Wednesday, February 28, 2007

3612.aspx

Loosing forms authentication after ASP.NET application recycles

I recently moved my blog to a hosting center (more on that in another post) and hit a few strange issues:



  • forms would fail with an Invalid Viewstate error

  • forms authentication would be lost after my web application was recycled

I know why it happens (ASP.NET security measures) but not what is causing it.


Let me try to explain better. ASP.NET does it best to make sure the ViewState and forms authentication cannot be hacked by “signing“ sensitive data. The <machineKey> element in Machine.Config decides how the key is generated and which algorithm to use. The computer can generate the key automatically but it is machine specific so the key must be the same on all machines in a web arm.  So far, so good. But I only have a single “dedicated“ server so the key should always stay the same and I should not have any problems.


Not so simple. The key is normally set to “AutoGenerate“ in machine.config which usually work but not in my case. The most likely cause is the account used to run the ASP.NET worker process as the key is stored in the registry with access limited to "Network Service":



When the machineKey is set to AutoGenerate, the key information is stored in the HKEY_CURRENT_USER hive for the account running the process. For W2k3 servers, this is the Network Service account. Otherwise, the account is ASP.NET machine account. When the process launches, ASP.NET will use the HKEY_CURRENT_USER registry key if it is available. If this key is not available, the
HKEY_LOCAL_MACHINE key will be used.  If neither registry key exists, the process creates the key in the HKEY_LOCAL_MACHINE hive. If these conditions fail, the process creates a brand new set of keys


My worker process was running as “Network Service“ but I didn't have time to dig into the registry security settings so I applied the procedure for configuring machines in a web garden. Luckily the fix is a lot simpler than the explanation:



  • Use a machineKey generator to generate the settings for your machine

  • Replace your existing <machineKey> element in machine.config with the generated section

This MSDN article explains the dirty details better

3610.aspx

It is official: I am a Pig

or at least the Chinese think I am…


I would never have found out if I did not work next to the Chinatown of Milano. There was an advertisement for the Chinese New Year celebration recently and I saw a description of the various zodiacs. By chance I noticed that this is the year of the Pig.


I do not believe in astrology but I find the wikipedia description of the Year of the Pig scarily accurate:



The Pig type is usually an honest, straightforward and patient person. They are a modest, shy character who prefers to work quietly behind the scenes. When others despair, they are often there to offer support. This type of person is reserved with those they do not know too well, but as time passes and they gain confidence, those around them may discover a lively and warm-hearted person behind that mask of aloofness. Despite those born in the year of pig having a wide circle of friends and acquaintances, they have few close friends who understand them and share their inner thoughts and feelings. It is easy to put trust in pig type; they won't let you down and will never even attempt to do so. Such people simply want to do everything right according to social norms.

Tuesday, February 27, 2007

3606.aspx

The mathematics of lacing shoes

What is the optimal way of lacing your shoes?  Good we have university mathematicians to help us with these philosophical issues and present the best solutions:

 


The criss-cross and straight patterns (left and centre) are strongest, but the bow-tie pattern (right) is the most efficient


I keep it simple and use the criss-cross pattern. What about you? Are you a traditionalist or are you using one of the 400 million other ways of lacing a shoe?

Monday, February 26, 2007

3599.aspx

.NET CF 2.0 Pocket Outlook DueDate problem

While porting my free Pocket PC applications to .NET CF 2.0 I just discovered an interesting "feature" of the Microsoft Pocket Outlook wrapper. The first port of poToday used my POOM wrapper for .NET CF 1.0 but I decided to drop it for the built in Microsoft PocketOutlook libraries.


My application dropped from 70kb + 30kb of wrapper DLL to only 31kb. Reorganizing the menus I am able to use the application completely without stylus which is pretty neat. But I found a problem with DueDate property that drove me crazy for a while. I can filter on the DueDate like this:


TaskCollection dueTasks = allTasks.Restrict("[DueDate] = \"" +


     System.DateTime.Today.ToString("dd/MM/yy") + "\" and [Complete]=False");


 


But as the following screenshot shows; I cannot set the DueDate to Today as it becomes yesterday:



task.DueDate should have been newDate (i.e. System.DateTime.Today) but it is 24 hours wrong :-(


I guess it converts the date to UTC link before it sets it. Whatever the reason; adding the difference between the current time and UTC works grand:


System.DateTime.Today + (System.DateTime.Now - System.DateTime.UtcNow);


 
I am still dogfooding my apps but I hope to release them soon.

3597.aspx

Replacing HTML markup in SQL Server

I automatically generate a short summary for each post on my blog. The logic for creating the summary should stay on the front end but I did not have the source code for my blog engine (.text) so I put it in the DB.


