Sign in
|
Join
Paul Wilson's .NET Blog
Ramblings from the Creator of WilsonDotNet.com
This Blog
Home
Contact
Syndication
RSS
Atom
Comments RSS
Search
Go
Tags
.NET
.NET FAQ
AJAX
ASP.NET
Atlas
Avalon
C#
CLR
Community News
General Software Development
Infocard
Linq
O/RM
Orcas
Sharepoint
Vista
Visual Studio
WCF
Web Services
WinFX
WPF
WWF
Navigation
Home
Blogs
Archives
March 2008 (2)
February 2008 (1)
December 2007 (1)
May 2007 (1)
April 2007 (5)
March 2007 (1)
February 2007 (3)
January 2007 (6)
December 2006 (5)
November 2006 (6)
October 2006 (6)
September 2006 (1)
August 2006 (2)
July 2006 (1)
June 2006 (2)
May 2006 (8)
April 2006 (4)
March 2006 (4)
February 2006 (6)
January 2006 (4)
December 2005 (1)
November 2005 (1)
October 2005 (2)
September 2005 (4)
August 2005 (11)
July 2005 (8)
June 2005 (6)
May 2005 (6)
April 2005 (4)
March 2005 (8)
February 2005 (7)
January 2005 (13)
December 2004 (4)
November 2004 (3)
October 2004 (9)
September 2004 (17)
July 2004 (6)
June 2004 (3)
May 2004 (7)
April 2004 (9)
March 2004 (8)
February 2004 (10)
January 2004 (16)
December 2003 (4)
November 2003 (9)
October 2003 (18)
September 2003 (4)
August 2003 (6)
July 2003 (3)
June 2003 (17)
May 2003 (9)
April 2003 (10)
Wilson's Links
About Paul Wilson
WilsonDotNet.com
My ASP.NET Articles
The Best Web-Host
WilsonORMapper
My .NET BlogRoll
WilsonWebPortal
Resume of Paul Wilson
WilsonWebForm
WilsonXmlDbClient
Mimsware Consulting
December 2004 - Posts
Friday, December 31, 2004 8:35 PM
My Highlights of 2004 and Goals for 2005
Professional Highlights in 2004
:
WilsonORMapper
Released and Matured -- Simplest O/R Mapper and Supports Most Databases
WilsonXmlDbClient
Released OpenSource -- Work with Xml Data using ADO.NET and SQL Syntax
WilsonWebForm
moved to GDN OpenSource -- Multiple Server Forms and Non-Postback in ASP.NET
WilsonUIMapper
in Development and Beta -- Runtime UI based on Mappings to Business Classes
Mixed ASP.NET Security
Article on MSDN
-- Mix Forms and Windows Authentication in Single App
Quit Corporate Job and
went Independent
-- Work From Home and Control Application Architecture
Develop App
with OR/UIMappers for Client -- Doing an ASP.NET Application the Right Way Finally
Large Successful
Server Installation
for Client -- About 20 Servers at MCI supporting Tons of Traffic
Worked with .NET WinForm
App on Citrix
-- More than I wanted to know about GC and .NET Memory
Attended
MVP Summit
and Met Many MVPs -- IIS7 Goes Modular and ObjectSpaces Delayed til 20??
Professional Goals for 2005
:
Update WilsonORMapper Periodically -- v3.1 ASAP has Composite Relations, Properties, Multiple Files
Release and Mature WilsonUIMapper -- Need to Add 3rd Party Control Support and WinForm Runtime
Develop the next Killer .NET Project :) -- I've got an idea for this one although how much time will I have ?
Update Site and Projects to Whidbey -- Add Generics and Nullable Types to the WilsonORMapper v4.0
Articles, MVP/PDC, User Group, etc. -- Attend MVP and/or PDC Conference and More User Groups too
Personal Highlights in 2004
:
Sold our own House without an Agent
Built and Moved into our new House
Setup our Home Office with new Desks
Family Vacation at Discovery Cove
Worked at Home with Kids in Summer
Zack's 6th Birthday at Hobby Store
Tori's 7th Birthday at Horse Farm
Tori and Zack Finished Kindergarten
Read and Helped in School Classes
Jenny Diagnosed with Breast Cancer
Personal Goals for 2005
:
Support Jenny to Beat Breast Cancer
Celebrate with Nice Family Vacation
Exercise More and Get in Better Shape
Help Read More with School Classes
Start Finishing Basement and Yard
Posted by
PaulWilson
|
5 comment(s)
Thursday, December 23, 2004 4:57 PM
Personal Update -- Please Pardon My Inactivity
I've been debating with myself on what to say and to whom, but since it is affecting so much of my time, and since I'm very visible in the .NET community, I've decided to publish it to the world. So here goes:
My wife, Jenny, was diagnosed with breast cancer a week ago. This was not a huge surprise out of nowhere, since we've long known that our infertility was due to something called Poly-Cystic Ovary Syndrome (PCOS). This causes all sorts of fibrotic tissue (lumps) in the breasts, and she's already had several biopsies over the years, so it was just a matter of time for the most part. She's had her first chemo treatment this week on Monday, and will be repeating chemo every 2 weeks for the next 16 weeks or so, after which time we'll need to regroup and consider her surgery options. If anything, she's looking forward to getting firm perky breasts in 6 months, so other than being tired, and obviously a little depressed at times, she's doing well and should have a good outcome -- it just takes time.
