Tag | Security Posts

The AllowPartiallyTrustedCaller... (affectionately referred to as APTCA from here on out), is one of the aspects of the security system that most frequently trips people up when they run into it. Lets look at a typical scenario where I might run into an issue with APTCA, and then we'll be able to understand what it is and what it does. Lets say I'm writing a class library to be used by many applications. Following the standard library design guidelines, I've strongly named my library, and ...
I have a WCF service and client, which worked fine, when I debug it on my local machine. However when I deployed the service to test server on the different domain. I've started to receive error System.ServiceModel.Securit... The caller was not authenticated by the service. ---> System.ServiceModel.FaultEx... The request for security token could not be satisfied because authentication failed. I've found a few similar recommendations, e.g. http://community.discountas... ...
My day started out very rough. Hit a few rough patches early on, but then turned around to end as one of the best days of the year! I spent the night in the hospital last night. My wife had surgery yesterday and I stayed with her. No one wants to stay in the hospital, right? Bright and early at 6 AM, I went to the car and discovered a flat tire. I am a software guy. Changing a tire is too much like hardware. I have changed 3 flat tires career total. In the course of changing the tire, I learned a ...
After we built a new Exchange 2010 Client Access Server and added the new server to the Client Access Server array, several Outlook users started receiving a Security Alert dialog box with a The name on the security certificate is invalid or does not match the name of the site error message when they logged into Outlook. After investigating, we noticed that we forgot to change the InternalUrl name for the Exchange Web Services virtual directory. By default, the Client Access Server name is part of ...
I attended my first CodeStock this year and in short it was awesome. Like 100 billion hot dogs awesome. The travel there was crazy to say the least, but I met lots of new people, had a session go well and recorded 3 podcasts. So that is the short version. If you are on twitter and either follow me or followed the #codestock hash tag, you probably saw my airline craziness in Philly. It all started on Monday. We had a client deliverable on Wednesday morning and due to some things that happened I only ...
As we have pieced together the components of a web application we have explored how best to structure the markup, and how to pull business logic out of the UI by following the Model View Presenter Pattern. Now let's turn our attention to the Model as we pull all the pieces together and explore what a well behaved model might look like. The Model will be the piece that handles storing and retrieving our data. Just as we did with the markup and view, we want to provide a separation of concerns and ...
Normal 0 false false false EN-US ZH-CN X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; ...
Normal 0 false false false EN-US ZH-CN X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; ...
Intro This is the second article in a series of small articles about what is new in Silverlight 4 and Expression Blend 4. The series is build around a open source demo application SilverAmp which is available on http://SilverAmp.CodePlex.com. Setting elevated trust A number of new features in Silverlight 4 require more permission, to gain access to the local file system for example. The elevated trust feature is only in available when running outside the browser. To enable elevated trust right click ...
5 Stored Procedures Optimization Tips 1. Use stored procedures instead of heavy-duty queries. This can reduce network traffic as your client will send to the server only the stored procedure name (perhaps with some parameters) instead of all the text from a large heavy-duty query. Stored procedures can be used to enhance security as well. For example, you can give the users permission to execute the stored procedure to work with restricted sets of columns and data. 2. Call stored procedures using ...
I hope I spelt “Fizzbuzz” correctly, but I had a real laugh listening to Hansel Minutes Show 218 when Scott suggested that we have a secret password to give to Tech Support so that they know we aren’t idiot’s. I think it is a great idea… So a typical call would go as follows… You) Hi, I need help with my internet connection Tech Support) Yes Sir, click the big button on the bottom left corner of your screen called the “start button” You) Fizzbuzz Tech Support) Okay, so you have obviously checked ...
This past Monday, June 21st, The New York City Council Committee on Technology in Government held a hearing on its proposed legislation, known as Introduction 029-2010, that would require all City agencies to publish their data online, in “raw” form. The data would be available to private citizens who wished to analyze it, hobbyist developers who wished to work with it, and commercial entities looking to utilize it internally or create products that use and add value to it. Such initiatives have ...
June 21st, 2010 The Importance of Open Government Data To all those present, good afternoon. My name is Andrew Brust. I help run a consulting firm, twentysix New York, here in Manhattan. I am also a technology columnist and blogger, and serve on the New York Technology Council’s Advisory Board. As I have explained in previous testimony, I am a lifelong New Yorker, and began my IT career in the employ of the government of the City of New York. I’ve testified to this Committee before, voicing my support ...
This question has come up a lot in recent weeks as early adopters move from prototyping with the platform to actually needing to deliver real applications. Whilst fundamentally you are using the same approaches and best practices for the Windows Azure Platform as you would use for a Web application or service (A good IIS7/ASP.NET based architecture is likely a good Windows Azure Platform architecture), there is still plenty of differences which impact on architecture. The good news is we are now ...
