On this page.... RSS 2.0 | Atom 1.0 | CDF
# Thursday, June 30, 2005

Unless you work on the WSE team, I doubt it, at least not at the time of writing.  I assume this because there is basically only one article on the subject written by Mark Fussell, the Lead PM for WSE, that is an intro to it.  Fine, it is a CTP and only works with a beta of another product (.NET 2), so I can understand that it's not widely adopted.  But I still need answers, as I'm sure others do and will.  So, if you have experience with WSE 3 (and perhaps knowledge of WSE 2 would help), please take a look at these questions:

1) UltimateReceiver.GetClientToken Returns Null

2) Secure Conversation from an ASP.NET Session

If you've got the answers, please either respond on the NG or here. :)

Thursday, June 30, 2005 5:13:40 PM (Eastern Daylight Time, UTC-04:00)  #    Disclaimer  |  Comments [6]  | 
# Tuesday, June 28, 2005

I want to put this out here for anyone else who might run into this problem playing with the Quickstart samples for Microsoft's recently-released WSE 3.0.   To get the WSSecurityUsernamePolicyService sample solution (from the hands-on lab) going, you need to run the CreateSampleVdir.vbs in the solution directory.  Then you'll need to follow the instructions in the "Detailed Instructions," which is linked obscurely towards the end of the certificate setup section.  It links to \Program Files\Microsoft WSE\v3.0\Samples\Sample Test Certificates\readme.htm on my installation. 

When installing the server certificate, be sure to change the drop-down to pick the WSE2QuickStartServer.pfx file; it will let you just install the .cer file (*.cer is the default selection in the certificate importer file type drop down).  Put it in the Local Computer - Personal store.  You will also need to import the WSE2QuickStartServer.cer (that's right, the .cer) file into the Current User 'Other People' store.  To do this, I had to open IE and go to Tools - Internet Options - Content - Certificates - Other People tab because the store wasn't showing up in the MMC add-in.  I later found that it showed up after I added it via IE.

Now, according to the docs, that's all you need to do, but there is one more step that you need to do; otherwise, you will likely get a cryptographic exception saying "bad key," which is so far off the mark as to be funny (if you don't have to waste hours tracking down the real problem).  The problem is that your ASP.NET process identity doesn't have permission to read the server key by default. 

To fix this, you can either go find the file in explorer (on my machine, it is in \Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys) and grant the Users group Read on that directory, which is actually probably the best approach if you're dealing with potentially multiple certificates.  Or you can use the WSE X.509 Certificate Tool, which is part of the WSE SDK to find the cert and then click on the View Private Key File Properties... button to bring up the specific cert's key file perms and grant Users the Read right.  Note this applies on XP and 2000, for 2003, you'll want to grant the IIS_WPG group these perms.

After doing this, I was able to finally run the username with server certificate sample.  It seems almost sad that so much trouble is involved in running a simple sample, but my experience has been that whenever you involve X.509 certificates, the trouble and complications go through the roof.  Microsoft REALLY NEEDS TO WORK ON USABILITY with X.509 certs, especially now that they're becoming the almost de facto approach for securing Web services.  Nearly every time I've dealt with them has been problematic, and one time I actually had to resort to calling PSS, which is unusual for me.  Maybe this is because I'm not an X.509 expert, but then again, most of us aren't...

Updated: If you go through the Hands-on Lab, you'll note they cover these issues above.  This lab would be a good place to start; unfortunately, I didn't start there. :)  But I'd still suggest granting the groups (Users on XP/2000, IIS_WPG on 2003) access to this directory and not the users; this way if you change your service's process identity, you won't have to re-grant permissions for it to see those certs.  And I'd still think that granting these groups read to the directory would be best, so they can see any other such certs you might install.

Tuesday, June 28, 2005 10:49:35 AM (Eastern Daylight Time, UTC-04:00)  #    Disclaimer  |  Comments [0]  | 
# Friday, June 24, 2005

Developing Compelling User Interfaces with Ease in ASP.NET 2.0
June 30th - 6:30 PM in Tampa - Russ Fustino - Microsoft


Creating Web user interfaces has come a long way since the days of hand-coding HTML and dealing with form postbacks. But even with ASP.NET 1.x you still have to deal with the complexities of maintaining a common look and feel across your site, as well as providing navigation. ASP.NET 2.0 takes Web UIs to a whole new level with a rich set of fresh controls and IDE features. We'll start with a tour of Master Pages and show you not only the benefits at runtime, but during design time as well. We'll show you how easily Themes will let you establish a consistent appearance across your entire site. Finally, you'll discover how managing site maps - including menus, trees and "breadcrumbs" for navigation - is as easy as X-M-L.

By attending this session, you'll learn:

* How to establish a common look and feel for your Web application
* How to manage and customize that look and feel
* How to build dynamic navigation elements for your entire site

This session will illustrate the following:

* Architecture of Master Pages
* Interacting with Master Pages from an ASPX page
* Architecture of Themes
* Working with Themes at design time and programmatically
* Navigation Controls and Site Maps


To Register: http://www.fladotnet.com/reg.aspx?EventID=175

Friday, June 24, 2005 12:23:38 PM (Eastern Daylight Time, UTC-04:00)  #    Disclaimer  |  Comments [0]  | 
# Tuesday, June 21, 2005


'Nuff said.

