Marco Trova's weblog

WSE 2.0 Routing to existing asmx web services

trovam — Mon, 07 Jun 2004 07:57:00 GMT

Reading Steve Maine's routing adventures, I was thinking a way to route WS-I BP soap envelopes to standard asmx web services.

Why? To expose standard WS-I ws to the internet, maintaining existing services already developed in our lan.

I found two possible ways:
- Adapt soap evelopes and forward to the asmx sevices throught SoapSender.Send() (I don' know if it is possible, due WSE 2.0 differences)
- Using DynWSLib from Christian Weyer, ie composing a dynamic soap request, with the information found in the coming soap request ( Is there a way to cache dynamic compiled proxy code generated at runtime with the CodeDom? )

Wich is the best way? Is there a simpler solution?

In the meanwhile I found SoapHttpRouter don't pass url parameters like the classic ?WSDL ..

Mozilla developers smarter than IE developers

trovam — Tue, 11 May 2004 17:35:00 GMT

Ian Bicking on his blog:

The dots in usernames and passwords encoded in URLs are now escaped (so http://www.mozilla.org:roadmap.html@evilscam.net/ becomes http://www%2Emozilla%2Eorg%3Aroadmap%2Ehtml@evilscam.net/), making phishing scams easier to detect (bug 240754).

This is a much more clever solution than simply removing the ability to specify usernames and passwords in URLs (something which I do in fact use every so often).

Execute ASP code from ASP.NET: my weird idea results

trovam — Thu, 15 Apr 2004 15:39:00 GMT

Last week I wrote about my simple weird idea on executing ASP in an environment built with a VB COM object that execute a asp file through an Asp.net HttpHandler.

I added the necessary basic features to execute the old-classic DNA sample application: FMStocks 2000 SP2.

The asp extension is mapped on then aspnet_isapi.dll, a simple entry on my web.config, a simple HttpHandler receives all requests for asp files, passing Form, QueryString, ServerVariables, Session and Cookies collections and, after the execution of ASP code, reading some of them modified by ASP execution.

Most of the problems I have encountered were in parsing ASP code adapting it to the new execution environment: some words such as Clear, End and Write are reserved words in VB6.

I found that executing ASP code through my code is only about 5-10% slower than in normal ASP mode, but the "Average time to last byte" was about 200% slower, due the simulated environment.

I have demonstrated myself that executing and sharing state (Session and Cookies) between ASP and ASP.NET is possible, however my solution is not ready for a production site. I did not developed all possible ASP objects nor tested the solution with a lot of ASP applications.

But I am satisfied of the work done.

Depending of the feedback I would like share the code..

Execute ASP code from ASP.NET: is it a weird idea?

trovam — Sat, 10 Apr 2004 10:37:00 GMT

Often we have to integrate existing work with new technologies and frameworks. We can sell a migration of a site written in ASP to ASP.NET: our customer understands only that they have a similar name but we know that they have nothing in common. No sharing of session state, ASP.NET cannot apply his security to a resource mapped on different ISAPI (e.g. ASP pages), etc.

So, reading a couple of old articles of Dino Esposito from MSDN Magazine 2000, it was born a little crazy idea: execute ASP code from ASP.NET.

The solution consists in mapping ASP files to the aspnet_isapi.dll and writing a simple HttpHandler that executes ASP code with a simple COM object written in Visual Basic 6.0.

The simplest part is executing ASP, add minimal Request and Response objects support, as just demonstrated in the Dino's articles.

The hard part is to rebuild all classic ASP Objects (Request, Response, Server, etc) and fit them in the new execution environment.

Is it a so weird idea?

Other MS04-004 Cumulative Security Update for Internet Explorer effects..

trovam — Sun, 07 Mar 2004 14:52:00 GMT

I found that I am not the only one with problems with this patch.

Fiat, the italian motor company, has registered a ~~perfectly legal~~ the www.buy@fiat.com domain, to support his marketing e-commerce campain..

Now, if you point your patched Internet Explorer Browser to the http://www.buy@fiat.com address, you obtain an error.. Firefox rendering is fine..

This patch corrects some security issues, but introduces other side-effects..

The same things we will encounter on the new Windows XP SP2..

Internet Explorer is getting worse day by day..

trovam — Sat, 06 Mar 2004 16:29:00 GMT

"Marco, one user reports that he can't connect to our sister site with his credentials. He has just installed security patch (MS04-004) from Microsoft.."

The knowledgebase article says:

The following URL syntax is no longer supported in Internet Explorer or in Windows Explorer after you install the MS04-004 Cumulative Security Update for Internet Explorer (832894):
http(s)://username:password@server/resource.ext

This article is intended to notify you of this change in the default behavior of Internet Explorer. If you include user information in HTTP or HTTPS URLs, Microsoft recommends that you explore the workarounds that are described in this article before you install the 832894 security update. For additional information about the 832894 security update, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/Bulletin/MS04-004.asp

"Yes, that patch has broken our small SSL Single Sign on system!"

Our site was designed with standards in mind (RFC 2617), to support even Netscape 4.x browsers, multiple platforms..

But now, a web site was dependent from a client behaviour.. Wonderful, but unnatural..

Mozilla, Firefox, Opera, Netscape continue to support this standard.. (have you seen how much is fast Firefox?)

IE has not been updated by ages but instead it loses features along the road: I call it a downgrade..

Years of development must be re-thinked..

Any ideas on a small, simple single sign-on system?

