Wednesday, 24 February 2010

IIS 7.0 Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either...

This usually happens when attempting to run a web application via. IIS, but you don't have the required windows features (I.e. ASP.NET enabled in IIS).

To check/enable this, you do the following...


[Windows 7]

Start > Control Panel > Programs and Features > "Turn Windows features on or off" (left menu)


This will provide you with a pane of enabled windows features (unlike windows XP, you do not need to uninstall these to disable them)


Navigate to "Internet Information Services" > "World Wide Web Services" > "Application Development Features" and check the following options...


[Image]


Tuesday, 23 February 2010

Query Active Directory for list of roles (.NET 3.5)

Here is a snippet of code to retrieve a list of roles for a user in .NET 3.5. This code uses the System.DirectoryServices.AccountManagement namespace which is exclusive to 3.5.

        /// <summary>
        /// Retrieve listing of all roles to which a specified user belongs.
        /// </summary>
        /// <param name="identity">Current Windows Identity</param>
        /// <returns>String array of roles</returns>
        public string[] GetRolesForUser(IIdentity identity)
        {
            //Create an ArrayList to store our resultant list of groups.
            ArrayList results = new ArrayList();
 
            //PrincipalContext encapsulates the server or domain against which all operations are performed.
            using (PrincipalContext context = new PrincipalContext(ContextType.Domain, null, "NORTHWAVE"))
            {
                try
                {
                    //Create a referance to the user account we are querying against.
                    UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, identity.Name);
                    
                    //Get the user's security groups.  This is necessary to return nested groups, but will NOT return distribution groups.
                    var groups = p.GetGroups();
                    
                    foreach (GroupPrincipal group in groups)
                    {
                        results.Add(group.SamAccountName);
                    }
                }
                catch (Exception ex)
                {
                    throw ex;
                }
            }
 
            return results.ToArray(typeof(String)) as String[];
        }

Mixed Mode Authentication in ASP.NET

I'm currently looking a implementing mixed-mode authentication in ASP.NET 3.5. I've looked around the web and found two solutions.

1. Create two virtual directories, one implementing windows authentication, takes credentials from active directory, stores them into a cookie and feeds them into the forms auth on virtual directory 2. VD2 will have a login page to anon. users, but will bypass the login if a valid req is received from VD1.
http://www.15seconds.com/Issue/050203.htm - here

2. Create one virtual directory... implement forms auth in web.config, deny anon users globally, but except anon users to WebLogin. Create WinLogin and WebLogin aspx pages. Specify windows integrated auth and deny anon. users in IIS to WinLogin. However, this requires using JS in custom 401 pages to take a user to WebLogin.aspx
http://msdn.microsoft.com/en-us/library/ms972958.aspx



UPDATE
In the end I opted for option 1. This allowed me more control over the process without replying on custom 401 pages (bit of a messy solution). However, instead of cookies, a database was used as we didn't store both applications on the same server. With this solution, you can provide forms auth link to client users and internal users can have a seperate access point (In our case it was admin users).

ASP.NET: HTTP Handlers and HTTP Modules

A good article on the definitions of HTTP Handlers and HTTP Modules

http://www.15seconds.com/Issue/020417.htm

EXPLAINED: Windows and Forms Authentication

Here are two very good MSDN links explaining Windows and Forms aut

Windows Authentication - http://msdn.microsoft.com/en-us/library/aa480475.aspx
Forms Authentication - http://msdn.microsoft.com/en-us/library/aa480476.aspx

Monday, 22 February 2010

Application Pools in IIS 6.0

How Application Pools Work (IIS 6.0)

When you run IIS 6.0 in worker process isolation mode, you can separate different Web applications and Web sites into groups known as application pools. An application pool is a group of one or more URLs that are served by a worker process or set of worker processes. Any Web directory or virtual directory can be assigned to an application pool.

Every application within an application pool shares the same worker process. Because each worker process operates as a separate instance of the worker process executable, W3wp.exe, the worker process that services one application pool is separated from the worker process that services another. Each separate worker process provides a process boundary so that when an application is assigned to one application pool, problems in other application pools do not affect the application. This ensures that if a worker process fails, it does not affect the applications running in other application pools.

Use multiple application pools when you want to help ensure that applications and Web sites are confidential and secure. For example, an enterprise organization might place its human resources Web site and its finance Web site on the same server, but in different application pools. Likewise, an ISP that hosts Web sites and applications for competing companies might run each companys Web services on the same server, but in different application pools. Using different application pools to isolate applications helps prevent one customer from accessing, changing, or using confidential information from another customers site.

In HTTP.sys, an application pool is represented by a request queue, from which the user-mode worker processes that service an application pool collect the requests. Each pool can manage requests for one or more unique Web applications, which you assign to the application pool based on their URLs. Application pools, then, are essentially worker process configurations that service groups of namespaces.

Multiple application pools can operate at the same time. An application, as defined by its URL, can only be served by one application pool at any time. While one application pool is servicing a request, you cannot route the request to another application pool. However, you can assign applications to another application pool while the server is running.

Creating keys using C# for use in Forms Authentication

This is a good support article for creating validation and decryption keys for use within Forms Authentication.

http://support.microsoft.com/kb/312906

Friday, 12 February 2010

Capturing XML Request and Response with .NET Soap Extensions

Capturing XML Request and Response with .NET Soap Extensions is possible... its certainly useful when a call is made to a web service within a .net language and you need visibility of your serialized xml request/response. It's very useful for debugging too!

The key here is to use Soap Extensions.

1. Create a class with extends System.Web.Services.Protocols.SoapExtension.
2. override void ProcessMessage() and capture the xml

Here is a link with the code and setup guides...
http://www.blog.encoresystems.net/articles/how-to-capture-soap-envelopes-when-consuming-a-web-service.aspx

Exception Handling in ASP.NET

This is a good article in how to exception handle efficiently in ASP.NET. It mentioned key pointers regarding: Page Level error capture, Application_Error method in Global.asax and other means of caputring errors across web applications.

The idea of error capture is to display a meaningful error message at each level.

For example, in an N-Tier world...

- Calling a database with invalid credentials may throw a "InvalidMethodCall" exception.
- In the BLL, this may be captured and re-thrown with regards to the method being called. I.e. "InvalidCallToAccounts"
- The user may then get (should get a) detailed error message and how to resolve this (any other options, try again links etc.) I.e. "Could not establish link to the accounts database. The credentials you have specified are invalid. Please try again..."

Here is the link
http://www.jankoatwarpspeed.com/post/2008/06/02/Exception-handling-best-practices-in-ASPNET-web-applications.aspx

Tuesday, 9 February 2010

Q-Unit - Javascript Testing Libraries

I've been playing around with Q-Unit lately, and it does bring a pleasent and easy testing paradigm to the development world. It is all self-contained within a single JS script and a provided CSS script for styling.

Heres a link to a good learning resource
http://net.tutsplus.com/tutorials/javascript-ajax/how-to-test-your-javascript-code-with-qunit/