Tag | Security Posts

When Windows 2003 came out, Microsoft introduced the ability to broadcast messages to any machines that were listening back. All you had to do was send out a message on a particular port and IP address and any client that had set up a Multicast queue with matching port and IP address would get a copy. Since its introduction, there have been a couple of security vulnerabilities that needed to be removed: Microsoft Security Bulletin MS06-052 Vulnerability in Pragmatic General Multicast (PGM) Could ...
This one is a quick post , but I thought I would post this information as I could not find anything that helped me on this specific scenario. Please read the entire article before taking action as there are some irreversable or very troublesome routes I caution about! Problem: I had a client trying to retract a WSP from Central Admin and would eventually go to an, 'Error' State. I could not retract it and after looking at event logs I figured it was a problem with security. I tried several accounts, ...
First of all, I haven’t been updating this blog as regularly as it used to be. Primarily, due to the fact that, I was visiting a lot of cities talking about SharePoint, Web Matrix, IE9 and few other stuff. IE9 is my new found love and I simply think we have done great work in improving the browser and browsing experiences for our users. This post would talk about IE, general things happening around the web and few misconceptions around IE (I had earlier written about IE8 and common myths ) When you ...
I have been specifically requested to blog about getting an ASP.NET 4.0 site working on a Windows 2008 server that has never run a 4.0 web site before. Make sure the 4.0 framework is installed on the server! Patch it will ALL the security patches have been applied. ((for a live server, make sure that you tested the patches on your development server first) You will find the HTTP Log status codes at http://support.microsoft.co... - they are very important in understandign the IIS logs) After ...

Next Tuesday should have one or more IE security patches - see the article at http://www.theregister.co.uk/2011/01/03/ie_0day_leaked/ for details.

Patch your PCs, patch your development server, UAT servers and when satified about the patches, patch your Production servers.

This is known issue with SharePoint 2007 or SharePoint 2010 on Windows Server 2008 platform and not specific to any sharepoint application. Problem: Your windows credential doesn’t work if you try to log in to the web application (http://contosto.company.com) on the server itself although you can access the same site from outside, when you create a SharePoint web application with a host header (contosto.company.com) on SharePoint Server (Server Name: contosto) which is installed on Windows Server ...
We have been using LogicNP’s CryptoLicensing for some of our software and I was battling to understand how exactly the whole process worked. I was sent the following document which really helped explain it – so if you ever use the same tool it is well worth a read. Licensing Basics LogicNP CryptoLicensing For .Net is the most advanced and state-of-the art licensing and copy protection system you can use for your software. LogicNP CryptoLicensing System uses the latest cryptographic technology to ...
Check out the Top Five most popular news at SilverlightShow for Dec 27-Jan 2, 2011. The most visited news for last week is Mahesh Sabnis's post on how to use Prism in Silverlight 4. Among the top 5 news is also the announcement for SilverlightShow December Newsletter that you can now read online. Here is SilverlightShow's weekly top 5: Using Prism with Silverlight 4 "What's new in Silverlight 4 demo" app Cinch - A Rich Full Featured WPF/SL MVVM Framework SilverlightShow December Newsletter Now Online ...
Goal Upgrade your MVC 1 app to MVC 2 Issues You may get errors about your Json data being returned via a GET request violating security principles - we also address this here. This post is not intended to delve into why the Json GET request is or may be an issue, just how to resolve it as part of upgrading from MVC1 to 2. Solution First remove all references from your projects to the MVC 1 dll and replace it with the MVC 2 dll. Now update your web.config file in your web app root folder by simply ...
Top executives of most smaller organizations want their companies to be different from the larger corporations. They want their organizations smaller in size; but bigger in productivity by eliminating red tapes and corporate bureaucracy. When the company is smaller, people often work like firefighters – taking on new business and technology challenges without thinking about any procedures and guidelines. People also tend to wear many hats to accomplish tasks quickly in order to integrate new businesses. ...
I recently ran into an odd and annoying error when working with the DataContractSerializer class for a WP7 project. I thought I’d share it to save others who might encounter it the same annoyance I had. So I had an instance of ObservableCollection<T> that I was trying to serialize (with T being a class I wrote for the project) and whenever it would hit the code to save it, it would give me: The data contract type 'ProjectName.MyMagicItemsCl... is not serializable because it is not public. ...
