Tag | Security Posts

(This is a series of posts covering how to include a WinForm app inside a SharePoint 2007 application. For further info, please see Posts Two, Three, and Four. All of the code can be downloaded in Post Two.) Last year, I had the opportunity to build a solution that involved integrating a Windows Form application into a SharePoint 2007 (WSS version 3.0). In this post, I’ll layout our architecture thinking and in part two, I’ll describe the technical details. Business Case Our challenge was this: we ...
Since I decided to understand in more depth how SQL Azure works I started to dig into its performance characteristics. So I decided to write an application that allows me to put SQL Azure to the test and compare results with a local SQL Server database. One of the options I added is the ability to issue the same command on multiple threads to get certain performance metrics. That's when I stumbled on an interesting security feature of SQL Azure: its Denial of Service (DoS) detection engine. What ...
[Source: http://geekswithblogs.net/E... I did a session on "The Enterprise Cache" at the UK SOA/BPM User Group yesterday which generated some useful discussion. The proposal was for a dedicated caching layer which all app servers and service providers can hook into, sharing resources and common data. The architecture might end up like this: I'll update this post with a link to the slide deck once it's available. The next session will have Udi Dahan walking through nServiceBus, register ...
Well, since my post on hosting ClickOnce with Amazon S3 Storage, I've received quite a few emails asking how to secure the deployment. At the time of this post I regret to say that there is no way to secure your ClickOnce deployment hosted with Amazon S3. The S3 storage is secured by ACL meaning that a username and password will have to be provided before access. The Amazon CloudFront, which sits on top of S3, allows you to apply security settings to your CloudFront distribution by Applying an encryption ...
An alternative way to request read reciepts Sometime or other we use messaging namespaces like System.Net.Mail or System.Web.Mail to send emails from our applications. When we would need to include headers to request delivery or return reciepts (often called as Message Disposition Notifications) we lock ourselves to the limitation that not all email servers/email clients can satisfy this. We can enhance this border a little now, thanks to a new innovation I discovered from Gawab. It embeds a small ...
A Gentle .NET touch to Unix Touch The Unix world has an elegant utility called 'touch' which would modify the timestamp of the file whose path is being passed an argument to it. Unfortunately, we don't have a quick and direct such tool in Windows domain. However, just a few lines of code in C# can fill this gap to embrace and rejuvenate any file in the file system, subject to access ACL restrictions with the current timestamp. using System; using System.Collections.Generic; using System.Linq; using ...
Technorati Tags: Rituraj,Connectivity Issues with SQL Azure Troubleshooting SQL Azure Connectivity How to resolve some of the common connectivity error messages that you would see while connecting to SQL Azure A transport-level error has occurred when receiving results from the server. (Provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.) System.Data.SqlClient.SqlEx... Timeout expired. The timeout period elapsed prior to completion of the operation ...
The Microsoft Assessment and Planning (MAP) Toolkit is an agentless toolkit that finds computers on a network and performs a detailed inventory of the computers using Windows Management Instrumentation (WMI) and the Remote Registry Service. The data and analysis provided by this toolkit can significantly simplify the planning process for migrating to Windows® 7, Windows Vista®, Microsoft Office 2007, Windows Server® 2008 R2, Windows Server 2008, Hyper-V, Microsoft Application Virtualization, Microsoft ...
While performing the initial Exchange 2010 deployment for a customer migrating from Exchange 2003, I ran into an issue with mail flow between the two environments. The Exchange 2003 mailboxes could send to Exchange 2010, as well as to and from the internet. Exchange 2010 mailboxes could send and receive to the internet, however they could not send to Exchange 2003 mailboxes. After scouring the internet for a solution, it seemed quite a few people were experiencing this issue with no resolution to ...
Exploits to jailbreak the iPhone are well known. The iPad runs on the iPhone 3.2 firmware. What this means is that the iPad was shipped with known security vulnerabilities that would allow someone to gain root access to the device. Nice. It’s not like these are security vulnerabilities that are known but have no exploits. The exploits are numerous and freely available. Of course, if you fit the demographic, you probably have nothing to worry about. Magical and Revolutionary? Hardly. Dave Just because ...
