns are fields in GridView that you don’t want to expose or show in the page, usually this field is the primary key of the data. Since a primary is a confidential data then you might want to hide it to the users. Most people usually use BoundField columns for displaying the data and just hide the field that contains the primary key. In this example, I will demonstrate two ways on how to access ...
Why take the exam when you’ve been using dot net for a billion years? There are a few reasons and the most important is being revealed to me as I’m studying… Reason 1:Growth (Getting out of the comfort zone) The day to day tasks of a professional programmer are equivalent to lounging on the couch with the clicker instead of hitting the gym: build this report, change this form, fix this bug, and if your building a greenfield application, the challenging bits of the application are usually only about ...
In this Issue: Ian T. Lackey, and Al Pascual. Shoutouts: Don't forget it is Time to rate the Silverlight games on the Mashooo S Prize From SilverlightCream.com: DotNetNuke Silverlight Chat v2 – Gravatar Support Ian T. Lackey approaches adding Gravatar support to a Silverlight application with a perspective of if it's not there, make it so... read his code and comments. IIS Security Settings for Silverlight 2.0 Al Pascual walks us through some of the problems we might encounter with Silverlight accessing ...
Over the next couple of months, Donald Donais will be giving three different FREE presentations on Windows 7. These sessions will deal with some of the main changes with Windows 7. The first seminar on July 2nd will concentrate primarily on getting to know what is different about Windows 7. What makes this client operating system different than Windows XP? This seminar titled “Welcome to Windows 7” will touch base on: New user interface Aero System Improvements: Problem Step Recorder, Boot from VHD, ...
Virtual Private Database Virtual Private Database (VPD), a feature of Oracle Database 11g Enterprise Edition, was introduced in Oracle8i and is one of the most popular security features in the database. VPD is used when the standard object privileges and associated database roles are insufficient to meet application security requirements. VPD policies can be simple or complex depending on your security requirements. VPD can be used in combination with the "application context" feature to enforce ...
This post is just to show some of the screenshots of the EMR software that we developed and deployed in the past few weeks in our clinic. Some of the features include: - Patient Registration - Return visit entry and scheduling - Entry for Patient history, Vital signs, ART History, Online Prescriptions, Online lab orders, Counseling, Workflow - Role base security with windows based authentication - Office 2007 Themes (Don’t know whether to call this a feature) Thanks to Component Factory The lab requisitions ...
I’ve had a lot of folks ask me about Geneva lately. This post provides a quick summary of the different places I’ve looked to find out more about The Geneva Framework and Microsoft’s story for a building claims-based WCF services. Please let me know if you have more suggestions for good content on the topic. I’m a big fan of Michele Bustamante’s writing style, so you notice there are a couple articles here from her. You can always check her out at http://www.dasblonde.net/ Here’s a quick summary ...
You just finished that BSP, developed all required drivers and low-level code, configured hive-based registry, defined your device's memory layout... and now it's time to develop your application to leverage all that low-level/OS code and provide great services to your device's end users. You may want to use visual languages like C# or VB.Net to develop it, using the power and ease of usage of the .NET Compact Framework or, you want (or need) to use C and C++ but you want to use advanced libraries ...
I’d like to provide you with a SilverBullet™, a small snippet of Silverlight, a class or namespace hidden in the silverlight .NET framework, to help you out in times of need. It’s not to learn, but something to keep in your pocket. Just remember it’s there and you’re safe. This first SilverBullet™ I would like to give you is the Environment class. It’s in the System namespace and provides information about the environment your application is running in. Use it to get information about the system, ...
[Source: http://geekswithblogs.net/E... Often in BizTalk deployments you need to do additional work after installation. Typically your full install process may need to: Install BizTalk artifact assemblies to the GAC Install application dependencies to the GAC Register an application source name in the registry, for logging to the Event Log Create FILE send or receive locations on the local filesystem Add application store configuration settings to Enterprise Single Sign-On (SSO) Add log4net ...
I started having a think about how you could make BizTalk Server 2009 RESTful as I had been asked to give it some thought. Whilst thinking about it and wondering how I could let any subscription know the message it was subscribing to was supposed to be GET, DELETE, PUT or whatever I started creating some basic plumbing to give me something to test. To this end I started taking a look at the new WCF SQL Adapter in the BizTalk Adapter Pack 2.0. This new adapter is built using the WCF LOB Adapter SDK ...
In the past, after backing up my SQL database and DNN site, I'd hold my breath when I upgraded my sites hoping and praying that all will be well after the upgrade. Today, I did the same when I upgraded to version 04.09.04. Low and behold, all did go well with the upgrade and the site came back up after the upgrade. Here's what the upgrade has to offer: What's New in 04.09.04 Major Highlights Fixed a major module caching issue which resulted in empty content for webcrawlers Improved performance of ...