In this all-submittal Issue: Michael Washington(-2-), Ian T. Lackey(-2-, -3-), Sandrino Di Mattia, Colin Eberhardt(-2-), and Antoni Dol. Above the Fold: Silverlight: "A Style for the Silverlight CoverFlow Control Slider" Antoni Dol WP7: "Getting the right behaviors in your Phone 7 App – Part 1 Phone Home" (and the other two parts) Ian T. Lackey Silverlight/WPF: "A Simplified Grid Markup for Silverlight and WPF" Colin Eberhardt Shoutouts: Dennis Doomen has updated his Coding Guidelines and provided ...
Microsoft have made available a security development starter kit at http://www.microsoft.com/se... Actual Download is at http://www.microsoft.com/do... The kit is free and covers a variety of security concerns for ASP.NET developers ...
We are currently in the process of upgrading one of our applications to .Net 4.0. Aside from us geeks wanting to always use latest and greatest technologies, an immediate business need for Silverlight 4.0 features justified our upgrade endeavor. The following is a summary of some issues we ran into with our web project: For security purposes, the IIS 7 .Net 4.0 ISAPI filter is disabled. “Allow” it from the ISAPI and CGI Restrictions screen as shown: Figure 1 - Allowing ASP.Net 4.0 ISAPI Filter By ...
I have been in the market for a new computer for several months. I set out with a budget of around $1200. I knew up front that the machine would be used for developing applications and maybe some light gaming. I kept switching between buying a laptop or a desktop but the laptop won because: With a Laptop, I can carry it everywhere and with a desktop I can’t. I searched for about 2 weeks and narrowed it down to a list of must-have’s : i7 Processor (I wasn’t going to settle for an i5 or AMD. I wanted ...
With the new release of the Windows Azure platform there are a lot of new features available. In my previous post I introduced a little bit about one of them, the remote desktop access to azure virtual machine. Now I would like to talk about another cool stuff – Windows Azure Connect. What’s Windows Azure Connect I would like to quote the definition of the Windows Azure Connect in MSDN With Windows Azure Connect, you can use a simple user interface to configure IP-sec protected connections between ...
When you create a Publishing site that has anonymous access enabled, you will notice that anonymous users will not be able to access pages that reside in the “_layouts” virtual directory (e.g. http://siteX/_layouts/viewl... This is because the publishing infrastructure activates a hidden feature that prevents anonymous users from accessing these types of pages. However, if you were to create a site collection based of Blank Site Template, you would notice that these pages are accessible by ...
Problem I am trying to understand how SQL Server communicates on the network, because I'm having to tell my networking team what ports to open up on the firewall for an edge web server to communicate back to the SQL Server on the inside. What do I need to know? Solution In order to understand what needs to be opened where, let's first talk briefly about the two main protocols that are in common use today: TCP - Transmission Control Protocol UDP - User Datagram Protocol Both are part of the TCP/IP ...
I was having a hell of a time tonight with my IIS on my development laptop. I don’t remember doing anything to change the IIS settings. I don’t use IIS that much on my dev machine. Usually Cassini is enough for testing my development efforts but tonight I needed to replicate a problem that seems to stem from x86 v x64 mismatch, so I went to create an IIS site pointed to my dev folder. When I did, I got a “503.1 Service Unavailable Error”. First thing I did is go over all my setting to make sure I ...
SharePoint Installation in Windows 7 or Vista is not same as Windows Server 2008. You might have difficulties if you do not follow the proper steps. Here i have been tried to explain how to install SharePoint 2010 on Windows 7 or Vista and configure it. Assume, Installed OS Windows 7 x64 (as you may already know SP only support 64-bit OS) and Windows update Install SQL Server 2008 Install SharePoint 2010 You can install SharePoint using the following steps A. Install software prerequisites 1. Install ...