In contrast to a VPN (virtual private network), GoToMyPC enables Information Systems management with a way to provide secure remote pc access to corporate computing resources without security loss, poor performance issues and extra management resources. A VPN (with there special hardware, software and config requirements) can be extrememely time-consuming and very expensive to implement. In contrast, GoToMyPC Pro is a completely Web-based solution that small organizations can implement in just minutes ...
Overview (taken from the link) For IT professionals, SharePoint Server 2010 helps to drive productivity by offering an array of enhancements, scalable unified infrastructure, and flexible deployment options. These 20 presentations and their accompanying videos cover many areas of interest to IT pros. Core architecture Understanding SharePoint 2010 Topology SharePointTopology.pptx Learn about the new changes in the requirements and capabilities of SharePoint 2010 at the topology level, and the impact ...
While ASP.NET provides an event base approach it is completely dismissed when working with AJAX and the richness of the server is lost and replaced with JavaScript programming and couple with a very high security risk. Visual WebGui reinstates the power of the server to AJAX development and provides a statefull yet scalable, server centric architecture that provides the benefits and user productivity of AJAX with the security and developer productivity we had before AJAX stormed into our lives. "When ...
I keep getting this The current webpage is trying to open a site in your Trusted sites list. Do you want to allow this? Solution is here http://forums.techarena.in/... To turn it off, open your browser, go to Tools > Internet Options > Security > select Trusted Sites > click Custom Level to view the browser settings. "Websites in less privileged web content zone " could be set to prompt. You may want to change the setting to enable or disable instead ...
For Immediate Release Iron Speed, Inc. Kelly Fisher +1 (408) 228-3436 kfisher@ironspeed.com http://www.ironspeed.com Iron Speed Version 7.0 Generates SharePoint Applications New! Support for Microsoft SharePoint speeds application generation and deployment San Jose, CA – June 8, 2010. Software development tools-maker Iron Speed, Inc. released Iron Speed Designer Version 7.0, the latest version of its popular Web 2.0 application generator. Iron Speed Designer generates rich, interactive database and ...
On the 26th of May 2010 , I made a presentation to the .NET user group meeting (thanks to Malisa Ncube for organizing this event every month … ). If you missed my presentation , we talked about why we should all be building services … better still using the .NET framework. This blog post is an introduction to services , why you would want to build services and how you can build services using the .NET framework. What is a service? OASIS defines service as "a mechanism to enable access to one or more ...
Having previously detailed how to install MySQL Server, the next step is configuring MySQL. The MySQL configuration wizard can either be run immediately following installation from the MySQL installation wizard or manually from the Start Menu. Following the splash screen you can then choose whether to run a detailed or standard configuration. The detailed configuration allows you to create the optimal configuration for your specific machine, whereas the standard configuration creates a general configuration ...
Next week marks the first full week of June. Summer will feel in full swing and it will be a pretty big season for technology. In seeming acknowledgement of that very fact, both Apple and Microsoft will be holding large developers conferences starting Monday. Apple will hold its annual Worldwide Developers Conference (WWDC) in lovely San Francisco and Microsoft will hold its Tech Ed conference in muggy, oil-laden yet soulful New Orleans. A brief survey of each show reveals much about the differences ...
Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; ...
Today while moving mailboxes between Exchange 2003 and Exchange 2010, I hit an issue with a couple of mailboxes. These mailboxes all popped access denied errors or more exactly: Insufficient Access Rights to perform the operation. The cause was similar to the mail flow issue in that inheritable permissions were not turned on for the user object in Active Directory. This also presented it’s own unique problem in that since the initial move request failed because of permissions, it had to be cleared ...
It has really been a head scratching task for me. I 've tried many options but nothing worked. Finally I found a workaround on google to achive this by TaskScheduler. PROBLEM When we run Teamsite user administration command line tool IWUSERADM.exe though ASP.Net it gives following error: Application popup: cmd.exe - Application Error : The application failed to initialize properly (0xc0000142). Click on OK to terminate the application. CAUSE No specific cause, it seems to be a bug, supposed to be ...
Last year, I wrote Steve Ballmer an email, and he was kind enough to write me back. The email contained a scan of a column I wrote praising Microsoft’s BI strategy. His reply contained three simple words: “Super nice thanks.” Well, now I’d like to write to Steve again, in an open letter format, and this time the love may be a bit tougher. But I’m still super earnest. The past two days have been eventful ones for Microsoft: The company announced the departure of company veterans Robbie Bach and J ...
