Daniel Fisher (@lennybacon)

The environment should also work on a notebook while working at a coffee shop. The need for a NIC that is always connected.

1. Add a loopback adapter...

[WIN] + [R] | hdwwiz.exe

2. Open the “Network and Sharing Center” …

3. Click “Change adapter settings” and identify the loopback adapter…

4. Rename the loopback adapter…

5. Open loopback adapter’s properties…

6. Disable IP v6…

7. Edit IP v4 settings and assign an IP Address…

8. Click advanced an add another IP address for each SSL-Site to be hosted…

9. Open “IIS Manager” and click “Server Certificates”…

10. Click “Create self signed certificate” for each SSL site to be hosted and choose the host name as friendly name…

11. Assign each site to be hosted a dedicated IP address plus certificate…

12. Associated IP addresses with host names in the hosts file (or install DNS Services when on Server 2008)…

Done!

Auch in diesem Jahr veranstaltet der Just Community e.V. wieder das größte Developer und IT-Pro Community Event. Unter dem Motto „Check-In zum Wissensvorsprung“ holen wir am 28.08.2009 zahlreiche nationale und internationale Speaker nach Wuppertal. Neben den Vorträgen haben Sie natürlich auch dieses Jahr wieder viel Zeit für das Networking mit anderen ITlern aus Nah und Fern.

Alle Informationen, wie die Agenda und eine Übersicht über die Speaker gibt es unter http://www.nrwconf.de/.

Wir freuen uns, Ihnen auch dieses Jahr sowohl bekannte Gesichter, als auch neue Speaker vorstellen zu dürfen. Die Veranstaltung wurde in diesem Jahr möglich durch unsere Sponsoren: Hewlett Packard, devcoach, Microsoft Deutschland, Brockhaus AG, Itemis AG, sepago GmbH, MT AG, sowie weiteren Unternehmen.

Eine weitere Neuerung in diesem Jahr ist der Workshop Day, der am Vortag der eigentlichen Konferenz – sprich am 27.08.2009 – in den Räumlichkeiten unseres Sponsoren Ontaris GmbH stattfindet. Der Developer-Workshop befasst sich mit der Microsoft Web Platform und behandelt die Themen Rich Internet Applications mit Silverlight 3.0 und Web 2.0 Applikationen mit ASP.NET AJAX und JQuery. Die Workshops haben eine begrenzte Teilnehmerzahl (je acht) um den Lernerfolg zu garantieren. Also schnell einchecken…

Am 5. Juni war ich als Sprecher beim “Project Springboard” zu Gast. Dennis Zielke und das Student Partner Team haben ganze Arbeit geleistet und ein Spitzen Event auf die Beine gestellt – nochmal nochmal nochmal!

Mein Vortrag “IIS, PHP & WCF – Web Services InterOp” hat wirklich Laune gemacht und ist laut Feedback bester Vortrag der Konferenz – DANKE, IHR WARD EINE SUPER AUDIENCE!!!

 

Hier nun wie versprochen das Slide und der Code (PHP gehostet über FastCGI im IIS 7.0 ruft über SSL und Basic Athentication einen WCF Service mit einer Complex-SOAP-Message auf…): springbreak_IIS_PHP_und_WCF.zip

My colleague Sergey is working on a really nice package around CardSpaces. Watch his blog for updates...

There we go. Doors are open for NRW06!

20 Speakers, max. 250 attendees a lot of community and networking.

Signup

After you did you can put this onto your blog or website

Michael hat das Februar Editorial für das Security Portal von MSDN Germany geschrieben und wirft dabei interessante Vorschläge in den Raum:

Wie wäre es, wenn bei den allseits bekannten Programmtests der Fachzeitschriften ein Non-Admin-Test hinzu käme?

Wenn ein Programm auch danach beurteilt würde, ob es mit einem ganz normalen Benutzeraccount einwandfrei funktioniert?

Meiner Meinung nach: Recht hat er.

http://www.microsoft.com/germany/msdn/security/februareditorial.mspx

In one of my current projects (yes, there are more at the moment and yes that is the reason why it's a bit quiet around here) i neede to write an encrypted file to the hard disc using DPAPI (Data Protection API). After I unsuccessfully searched the web and the msdn (the sample reads all bytes to the buffer at once - not so nice), I wrote the following sample app:

using System;

using System.IO;

using System.Security.Cryptography;

 

public class DataProtectionSample

{

    public static void Main()

    {

        using(MemoryStream ms = new MemoryStream())

        {

            StreamWriter swriter = new StreamWriter(ms);

            swriter.WriteLine("Text to encrypt to file.");

            swriter.Flush();

 

            Console.WriteLine("Protecting data ...");

