Dominic Sévigny

ASP.NET, Ajax and Silverlight

Sponsors

News

Dominic Sévigny

View Dominic's profile on LinkedIn

Locations of visitors to this page

My certifications




Favorites Links

Silverlight Wishes card!

This year at RunAtServer Consulting we made our wishes card with Silverlight and DeepZoom!

Click the following link to explore our Silverlight Wishes card:
www.runatserver.com/wishes.aspx

French version here.

RunAtServer Consulting Silverlight Wishes card

Posted: Jan 12 2009, 08:49 AM by runatserver75 | with no comments
Filed under: ,
Silverlight 2 training in Paris

RunAtServer Consulting is proud to bring the Silverlight Tour to Paris, France. On January 19th to January 21st, the Silverlight Tour will stop to Paris, France. For registration, you can go to the following web site: http://www.octo.com/com/com_formation-silverlight.html

More information can be found here: http://www.runatserver.com/SilverlightTraining.aspx

You can also learn more about the Silverlight Tour on Shawn Wildermuth web site here: http://www.silverlight-tour.com

Posted: Jan 08 2009, 08:20 AM by runatserver75 | with no comments
Filed under: , , , ,
Token Cache with ASP.NET and Basic Authentication

If you develop an ASP.NET application that use Basic Authentication, take care to be sure to change the registry on your staging IIS server. What? Yes, If your application use role based security to securing your pages, adding a new security group to a Windows domain user don't automaticaly give access to theses pages.

Why? Because when you use Basic authentication, user tokens are cached in the token cache. By default, tokens remain in the cache for 15 minutes. If you log on using Basic authentication with an account that has a high level of user logon rights, a successful attacker could use the account to gain access to the resources on your computer.

The Microsoft article : http://wwwbeta.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/cf438d2c-f9c7-4351-bf56-d2ab950d7d6e.mspx?mfr=true

For a production environment, 15 minutes is correct but when you are on the staging environment it's very frustrating to wait 15 minutes between each security test. You can change the TTL by modifying a key in the registry.

How to change the registry key (Search for UserTokenTTL at the bottom of the page) : http://wwwbeta.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/cf438d2c-f9c7-4351-bf56-d2ab950d7d6e.mspx?mfr=true

Thanks
Dominic 

 

Posted: Jan 04 2008, 03:05 PM by runatserver75 | with no comments
Filed under: , , ,
My CodeCamp Montreal 2007 presentation

Today, I gave a presentation at CodeCamp Montreal on ASP.NET/AJAX and Visual Studio 2008. Thanks to all attendees. You can download below my code and my powerpoint presentation.

Thanks
Dominic

 

Posted: Oct 27 2007, 03:03 PM by runatserver75 | with no comments
Filed under: , , , , ,
More Posts