Archives / 2004 / May
  • Thanks to Contributors of WilsonORMapper v2.2

    I want to give a very special thanks to several of my subscribers for their contributions to the just released WilsonORMapper Version 2.2:

    1) Paul Hatcher added support for embedded user-defined objects, which helps address some of the 1-1 concerns that have been
    raised -- see the demo for a working example. Paul also made some changes to the ObjectHolder, including adding a new Key property.

  • ASP.NET Security Puzzle -- Need Explanation

    I've got an ASP.NET website that has several IIS sub-applications running on it.  Some of the sub-apps have authentication=None and were always working fine.  I recently changed the root app to have authentication=Forms, with authorization denying anonymous users.  Several tests since that time have always shown the sub-apps still working, as expected since they are separate applications in IIS and ASP.NET.  Now all of a sudden, with no difference that I know of, one of these sub-apps started popping up the Windows Integrated Security dialog.  Looking in IIS showed that anonymous access was still granted on the folders and files of this app.  I also verified that the security permissions for all users were identical with this app and ones still working.  I changed the root app back to what it was, and that didn't fix anything, but I didn't expect it too anyhow.  Somewhere along the way in my checking, one of the other sub-apps also started having this behavior.  I don't know of anything I changed that could possibly have this behavior right in front of my very eyes!  I couldn't figure out any explanation, and therefore no fix, since the only way I know for this dialog to pop up is either anonymous denied in IIS or file/folder security settings.  My colleague finally took a web.config file from one of the working sub-apps and put it in one of the non-working apps -- and it worked!  The only difference we could find between the web.config files was that the non-working app did not have an authorization section.  Of course, it also had authentication=None, and anonymous users were allowed in IIS, so I don't see how this could matter.  We looked at the other non-working app's web.config and it was also missing the authorization section, so we added it -- and it worked too!  By the way, this authorization section simply says to allow authenticated users -- it does not even mention anonymous users.  Even if the app root were affecting this, it also allowed authenticated users except in one unrelated sub-folder, so again I don't see how this change really could help.  I've since tried removing authorization sections on a few of my local web apps and it has yet to make any difference.  Also, to the best of my knowledge, nothing in the first sub-app changed, and I know the other one quit working right before my eyes, again not touching it since it was the other one that was being checked.  I still cannot fathom why adding an authorization section, especially one that does not even mention anonymous users, could make a difference.  Anyone know of an explanation, or some other things that I should look out for that could cause the Windows login dialog to popup?

  • Experience with New Client and Other Happenings

    Its been a month now since I announced I was going independent, and I've now actually been working two weeks with my new client.  First, although I'm certainly very busy learning a new business, I can also report that I really like this client.  Why?  Unlike previous employers / clients, they are actually showing me the current business process and actively engaging me in it.  I know that seems like a no-brainer, but I've found that most companies don't work this way, usually to the detriment of all.  I'm also really getting to brush up on my sql skills -- yea, I thought they were pretty good too, afterall I wrote an O/R mapper.  :)  The reason I say this is because this client has a lot of one-time tasks which are not your typical CRUD persistence.  Some of these are also very large with quite a few joins, so I'm learning some other tricks to, like using NOLOCK and other hints.  None of this is really new to me, but its certainly not been something I've had to do this much of, so its definitely polishing my sql.

  • Changing ASP.NET Forms Authorization Redirection

    ASP.NET makes it easy to configure Forms Authentication and Authorization, including automatically redirecting you to the login page when necessary.  The problem is that it also redirects authenticated users to the login page when they attempt to access pages that they are not authorized to access.  This gives you the opportunity to login as someone else, and then be automatically redirected back to the page you originally attempted to access.  But that may not be the behavior you want for authenticated users -- do your users really have multiple logins and do they understand why they end up back at the login page?  Instead, I want my authenticated users to be redirected to some other page that tells them they do not have access, and possibly gives them a way to contact an administrator.  So here's the code that you need to put in your Global.asax file:

  • What Exactly is the Point of O/R Mappers ?

    I had a recent email exchange with someone that was observing that they still had to be at least somewhat aware of the workings of the O/R Mapper and their database design when they designed their entity classes.  “To me, this is too intrusive since I have to incorporate a lot of persistence knowledge into my design whilst I'm still designing rather than being able to play around with the design and then add on the persistence.”  This actually made me think a lot of Andrew Conrad's blog postings, as well as a lot of conversations I've had with some of my architect, developer, and DBA friends over the last couple of years.