Authentication and authorization plays a key role in the web world. Going distributed makes information sharing healthier. But only if it's allowed for the know contact it will be healthy. We can very well see this in the existing web world. We have the memberships and roles for ASP.Net web applications. In addition we also have forms authentication and NTLM authentication. Going smart client is always best. But considering security it has to be more secure since smart clients attract all the people ...
Recently I was having trouble with the following code: SPWebApplication webApp = site.WebApplication; webApp.FormDigestSettings.E... = true; site.WorkflowManager.StartW... docList.ContainingDocumentL... docFile.UniqueId), foundWorkflow, foundWorkflow.AssociationData, true); //Turn security validation back on. webApp.FormDigestSettings.E... = false; More to the point, I got the following exception on the line webApp.FormDigestSettings.E... = true; [5/18/2009--4:05 ...
Reflections on techEd 2009 - Los Angeles This was the first techEd I have ever attended. I heard some complainants about various events not being on the agenda this year, but I was impressed. All of the sessions that I attended were good with one exception that will remain nameless. I was impressed by Dan Holme's session on admin tools. Some of the tools that were demonstrated were written/constructed by Dan for the Bejing Olympic games. I was very impressed. I have already started using the tools ...
I’m speaking again at DevTeach this year in June in Vancouver. Here is a comprensive list of things going on. Party with Vancouver IT community Monday June 8th URL: http://party.cuga.ca/Home.aspx Vancouver IT community is hosting Monday june 8th in Vancouver a DevTeach kick off party. This is the official social event for DevTeach Vancouver. The event is not just for the attendees of DevTeach Vancouver it’s a free event for everyone. It’s a unique chance for the attendees, speakers and locals to ...
[Source: http://geekswithblogs.net/E... If you have a solution with secure HTTPS endpoints but no suitable certificate for development and test environments, you can self-certify using a combination of IIS 6 Resource Kit tools, and manual steps. Chris Adams gives a good overview in this post, but there are a couple of additional things to consider in a distributed environment, which I'll cover in this walkthrough. The walkthrough is based on the following infrastructure: - where XYZ-FRONTEND ...
WM 6.5 News from TechEd 2009 Video - http://vimeo.com/4636547 14mins - Widgets will be available only through Marketplace. This is due to inherent security risks of hosting HTML. [Would be less of an issue if it was Silverlight :) ] 41mins - Student's DreamSpark access to Mobile Marketplace mentioned, more details to come soon. Also though out the video the MVPs mentioned improved controls that pick up the UI style and Touch behaviours from the OS. Can't wait to see more of those in detail when the ...
I have seen an interesting issue surface recently, one that many other corporations are probably facing: the dividing forces of security and auditing. It could be argued that auditing practices should strengthen security, however this may depend on the situation. Let's take database access control as an example. In a typical two-tier application, connections established to a database server are performed using a shared account. Usually, shared accounts are considered less secured than network accounts ...
[Source: http://geekswithblogs.net/E... This was the title I settled on for the interactive session at Microsoft's Architect Insight Conference yesterday. We had a good turnout and some interesting discussions – thanks again to everyone who came along. The purpose of the session was to think about ESBs in terms of the value they provide to IT and to the business. The slide decks will be published on the AIC site, and this post adds some of the discussion points. Broadly we covered three ...
Other day I was playing with BizTalk 2009 UDDI feature. With no real background in this area, I was bound hit issues. One of the annoying ones that I came across was to do with simply trying to publish my service. After standard installation and configuration, I browsed http://localhost/uddi/ on my machine with all excitement to publish my very first service. As soon as I selected Publish option (see below) web request failed with an error “Internet explorer cannot display the web page”. I noticed ...
I recently worked on a project where I had to develop a web service to perform single sign on (SSO) with the Salesforce.com platform. The motivation behind this was that the customer wished to ensure that their security mechanism was enforced. In a fairly typical scenario the user would sign on to the customer system and click a link that took them to Salesforce.com which would recognise the username as an SSO user and redirect to a customer web service for authentication. As the customer made heavy ...
Do you care about security? You should and you should also stay updated on security issues with the platform that you have your site on. That's why you need to come to the Security Bulletins Policy section on the DotNetNuke site to stay current on any potential threats. Here's what they go through and evaluate issues: Severity Levels Each confirmed issue is first assigned a severity level (Critical, Moderate, or Low) corresponding to its potential impact on the security of DotNetNuke installations. ...
