September 2002 Blog Posts

Q306158 INFO: Implementing Impersonation in an ASP.NET Application

In a distinct difference between Microsoft Active Server Pages (ASP) and ASP.NET, ASP.NET no longer impersonates the authenticated user by default. To enable impersonation, you must set the impersonate attribute of the identity section in the Web.config file to true.

ASP.NET Viewstate handling

You can "tamper-proof" your viewstate to reduce the likelihood of someone trying to spoof your application by setting the EnableViewStateMAC attribute. If necessary you can encrypt it too.

However, by default, ASP.NET creates a random validation key and stores it in each server's Local Security Authority (LSA). In order to validate a ViewState field created on another server, the validationKey for both servers must be set to the same value. If you secure ViewState by any of the means listed above for an application running in a Web Farm configuration, you will need to provide a single, shared validation key for all of the servers.

The article Q313091 HOW TO: Create Keys by Using Visual Basic .NET for Use in Forms Authentication shows how to generate keys for use in the validationKey and the decryptionKey attributes of the <machineKey> section in the <system.web> element in the Machine.config and the Web.config files.

FTP Pluggable Protocol Sample: This sample demonstrates a pluggable protocol handler for the ftp:// protocol using WebRequest.
Adding a date to your Radio archive pages - I've recently added a local site search to my pages using Atomz Express Search and having a date in the title of the archive pages makes the results a little more presentable.
Report.NET is a powerful library that will help you to generate PDF documents in a simple and flexible manner. The document can be created with data that have been retrieved from any ADO.NET data set. The Report.NET library is available for free under the LGPL license (

How to enable HTTP compression in IIS v5 on Windows 2000:

HTTP compression provides faster transmission time between compression-enabled browsers and IIS. You can either compress static files alone, or both static files and applications. If your network bandwidth is restricted, you should consider HTTP compression, at least for static files, unless your processor utilization is already extremely high.

When IIS receives a request, it checks to see if the browser is compression-enabled. IIS then checks the file name extension to see if the requested file is a static file or contains dynamic content. If the file contains static content, IIS checks to see if the file has previously been requested and is already stored in a compressed format in the temporary compression directory. If the file is not stored in a compressed format, IIS sends the uncompressed file to the browser, and adds a compressed copy of the file to the temporary compression directory. If the file is stored in a compressed format, IIS sends the compressed file to the browser. No files are compressed until they have been requested once by a browser.

If the file contains dynamic content, IIS compresses the file as it is generated and sends the compressed file to the browser. No copy of the file is stored.

Al Macintyre's Radio Doc Sources bookmarks.

I've recently bought an S-VIDEO cable for my laptop that allows me to use my laptop as a DVD player through my VCR or TV without everyone having to huddle around the LCD display. In order to do this, I have to fiddle with the display settings and this invariably ends up scattering my nicely arranged desktop icons over the screen.

I decided to find a way to save the positions of the icons so that they could be restored and I've created a little applet that does just that (C++ source included). The basic applet saves to stdout and loads from stdin so use it as follows:

vtdskico -save > myicons.txt

vtdskico -load < myicons.txt

The core of the save/restore functionality is in the DesktopView.h file so feel free to reuse that class if you feel so inclined. :o)

ASP.NET Process Model - Thomas Marquardt [DOTNET-CLR]:

"While I doubt there is anything particular about high isolation mode that would cause problems for ASP.NET, I would feel better if you were to use low isolation. The recommended configuration is <processModel enable="true"/> and low isolation mode selected in IIS metabase."

Auto-expansion of expressions in the VS.NET debugger: Look in %VSDIR%/Common7/Packages/Debugger for the files

  • mcee_cs.dat for C#
  • mcee_mc.dat for Managed C++
  • autoexp.dat for native C++

Look in the files for a description of how to extend them.

Preparing and Mining Data with Microsoft SQL Server 2000 and Analysis Services HTML: Preparing and Mining Data with Microsoft SQL Server 2000 and Analysis Services is a .NET Enterprise Servers Online Book in HTML format. This book demonstrates how to apply data mining to a real-world situation using SQL Server 2000, Microsoft SQL Server 2000 Analysis Services, and Microsoft Visual Basic® 6.0. This book focuses on cleaning and preparing data for data mining.

(950K download)

.NET Framework Support on Windows Operating Systems. A guide to the versions of Windows on which the .NET Framework can be installed, with software requirements, exceptions, and instructions on preparing applications for cross-platform support.

"The first thing to notice is that the .NET Framework will not run at all on Windows 95. This is consistent with other Microsoft® products like Microsoft® Office XP that also do not support Windows 95."


Onions in the Varnish

The chemist-turned-cool-Holocaust-memoir-writer Primo Levi has a story about a time he was working at a chemical plant that made varnish. He was surprised to find that in addition to the chemicals he expected, the varnish formula also called for a raw onion. At first, he could find no reason as to why a raw onion had to be added; there wasn't anything in onions that was needed in varnish, and even if there were, a single onion would be too little for a large industrial vat.

After doing a little research, Levi found out that his predecessors used to toss an onion into the varnish as a simple and inexpensive way of testing its temperature. If the mixture was hot enough, the onion would fry. With modern equipment, the need for the onion had vanished, but for reasons they no longer knew, it had become part of the recipe.

ALAN COOPER, KNOWN as the "Father of Visual Basic" and the author of The Inmates are Running the Asylum:

My advice to Microsoft is to abandon the browser. The browser is a red herring; it's a dead end. The idea of having batched processing inside a very stupid program that's controlled remotely is a software architecture that was invented about 25 years ago by IBM, and was abandoned about 20 years ago because it's a bad architecture. We've gone tremendously retrograde by bringing in Web browsers.

Okay, it's a bit out of date, but still a relevant comment. Will Microsoft's decision to have portable software from the web disabled by default as of .NET SP1 rail against this?

...I started tinkering with gSOAP, I'm impressed so far, it also includes a standalone HTTP stack, so is an ideal candidate for embeding into applications. [Simon Fell]

I keep forgetting to link to What a cool idea, online programming competitions! [joelonsoftware]

Wow, this is cool. Competitions can be entered using Java, C++, and C#. The competition environment runs using Java and there are practice rooms to try it out with.

Link from Simon Fell  [win_tech_off_topic]:

Stunnel -- Universal SSL Wrapper

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

First Xopus open source release online. Sjoerd VisscherMy colleague atQ42who runsthe Xopus projectputa stable release onlinelast friday. There's even some good documentation in the package! You can start making your XML/XSL based website editable in the browser right now. Remember, it runs both in IE and Mozilla. [Sam Ruby]

Very impressive - don't forget you need to install it on a web server to try the example (note to self: read each line of the quick install guide not just the one you think is most important).