Anyhow, since I work from home for my current client, this hopefully won't be too difficult, but it may mean that I will not get to some of my personal projects very quickly. In particular, I will be putting out a small update to my
ORMapper
soon, a few new features and a few small bug fixes, but I no longer know how much time I will end up getting to finish my
UIMapper
and other future personal projects. I may end up just throwing what I have for my UIMapper out there as is, or with very few additional changes, since it does work already (I've used it in production for some time now), even though it may lack a few things I wanted to add first. So please know that while I'm still working, I may be slower to answer email or post things, or to get all the things done that I want to do.
Posted by
PaulWilson
|
24 comment(s)
Thursday, December 23, 2004 4:40 PM
Setting up SSL correctly with IIS and ASP.NET
I recently acquired an SSL certificate for my client, and I discovered that while things are not that hard to setup, there are also things that are not really documented anywhere.
First, lets assume that you actually want to force SSL, which seems like a good thing in many cases, but you also want to have an automatic and graceful redirect should someone try to use regular http. So what do we do? You could add code to all of your pages, or to your base page, or in the global events, to check if https was used, and if not then issue a redirect to https -- you could, but I wouldn't. Why not? This requires code changes specifically for your SSL situation, which will make it harder to run on developer configurations, at least without some more elaborate code options. This will also make it harder to turn off the requirement to use SSL should something go wrong, and it ignores any non ASP.NET files that you also want to protect with SSL -- so you really should be looking at IIS instead. The first thing we do is open the IIS MMC tool, select properties for our site, go to the directory security tab, click the edit button at the bottom in secure communications, and then check the require secure channel option. That's the easy part, of course, since you'll quickly discover that there is no option to automatically redirect your http traffic to https -- although it seems like this would be an obvious option for MS to add to IIS. If this is all you do then you'll notice that the user will see a 403;4 error, which should be the next hint to what we want to do -- setup a custom error in IIS -- again sticking to IIS and not relying on the web.config custom errors will better protect all your files. So the next thing we do, again in the IIS MMC tool under our site's properties, is go to the custom errors tab, select the 403;4 error type, edit its properties to be a URL in your site -- something like /NonSSL/SSLRedirect.aspx for instance. The next step should be clear at this point -- create the appropriate file for the custom error, /NonSSL/SSLRedirect.aspx in my example, and have it issue the redirect -- something like Response.Redirect("https://www.YourDomain.com/"). We're almost there now, but we have one or two circular cases, depending on your configuration, that we have to handle in order for it to work properly. The first circular case will affect everyone -- basically your custom error can't redirect the user to a page in your http site if SSL is required for the entire site. So using the IIS MMC tool, select the properties for the custom error file or directory you have created, the NonSSL directory in my example, go to the directory security tab, click the edit button at the bottom in secure communications, and then UN-check the require secure channel option. That might be enough for your site, but if you use ASP.NET authentication you'll need to do one more thing -- otherwise your custom error redirect will end up redirecting to your login page back on the http site -- and you'll have another circular case. So to finish off this automatic redirect for SSL, just edit your site's web.config file by adding a location tag for your redirect file, location path="NonSSL/SSLRedirect.aspx" in my example, and then add the authorization tag for allow users="?,*". That may seem like you're removing security, but its only for the specific file that you want all of your users to get to, even before they are authenticated, in order for them to be able to successfully be redirected to your SSL site.
There's also a few oddities that you may or may not experience when forcing SSL that are separate from the redirect issue, and once again they are not well documented in any obvious manner. Does your site have any files that are downloaded dynamically through aspx files? By this I don't mean a hard-coded link somewhere, but an aspx page that sets the appropriate content type and header and writes the content to the stream, so that a virtual file is downloaded. If so, then most examples I've seen tell you to set the cache policy to nocache to make sure you always get the real download from the server, but this nocache will fail with SSL for your IE users! That last part is quite interesting -- your FireFox users will not have a problem -- just your IE users! I'm still not sure I like taking out the nocache policy, but I left the code to immediately expire the response, so hopefully this will not be an issue if you have some similar code for expiring the response. Another oddity I have is that I have a couple of virtual directories that are mapped to network shares with a specific set of security tokens. There's not actually a problem with this scenario, but if you incorrectly answer the popup dialogs that the IIS MMC might give you when setting SSL to be required, then you may find that your security credentials are "lost". Or maybe you turn off the requirement for SSL for some reason -- that can also cause your sub-directories to lose their settings, whether it be network share security tokens or special SSL settings like we did for the NonSSL directory above. So the best policy is to always check your special settings that apply to any sub-directories or files, including the setting of network share security tokens, whenever you change the requirement for SSL -- regardless of whether you are enabling or disabling it.
I believe that this is all that is necessary, although there may be other special situations that I haven't encountered, but whatever you do make sure this is documented for yourself and your administrators -- else you will find yourself having new problems everytime one is fixed!
Posted by
PaulWilson
|
16 comment(s)
Wednesday, December 08, 2004 7:25 AM
Review of Company XYZ's O/R Mapper
I get asked a lot of things, but this one is tops -- seems Company XYZ wants me to review their O/R Mapper. They said they were a regular visitor and were really impressed, but it seems they didn't actually bother to read much when they visited since you would think it would be pretty clear that my
WilsonORMapper
competes with their own mapper. So here's my review: your mapper is more difficult and complex than mine, and no other mapper supports as many databases as does mine! :)
Posted by
PaulWilson
|
3 comment(s)
More Posts