Daniel Fisher (@lennybacon)

Boy, look at it - it's five now!

First of all thank you to everybody who helped (Microsoft, INETA, S&S, E-Team...), spoke (Christian Weyer, Dirk Primbs, Achim Oellers, Dr. Holger Schwichtenberg) nad attended the event.

A few things learned:

• Min. Session time is 60 min.
• Print out the list of attendees ordereb by lastname ascending
• Call restaurant to make sure the speakers diner will be served :-P

The feedback until now was very good and Stephan and I plan to do the ".NET Summit NRW 2006" next year. bigger, better, more

Today 10:36 the last left attendee registration for the event I'm organizing with Stephan Oetzel came in.

More info: .NET Summit NRW.

Mike Vernal figured out from where Microsoft's whole "evil empire" moniker comes.´

Must read

If you ever wanted to know where newtelligence headquarter is (Korschenbroich)...

http://virtualearth.msn.com/default.aspx?cp=51.188584|6.605851&style=r&lvl=9&v=1

You can also see where our next SOA Workshop will happen (Düsseldorf) on September 5 - 7, 2005.

Scott posted a solution to support httpOnly cookies in ASP.NET 1.1 but pointed out some problems when you run the code on 2.0(http://www.hanselman.com/blog/HttpOnlyCookiesOnASPNET11.aspx)

Here is a solution:

		
protected void Application_EndRequest(Object sender, EventArgs e)
{    
	if(System.Environment.Version.Major<2)
	{
		foreach(string cookie in Response.Cookies)    
		{        
			const string HTTPONLY = ";HttpOnly";        
			string path = Response.Cookies[cookie].Path;        
			if (path.EndsWith(HTTPONLY) == false)        
			{            
				//force HttpOnly to be added to the cookie            
				Response.Cookies[cookie].Path += HTTPONLY;        
			}    
		}
	}
}

• 2939: Programming Microsoft SQL Server 2005
• 2940: Building Services and Notifications Using Microsoft SQL Server 2005
• 2941: Creating the Data Access Tier Using Microsoft SQL Server 2005

Pierre posted an entry bout impersonation in ASP.NET szenarios.

[Pierre]There are several scenario where you have to use the impersonation in ASP.NET. Consider, for example, you have to save and load files from a network share (file server). In that case, if the web site accept anonymous authentications, you have to impersonate a windows user who has enought privileges to access to that resource.

You have three choices (I guess):

1. Elevate the ASP.NET process identity - worse case since you could compromise the whole site security
2. Impersonate a windows user during the single call (http://blogs.msdn.com/shawnfa/archive/2005/03/22/400749.aspx)
3. Demand the task to a COM+ server application

I think that the last is the best since we have more security and maintenance control
[...]

I agree with him that "Demand the task to a COM+ server application" is the best way of the three he listed. But for me impersonation it is still a don't.

By the way i wanted to post this as a comment but "Comments on this post are closed". Yes this is some criticism on weblogs.asp.net ...

So here my opinion as post in my blog:

Avoid impersonation! If you need to "redirect a binary that is located on a different box than the webserver to the client" utilize another IIS on the 2nd machine or write a service that returns the binary data.