The following function removes all HTML tags, leaving only the text I want to display in the summary:


CREATE FUNCTION [dbo].[replaceHTML]


(


       @cont varchar(8000)


)


RETURNS varchar(8000)


AS


BEGIN


     


  declare @out  varchar (8000)


  declare @tag  varchar (8000)


  declare @pos1 int


  declare @pos2 int


 


  -- Find the start/end of first tag


  set @pos1=charindex('<', @cont);


  set @pos2=charindex('>', @cont);


 


  if not(@pos1>0 and @pos2>@pos1)


  begin


    set @out=@cont


  end


  else


  begin


    set @out='';


 


    -- as long as there are tags


    while @pos1>0 and @pos2>@pos1


    begin


      set @tag=substring(@cont,@pos1,@pos2-@pos1+1);


      if @pos1>1


      begin


        set @out=@out+substring(@cont,1,@pos1-1)


      end


 


      set @cont=substring(@cont,@pos2+1, len(@cont) - @pos2);


 


        -- Find the start/end of next tag


      set @pos1=charindex('<', @cont);


      set @pos2=charindex('>', @cont)


    end


    set @out=@out+@cont


  end


  return(@out)   


END


 


It may not be very nice, but it works and it improves the Google search results (which is strange as Google gets a complete list my posts via the sitemap...)

Wednesday, February 14, 2007

3567.aspx

Buying tickets online in Italy

I have bought many tickets through TicketOne.it recently (U2 Milano, Mugello 2006, Mugello 2007, Misano 2007). But the purchase experience has always been slow and painful. This evening was the last drop when I tried to buy tickets for Bugs Bunny On Ice.



I ordered two adults and two kids and got a ticket assignments where the kids would sit on a separate row and with seat numbers far away me and my wife. I would have accepted the tickets asap if I hadn't used the company before. I hunted around for 1/2 hour on TicketOne and the event site of Bugs Bunny without finding a way to identify if the seats really were close or far from each other. I went through the whole purchase experience 4-5 times without finding tickets that reassured me.


By chance, I noticed a link to VivaTicket.it on the event site and followed the link.


Wow. What a difference; fast, easy to use and clear information. Not only does it work, but it shows you graphically which seats you have been assigned so you can verify that the seats are close together. On the first search I found 4 tickets next to each other on the 1st row for the show I wanted. It shows you the seat assignments and leaves you a few minutes to confirm the reservation. You then have 24 hours to pay via credit card, ATM etc. They did not have an option to ship the tickets but I don't mind showing up a bit earlier to pick up the tickets.

Monday, February 12, 2007

3515.aspx

Microsoft Keyboard Layout 1.4

Tired of the standard QWERTY and the faster, but not so common Dvorak, keyboard layouts? Why not make your own with Microsoft Keyboard Layout Creator:


Apart from using it for an office prank, the tool is actually useful if you have laptop with a weird keyboard layout or if you a programming on a non-US keyboard where frequently used characters like {}; are hidden away behind obscure AltGr+Shift combinations.

3513.aspx

How to fix Motorola SLVR L7 problems on Win2k3 Server

I recently got a Motorola SLVR L7 at work to replace my broken Nokia 6630. My main reasons for getting it were the size (small and light) and the fact that it charges via a standard Mini USB cable just like my PDA. Finally only one cable and one charger to bring around. Motorola is not as good as Nokia when it comes to software but who cares as I only need it for SMS and making calls. Like the Nokia 6630 it synchronizes with my Outlook contacts. At least that was what I thought...


I tried transferring contacts via Bluetooth from my PC, via Bluetooth and MMS from Pocket PC, but the phone did not like the contact format. In the end I tried the Motorola Phone Tools but it does not work on Windows 2003 Server :-( It installed OK but neither the Bluetooth Setup Wizard nor the Cable connection recognizes the device. I tried all sorts of ways to make it detect the phone but either the Motorola Phone Tools crashed or it looked for wmmodems.dat that was nowhere to be found on the CD. I was about to give up and copy the contacts via the SIM when I found the solution in a support forum:


Copy Detect.inf and modems.cab from the \MPT\Addons directory on the Motorola Phone Tools CD to  C:\Program Files\Motorola Phone Tools.


That's it. The next time I started it automatically recognized my device and synchronized my contacts.

3512.aspx

UGISS SQL Server event 27/2 in Milano

UGISS, the Italian SQL Server Users Group, is organizing a free event with Microsoft 27/2: SQL Server: una piattaforma integrata [Italian]


I get more and more respect for the conferences/work shops hosted by the various Italian User Groups each time I attend one. They are held by people that want to share their hard learned experience, not by someone who is paid to sell a product.


There will be two tracks in the afternoon; one for DBAs and one for developers.


Thanks for the tip Michele

Tuesday, February 6, 2007

3499.aspx

.NET Micro Framework

When Compact is not Compact enough; try the .NET Micro Framework. It is targeted at small devices like smart watches and SideShow


The main difference from the other .NET versions is that .NET Microsoft Framework does not require Windows. It runs in a few few hundred kilobytes of RAM, and as little as 512K of flash memory and brings the benefits of the CLR to small devices:




  • Enables writing of simpler, more fail-safe code through built-in support for garbage collection and exception handling.

  • Protects against errant execution by supporting only “safe” IL instructions.

  • Allows straightforward support for new hardware with the ability to write device drivers in C# for hardware connected through standard interfaces, such as SPI, I2C, GPIO, and USART.

All developed in the familiar environment of Visual Studio. The whitepaper has more information on the development process.


I have had a lot of fun (and hard times) with .NET Compact Framework. I hope I can get hold of a smart watch or a device with SideShow and take .NET Micro Framework for a spin.