You can reach this page anytime at http://tools.michaelcrump.net Thanks to everyone that has contributed so far, we are getting several thousands hits from all sorts of developers a day. Recent Contributors include: Deependra Solanky, Grant, Klaus, James, BlueCollarCritic and Bob Koehn Tweet this list! Add a link to my site! Add me to twitter! This is a list of the tools/utilities that I use to do my job/hobby. I wanted this page to load fast and contain information that only you care about. If I ...
When we are dealing with more sensitive data and important as a keyword, it is not appropriate at all stores them in database without encrypting for security reasons. For this we use MD5 MD5 is an algorithm that allow us to encript an string, but doesn't leave us desencrypt it (not sure if it is already possible, but at least I know there are many databases already having a record). The method below will return us a variable encrypted with md5. For example: md5_encriptar (pontonetpt.com "); The result ...
In this Issue: Michael Washington, Xianzhong Zhu, Jim Lynn, Laurent Bugnion, and Kyle McClellan. A ton of Shoutouts this time: Cigdem Patlak (CrocusGirl) is interviewed about Silverlight 4 on Channel 9: Silverlight discussion with Cigdem Patlak Timmy Kokke has material up from a presentation he did, and check out the SilverAmp project he's got going: Code & Slides – SDE – What’s new in Silverlight 4 Graham Odds at ScottLogic has an interesting post up: Contextual cues in user interface design ...
When I talk about SharePoint, for some reason it comes to my mind as if it were property management and all the tasks associated with it. So, imagine you have a lot ( a piece of land of sorts), you then decide there is something you want to do with it. So, you make the choice of having a building built. Now, in order to go forward with your plan, you need to check what the rules/regulations are. Has is it been zoned residential, commercial, industrial … you get the idea. This to me sounds like Governance. ...
Going back to my old c++ days at university where we had all our code littered with preprocessor directives - I thought it made the code ugly and could never understand why it was useful. Today though I found a use in my C# application. The scenario – I had made various security levels in my application and tied my XAML to the levels by set by static accessors in code. An example of my XAML code for a Combobox to be enabled would be as follows… <ComboBox IsEnabled="{x:Static security:Security.SecurityC... ...
Maybe it's just me but I found this "Security Feature" of Office 2010 a bit annyoing out of the box. Outlook does not download any pictures by default for HTML emails. Now this is nothing new, but what is different is that Outlook 2010 has added another layer of security around the pictures. You now have the option to finely tune when things are downloaded. The side affect is that nothing is downloaded at all. And when I would click on "Download Images" on an email, it still would not show the images. ...
This method will not protect your assemblies from a experienced hacker. It will however work with your everyday .net or silverlight projects. Everyday we see new keygens, cracks, serials being released that contain ways around copy protection from small companies. This is a simple process that will make a lot of hackers quit because so many others use nothing. If you were a thief would you pick the house that has security signs and an alarm or one that has nothing? To so begin: Obfuscation is the ...
One of the hotest technology topics of the day is Azure. Being a SQL guy, I am all over this technology, especially SQL Azure. So much so that Herve Roggero and I are currently writing a book for APress on SQL Azure. This book will be out in September and will include deep and thorough coverage of SQL Azure, best practices, and how-to's. We are excited about this book and the technology. However, we'd like to hear from you. As we go around evangelizing SQL Azure at user groups, code camps, and SQL ...
One of the hotest technology topics of the day is Azure. Being a SQL guy, I am all over this technology, especially SQL Azure. So much so that Herve Roggero and I are currently writing a book for APress on SQL Azure. This book will be out in September and will include deep and thorough coverage of SQL Azure, best practices, and how-to's. We are excited about this book and the technology. However, we'd like to hear from you. As we go around evangelizing SQL Azure at user groups, code camps, and SQL ...
This is an absolutely brilliant campaign to urge users that its time to move on from IE 6. I like how it puts it terms that everyone can understand and has probably experienced at one time or another. How many times have you opened the milk, took a sniff, and experienced that visceral reaction that accompanies catching a whiff of milk that has turned to the dark side of the force? I call it Darth Vader milk. :-) Of course I’m assuming that you haven’t used IE 6 for a long time now. It is our responsibility ...
Were I am contracting at right now has a new development domain. Because of IT security rules it is fairly isolated from the domain my computer normally logs into (for e-mail and such). I do use a VM to log directly into the domain but one of my co-workers found this command to run things on your box but in the other domain. Pretty cool. For example this runs SQL Server Management Tool for SQL Server 2008: runas /netonly /user:{domain}\{username} "C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShe... ...
Microsoft Visual Studio 2010 introduces the concept of rule sets when configuring code analysis. This is a valuable change from Visual Studio 2008 that I didn't even realize I wanted. Visual Studio 2008 by default selected all rules and then you had to remove rules on an item by item basis. The rule sets fall into logical groups including "Microsoft All Rules", "Microsoft Basic Correctness Rules", "Microsoft Security Rules", et al. And within the project properties you can select one rule set, multiple ...