I was integrating a JQuery plugin for file uploads, uploadify, in my app when I saw a very strange behavior. The plugin reported an error transmitting the file to the server and debugging the controller code I noticed the target action wasn’t being called at all. Debugging the client code I found out that the server was redirecting the upload to the login page. The Controller was marked with the AuthorizeAttribute but the user was already authenticated. After a google search I found this article ...
I recently upgraded my office workstation to Windows 7 RC from Vista SP1. Everything in the upgrade went smoothly, until I after installed the IIS 7 server components and tested my sites on my local IIS server. When loading any asp.net site, I received the following error: Request for the permission of type 'System.Web.AspNetHostingPe... System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934... failed. I configured my usual permissions for the temp folders, .NET Temp folders, ...
Last year Microsoft pre-released SP2 for Windows Vista and Windows Server 2008 as build 6002.16497 under KB948465. One of the most annoying features of using this build is that it would apply an evaluation watermark to the bottom right hand corner of each of your desktops (if you have 2+ monitors it will appear on both screens). Honestly, for months I thought the watermark meant my license was detected as a evaluation license but I know I am using an OEM license. Afterwards I found some guides to ...
Velocity - Installation Phase Today I have proceeded with the installation of the MS Velocity CTP3. I would like to mention that first one needs to verify one's system for prerequisites. Basically the most up to date components as a Service Pack of the Windows OS and the latest .Net Framework are needed, also PowerShell 1.0 is a required component because the administration can be later done using PowerShell applets. I also recommend reading the velocity_help.chm file that can be downloaded separately. ...
The second edition of the Microsoft Belux (Belgium and Luxembourg) Architecture newsletter is out and refers to this article on Azure architecture. See : http://www.microsoft.com/be... Interested in Microsoft Architecture ? See the blog Architects Rule by Philippe Destoop, Enterprise Architect for Microsoft Belgium and Luxembourg. The Azure Services Platform is an infrastructure managed by Microsoft in their datacenters that enterprises and ISV’s ...
[Update 29/04/2009: I recommend you also take a look at the supersite Windows 7 RC Review and Windows XP Mode for Windows 7 which allows Windows XP applications to run unchanged] I apologise. I’m sorry. I sympathise. I do, really. I completely understand that: Discovering an application is broken that previously used to work great is simply not fun and Fixing the application to work again is also simply not fun Especially if you didn’t originally write the application or if you did, it was many years ...
Dave Allen works in Microsoft UK helping partners build solutions which take advantage of the latest technologies from Microsoft. He also happens to be a mate, a jolly nice chap and is leading our efforts in the UK to help partners get their applications working on Windows 7. I sat down with him on Thursday of last week (23rd April) and quizzed him on the thorny subject of compatibility. Check out this companion post I did on resources for getting ready for Windows 7. When did you first start looking ...
Enterprise Search Training Videos 14 Training Videos on Enterprise Search: Module 1: Workshop Overview Module 2: Enterprise Search Overview Module 3: SharePoint Search 2007 Walkthrough Module 4: Search Architecture and Deployment Scenarios Module 5: Crawl and Query Processes Module 6: Relevance Ranking Module 7: Customizing the End-User Experience Module 8: Developing Search Solutions Module 9: Business Data Catalog Search Module 10: Extensibility and Integration for Search Module 11: Search Administration ...
Introduction For my entry in the WinPHP Challenge I need to use some .Net assemblies I wrote a while ago. It wasn’t clear to me how this can be done. Here’s an example on how to do this. In short: First we create an assembly in visual studio, than we sign it, add it to the Global Assembly Cache or GAC and access it using PHP from there. Details Inside visual studio, create a new project. For the purpose of explanation I named the project DotNetTest. Add the following method to the newly created Class1 ...
In this Issue: Ashish Shetty, Al Pascual, Fredrik Normén, Stephen P. Anderson, András Velvárt, Colin Eberhardt, Mike Taulty, and Jose Fajardo Shoutouts: Mario Meir-Huber wrote me that he has updated his Silverlight Photo Album on CodePlex to now have 3 different album controls! Sorry I didn't blog this sooner. Ben Waggoner has a nice post up on the NAB release: NAB Day 1: Smooth Streaming released, Partners, 1080p in SL3, new VC-1 Jonas Follesø is on .NET Rocks! Listen to him discuss Silverlight, ...
Register Now: $299 rate through May 8, 2009 Students attend for only $50. (Must be enrolled full time and present valid ID) Check with UMSA member and affiliate organizations for a discount code! Conference DVD Special Offer: Register by April 30 and you can purchase the 2009 conference DVD with PPTs /audio presentations for just $69. (Regularly $129; a 45% discount!) Order DVDs at the conference. See Pre-Conference events for additional professional development opportunities Keynotes: Howard Schmidt ...