In this Issue: Scott Marlowe, Nokola, SilverLaw, Brad Abrams, Jeff Wilcox, Jesse Liberty, Alexey Zakharov, ondrejsv, Ward Bell, and David Anson. Shoutouts: Bart Czernicki has a post up about the latest with HTML5: HTML 5 is Born Old - Quake in HTML 5 I was sent a link to shoebox360 a while back and had to sign up to see the Silverlight use, but it does work very nice. I like the panoramic carousel in the viewer: shoebox360 Jeff Handley has a post up on RIA Services - Documentation Guidance and Community ...
In this Issue: MSDN, Bill Reiss, Charlie Kindel(-2-), SilverLaw, Scott Marlowe, Kenny Young, Andrea Boschin, Mike Taulty, Damon Payne, and Jeff Handley(-2-). Shoutouts: Scott Morrison has his material up for his talk at MIX 10: Silverlight 4 Business Applications Matthias Shapiro posted his MIX10 “Information Visualization in Silverlight” Slides and Code for MIX10 Information Visualization Talk Demos Dan Wahlin has his MIX10 material all posted as well: Syncing Audio, Video and Animations in Silverlight ...
Last week in our organization, we triggered a topic related to different ways of improving the quality of software (both technical as well as functional related topics). Since i am a technical person, i suggested following ideas, Use case based detailed design document – Both technical as well as functional specification should be well organized according to use case requirement. Design patterns – Will help developers to adopt common approach irrespective of technologies. Analyze and implement new ...
In case you didn’t know, businesses can take advantage of the stimulus package by hiring an unemployed worker. The Hiring Incentives to Restore Employment (HIRE) Act can pay the business portion of the Social Security taxes as well as give you a $1000 general business tax credit. If you’re unemployed, make sure and mention this to a potential employee! You can find out more information from here on Intuit’s website. http://www.qbenews.com/QB_P... ...
Meeting tonight!!! Food! Great giveaways including a full license of Infragistics for a year! See you there!! Meeting for March 23rd, 2010 WHERE: Centriq Training, 8700 State Line Road, Leawood, KS (Click WHEN: 6:00 PM TOPIC: Microsoft's Security Development Lifecycle for Agile development Microsoft recently added secure development guidance for agile methodologies within their SDL. During this presentation, Nick will summarize the new guidance and discuss what makes this guidance successful for ...
An ex-colleague of mine used to call his SQL script generator "Super-Scriptmatic 2000". It impressed our then boss little, but was fun to say and use. We called every batch job and script "something 2000" from that day on. I'm tempted to call this one Menu-Matic 2000, except it's waaaay past 2000. Oh well. The problem: I'm developing a bunch of stuff in MVC. There's no PM to generate mounds of requirements and there's no Ux Architect to create wireframe. During development, things change. Specifically, ...
Design patterns are represented as relationships between classes and objects with defined responsibilities that act in concert to carry out the solution. Azure Design Pattern : Design Pattern on the Azure platform. · Cloud Hosting Patterns · Cloud Data Patterns · Cloud Communication & Sync Patterns · Cloud Security Patterns · Application Patterns Application Patterns: These patterns describe composite applications created by combining the core patterns. · Hosted Web Application · Hosted Web Application ...
Windows Identity Foundation (WIF) enables .NET developers to externalize identity logic from their application, improving developer productivity, enhancing application security, and enabling interoperability. It is a framework for implementing claims-based identity in your applications. With WIF one can create more secure applications by reducing custom implementations and using a single simplified identity model based on claims. Windows Identity Foundation is part of Microsoft's identity and access ...
There are several terms commonly used to describe claims-based identity, and it is important to clearly define these terms. · Identity In terms of Access Control, the term identity will be used to refer to a set of claims made by a trusted issuer about the user. · Claim You can think of a claim as a bit of identity information, such as name, email address, age, and so on. The more claims your service receives, the more you’ll know about the user who is making the request. · Security Token The user ...
