Plip's Weblog

Phil Winstanley - British .NET chap based in Lancashire. Enjoys tea and tech. Working for Microsoft.

October 2004 - Posts

Preparing for ASP.NET 2.0

Hiya!

Firstly, let me thank those of you that attended the session on Wednesday, I really enjoyed giving the session and hope you got something worth while out of it, for those of you that didn't attend - shame on you ;-)

I would like to say I really appreciated everyone's patience with Visual Studio blowing up several times, all I can say is sorry and point at Microsoft ;-)

I want to again thank Alphameric for hosting the sessions each month and donating the room and time - without them it would not be possible to provide the .NET Exchange user group in Manchester.

If anyone has any comments or questions regarding the talk or any other topic you believe I may be of help in, please get in touch, I'd love to get your feedback :-) Just drop me a mail to mailto:phil@winstanley.name

So here are some links to the slide deck and some other resources I mentioned on the night.

ASP.NET 1.x Security Vulnerability & Patches

http://www.microsoft.com/security/incident/aspnet.mspx

Microsoft Web Developers UK

http://www.mswebdev.org.uk

Slide Deck (1.23 mb) The slide deck was originally written by Microsoft and I adapted it to suit my own needs.

http://www.myservicescentral.com/Preparing-For-Whidbey/Presentation.ppt

Plipster.NET the ASP.NET 2.0 site used throughout the presentation and one of only a few publicly hosted ASP.NET 2.0 Sites

http://www.plipster.net/

Breaking Changes to all versions of the .NET Framework

http://www.gotdotnet.com/team/changeinfo/default.aspx

ASP.NET Version Switcher

http://www.denisbauer.com/NETTools/ASPNETVersionSwitcher.aspx

.NET Reflector (Decompilation tool)

http://www.aisto.com/roeder/dotnet/

Partial Classes in .NET 2.0

http://www.google.co.uk/search?q=Partial+Classes+.NET

ASP.NET 2.0 Compilation

http://www.codeguru.com/columns/Experts/article.php/c5365/

Open Source Error Reporting, if you find any problems let me know mailto:phil@winstanley.name

http://www.plipster.net/Error-Reporting/Default.aspx

MSDN Feedback Centre

http://lab.msdn.microsoft.com/ProductFeedback/

.NET 2.0 SDK

http://www.microsoft.com/downloads/details.aspx?FamilyID=916ec067-8bdc-4737-9430-6cec9667655c&DisplayLang=en

ASP.NET 1.x Master Pages Implementation

http://authors.aspalliance.com/PaulWilson/Articles/?id=14

http://www.metabuilders.com/Tools/MasterPages.aspx

List of new Page level events in ASP.NET 2.0

http://weblogs.asp.net/plip/articles/117000.aspx

Creating Asynchronous pages in ASP.NET 2.0

http://pluralsight.com/blogs/fritz/archive/2004/10/19/2892.aspx

Creating Asynchronous pages in ASP.NET 1.x

http://msdn.microsoft.com/msdnmag/issues/03/06/threading/default.aspx

.NET 2.0 Provider Specification

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspnet/html/asp02182004.asp

Microsoft ASP.NET MVP

http://mvp.support.microsoft.com

ASP Insider

http://www.aspinsiders.com

ASP Advice Moderator

http://www.aspadvice.com

Portfolio Europe

http://www.portfolio-europe.com

Phil Winstanley's Blog

http://weblogs.asp.net/plip/

Phil Winstanley's Personal Site

http://www.myservicescentral.com

VBUG

http://www.vbug.co.uk/

Posted: Oct 21 2004, 09:40 PM by Plip | with 4 comment(s)
Filed under: ,
Windows XP Media Center Edition 2005 & Deamon Tools

Here's a quick warning for everyone, I just tried to upgrade my Media Center 2004 machine to 2005, it wanred me half way through the upgrade that it could not find the drivers for a "Mass Storage Device" but didn't give me the option to pause the installation.

I'm pretty sure this was Deamon tools as now the machine won't boot (even in safe mode) it gets to loading d346.sys and then blue screens (I can't see what it says as it immediatly reboots).

Time to format and give the machine a clean install

*grumble*

Plip.

Posted: Oct 14 2004, 06:44 PM by Plip | with 4 comment(s)
Filed under:
ASP.NET Authentication Vulnerability

A note from the Microsoft ASP.NET Team:

This alert is to advise you of the availability of a web page that discusses an investigation Microsoft is currently conducting into public reports of a security vulnerability in ASP.NET.  A malicious user could provide a specially-formed URL that could result in the unintended serving of secured content. 

This alert is also to advise you of the availability of a new Microsoft Knowledge Base article: 887459.  This article contains prescriptive guidance with steps customers can implement on their ASP.NET applications to help protect against a wide variety of malformed URL attacks.

Microsoft is providing this prescriptive guidance in order to inform customers as quickly as possible about the vulnerability and information on how to prevent an attack.  Microsoft is actively investigating this issue and plans to release additional guidance and a security update to remedy the issue as soon as possible.

The Microsoft Knowledge Base article can be viewed here:

http://support.microsoft.com/?kbid=887459

Code sample

The following samples demonstrate how to add an Application_BeginRequest event handler to a Global.asax file. The event handler helps protect against invalid characters and malformed URLs by performing path verifications to help protect against common canonicalization issues.

Global.asax code sample (Visual Basic .NET)

<script language="vb" runat="server"> Sub Application_BeginRequest(Sender as Object, E as EventArgs) If (Request.Path.IndexOf(chr(92)) >= 0 OR _ System.IO.Path.GetFullPath(Request.PhysicalPath) <> Request.PhysicalPath) then Throw New HttpException(404, "Not Found") End If End Sub </script> 

Global.asax code sample ( C#)

<script language="C#" runat="server"> void Application_BeginRequest(object source, EventArgs e) { if (Request.Path.IndexOf('\\') >= 0 || System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) { throw new HttpException(404, "not found"); } } </script> 

The web page that discusses the current investigation into the public reports of a vulnerability in ASP.Net can be viewed here:

http://www.microsoft.com/security/incident/aspnet.mspx

If you have any questions, please see the discussion in the ASP.NET Security Forums at:

http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=25

 

Posted: Oct 06 2004, 07:46 AM by Plip | with no comments
Filed under: , ,
More Posts