Scott Hanselman

DPAPI and WindowsImpersonationContext and the one that got away...

July 29, '03 Comments [3] Posted in Web Services | ASP.NET | XML
Sponsored By

I’ve got a small C# Security Application that I’m writing an Editor for.  I was hoping to let the user run the application as whoever they choose to, and then use LogonUser to create a WindowsImpersonationContext and log them in as SOMEONE ELSE to do the DPAPI Encryption (because it will be that other use that will be decrypting the data.)

 

I’m using DPAPI with a User Store, not a Machine Store.  I’ve got a managed wrapper for DPAPI that works fine.  I’ve got a Managed “ImpersonateUser” function that returns a WindowsImpersonationContext and internally users LogonUser and also works fine.  

 

The psuedocode/gist is be basically:

 

Load App

            Do some stuff

            Load XML File

            Call ImpersonateUser (someotherguy) [succeeds and WindowsIdentity.GetCurrent().Name changes to reflect the change

            Call DPAPI to Encrypt Element Context (this works fine if I DON’T IMPERSONATE...)

                        ERROR: Win32 Marshal.GetLastWin32Error() reports “The System couldn’t find the file specified”

            Save File

            Call ImpersonationContext.Undo

Exit App

 

Apparently this is either utterly stupid of me, or noone has ever tried it.   All the doc on DPAPI is either highly theoretical “how it works internally” or very trivial “here’s how I used the Machine Store from ASP.NET  The doc on WindowsImpersonationContext is even worse.

 

Am I going to just make the user to a “RunAs” to launch my app? (which works fine, BTW)  It just would have been so nice to have a "Run As" menu item...thoughts anyone?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

It's been one of those Old School Weeks

July 29, '03 Comments [2] Posted in Web Services | Bugs | Tools
Sponsored By

Sometimes a lot of "Old School" technology seems to pop up all at once.  It's Tuesday and already I've worked on two old school issues.  Here's what I told them and learned myself:

Viewing a PDF inside of Internet Explorer doesn't work when ActiveX is turned off in IE Security

From a user's point of view, there are two implementations of ActiveX technology in Internet Explorer: ActiveX Controls (created with an <object> tag in an HTML page) and ActiveX Documents (created when IE sees a mime/type that is handled by an registered application.)

When you open up a Word Document or a Adobe PDF and it appears INSIDE Internet Explorer that is an "ActiveX Document."   When you open up an HTML page that contains en <embed> or <object> tag that is an "ActiveX Control."

Both of these technologies, along with "Authenticode" (when a dialog pops up and warns you about downloading code, do you trust, etc.) are collectively, to the layman, "ActiveX."

When you turn off ActiveX in the IE Tools|Options|Security you are affecting ActiveX Documents as well.  If you click on a PDF and try to open it in IE, you'll likely get a blank page or a "broken window" graphic.  You'll be unable to View|Source because there is no HTML source to view!

Use of NEW on one line in Visual Basic 6 - as in "Dim oX as New Thing"

In VB6, what is the difference SPECIFICIALLY between: 

    Dim oCalcutta As FooBar
   Set oCalcutta = New FooBar

and

    Dim oCalcutta As New FooBar

 Is there a speed difference? (there doesn’t appear to be a major one) COM difference? (are internals handled differently?)

Turns out there is a difference.  (Thanks to Stephen Forte, Francesco Balena, Ralf Westphal, and especially Henrik Nielsen)

When you write code like this:

  Dim obj As New Class1
  obj.Method

Then each reference to a member such as:

  obj.Method

will be compiled to the following code (pseudo-code):

  If obj Is Nothing Then
    Set obj = New Class1
  End If
  obj.Method

This of course implies a certain performance hit – but I wouldn’t expect it to be in any way significant.

Much more important (in my opinion) is the difference in semantics (which follows from the above) between the two constructions:

  Dim obj As Class1
  Set obj = New Class1
  Set obj = Nothing
  obj.Method

and

  Dim obj As New Class1
  Set obj = Nothing
  obj.Method 

The first construction will result in a run-time error (Object variable or With block variable no set) and the second will not.

UPDATE: Some wisdom from Dan Appleman. "The reason [you're told] not to use [a Dim on one line] is that this can result in subtle bugs - especially during cleanup - when you are either accidentally recreating objects you think you cleaned up, or are referencing new objects when you accidentally cleared old ones."

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

[XmlRootForcePrefix(Prefix='foo')

July 29, '03 Comments [0] Posted in Web Services | XML
Sponsored By

After discovering that .NET/ASMX didn't want to let me change the prefix on the root element of a SOAP payload, I did the unthinkable, but appropriate action and wrote a SoapExtension to please the client of this Web Service.  Certainly the world of Web Services is a worse place that I had to write this.

