Daniel Fisher(lennybacon) - SOA, Data and the Web

Monday, June 20, 2005

Pierre posted an entry bout impersonation in ASP.NET szenarios.

[Pierre]There are several scenario where you have to use the impersonation in ASP.NET. Consider, for example, you have to save and load files from a network share (file server). In that case, if the web site accept anonymous authentications, you have to impersonate a windows user who has enought privileges to access to that resource.

You have three choices (I guess):

Elevate the ASP.NET process identity - worse case since you could compromise the whole site security
Impersonate a windows user during the single call (http://blogs.msdn.com/shawnfa/archive/2005/03/22/400749.aspx)
Demand the task to a COM+ server application

I think that the last is the best since we have more security and maintenance control
[...]

I agree with him that "Demand the task to a COM+ server application" is the best way of the three he listed. But for me impersonation it is still a don't.

By the way i wanted to post this as a comment but "Comments on this post are closed". Yes this is some criticism on weblogs.asp.net :-) ...

So here my opinion as post in my blog:

Avoid impersonation! If you need to "redirect a binary that is located on a different box than the webserver to the client" utilize another IIS on the 2nd machine or write a service that returns the binary data.

ASP.NET | Misc | Projects | Security | WebServices

Monday, June 20, 2005 8:57:15 AM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [17] |

Thursday, June 02, 2005

.NET Summit NRW 2005

After quite an amount of time, work and effort, that it had cost to realize my ideas I'm proud to present together with Stephan Oetzel to you an extra large community event:

Nach einer ganzen Menge Zeit, Arbeit und Anstrengung die es gekostet hat meine Idee zu realisieren bin ich nun stolz zusammen mit Stephan Oetzel eine Community Event der Superlative zu präsentieren:

And here is the lineup:

Christian Weyer [thinktecture], Michael Willers [newtelligence, VfL-NiederRhein member], Jörg M. Freiberger [avanade, VfL-NiederRhein lead], Dirk Primbs [MS], Stephan Oetzel [flowoffice, NET UG Düsseldorf lead] and me Daniel Fisher(lennybacon) [newtelligence, VfL-NiederRhein lead]

And the Agenda:

Time	Track 1	Track 2
17:00 - 17:45	Assembly
17:45 - 18:00	Keynote
18:00 - 18:45	Team System	Mobility
18.45 - 19.15	Break/Networking
19:15 - 20:00	Security	SOA
20:00 - 20:45	Indigo	Sql Server 2005 Mobile
21:00	Finish

So what are you waiting for: Sign up!

http://www.event-team.com/events/NETSummitNRW/

At this point it's time to thank a few guys out there Thomas Fickert of Microsoft Gemany and Damir Tomicic of INETA for the support, the speakers who are almost doing their talks for free, Björn Klotz, Sabine Nüser and Christian Chrisu Sudi of E-Team for everything they did for me and last but not least my girlfriend. Thank you all.

Event

Thursday, June 02, 2005 7:39:47 PM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [24] |

Wednesday, June 01, 2005

SQL Sever 2005 (YUKON) Review in short, #2

Ok, here is another one:

1. I add a login to my database server:

EXEC sp_addlogin @Username, @Password, @Database;

This works fine!

2. I add a user, to a database by using the stored prcedure sp_adduser:

Use [MyDB];
EXEC sp_adduser @Username;

This also works fine!

3. I want to remove the user from the database. Therefor i use the stored prcedure sp_dropuser:

EXEC sp_dropuser @Username;

This removes the user BUT what you'll see while digging deeper is that sp_adduser has created an SCHEMA and sp_dropuser don't cares a s%#t about that - it's still there after calling sp_dropuser :-(

SQL Server 2005

Wednesday, June 01, 2005 6:20:47 PM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [20] |

SQL Sever 2005 (YUKON) Review in short, #1

First of all ... wow, yeah, the IDE of SQL Server 2005 is pretty nice with all those grafics and animations but

It's more than anoying that i can not paste multiline text into a column of a table opened via right-click | Open Table
NOTE: It is possible to add multi-line-texts via an insert/update script - but hey, that takes me 10-30 seconds longer ... raise your hands if ya wanna pay me for that.

SQL Server 2005

Wednesday, June 01, 2005 6:12:56 PM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [13] |

Tuesday, May 31, 2005

Indicate if the current web is running in debug mode...

public static bool IsWebInDebugMode
{
    get
    {
        bool _isDebug = false;


        if(HttpContext.Current.Cache["IsDebug"]==null)
        {
            XmlDocument _doc = new XmlDocument();
            string _cfgfile = HttpContext.Current.Server.MapPath("~/Web.Config");
                _doc.Load(_cfgfile);

            XmlNode _node = _doc.SelectSingleNode("configuration/system.web/compilation");

            if(_node==null || _node.Attributes["debug"]==null ||
               _node.Attributes["debug"].Value.ToLower()!="true")
            {
                _isDebug = false;
            }
            else
            {
                _isDebug = true;
            }
            HttpContext.Current.Cache.Insert("IsDebug", _isDebug,
               new System.Web.Caching.CacheDependency(_cfgfile),
               DateTime.Now.AddDays(1),
               TimeSpan.Zero);
        }
        else
        {
            _isDebug = bool.Parse(HttpContext.Current.Cache["IsDebug"].ToString());
        }

        return _isDebug;

    }
}

ASP.NET | C#

Tuesday, May 31, 2005 3:45:03 PM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [12] |

Monday, May 30, 2005

What Video Game Character Are You?

I am a Defender-ship.