            DataProtection.Protect("D:\\_temp\\DPAPI.dat", ms, false);

        }

        Console.WriteLine("Unprotecting data ...");

        using(MemoryStream ms2 =

            (MemoryStream)DataProtection.Unprotect("D:\\_temp\\DPAPI.dat", false))
        {

            StreamReader sreader = new StreamReader(ms2);

            Console.WriteLine("");

            Console.WriteLine("Decrypted string: " + sreader.ReadToEnd());

        }

        Console.ReadLine();

    }

}

 

public class DataProtection

{

    private static byte[] _additionalEntropy = { 9, 8, 7, 6, 5 };

    private static int _bufferLength = 1024;

 

    public static void Protect(string filename, Stream stream,

        bool machineLevel)

    {

        if (File.Exists(filename))

        {

            File.Delete(filename);

        }

        using (FileStream fs = new FileStream(filename, FileMode.CreateNew))

        {

            byte[] buffer = new byte[_bufferLength];

            long byteCount;

            stream.Position = 0;

            while ((byteCount =

               stream.Read(buffer, 0, buffer.Length)) > 0)

            {

                buffer = ProtectedData.Protect(buffer, _additionalEntropy,

                    ((machineLevel) ? DataProtectionScope.LocalMachine :

                    DataProtectionScope.CurrentUser));

                fs.Write(buffer, 0, buffer.Length);

                fs.Flush();

            }

        }

    }

 

    public static Stream Unprotect(string filename, bool machineLevel)

    {

        MemoryStream ms = new MemoryStream();

       

        using (FileStream fs = new FileStream(filename, FileMode.Open))

        {

            byte[] buffer = new byte[_bufferLength + 146];

            long byteCount;

 

            while ((byteCount =

               fs.Read(buffer, 0, buffer.Length)) > 0)

            {

                buffer = ProtectedData.Unprotect(buffer, _additionalEntropy,

                    ((machineLevel) ? DataProtectionScope.LocalMachine :

                    DataProtectionScope.CurrentUser));

                ms.Write(buffer, 0, buffer.Length);

                ms.Flush();

            }

        }

        ms.Position = 0;

        return ms;

    }

}

 

 

 

Michael Willers, our security expert, just pointed me to an interesting resource related to ASP.NET Security.

Friday night Andreas Hoffmann (2nd lead of the VfL-NiederRhein user group) picked me up ad we drove the long way down to the south.

 

Our destination for Saturday morning was the “Chaostage” event of the .NET user group Deggendorf  (http://dotnet-deggendorf.sefnet.de/). I had a session “Introducing the concepts and architecture of ASP.NET“ in the morning and a second one “Hello WebServices – Message-Oriented Programming for distributed systems” in the evening.

We checked in at our hotel in Garching (I won’t tell the name but I’ll tell you a bit about the worst service). Because the waitress served me frozen potatoes with my steak I stood up and walked over to the bar. Just in this moment a voice behind me asked “Is this a codezone keychain? Are you gonna be at Microsoft on Monday?” It was Nicki Wruck (http://spaces.msn.com/members/icebloginfo/PersonalSpace.aspx) the organizer of the ICE 2005 Community together with Frank Solinske (http://spaces.msn.com/members/solinske/PersonalSpace.aspx) IT-Pro Security Guru. Only one nano-second later we drank the first beer together. The geek meet was so exciting that I was just about to forget the bad service of our hotel J

Sunday we fetched Stephan Oetzel (http://stephanon.net/) in Poing. We picked up Michael Willers (http://www.staff.newtelligence.net/michaelw/) Developer Security Guru from the Airport to merge the Security guys in the “Hofbräukeller”. Uwe Baumann (http://blogs.msdn.com/uweinside/) discussed about technical stuff with Andreas and me meanwhile. Later Nicki joined us together with Nico Lüdemann (https://www.openbc.com/hp/Nico_Luedemann/) and Carola Helfert (https://www.openbc.com/hp/Carola_Helfert/).

Monday - Launch Day – started with the Community GetTogether. Stephan and Andreas and I presented the results of the .NET Summit NRW (our community event). As always the time to do some “networking” was toooooooo short - even if we had at least the day before to talk to a few guys. The Launch Party was great. Steve Balmer’s Launch talk was transmitted per satellite into the Lobby of Microsoft in Germany – Great. The only problem again: So many people and such a small amount of time  

Carefully said I do not like that sharepoint "hijacks" the Internet Information Server. When you create a virtual directory it is just not accessable because SharePoint took over IIS.

Funny fact: This is the second post how to fix issues with IIS and "extension" that cause issues

So i decided to hack a small utility serving my needs:

ExcludeFromSharepoint.zip (3.46 KB)

Enables to exclude applications from sharepoint services through the directory context menu.
Install using the "-install" switch; Uninstall using "-uninstall" switch.