Silverlight 5 is coming next year (2011) and this blog post will tell you what you need to know before the beta ships. First, let me address people saying that it is dead after PDC 2010. I believe that it’s best to see what the market is doing, not the vendor. Below is a list of companies that are developing Silverlight 4 applications shown during the Silverlight Firestarter. Some of the companies have shipped and some haven’t. It’s just great to see the actual company names that are working on Silverlight ...
In keeping up with the releases this fall, I have gone through the exercise of installing Denali CTP on my Windows 7 dev machine. Started by running the installation center Selected a New SQL Server Installation Went through the installation of support rules and files. Selected the edition. Accepted the License Agreement. Installed Support Files. Reviewed Support Rules. Selected SQL Server Feature Installation Selected the needed features. Reviewed results from Validation Rules Accepted defaults ...
There is an annoying bug in salesforce winter 11 release MyProfilePageController.cls System.QueryException: List has no rows for assignment to SObject Class.MyProfilePageControll... line 78, column 35 External entry point This is also the method for deleting Apex Classes and Triggers from Salesforce Production (Note : You cannot delete an apex class or Trigger from Salesforce Production through changesets. Only way is to use Force.com IDE) 1. Install and Open Force.com IDE (don't install ...
Today (well, yesterday now) was Thanksgiving here in the U.S. In addition to doing my traditional family things (making and eating a large, Turkey-centered dinner), I found some time to pop on to the computer. To my dismay I saw that the #WP7 hashtag on Twitter was filled with news of a program/project called “ChevronWP7” (which presumably has no connection to the U.S. petroleum products company, Chevron Corp. – which has a market cap of $166 billion dollars and whose trademark lawyers may well decide ...
I found this fix online which appears to have resolve this issue, so I wanted to share it here. I take no credit/responsibility for it, except to say that it has resolved the issue for me. Set the 32-bit flag on resgen.exe a. Open a Visual Studio command-prompt as an administrator b. Navigate to the Microsoft SDKs\Windows\v7.0A\bin directory. c. ***SAVE A COPY*** of your original resgen.exe file. This is very important if you want to be able to replace our tweak with the original file without having ...
Most of the time, I get question from new friends who work in other technologies that "SharePoint is for Content Management/WebSite Creation?". Well, it's common because SharePoint is sucessor of Microsoft Content Management Server (CMS) which dedicatedly used for Web Content Management. SharePoint Portal 2001 predominantly focus on Content Management feature, whereas the later releases came with more features. It's very easy to create Colloboration portal with SharePoint in Minutes where it requires ...
Sandbox solution is a new feature introduced in SharePoint 2010. It's a secured wrapper around webparts and other elements with limitations. There is no thumb rule that every webpart in SharePoint 2010 belongs to Sandbox Solution. But it's recommended to develop webparts with Sandbox solution. It allows administrators to monitor the solutions and control as required. SharePoint Site Collection administrators can view the resource utilization of each solution and can block if it consumes too much ...
Problem: You dynamically (or not) set the URL for the image you want to display in an SSRS report but it does not display the image (red x). The reason: SSRS access the images folder with anonymous access which is be default not allowed in IIS7 (not sure about IIS6 and prior versions). The solution: Make sure anonymous access is allowed to that images folder where the image resides that you are referencing via URL in SSRS Report. Also make sure that anonymous access is set to ENABLED in IIS for that ...
Recently I needed to run old versions of Internet Explorer - specifically IE 6 and IE 7. (Without getting into the "wars", shall we just say that the older versions of IE can give unexpected results with certain mark-up, so you have got to run tests with them) The host PC of course needs to run the latest version of IE as it is more secure. Microsoft recommend that you run old versions of IE via Virtual PC. The instructions to install VM components are at http://www.microsoft.com/wi... ...
Social Networking is booming in last few years. For example, Facebook reaches 500 million users(as on July 2010) and Twitter has 190 million visitors per month. It's human tendency to know about others and share information with them. In any organization collaboration is key thing and it helps to improve operating efficiency. SharePoint 2010 development team keeps all these in mind and bundled cool Social Networking features with SharePoint 2010. Social Networking Features Ask Me About Activity Feed ...