WD2000: The Italian Proofing Tools Make a Potentially Offensive Suggestion

trovam — Sat, 21 Feb 2004 11:01:00 GMT

from: http://support.microsoft.com/?kbid=811443

When you are using Word 2000 with the Italian Proofing Tools, and you type the English word "cult", the grammar checker indicates that the phrase is grammatically incorrect. Word 2000 then displays the following message:

Si consiglia di sostituire la parola selezionata perché volgare,
Sostituire cult con:
sedere [ass]
Offensive word
fortuna [luck]

The suggested words contain a potentially offensive word.

ROTFL

RSSBandit

trovam — Sun, 11 Jan 2004 18:30:00 GMT

My friend Lawrence has accepted my suggestion to use RSSBandit, due its capacity to handle a lot of rss feeds. Now I can suggest an Outlook 2003 look, made by Thomas Freudenberg.

Next step for my weblog experience is to enable Dottext.Web.HttpCompression for our small italian .NET group.

Microsoft, Security, and .NET

trovam — Sat, 23 Aug 2003 09:33:00 GMT

.NET: The software platform that never was; the platform
shift that never happened. Well, a little surprise awaits the
disbelievers. Microsoft might have scaled back on its .NET
advertising, but the company never stopped working to ensure that
.NET, silently and behind the scenes, made its way into every
important software project the company is creating.
Why? Because .NET applications and services can be secure by
default. Unlike the Win32 code underlying the majority of today's
Windows applications, the .NET Framework was designed correctly, with
a security substructure that prevents the common security problems
present in Win32 code. Not coincidentally, each major platform wave
from Microsoft during the next several years will be accompanied by a
new Visual Studio .NET release, giving .NET developers better tools
and capabilities and keeping them up to speed with the best that
Microsoft has to offer.
If you're a .NET developer today, you're playing a role in making
computing more secure for all of us. Each .NET-based Web site,
service, and application is just one more small step toward this more
secure future. If you're a consumer, picking .NET services and
applications over alternatives is a vote for better security going
forward. It's a future that all of us, as Microsoft customers and
technology consumers, should face willingly.

[ Paul Thurrott, thurrott@winnetmag.com ]

Status: This behavior is by design.

trovam — Thu, 10 Jul 2003 12:15:00 GMT

INFO: SSAFE: Renames and Deletions Not Supported for Source Code Control Through the Visual Studio .NET IDE

trovam — Mon, 07 Jul 2003 11:44:00 GMT

The MSSCCI interface that Visual Studio .NET uses to integrate with Microsoft Visual SourceSafe does not support renames or deletes. Renames or deletions that are made within Visual SourceSafe do not propagate to the Visual Studio .NET integrated development environment (IDE) until a Get Latest Version is performed.

This is also true if an item is renamed or deleted within the Visual Studio .NET IDE. The deletion or rename does not propagate to the Visual SourceSafe database. In the case of a rename, a new file with a separate history is added to Visual SourceSafe.

[Q305516]

It's a feature, not a bug!

ASP.NET Applications without Web Projects

trovam — Sat, 05 Jul 2003 09:59:00 GMT

Fritz Onion has wrote a litte article about not using Web projects to build asp.net applications:

The Web Project wizard in Visual Studio .NET is convenient for creating quick ASP.NET applications on your local machine, but in an effort to simplify your life, it also makes many decisions for you that are difficult to change if you need more flexibility. My biggest pet peeve with Web Projects is that you cannot even open a .sln file if the virtual directory mapping in IIS is not set up correctly. I also dislike the way it places .sln and .csproj | .vbproj files in a separate location from the actual source files (I understand that this is necessary to allow application creation directly on a server, but I never deploy that way).

As a result, most of my web projects are created as standard class library projects. Unfortunately this means that you don't get the nice Web component wizards (like WebForms and UserControls). However, with a little tweaking, you can have it all. I have prepared this document describing how to enable these wizards in class library projects (thanks to Dan Sullivan for pointing out how to do this), as well as how to convert existing Web Projects to class library projects and still keep the nice integrated debugging.

I usually modify .webinfo file to reflect current virtual/site settings..

Asp.net templating issues

trovam — Sun, 22 Jun 2003 17:31:00 GMT

Lawrence gave me the opportunity to comment about implementing a template system in asp.net.

I have evaluated a lot of template systems, from Paul Wilson's MasterPages to commercial products like Xheo.WebSkin. All implemented a "static" template with custom WebControls: when page loads, it should load with that layout.

But, if you want to load dinamically a WebControl with a Button and after a Button1_Click you would change the its container layout (to show a query results, for example), you can't, because Button1_Click fires after Page's OnInit event, where you call LoadControl and asp.net fires other necessary viewstate and postback events.. ahh, if I could temporarily change the order of these events.. ;-)

Asp.net is a great programming model, but it should allow us to take place to some little hidden things.. We will wait the next version..

Windows Server 2003 as a Workstation

trovam — Sat, 21 Jun 2003 09:01:00 GMT

When I used Windows 2003 as my development machine I first saw a performance increment. On very system reinstall registry is not so "fat" and you don't have a lot startup programs..

But osnews.com in Windows Server 2003 as a Workstation: Great, But Not Unconditionally confirmed me with numbers and comparing with other os.

A new life for my IBM T22.. ;-)

First entry

trovam — Fri, 20 Jun 2003 14:57:00 GMT

Scott has just activate this account and I am impressed of the backend of http://weblogs.asp.net which is better than one of my italian weblog.. ;-)