Because I'm running my machine under a LUA (Limited User Account) i wrote the tool in a way that you can install and uninstall it without administative rights - the contextmenu will be installed per user!

if(args[0]=="-install")

{

    RegistryKey _rkey = Registry.CurrentUser;

    _rkey = _rkey.OpenSubKey("SOFTWARE\\Classes",true);

    _rkey = _rkey.CreateSubKey("Folder").CreateSubKey("shell");

    _rkey = _rkey.CreateSubKey("Exclude from Sharepoint");

    _rkey = _rkey.CreateSubKey("command");

    _rkey.SetValue(null, App.Application.ExecutablePath + " \"%1\"");

}

else if(args[0]=="-uninstall")

{

    RegistryKey _rkey = Registry.CurrentUser;

    _rkey = _rkey.OpenSubKey("SOFTWARE\\Classes\\Folder\\shell",true);

    _rkey.DeleteSubKeyTree("Exclude from Sharepoint");

}

else

{

...

}

 

The Implementation works with the webserver extensions version 4.0 or higher

 

    RegistryKey _rkey = Registry.LocalMachine;

    _rkey = _rkey.OpenSubKey("SOFTWARE\\Microsoft\\Shared Tools\\" +

        "Web Server Extensions",true);

   

    foreach(string _subKeyName in _rkey.GetSubKeyNames())

    {

        try

        {

            int.Parse(_subKeyName.Replace(".",""));

            RegistryKey _fpKey = _rkey.OpenSubKey(_subKeyName,true);

            _fpDir = (string)_fpKey.GetValue("Location");

        }

        catch(Exception _ex)

        {

            string _err = _ex.ToString();

            break;

        }

    }

 

and uses the stsadm.exe from the shared tools of the server extensions.

    System.Diagnostics.Process _p = new System.Diagnostics.Process();

    _p.StartInfo.FileName = Path.Combine(_fpDir, "BIN\\stsadm.exe");

    _p.StartInfo.Arguments = "-o addpath -url http://localhost/" +

        _strProjectName + " -type exclusion";

    ...

    _p.Start();

 

Pierre posted an entry bout impersonation in ASP.NET szenarios.

[Pierre]There are several scenario where you have to use the impersonation in ASP.NET. Consider, for example, you have to save and load files from a network share (file server). In that case, if the web site accept anonymous authentications, you have to impersonate a windows user who has enought privileges to access to that resource.

You have three choices (I guess):

1. Elevate the ASP.NET process identity - worse case since you could compromise the whole site security
2. Impersonate a windows user during the single call (http://blogs.msdn.com/shawnfa/archive/2005/03/22/400749.aspx)
3. Demand the task to a COM+ server application

I think that the last is the best since we have more security and maintenance control
[...]

I agree with him that "Demand the task to a COM+ server application" is the best way of the three he listed. But for me impersonation it is still a don't.

By the way i wanted to post this as a comment but "Comments on this post are closed". Yes this is some criticism on weblogs.asp.net ...

So here my opinion as post in my blog:

Avoid impersonation! If you need to "redirect a binary that is located on a different box than the webserver to the client" utilize another IIS on the 2nd machine or write a service that returns the binary data.

 

Via Willem Odendaal I opend the following web site http://www.squarefree.com/bookmarklets/forms.html#frmget. It holds an interesting collection of bookmarklets (Javascript commands that can be saved as bookmarks so they can be applied to every page that is opend in your browser).

For example: "remove MaxLength" ... shows how important it is to use ASP.NET Validation Controls in your Web Applications.

 

Yesterday I arrived in Frankfurt with a delay of 2 hours (thanks to the Deutsche Bahn). Monday is Workshop day and so I just sat arround and did the same stuff that I would normally do in the office. I'm currently working on an ASP.NET project that uses v. 1.1 but will be converted to 2.0 with it's "Go-Live". So I need to make sure that I don't do things that will stand in the way in the next version.

Here are a few questions I'm currently asking myself:

• Do i like the idea to save the properties of the Profile class in a ntext database column with the length of 6000?
• Will i accept that i can only user MemberShip with MediumTrust or higher?

In germany we say: "Kommt Zeit, kommt Rat".

[Dino Esposito] ...Introduced with ASP.NET 1.1, ViewStateUserKey is a string property on the Page class that only few developers admit to be familiar with. Why? Let's read what the documentation has to say about it.[...]

void Page_Init (object sender, EventArgs e) 
{
   ViewStateUserKey = Session.SessionID;
}

There will be a few more that are familiar with that now