There's a lot of public backlash concerning the new TSA Airport security measures which include the new rather invasive body scanners and the option of a very intimate pat down should you decline the body scanner. What I want to know is why can’t the people who build the body scanners build them a little smarter? Smart enough so that everyone passing through doesn’t feel like they’ve just walked naked past a group of strangers. Now I don’t pretend to know all about what goes into developing the backscatter ...
The following issue was encountered on a developers machine when trying to create a SharePoint project using Visual Studio 2010. From the File menu the developer selected New->Project and then selected ‘Empty sharepoint project’ (SharePoint 2010) and then typed in the url into the dialog box that appeared and then hit the Validate button. Upon clicking the button, the following error message was shown: Cannot connect to the SharePoint site: http://serverX:6666/. Make sure that the Site URL is ...
I've been meaning to write a blog post for a while about how we implemented a scatter gather pattern at one of my clients. Ive recently been reading Richard and the gangs new book which discusses a very similar pattern but with a different design decision. Based on that I have decided to expand on the original planned post to talk about what we did and our decision process using the decision framework discussed in the book. The aim here is to show that the "it depends" principle means that there ...
Sample download In Part 1 and Part 2 of the series, we gave an introduction of writing Windows Shell extension in .NET Framework 4, and demonstrated a "skeleton" Context Menu Handler, and a "skeleton" Infotip Handler. - Context Menu Handler - Infotip Handler You are looking at the third part of the series. It introduces writing Windows Shell Thumbnail Handler with .NET Framework 4. CSShellExtThumbnailHandler: Shell thumbnail handler (C#) VBShellExtThumbnailHandler: Shell thumbnail handler (VB.NET) ...
The code samples in Microsoft All-In-One Code Framework are updated on 2010-10-10. Download address: http://1code.codeplex.com/r... If it’s the first time that you hear about Microsoft All-In-One Code Framework, please watch the introduction video on YouTube http://www.youtube.com/watc... or read the introduction on our homepage http://1code.codeplex.com/, and this Port25 article http://port25.technet.com/a... ...
In this Issue: Michael Washington, Peter Kuhn, Bill Reiss, Lee, Walt Ritscher, John Papa, Kunal Chowdhury, cherylws, Jeremy Likness, Martin Krüger(-2-), Michael Crump, and Brad Tutterow. Above the Fold: Silverlight: "I know what you downloaded last summer" Peter Kuhn WP7: "Free fonts for commercial game development" Bill Reiss Training: "A couple of more data-related Silverlight Quickstarts for you" cherylws Shoutouts: Martin Krüger has an accordian style published in Expression Gallery: New accordion ...
I recently migrated my dev environment to a new pc. I moved over all the databases and reattached them. Unfortunately, I soon discovered my SSBS services weren’t working. I was sending messages to my service, but nothing was showing up in the queue. I added logging and monitoring to the stored procs that act as an entry point to the services, and the stored procs I use for activation. Still, nothing. When I ran the Broker Server Diagnostic tool (ssbdiagnose) (available in {Program files}\Microsoft ...
[Update 2010-11-03] This is really strange as I can restore the Vista Home Premium onto that machine and it works. Also, I just installed Windows 7 Ultimate and it works fine, too. The curiosity will probably prompt me to try installing it again, but downloading the images from TechNet is taking me 3 days so far. ;) Thanks, AreyouSerious, I'll try your suggestion, too. [Original Post] I'm hitting a really strange Vista Ultimate install issue. After the installation, the Windows Update cannot find ...
Latest announcements by Microsoft executives leave no doubt. Microsoft is shifting its support to HTML 5 and by doing so gives up on its RIA platform Silverlight which it repurposes for mobile. Adobe releases a Beta of a new HTML5 supporting tool kit, and by doing so also embraces the HTML5 option. It does look as if both give in to the market preferences for standard, no-plug-in and non-propriety option of HTML5 (see "Microsoft favoring HTML5 over Silverlight: reports" ). If we follow Microsoft's ...
faultcode:'sf:INSUFFICIENT_... faultstring:'ClassName: no access allowed to this class.', Salesforce Are you getting the above error in salesforce while the javascript is getting executed ? the reson is the user doesnt have sufficient access to the Apex class. Do the following and the issue will get resolved. Go to Setup->Develop->Apex Classses-> open the Class -> Click Security Button -> Add access to the profile from which you are trying to perform the action ...