Just found this, if you’re using Azure 1.1, which you probably will be if yo'u’ve moved to Visual Studio 2010. To change the default database to something other than sqlexpress for Development Storage do this - Look at this - http://msdn.microsoft.com/e... At the bottom it states - Using Development Storage with SQL Server Express 2008 By default the local Windows Group BUILTIN\Administrator is not included in the SQL Server sysadmin server role on new SQL Server Express 2008 ...
As a development manager, I have requested work breakdown structures (WBS) many times from the dev leads. Everyone has their own approach and why it takes sometimes days to get this simple list is often frustrating. Here is a simple way to get that elusive WBS done in 30 minutes and have 125 items in your list – well, 126. The WBS is made up of parent-child entities representing the overall outcome of the project. At the bottom of the hierarchical list should be the task item that a developer would ...
Someone asked me to compare Silverlight / HTML development. I realized that the question can be answered in many ways: Below is the high level comparison between a HTML /JavaScript client and Silverlight client and why silverlight was chosen over HTML / JavaScript client (based on type of users and major functionalities provided): 1. For end users Browser compatibility Silverlight is a plug-in and requires installation first. However, it does provides consistent look and feel across all browsers. ...
I’ve been using AxoSoft’s bug tracking application for a while, although and excellent piece of software I had some issues with it · It was SLOOOW (both desktop and web). I don’t care what Axosoft says, I tired multiple servers etc. I’ve been long enough in this field to tell you when something is not right with an app. · The cost! It’s not feasible for a small team. I must say though, that they have some nice features which are not commonly found on other bug tracking software. I wouldn’t go on ...
In this Issue: Michael Washington, Tim Greenfield, Jaime Rodriguez, and The WP7 Team. Shoutouts: Mike Taulty has a pretty complete set of links up for information about VS2010, Silverlight, Blend, Phone 7 Upgrade Christian Schormann announced Blend for Windows Phone: Update Available, and has other links up as well. From SilverlightCream.com: Silverlight Simplified MVVM Modal Popup Michael Washington is demonstrating a modal popup in MVVM and also shows the implementation of a value converter XPath ...
(Brian Reiter from thoughtful computing has described this setup in this StackOverflow thread. The credit for the idea is entirely his, I have just extended it with some step by step descriptions and added some links and screenhots.) If you are forced to still support Internet Explorer 6, you can setup following combination on your machine to make the development for it less painful. A common problem when developing on Windows 7 is that you can’t install IE6 on your machine. (Not that you want that ...
The scenario; A small team of 3 developers mostly in maintenance mode with traditional ASP.net, classic ASP, .Net integration services and utilities with the company’s third party packages, and a bunch of java-based Coldfusion web applications all under Visual Source Safe (VSS). They are about to embark on a huge SharePoint 2010 new construction project and wanted to use subversion instead VSS. TFS was a foreign word and smelled of “high cost” and of an “over complicated process”. Since they had ...
(This is a series of posts covering how to include a WinForm app inside a SharePoint 2007 application. For further info, please see Posts One, Three, and Four. All of the code can be downloaded in this post, Post Two.)In my last post, I explained why we decided to use a Click Once application to solve our business problem. To quickly review, we needed a way for our business users to upload documents to a SharePoint 2007 document library in mass, set the meta data, set the permissions per document, ...
I was recently introduced to Microsoft's tool that analyzes managed code assemblies called FxCop. It points out possible design, localization, performance and security improvements against a pre-defined set of rules (and also accepts custom rules). At first I was unsure how to go about using it, as it seems to be aimed at Windows developers (.exe and .dll). It’s easy to check an asp.net web site 1)Create a new folder (i.e C:\Code Analysis) 2)Publish your web application into the new folder 3)Open ...
Sourced from: CWE This is a brief listing of the Top 25 items, using the general ranking. NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile. Rank Score ID Name [1] 346 CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') [2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') [3] 273 CWE-120 Buffer Copy without Checking Size ...
Some times when we access few CHM (compiled HTML) files over network share, CHM content doed not display and shows an error "The Page Can not be displayed". This may be due to a Microsoft security update installed on your machine. Here is the resolution:- ===========================... REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWAR... [HKEY_LOCAL_MACHINE\SOFTWAR... "MaxAllowedZone"=dword:0000... "UrlAllowList"="" ...
WSS 3.0/MOSS 2007 Active Directory Forms Based Authentication PeoplePicker no users found After finding these steps online from http://dattard.blogspot.com... in order to setup Active Directory Forms Based Authentication I was all set to complete this task, except for one problem. These steps are missing one very important vital step in order for FBA to work with Active Directory. A supplement to step 3 before granting access in step 5 through the people picker. ...