In my office, I have a wall mounted monitor who's whole purpose in life is to display perfmon stats from our various servers. And on a fairly regular basis, I have folks walk by asking what the lines mean. After providing the requisite explaination about CPU utilization, disk I/O bottlenecks, etc. this is usually followed by some blank stares from the user in question, and a distillation of all of our engineering wizardry down to the phrase 'So when the red line goes up that's bad then?' This of ...
Employee Info Starter Kit is a ASP.NET based web application, which includes very simple user requirements, where we can create, read, update and delete (crud) the employee info of a company. Based on just a database table, it explores and solves most of the major problems in web development architectural space. This open source starter kit extensively uses major features available in latest Visual Studio, ASP.NET and Sql Server to make robust, scalable, secured and maintainable web applications ...
Topeka DNUG is free for anyone to attend! Mark your calendars now! SPEAKER: Troy Tuttle is a self-described pragmatic agilist, and Kanban practitioner, with more than a decade of experience in delivering software in the finance and health industries and as a consultant. He advocates teams improve their performance through pursuit of better practices like continuous integration and automated testing. Troy is the founder of the Kansas City Limited WIP Society and is a speaker at local area groups on ...
Arguably, one of the most powerful features of UppercuT (UC) is the ability to extend any step of the build process with a pre, post, or replace hook. This customization is done in a separate location from the build so you can upgrade without wondering if you broke the build. There is a hook before each step of the build has run. There is a hook after. And back to power again, there is a replacement hook. If you don’t like what the step is doing and/or you want to replace it’s entire functionality, ...
A few weeks ago we started getting complaints about performance in an application that has performed very well for many years. The application is a n-tier application that uses ADODB with the SQLOLEDB provider to talk to a SQL Server database. Our object model is written in such a way that each public method validates security before performing requested actions, so there is a significant number of queries executed to get information about file cabinets, retrieve images, create workflows, etc. (PaperWise ...
One of the biggest questions I routinely get asked is how scalable Commerce Server is. Of course the text book answer is the product has been around for 10 years, powers some of the largest e-Commerce websites in the world, so it scales horizontally extremely well. One argument however though is what if you can't predict the growth of demand required of your Commerce Platform, or need the ability to scale up during busy seasons such as Christmas for a retail environment but are hesitant on maintaining ...
INTRODUCTION If you are a SharePoint developer you know that there are two basic ways to develop against SharePoint. 1) The object Model 2) Web services. SharePoint object model has the advantage of being quite rich. Anything you can do through the SharePoint UI as an administrator or end user, you can do through the object model. In fact everything that is done through the UI is done through the object model behind the scenes. The major disadvantage to getting at SharePoint this way is that the ...
Table of Contents Introduction PE file format and COFF header COFF file header BaseCoffReader Byte4ByteCoffReader UnsafeCoffReader ManagedCoffReader Conclusion History This article is also available on CodeProject Introduction Sometimes, you want to parse well-formed binary data and bring it into your objects to do some dirty stuff with it. In the Windows world most data structures are stored in special binary format. Either we call a WinApi function or we want to read from special files like images, ...
Maybe this concept is simpler for me because of all the jobs I've been on over the years requiring security clearances. I've signed quite a few NDA forms. Some for big companies, some for small, but the meaning of "NDA" remains constant: Non-Disclosure Agreement. To me, that takes no further explanation, but apparently it's confusing to some people, and I don't understand how you can be confused. The papers I signed with the U.S. Army in 1970 read "10 years and $10,000" for a violation... can't imagine ...
Forms authentication is not what “they” normally recommend from a security point of view, but in some cases it solves access problems. Particularly for companies which doesnt allow the Windows authentication protocol to pass, and those companies do exist. To enable it in TFS 2010 is a bit more than a oneliner. The recipe below shows you how to enable it. One has to change the web.config file for the Web Access. There are instructions within the file, but those instructions are incorrect and don’t ...
After seeing that some of my friends get fancy customized pictures for their Facebook and Twitter profiles I thought it would be cool to get one too. But not for me – for my wife. You see, she currently works as IT Security Officer (the best I know btw.) but earlier when she started as security auditor and she worked as part of the “tiger team”, she often said she wants her picture like the movie poster from "Men in Black”. So this is what I had in mind: Given the upcoming Valentine’s Day it occurred ...
