Rory Primrose

Upgrading to CS2007 was really painless, but there was a hole left in my site because of no CAPTCHA support. Well, that has all changed now. A huge thanks and shout out to Brendan who has produced the CAPTCHA goods.

His implementation was so easy to install. It leverages the control adapter capabilities of ASP.Net which avoids any impact on the existing code base. Another thing I like about this implementation is that it doesn't require authenticated users to enter the CAPTCHA value. This is absolutely awesome! Thanks Brendan.

Tags:

Every now and then, and sometime more often than that, I happened to not have my fingers on the right keys. The results are usually terrible, but can sometimes be kinda cool. I just tried typing "similar" and came up with "sunukar" instead. Maybe that should be the name of my next piece of software.

Following in one of the trends of Microsoft, I have been naming software according to town names. Could this be the new method of generating code names? Just bash the keyboard in semi-random positions.

Tags:

If you have an ASMX client, you can get it to call a WCF endpoint with some restrictions. You have to use the basicHttpBinding on the WCF service and the service implementation (or contract) needs to be decorated with the XmlSerializerFormat attribute.

I have encountered a problem under SSL though. I am wanting to use username/basic authentication with the service over SSL. This article makes the following reference:

The easiest straightforward way for a successful interoperability scenario is to leverage on transport-layer security. This also means that a properly configured WCF implementation can interoperate with a Basic Profile 1.0 compliant ASP.NET Web Service (ASMX) that is currently deployed via SSL / HTTPS as well as with a WSE 2.0 service or client and likewise.

WCF has a standard binding called “<basicHttpBinding>” which derives its name from the Basic Profile specifications. There is a security mode within this binding called “TransportWithMessageCredential”. You can choose either a transport or a message credentials in this security mode. Setting it to <message clientCredentialType="UserName"/> uses Transport-Level Security (SSL / HTTPS) with SOAP-Level Username token security credentials. This is in accordance with the WSS SOAP Message Security Username Token Profile 1.0 and it implements WSS SOAP Message Security 1.0 specification for username/password (for client authentication) over HTTPS (for privacy).

My WCF client consumes the endpoint correctly as the authenticated user. However, when using an ASMX web reference, I end up with the following error:

System.Web.Services.Protocols.SoapHeaderException: An error occurred when verifying security for the message.

So far, I haven't got a solution.

Update:

Still no solution, but I have read in more places that indicate this should be fine. The following articles refer to the same kind of setup I am running. The only difference I that my client is an asmx client, but with a basicHttpBinding, this should be fine.

MSDN Library - Bindings and Security:

BasicHttp

In code, use BasicHttpBinding; in configuration, use the basicHttpBinding Element.

This binding is designed to be used with a range of existing technologies, such as the following:

• ASMX (version 1) Web services.

• Web Service Enhancements (WSE) applications.

• Basic Profile as defined in the WS-I specification (http://www.ws-i.org).

• Basic security profile as defined in WS-I.

By default, this binding is not secure. It is designed to interoperate with ASMX services. When security is enabled, the binding is designed for seamless interoperation with IIS security mechanisms, such as Basic authentication, Digest, and Integrated Windows security. For more information, see Transport Security Overview. This binding supports the following:

• HTTPS transport security.

• HTTP Basic authentication.

• WS-Security.

William Tay - Enterprise .NET Community: Securing your WCF Service

Michele Leroux Bustamante - Fundamentals of WCF Security

Tags: ASP.Net, WCF

I've been reading up on WCF security recently. These two articles by Michele Leroux Bustamante are well worth the read.

http://www.code-magazine.com/articleprint.aspx?quickid=0611051

http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel

Tags: WCF

I was doing some reading a while ago about digital certificates. The kind of certificate I was after was so that I could use HTTPS in IIS. It looked like the certificates were all very expensive for what they are. I finally came across a post that referred to StartCom. These guys offer free digital certificates for domain or email validation. At this stage, the only hitch is that the CA certificate is not on client machines by default, but can be installed from the StartCom site.

Check it out here.

Tags: Useful Links

I have found that I encounter the same problem in CS2007 as I did in 2.1. The tag cloud url encoding converts spaces to the + character. When IIS on my Vista box processes the request, it produces a 404 error. If a %20 combination is used instead, the url is valid.

I have checked out the CS2007 source to look at the TagCloud control that is responsible for the rendering of this part of the page. The code winds its way right down to the UrlEncodePathComponent method in the WebHelper class in Telligent.Components.dll. The method simply contains the following:

public static string UrlEncodePathComponent(string text)
{
    return UrlEncode(text, _pathComponentTextToEscape, '+', '_');
}

This is where the + character is specified as the replacement for spaces in urls. But is this a problem? Well, no. A + character is a valid space character to use. So is it a problem with IIS on Vista, or a problem with how Community Server is rewriting the url?

I have noticed that spaces in tag names on the Community Server site doesn't cause a problem. I wonder which OS they are hosted on.

Tags:

I got CS2007 installed on my server last night. It was easy enough, but I was quickly hit with comment spam overnight. I can't wait for Dave to release a new version of his awesome CAPTCHA control. Using his control, the only time I got comment spam was one night when someone manually entered about 8 comment spam entries through the CAPTCHA. What a goose!

Tags:

Given the recent problems on CodePlex, I have had to change the TFS server that one of my projects is hosted on. I found this to be a problem because I wanted to use the same directory for the source on my local drive. Even after removing the source control bindings and removing the TFS server settings, Visual Studio still complained that the directory is configured for the old server address.

TFS stores workspace directory mapping information in a VersionControl.config file located in C:\Documents and Settings\[YOUR PROFILE]\Local Settings\Application Data\Microsoft\Team Foundation\1.0\Cache\. The old server isn't removed from this configuration when you remove the server from TFS in Visual Studio. This bit, you have to do yourself.

Tags: TFS, tfs

CodePlex suffered from more than a little human error last Tuesday. I just checked my project page for a project that was hosted on tfs03.CodePlex.com. The project is now available again, but I noticed that it is now on tfs02.CodePlex.com. Well, at least it looks like I can use the project space again. I am guessing that the data is gone though.

Tags:

Looks like the good people at Telligent have done it again. Community Server 2007 has been released into the wild. Congratulations guys. Time to upgrade [:)].

Tags: