Chris Szurgot's Blog

I was recently struggling with two problems on my current ASP.NET application.

One was how to visually identify whether the server you were connected to was development, test, or live. An idea I had seen used in the past was to draw a bright banner on the top of the screen over whatever else was presented. However, this required modification to all the header code, of which we have several headers, so I didn't like that too much.

The other was getting the text of an errors sent to me via email. I had code in the global.aspx Application_Error routine, but that didn't work in subprojects :(

The solution to one turned out to work well for the other. Wire up an HttpModule. For the banner, just hook into the Application_EndRequest, and inject the <html> text into the response stream. Draws everytime, with no changes to any other code. And the best part is that you can check which server it's running on at Init of the module, and if it's the live server, don't even hook up the Event handler. And as to the error, I just moved the code from the global.aspx of the primary application, and it worked through all sub-projects.

I wish I'd found these solutions earlier. (I got a good introduction to HttpModules @ TechEd, which was what spurred me to try it.)

I'm working on a No-Touch Deployment program for use in our offices, and I ran accross an interesting problem. I made a setup file to give the assembly FullTrust based first on URL, then later on StrongName. (I know, not quite no-touch, but it does allow easy updating and synching with the server(s) ) When running under URL-based Evidence, everything worked fine. However, when I switched to StrongName-based Evidence, I started getting SecurityExceptions. And they weren't consistent... I could do execute a command (like writing a dataset to disk to check for issues) and it would go off fine, but a few steps (Steps, not lines, this is important) later, the exact same command would throw a security exception. Hey, how can I be getting a security exception when I've got FullTrust, huh? Huh?

Turns out, I was calling a web service asynchronously, and when I was in the callback function, somehow the thread I was in lost all it's permissions, and reverted back to Internet Zone permissions (which means no FileIO) A little more digging shows that other methods of threading don't have this problem, meaning I can kick off a new Thread, or do a QueueUserWorkItem, and everything's fine (calling the WebService Synchronously from the new thread), but I can't do anything in the Async Callback.

Just to add insult to injury, I revert the code back to URL-Based evidence, and everything works fine, no problems in all three threading mechanisms that I tried, including Async Callbacks from the Web Service, but StrongName based, and it fails.

After pulling my hair out for a few hours, I built a small test app with a dummy web service, and put it through the paces. Turns out that when using any locaiton based evidence (URL, Site, and Zone) everything is fine, but used FileBased-Evidence (StrongName and Hash) and it loses it's permissions under that one particular case.

Now how's that for an esoteric glitch?

(I would've posted this earlier, but events conspired to distract me)

I recently got back from TechEd 2003, and overall, it was a positive experience. It was my second TechEd (went to 2001 in Atlanta) so I had an idea what to expect (lots of swag, free snacks, free food, lots of sessions to go to...)

Like many other bloggers, I noticed that some of the sessions were mislabled as far as what "level" they were (300 level classes that should've been 200 level, etc) so I spent an hour+ to get a nugget or two out of the session. Some of the sessions didn't do what they purported to do, or ended up seeming like sales pitches for certain products which was a shame, but I found at least two sessions per day that were valuable, so I guess I came out alright there. One of the best sessions I attended was Windows Forms DataBinding. (CurrencyManager has *nothing* to do with money, BTW and the author regrets that naming <grin>)

Being a developer, I naturally sat through the developer sessions, but I hope to listen to some of the SQL and admin session when they finally put the recordings on line (or when I get the DVD, if I do that...)

Managed to pick up quite a few books, both at the bookstore, and on the floor (the Pattern and Practices books were a nice grab), and I bought Secure Coding 2, hoping that might help with some questions I've been having, as well as helping me get a methodology down.

I came back with lots of good ideas for coding, so I'm (obviously) incorporating them into programs I've already written, and some things I've got in progress, so I hope to release some more code in the near future, with better implementations.