Whew! It's been a busy week. Earlier in the week I put together an internal demo to illustrate some of the system architecture for an ungoing project. And the purpose of this post is to document a couple of gotchas that may not be clear and didn't seem to be well documented. This post is purposely terse, because I don't have a lot of time to be detailed due to some upcoming deadlines. The architecture involves WCF Services that are hosted in a Windows Service and that will be consumed by both Windows ...
I had this exception in the Application Event Log after trying to bring up the portal in IE (after a newly installed and configured BizTalk & ESB platform): --- Exception information: Exception type: WebException Exception message: The remote server returned an error: (401) Unauthorized. --- I was working in a two (application) server BizTalk environment but I only had this exception on one server. The portal came up fine on the other server. I looked at IIS log files and found a 401 for /ESB.Exceptions.Service/Exc... ...
Cannot tell you how much fun this can be if it is not working correctly. First make sure SMTP is set up correctly in your IIS install (IIS6-IIS7.5(which uses IIS6 but thats for another story)) Direct Mailer Not working or not sending email or just needs to be configured correctly? First lets make sure the server and users/groups are created right. To grant the Marketing Web Service access to the Direct Mailer Service 1. Click Start, point to Programs, point to Administrative Tools, and then click ...
While my home development computer is fried I’m going to hack away at my backlog of non-code related posts. Today I’d like to discuss some of the advantages and disadvantages of using Microsoft MVC over WebForms. First of all, MVC is not the end all, magical platform that many people would like you to believe. In fact I wouldn’t even recommend it to beginner developers. However, if you have experience with .NET and you’re willing to put in the time to learn how MVC works, you will find that it offers ...
Download the Complete Battery Monitor Source Code See Windows XP: Overview of Battery Monitor Series for a description of the folder in the source code. This is the second in series of articles about monitoring batteries in Windows XP. In the first article, Windows XP: Monitoring Batteries in C Sharp, I showed how to use the Windows Management Instrumentation (WMI) to get battery status for multiple batteries using C#. Now what I didn’t tell you was that we found a potential bug in the .NET Framework ...
Putting my last attempt at creating a business on the shelf... Passed to second round of grant funding but ultimately did not receive grant. We were looking to submit GHS for the first round of federal grants being offered for HIT Regional Extension Centers. Bio.... Green Health Solutions Inc. (GHS) a non-profit, minority owned Health Care Information Technology Company, will support President Obama's goal of strengthening the quality, affordability and security of the United States health care system ...
What is Trac and why would you want it? I have already documented in a previous blog how I restored my Trac backup from hosted-projects.com (see http://geekswithblogs.net/t... but given I also mentioned my use of Trac in a recent presentation at the .NET developers conference, DDD8, (see http://geekswithblogs.net/t... I thought it only proper to document how to install both SubVersion and Trac from scratch on a new Windows system. ...
Subversion is ultimately one of the best source control option we have in today’s world. it has very light instance running on Server and of course it is FREE. To access the Subversion repository on the client machine we have multiple options. If we want to use shell integrated UI (means we can call your source control options in our windows explorer), we can use TortoiseSVN but being a developer based on Visual Studio it always looks good to get my source control on Solution Explorer inside Visual ...
All this healthcare 'reform' talk scares the living shit out of me because the corporations do such a crappy job that why should I expect it to get better if the government gets involved? Appropriately a week and a bit before Valentine's Day, I got a 'love note' from Health Net yesterday. Sort of like the Dear John letter where they guy tells his ex girlfriend that he wrote her name and phone number in 27 men's rooms over the weekend. But instead of writing my name and phone number somewhere, the ...
I wanted to pull together all of my notes on compression I've gathered from various sources and bring them together here, in the hope that it would help someone else. All of this information is from reliable sources, such as the online MSDN but these sources aren't always easily found in a pinch. Using HTTP Compression for Faster Downloads (IIS 6.0) If your Web sites use large amounts of bandwidth or if you want to use bandwidth more effectively, consider enabling HTTP compression, which provides ...