More info at http://www.tampacodecamp.com/.

Rumors are that lunch (pizza and soda) will now be provided by a generous donor...

Tuesday, June 21, 2005 7:33:57 AM (Eastern Daylight Time, UTC-04:00)  #    Disclaimer  |  Comments [0]  | 
# Tuesday, June 7, 2005

Microsoft has announced the official launch date for Visual Studio 2005, SQL Server 2005, and BizTalk Server 2006.  November 7th!  Mark it on your calendars; this one has been anticipated for years now (at least by folks like myself).  It's great to finally get definition on it!

In other news, ASPSOFT debuted project Rally, which is the Microsoft .NET-powered battle bot known as The Finalizer.  Too cool!

Tuesday, June 7, 2005 10:16:37 AM (Eastern Daylight Time, UTC-04:00)  #    Disclaimer  |  Comments [0]  | 

It struck me recently that folks would probably not know until they bought the book that it contains an implementation of a custom ADO.NET 2.0 provider for Active Directory.  It is for one of the chapters that I wrote that demonstrates what you would need to do to implement a custom ADO.NET provider.

I chose Active Directory because I don't like working directly with DirectoryServices.  When I first had the need to interact with Active Directory, I found the API and, indeed, the underlying concepts to be notably foreign.  I think that most devs who are coming from your typical MS background of building applications with relational databases and ADO-like technologies find it somewhat obscure and puzzling to be confronted by the likes of Active Directory and LDAP.

So my goal, apart from demonstrating how to build an ADO.NET provider (which I honestly think most people don't need to know), was to provide something useful that I and others could put to work, making our lives easier.  While the provider itself is not shrink-wrap quality, it does have the basic functionality you'd need to work with user accounts, which I think is the most common scenario for app devs--the greatest benefit of AD for applications is the centralized profile and authentication store it provides.

I would say, and I'm not just saying this because I wrote it, that the book will be worth the price just to get your hands on this provider code, which is available in both VB.NET and C#.  It majorly simplifies dealing with Active Directory by giving you a very familiar API to work with (ADO.NET) and easily enables data binding and updating for common scenarios.  I'd love to see someone take it and build it out into a full-fledged, commercial-quality provider as I think there is definitely a niche for such a product (I'd buy it!).

Of course, I don't want to downplay the value of the rest of the book; it has a ton of other great stuff that will give you all you need to know to become a pro with ADO.NET 2.  So what are you waiting for?  Go get it!

Tuesday, June 7, 2005 10:09:45 AM (Eastern Daylight Time, UTC-04:00)  #    Disclaimer  |  Comments [0]  | 
# Friday, June 3, 2005

I was just looking something up on Google, and I noticed a little, harmless link in the top right that said "Satellite."  Curious person that I am, I clicked it, and suddenly the map I was staring at was replaced by lush imagery.  Too cool!

But even cooler is that you can drag the screen around, zoom in to a very close proximity, and you can even overlay driving directions on the satellite imagery.  Now how much better can it get than that?

Check it out!

Friday, June 3, 2005 4:29:49 PM (Eastern Daylight Time, UTC-04:00)  #    Disclaimer  |  Comments [1]  | 
# Thursday, May 19, 2005

I just ran across the patent application for what appears to be some rendition of the purportedly defunct Object Spaces.  At least, I hope that's what it is and not some attempt by Microsoft to patent the idea of entity mapping itself.  I didn't read the whole thing (who has that kind of time!?), but I can only assume (because patenting entity mapping itself would be preposterous) that it is a patent for their particular solution that they are working on for the WinFS timeframe.

In any case, I guess those who were trying to model their own entity mapping utilities off of object spaces need to be careful if/when MS gets the patent on it.  I'm not really sure I see what's to be gained by patenting their approach.  Microsoft will squash any competition in the space when they get something out there anyways...

Thursday, May 19, 2005 3:47:05 PM (Eastern Daylight Time, UTC-04:00)  #    Disclaimer  |  Comments [0]  | 
# Monday, May 16, 2005

Tampa Code Camp is looking for you.  We are currently accepting sessions on virtually any .NET dev related topic.  If you've got great ideas that you want to share with others, please send us your sessions.  The deadline for new session submissions is mid-June.  So show off your knowledge, help others, and just generally have fun by participating in Tampa Code Camp this July 16th!

More information is available at the Tampa Code Camp site.

Monday, May 16, 2005 6:31:05 PM (Eastern Daylight Time, UTC-04:00)  #    Disclaimer  |  Comments [0]  | 

The opinions expressed herein are solely my own personal opinions, founded or unfounded, rational or not, and you can quote me on that.

Thanks to the good folks at dasBlog!

Copyright © 2019 J. Ambrose Little