Tuesday, November 18, 2008

ASP.NET Forms Authentication Disappearing Cookie

I have been developing the login for a secure asp.net web application.
The application requires Forms Authentication with a pass through to a Windows Identity (see How To: Use Protocol Transition and Constrained Delegation in ASP.NET 2.0). To simplify matters I have been building up the security process in an empty web project.
having created a Forms Authentication web site (How To: Use Forms Authentication with Active Directory in ASP.NET 2.0) and implemented the Use Protocol Transition and Constrained Delegation (see link above) the login worked on the Visual Studio 2008 ASP.NET Development Server.

Next step was to release to a development server, the same Windows 2008 machine used to host the main application, following deployment the login failed.
Having searched a little I broke out Fiddler and discovered the Authentication Ticket/Cookie was set on login and then lost on redirect to the target secure page.

After a good nights sleep and fiddling around a little I verified the whole login process worked by placing the ticket on the URI, this however was not an acceptable solution.
Back to searching, this time I included IIS7 in my search and came up with this - I couldn't quite believe this was true, but it fixed my problem.

The test site I had created included an underscore in the URL, this was causing the cookie loss.

I have run this past a few colleagues and despite the use of an underscore in a URL not been common they knew of no real reason not to use one.

I hope this help someone out there.

Wednesday, October 29, 2008

Programming Languages - Shooting yourself in the foot

C You shoot yourself in the foot.

C++ You accidentally create a dozen clones of yourself and shoot them all in the foot. Providing emergency medical assistance is impossible since you can't tell which are bitwise copies and which are just pointing at others and saying, That's me, over there.

JAVA After importing java.awt.right.foot.* and java.awt.gun.right.hand.*, and writing the classes and methods of those classes needed, you've forgotten what the hell you're doing.

Ruby Your foot is ready to be shot in roughly five minutes, but you just can't find anywhere to shoot it.

PHP You shoot yourself in the foot with a gun made with pieces from 300 other guns.

ASP.NET Find a gun, it falls apart. Put it back together, it falls apart again. You try using the .GUN Framework, it falls apart. You stab yourself in the foot instead.

SQL SELECT @ammo:=bullet FROM gun WHERE trigger = 'PULLED'; INSERT INTO leg (foot) VALUES (@ammo);

Perl You start shooting yourself in the foot, but you lose the gun.

Javascript You've perfected a robust, rich user experience for shooting yourself in the foot. You then find that bullets are disabled on your gun.

CSS You shoot your right foot with one hand, then switch hands to shoot your left foot but you realize that the gun has turned into a banana.

FORTRAN You shoot yourself in each toe, iteratively, until you run out of toes, then you read in the next foot and repeat. If you run out of bullets, you continue anyway because you have no exception-handling ability.

Modula2 After realizing that you can't actually accomplish anything in this language, you shoot yourself in the head.

COBOL Using a COLT 45 HANDGUN, AIM gun at LEG.FOOT, THEN place ARM.HAND.FINGER. on HANDGUN.TRIGGER and SQUEEZE. THEN return HANDGUN to HOLSTER. CHECK whether shoelace needs to be retied.

LISP You shoot yourself in the appendage which holds the gun with which you shoot yourself in the appendage which holds the gun with which you shoot yourself in the appendage which holds the gun with which you shoot yourself in the appendage which holds the gun with which you shoot yourself in the appendage which holds ..

BASIC Shoot yourself in the foot with a water pistol. On big systems, continue until entire lower body is waterlogged.

FORTH Foot in yourself shoot.

APL You shoot yourself in the foot, then spend all day figuring out how to do it in fewer characters.

Delphi The compiler won't let you shoot yourself in the foot.

SNOBOL If you succeed, shoot yourself in the left foot. If you fail, shoot yourself in the right foot.

Concurrent Euclid You shoot yourself in somebody else's foot.

HyperTalk Put the first bullet of the gun into the foot of the left leg of you. Answer the result.

Motif You spend days writing a UIL description of your foot, the trajectory, the bullet, and the intricate scrollwork on the ivory handles of the gun. When you finally get around to pulling the trigger, the gun jams.

Unix % ls foot.c foot.h foot.o toe.c toe.o % rm * .o rm: .o: No such file or directory % ls %

Paradox Not only can you shoot yourself in the foot, your users can too.

Revelation You'll be able to shoot yourself in the foot just as soon as you figure out what all these bullets are for.

Visual Basic You'll shoot yourself in the foot, but you'll have so much fun doing it that you won't care.

Prolog You tell your program you want to be shot in the foot. The program figures out how to do it, but the syntax doesn't allow it to explain.

Ada After correctly packaging your foot, you attempt to concurrently load the gun, pull the trigger, scream and shoot yourself in the foot. When you try, however, you discover that your foot is of the wrong type.

Assembly You try to shoot yourself in the foot only to discover you must first reinvent the gun, the bullet, and your foot. After that's done, you pull the trigger, the gun beeps several times, then crashes.

370 JCL You send your foot down to MIS with a 4000-page document explaining how you want it to be shot. Three years later, your foot comes back deep-fried.

Monday, October 13, 2008

Unit Testing III

When testing a method with a WCF call the Test Project must have the same WCF referenced within it.

Likely to get an Exception
Could not find endpoint element with name '...' and contract '...' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this name could be found in the client element.

Tuesday, October 7, 2008

Unit Testing II

Its been a while since I wrote any Unit Tests in anger (even then it was part of a University project)...

So I'm listing a few essential pieces of knowledge that seem to have escaped me...

1. This is not an exciting job - the important ones rarely are!

2. Include any Connection Strings or similar in the Test Project's app.config file.

3. Do this carefully - especially when your WCF interacts with multiple databases.

4. Objects & Lists? It can be difficult to compare two of these instances, like all tests (and these are the easy ones) be creative!

5. A Test project does not always react well to having multiple subject projects to test.

6. A Solution will not always react will to having multiple Test Projects in it.

Unit Testing I

I am currently writing some Unit Tests to allow automated building and load testing for a .NET WCF.

One of the methods in the WCF remained a skeleton, throwing a NotImplementedException, which I sepent a while googling before I checked the code, learn by stupid mistakes, check the code first!

Thursday, September 25, 2008


My first Attempts to use LINQ were breifly held back until I realised the beta version had slightly different functions availiable, the diffrences are outlined here. Add has been replaced by InsertOnSubmit and Remove by DeleteOnSubmit, becareful when looking at the example on the web, most were written using the beta release...

After this I found it was very easy to create a fully functional set of methods for Insert, Update and Get, (no Delete as it not required by the system).

DataContext objDB = new DataContext();

var temp = from hi in objDB.Help
where hi.Identifier == ID
select hi;

DataContext objDB = new DataContext();
Help temp = from hi in objDB.Help
where hi.Identifier == ID
select hi;

temp.Author = "Harry";

Help temp = new Help();
// Populate object to insert
DataContext objDB = new DataContext();

Obviously there is a little more to the work than this, but I won't repeat too much of what is already out there, for example: Scott Guthrie's Blog and The Linq Project.

Tuesday, September 23, 2008

Micorsoft remix 08 (Brighton)

A quick run-though of the Seminars I attended with some useful links and breif background.

Bill Buxton & Scott Guthrie

Bill Buxton gave a short talk on the importance of Design, why its important, what it can do for a business and who is good at it. Not just about having good designers, its about using them and using them at the right time (throughout the entire product lifecycle).

Scott Guthrie spoke on a number of subjects, Rich Internet Applications, ASP.NET MVC, Silverlight 2 and some other related subjects.

Introduction To Silverlight 2 - Parts 1 & 2

Scott Guthrie

Scott Guthrie went through a two part Silverlight overview.

ADO.NET Data Services for the Web (a.k.a. Project Astoria)
Mike Flasko

Astoria / ADO.NET Data Services read all about it... more posts to follow

Visual Studio Tips and Tricks
Sara Ford

21 tips and tricks from Sara's Blog, (her remix post). Many tips and tricks can be found here, look out for Incremental Search, Box Selection, disable the copy/cut action when on a blank line, Snippets, Trace Points and Macros... and more.

Look out for the Tip of the Gadget (for Vista users).

Understanding the ASP.NET Model View Controller
Scott Guthrie

Scott Guthrie gave an overview of
MVC, examples are availiable on his blog.

MVC is an alternative to and not a replacement for Web Forms.

I'll let you read it about MVC, very interesting...

ASP.NET Front End Performance
Chris Hay

Check out Chris' Blog for details, and I will be posting another entry just on this seminar.

Instant Messenging - Your route to millions
Dr Neil Roodyn

Not quite what I expected, but there may be someone interested out there.

The Windows Live Messenger Library can be used to add Messenger functionailty to your site, there are sufficient examples and detail on line, I wont bore you with any more details.

Design wIth Microsoft Expression
Arturo Toledo
An overview of what can be done with some of the
Microsoft Expression family, mainly demos and examples. Presentation slides done with Deep-Zoom and examples/assets used should be on the web. In Arturo's Blog there is an entry with the slides from remix.

20/20 Talks
Many people...
20 slides, 20 seconds a slide, a challenge for many people, featuring: "20 tips, 20 seconds a tip" (Sara Ford ), the Silverlight 2 "20 Sliders, 20 seconds a slider"


(not a seminar)

A little display in the conference, will be looking into this a little more, loads of fun with digital photos.

LINQ - Language Integrated Query language

(used in examples)

LINQ to SQL and LINQ to XML - quick and efficinet data access, again more posts relating to this will appear soon.

home | www.purplepool.com