I am fiercely protective of my friends and loved ones, and unforgiving of any who would hurt them. Speed and foresight are my strengths, at the cost of a little clumsiness. I'm most comfortable with a few friends, but sometimes particularly enjoy spending time in larger groups.
(If I were not a Defender-ship you would be Pacman.)
What Video Game Character Are You?

Misc

Monday, May 30, 2005 5:33:45 PM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [14] |

Monday, May 09, 2005

Next to XSS is SSS - Same Site Scripting

Via Willem Odendaal I opend the following web site http://www.squarefree.com/bookmarklets/forms.html#frmget. It holds an interesting collection of bookmarklets (Javascript commands that can be saved as bookmarks so they can be applied to every page that is opend in your browser).

For example: "remove MaxLength" ... shows how important it is to use ASP.NET Validation Controls in your Web Applications.

ASP.NET | Security

Monday, May 09, 2005 1:43:14 PM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [19] |

Back on the road

It's happening again. MichaelW and me are back on tour for TornadoCamp Xpress, the .NET 2.0 event of newtelligence. Today we started. We meet MichalK of Microsoft, he's a nice and smart guy, our local contact and I'm doing this post right in the middle of our C# 2.0 HOL.

I miss my familiy @ home - love ya! cu soon.

Cheers to the rest out there.

Event | Misc

Monday, May 09, 2005 1:21:00 PM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [18] |

Thursday, April 21, 2005

.NET 2.0 Only 99.9% backwards compatible?

While re-writing a few WebServices for .NET 2.0 i ran across following:

...
public static void WaitProc(object state, bool timedOut)
{
MyAsyncResult myAsyncResult = (MyAsyncResult)state;
myAsyncResult.OriginalCallback.Invoke(myAsyncResult);
}
...

This compiles without any problems in Visual Studio .NET 2003 but makes the compiler scream (Invoke cannot be called directly on a delegate) untill you change the lines to the following:

...
public static void WaitProc(object state, bool timedOut)
{
MyAsyncResult myAsyncResult = (MyAsyncResult)state;
myAsyncResult.OriginalCallback(myAsyncResult);
}
...

ASP.NET | C# | WebServices

Thursday, April 21, 2005 2:12:24 PM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [18] |

Uninstalling Previous Versions of Visual Studio 2005

If you have installed previous versions of Visual Studio 2005, such as Beta 1 or Community Technical Preview (CTP) builds of Visual Studio Team Suite, Visual Studio Standard or Visual Studio Professional, then you must uninstall the pre-Beta2 components in the exact order below before beginning to install any version of Visual Studio 2005 Beta 2.

Go to the Control Panel and launch Add/Remove Programs
Remove "Microsoft Visual Studio 2005 Professional" or other related IDE installs such as (Visual Studio Professional/Standard/Enterprise Architect/Team Suite, etc.)
Remove "Microsoft SQL Server 2005 Express Edition"
Remove "Microsoft SQL Server 2005 Tools Express Edition"
Remove "Microsoft SQL Native Client"
Remove "Microsoft Visual Studio 64bit Prerequisites Beta"
Remove "Microsoft MSDN Express Library 2005 Beta"
Remove "Microsoft Visual Studio Tools for Office System 2005 Runtime Beta"
Remove "Microsoft Device Emulator 1.0 Beta"
Remove "Microsoft .NET Compact Framework 2.0 Beta"
Remove "Microsoft SQL Mobile 2005 Development Tools"
Remove "Microsoft Visual J# Redistributable Package 2.0 Beta". If you receive an error message, see Note 1.
Remove "Microsoft .NET Framework 2.0 Beta". If you receive an error message, see Note 2

Notes:

If you see an error removing J# .NET Redistributable Package 2.0 from Add/Remove Programs, please run "msiexec /x {9046F10C-F5E7-4871-BED9-8288F19C70DF}" from a command line window
If you see an error removing .NET Framework 2.0 from Add/Remove Programs, please run "msiexec /x {71F8EFBF-09AF-418D-91F1-52707CDFA274}" from a command line window

Misc

Thursday, April 21, 2005 11:05:12 AM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [14] |

You shall not click on the "favicons" link

Mozilla Suite and Firefox "favicons" LINK Code Execution Exploit

[...]a user clicks on a link, this code will create and launch the file c:\trojan.bat (on Windows).
On Linux and Mac OS X this code will create the file ~/trojan or /trojan[...]

Misc

Thursday, April 21, 2005 10:00:06 AM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [23] |

Friday, March 25, 2005

Now i'm 0x19

:-)

Misc

Friday, March 25, 2005 2:22:20 PM (W. Europe Standard Time, UTC+01:00)

Disclaimer | Comments [13] |

About

Daniel Fisher is a co-founder of devcoach® (www.devcoach.biz), a company that supports and accompanies customers in projects with the Microsoft® .NET platform all through from architecture to deployment.

Daniel has a strong emphasis on service-orientation (SOA), agile methodologies and processes, the web and data access.

He is a recognized expert in the SOA-field and plans and realizes distributed systems on the Microsoft platform since many years. Daniel is one of the early Windows Communication Foundation (WCF) experts and was a member of the technical adoption program for the Microsoft Corporation.

For the federal office for security in information technology of the German government he and Michael Willers have created a security analysis and written practice-proven guidelines for the daily work with WCF. As experts for the topic "SOA with .NET" they traveled through Europe to discuss the requirements of architects from all over the world and help them implement solutions.

Daniel is developing software since 1995 (since 1999 on the .NET platform) and has worked several years on projects as a developer, architect, project lead and consultant for insurance companies, distributors, mobile communications hardware, construction supplies and various other companies of different branches.

He is actively contributing to the software developer community as chair-man of JustCommunity e.V. (www.justcommunity.de), organizer of the biggest regional community event, and lead of a user group.

Navigation