When using multiple languages/cultures in the Sitecore CMS the content of an item isn’t usually copied over from an existing language to a new language version. While working on a multi lingual website after content was added to the primary language (en-US) I had to write a script to copy all fields from the primary language into other languages (Example en-GB). Here is some code that I used for Sitecore 6.2. The following method copies an item from the Source Language to a Target Language provided ...
I love Silverlight and have written / talked about it a lot. I can’t help but notice that a lot of people are new to Silverlight or may have played with it a few times. Well this post is for you. It is a list of 15 things that I’ve discovered since I started developing for Silverlight. If you are a full-time Silverlight developer than I would hope you know most of these. I promise not to scare off anyone with talks of MVVM, Prism or MEF. 1) The line highlighted below represents the MIME type and ...
Corporations are increasingly relying on data analysis and reporting to improve the overall nature of the business. This is often referred to as Business Intelligence (BI). Bottom line…. It's all about information or data! As a result, data mining and warehousing becomes very important in order to effectively manage and analyze information. Database management is not a trivial task. As business grows, the need for data storage tend to increase. Sometimes, companies end up supporting multiple database ...
I've spent time the last few month checking out much of the latest in code generation tools. Again one of the most complete and comprehensive is Iron Speed Designer - now in version 7.1. I had the good fortune to talk for about a half hour with Alan Fisher of Iron Speed and I will be adding content here in the next weeks. Hopefully I can also present some examples. Here's the lastest from their press release. For Immediate Release Iron Speed,Inc. Sephorah Green 408.228.3429 sgreen@ironspeed.com http://www.ironspeed.com ...
Hi All, I have been crazy busy in the last while, I am hoping that now I will be able to blog about all the things I have been busy with and have the community benefit from the projects and experiences I have had over the last while. Stay tunned for a bulk of Blog posts in the next month!!! I wanted to let everyone know that I will be speaking at the Winnipeg User Group Event on Oct 25 2010. Here is a copy of the abstract. Everyone is welcomed, please help pass on the word and let anyone you think ...
DML DML is abbreviation of Data Manipulation Language. It is used to retrieve, store, modify, delete, insert and update data in database. Examples: SELECT, UPDATE, INSERT statements DDL DDL is abbreviation of Data Definition Language. It is used to create and modify the structure of database objects in database. Examples: CREATE, ALTER, DROP statements DCL DCL is abbreviation of Data Control Language. It is used to create roles, permissions, and referential integrity as well it is used to control ...
For beginners to MSMQ development, the fact that there are FIVE ways of addressing an MSMQ queue is a real pitfall. Many hours will be lost trying to work out why a seemingly perfect address keeps returning errors. From MSDN: Referencing a Queue To perform an operation on a queue, an application must reference the queue in one of five ways, depending on the operation that the application is performing: By path name—used to create the queue, to open the queue for sending, peeking at, and receiving ...
In today’s world, agility and flexibility are two vital assets that every company must have in order to stay on course. Organizations that can adjust to market trends and rise to meet new challenges are the ones that will come out on top. Having the technology to communicate on an ad-hoc basis and meet in real-time collaboration with co-workers and decision-makers allows for many businesses to do just that. However, many companies are still stuck on old communications technologies that cause for ...
La mensajería es ya una aplicación crítica para cualquier empresa, pero disponer de una solución adecuada no es sencillo. Los requisitos regulatorios cada vez son más complejos. La fusión y diversificación de actividades requiere de un ajuste rápido de la capacidad. Cada vez es necesario tener mayor conocimiento y experiencia en la tecnología y el balance entre el comprar o construir está cambiando. Una solución atractiva a este reto es el Microsoft® Exchange Online, un servicio de mensajería de ...
One small but immensely helpful part of BPOS is the Microsoft Online Services Sign In tool, a sort of dashboard applet the gives end-users one-click access to their BPOS services. From the AdministrationCenter site (admin.microsoftonline.com), you can see the Sign In tool available for download in the Downloads area. Simply download the tool, run the installer, and walk through the wizard. This can be repeated on every end-user’s system. The one instance when you may not want to use the Sign In applet ...