Of course, the prefix is not needed, but it made them happy, and that is satisfaction enough, eh?  And at least it is implemented as an Attribute, so it can be easily removed in the future.

I won't ruin my karma by posting the project here, but the gist is this.  (If you want the code, and to go to hell, email me):

[WebMethod]
[SoapDocumentMethod(Action="http://www.ford.com/Sample",
RequestNamespace="http://www.ford.com/Request",
RequestElementName="GetCarRequest",
ResponseNamespace="http://www.ford.com/Response",
ResponseElementName="MyCar")]
[XmlRootForcePrefix(Prefix="scott")]
public Car HelloFord()
{
   Car c =
new Car();
  
c.Namespaces.Add("yoyoyo","hanselman");
   return c;
}

results in this (added stuff in red).  Note that the default namespace remains, and the added prefix uses that full qualified namespace.  The goal wasn't to fundamentally change the structure of the document, just add the prefix.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <soap:Body>
    <scott:MyCar xmlns="
http://www.ford.com/Response" xmlns:scott="http://www.ford.com/Response">
      <car xmlns:yoyoyo="hanselman" xmlns="hanselman">
        <yoyoyo:engine>some engine</yoyoyo:engine>
        <yoyoyo:color>red</yoyoyo:color>
      </car>
    </scott:MyCar >
  </soap:Body>
</soap:Envelope>

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Garrick Neal's Ten Commandments of Diabetes

July 28, '03 Comments [2] Posted in Diabetes
Sponsored By

TEN QUICK TIPS FOR TIGHT CONTROL OF TYPE 1 DIABETES

1.  Lots of testing.  Lots.  At least 8 times a day, and preferably 10 to 12, or even more when things get astray.

2.  Disciplined diet. Maximal nutrition, aka healthy foods.  No snacking... there is no insulin available for small meals. Keep the meals to known quantities of carbohydrates, protein and fat.

3.  Stay well exercised.  Exercise provides all the usual benefits that it provides to normal people and maybe 2 times more than that for diabetics.  Including the ability to handle hypoglycemia better, and less bg exasperating illnesses.  One of the most important, to the quality if life issue, is that being fit means that during normal activity you are burning muscle glycogen, instead of blood glucose...

4.  Immediate correction of hyperglycemia.  The sooner hyperglycemia is corrected the less the amount of insulin resistance that sets in.... and hence continued hyperglycemia.  It varies for different people, but it happens at somewhere around 10 (180).  Find out, and avoid breaching it.

5.  Experimentation.  You must know your carbohydrate/insulin ratio.  Also precisely how much lead time you will need to take your rapid insulin, in any, prior to starting to eat.

6.  Watch the fat intake. Watch the protein intake.  Do not eat fat or protein based meals (or snacks) without carbohydrates.  Too much fat in a meal will make you insulin resistant for about 24 hours and too much protein will cause a 'protein spike' at some unexpected later time.

7.  Use glucose tablets.  Always keep them handy.

8.  Watch out for foods that may have high glycemic index values. The carbs will have as much as double the blood glucose effect as average carbs.  Watch out for over ripe fruit.  Again, eat consistently.

9.  Don't over basal.  Too much basal insulin will stuff the liver full of glucose,  and it will spill out... into the blood. 

10.  Never, never worry.  It's not fair that we are diabetics.  We don't deserve it.  We just have it, and we have to do what we can about it.  We cannot be perfect   (though for one whole day I once managed it. 

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Modifying the namespace PREFIX of the root node of the body of a SOAP Web Services Response....whew!

July 27, '03 Comments [6] Posted in Web Services | ASP.NET | XML
Sponsored By

I've got a client who doesn't fundamentally understand SOAP, much less XML.  They are insisting on a specific prefix for elements in a SOAP Response we are sending to them.

They want:

       <soap:body>
             <samlp:Response xmlns:samlp="thewholedurnthing">  
                  <samlp:somestuff>

I'm producing via an ASMX :

         <soap:body>
             <Response xmlns ="thewholedurnthing" xmlns:samlp="thewholedurnthing">
                  <samlp:somestuff>

and they are not digging it.  Certainly the prefix doesn't matter as the InfoSet is semantically the same.  I suspect the client (who is using Java) is manually <gasp> parsing the Response.

I'm hoping to cover this experience in an upcoming PADNUG talk now tenatively entitled "How NOT to do Web Services: Is ritual suicide the only answer?"

I messed around with the obvious XmlRoot and XmlType attributes and observed they were being wholly ignored for the Root Element of the resulting SOAP payload.  I talked to Christian Weyer and Herr Vasters who confirmed that it is 99.9% not possible via simple attributes. 

So, taking their advice I will write a quickie SoapExtension, probably something along the lines of:
     XmlRootForcePrefix(prefix="samlp", namespace="thewholedurnthing").

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.