To download the source code please click here Introduction Claim-based authorization is a new model of authorization introduced in Windows Communication Foundation. This model addresses more scenarios than the popular role based security model (IIdentity, IPrincipal). This is useful when an application requires complex and fine grained control on expressing access control decisions. Role based security model may not be powerful or flexible enough and is often too coarse when we reach complex scenarios ...
Introduction In September 2006 I made a major decision on my company Source Code Management (SCM) strategy and signed up with http://www.hosted-projects.... which provide a hosted solution for SubVersion, Trac and Bugzilla. A few years earlier, I’d already moved my SCM from SourceSafe to SubVersion hosted on my own server on a local network. However, I really wanted to move to a hosted provider so I could have remote access to the SCM without worrying about firewall configuration and software updates, ...
C# Tweaks - Why to use the sealed keyword on classes The sealed keyword is one of the very seldom used modifiers in C#. Probably most of you know what it is for, but only several developers ever used it. See C# Programmers Guide if you are not sure you remember what the keyword is good for: http://msdn.microsoft.com/e... Why shell I use it? Most popular, but not really most important motivation is the performance - JIT compiler can produce more efficient code by calling ...
We all have this question in our mind. “Why does my application break when we change the Operating Systems?” Typically, whenever a new OS is released, Microsoft makes every effort to ensure application Compatibility. Unfortunately, as the OS evolves and when reliability, security and performance improvements are made, there are some comprises which are made that ends up breaking some applications. Thankfully, when the changes are decided to be made, there is some mitigation planned to address the ...
Hi there, Today we will be doing a quick little test to send a XML message to BizTalk with few lines of code. I had a scenario in my solution in which I had a WCF LOB Outbound Adapter which was doing some work and later the same code had to submit message back to BizTalk. First solution I thought of was writing the message to a File Location and than a BizTalk Receive Location picks it up from there and processes it. But then came up with a different solution of using WCF netPipe and submitting it ...
Most people - even the overwhelming majority of programmers - would say that the main activity of a software developer is "writing source code". But this is a (though quite understandable) misconception - and if you take a look at the available figures on the issue or if you - as a software professional - are honest to yourself, the misconception immediately turns out to be an enormous one. The world is full of software systems that are already in operation, and they have to be maintained - writing ...
In my project, there is a WebBrowser Control in a form. It opens a webpage dynamically which in-turn opens an IE popup using Window.Open() during OnLoad and this window closes after opening the popup. This is the functionality and it worked fine since last 8 months with IE6 and and IE7. But, now when I am doing the same with IE8 on Windows XP, I got a JS Error and that MessageBox showed me the error as: Line: 1 Char: 1 Error: Could not complete the operation due to error 800704a6. As usual, started ...
I have a Acer AspireOne 751h that was originally shipped with Windows XP Home. It worked fine, and the price was good (got it at CostCo). For what it is, it worked beautifully. It does what a netbook does very well. However, it troubled me that with the "hotel loads" (what we called the minimum systems required to keep the ship operating in the Navy), almost 80% of the system resources were used. Sort of makes it hard to do much with that. When Windows 7 came out, I installed Home Premium per MS ...
Friday (1/22/2010) night, Win 7 had an update to install. I looked at it, as I always do, to see what the update was about. It was a cumulative security patch for IE8 (KB978207); details below. After the system rebooted, I saw a message to not shut down because updates were being applied; a common occurrence and no big deal. What caught me off guard was the subsequent reboot. The system normally starts after the initial reboot and applying the patch. When the system came back up, I received the same ...
If you want to specify that a virtual server starts up automatically when the host server starts up: 1) On host server, browse to “C:\Users\Public\Documents” 2) Right click “Shared Virtual Machines”, select Properties 3) Browse to security tab, add yourself as having full control over this folder 4) Repeat steps 2-3 for “Shared Virtual Networks” 5) In Virtual Server web interface, shut down the virtual machine you wish to auto-start 6) Navigate to Edit Configuration –> General Properties 7) Check ...