Scott Hanselman

More great "Effective Presentation Tips"

February 15, '05 Comments [3] Posted in Musings
Sponsored By

My buddy Venk (Venkatarangan, the RD from Chennai) has posted his tips for effective presentations and they're excellent, surpassing my own attempt from a few years back.

He's even seen fit to make his tips available via PDF. I highly recommend you check them out if you give presentations, or have any coming up.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

ASP.NET HotFix 887219/MS05-004 may break and confuse IIS and ASP.NET (404s)

February 11, '05 Comments [4] Posted in ASP.NET
Sponsored By

Here's an interesting one from Jeff Berkowitz and Phil Hochstetler:

Phil has discovered that MS hotfix 887219 / MS05-004 (http://www.microsoft.com/technet/security/Bulletin/MS05-004.mspx), released last Wednesday, completely breaks our site.  At least on one test machine--happily we caught it before it reached Production.  With the hotfix installed, all our virtual roots (three of them, one containing a web application and two containing collections of web service pages) return 404s exclusively.  Backing out just this one hotfix solves the problem.

The fix was found by Phil on Google Groups: Go to IIS Admin, open Properties on Web Site, Home directory tab, Local Path text box: make sure there is no trailing slash.

 

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

ViewStateUserKey and "Invalid_Viewstate" when posting back during Forms Authentication

February 9, '05 Comments [7] Posted in ASP.NET | ViewState
Sponsored By

From my point of view, I like ASP.NET because it's at least consistent. Anytime some crazy crap happens, at least it makes sense once the dust clears.

We've got a "Workflow" ASP.NET Server Control that i s very snazzy. It's a templated user control that handles all the state transitions one has to deal with when showing and hiding different panels during a Wizard-style operation.

So, you can setup Next and Previous or whatever buttons you like, hook each up to any WorkflowStep and there you go. It's a simpler thing that the UIP. Anyway, as with all ASP.NET 1.1 Postback-like things, it postsback to the current page.

Today someone who was creating an Enrollment and Signon workflow got this Exception during a PostBack:

Exception: System.Web.HttpException
Message: Invalid_Viewstate
Source: System.Web
   at System.Web.UI.Page.LoadPageStateFromPersistenceMedium()
   at System.Web.UI.Page.LoadPageViewState()
   at System.Web.UI.Page.ProcessRequestMain()

When you get this exception the standard list of things to check are:

  • If this is a cluster, edit <machineKey> configuration so all servers use the same validationKey and validation algorithm.  AutoGenerate cannot be used in a cluster. 
  • Viewstate can only be posted back to the same page. 
  • The viewstate for this page might be corrupted.

However, this isn't an error that you'd likely see on a single development ox, so something had to be up. The only interesting and different thing about this situation was that the user, in step 4 of this 7-step process, gets logged into Forms Authentication. When I say "gets logged in" I mean, a cookie is sent to them.

Here's the flow of what happened and why it's a problem:

  1. Un-Forms-Authenticated Client (no cookies) does a GET and receives some standard ViewState.
  2. Client fills out form, POSTs back. ViewState is decoded, life goes on.
  3. During Page processing, user is "logged on" and a Forms Authentication cookie is set out (queued up more like it).
  4. Additionally more ViewState is sent back, not encrypted.
  5. Now Forms-Authenticated Client (cookies) fills out form, POSTs back. ViewState from step 4 is returned to the server.
  6. In Global.AuthenticateRequest(), the cookie from this client is cracked open and a valid SecurityPrincipal is put on the current Thread. Now, User.Identity.IsAuthenticated is true, and User.Identity.Name is set to some string.
  7. In the Page.Init() this line executes, which I've mentioned before. This adds another layer of protection to the User's ViewState.:
    if (User.Identity.IsAuthenticated){ViewStateUserKey = User.Identity.Name;}
  8. Then, after Page.Init() but before Page.Load(), the internal method LoadViewStateFromPersistanceMedium() starts to open up the ViewState that was passed to us. This was the non-protected non-encrypted viewstate from step #4.
  9. Exception occurs, because we now are trying to decrypt ViewState with a key that wasn't present when the ViewState was originally generated.

Moral: Don't change ViewStateUserKey when there is pending ViewState that hasn't been posted back and cracked open yet.

However, you can ONLY change Page.ViewStateUserKey in Page.OnInit, so we do a Response.Redirect after the Forms Authentication Cookie is sent out. This avoids any potential trouble with logging a user in on a postback, and cleans up the workflow considerably.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Zen of Web Services - Join me at the Boise .NET Developers User Group

February 9, '05 Comments [2] Posted in ASP.NET | Web Services | XmlSerializer | Tools
Sponsored By

I'll be in Boise on 2/17 at the Boise .NET Developers User Group giving a "two hour talk on angle brackets" as Simon Fell once describe it so astutely. It's my famous (in my own mind) "Zen and the Art of Web Services" talk, also known as "WS-SoWhat?" (also known as WS-BFD) and "How I stopped worrying and learned to love WSDL."

If you're in, around, near, or adjacent to Boise on 2/17 at 6:30pm, come hang out with me and mention that you saw it on my blog. I'll also show about four dozen free tools and utilities that will make your life easier. Come see my talk and I promise it won't suck, plus Law&Order is a repeat that night anyway.

Will Web Services save the world? More importantly, will they save you time? We'll separate the good from the bad and dig into the WHY of Web Services and the HOW of the .NET Framework. We'll go low level and sniff packets on the wire and we'll go high level and design business documents with XML schema. We'll auto-generate Business Domain Objects and Messages. We'll discuss the meaning of the WS*.* specifications, interoperability and get our heads around the "Zen" of Web Services and see where .NET succeeds and where it falls down. This talk will be as technical as you want it to be, but it will also be valuable for the Business Person or Project Manager who really wants to answer the question "Web Services: So What?" Doesn't sound like the typical Users Group meeting, does it? You'll just have to come by and find out!

Ever wish you could launch Visual Studio.NET and go “File|New Enterprise?”  Well, you can’t just slap [WebMethod] on your existing stuff and go to market.  Web Services and WS*.* have turned out to be the biggest buzzwords since ActiveX – let’s really dig in technically and find out what’s going on.  We’ll look at:

  • The Primordial Ooze that we called CSV files up until XML Schemas today
  • The Internals of XSD.EXE and the XmlSerializer
  • We’ll ILDASM and Reflect(or) our way through System.Web
  • Examples of replacing XSD.EXE with your own generated code
  • Exactly how Visual Studio.NET promotes Microsoft’s view of The Matrix, and how you can be more like Neo, and less like Neo’s cube-mates and co-workers.
  • How to use Web Services in any context, and how to promote Interop with other languages.
  • How to sniff SOAP on the wire and why you should care
  • How XSD Types map to CLR Types and how to deal with the NULL problem
  • How WSE applies to you, and how to CYA as we wait for Indigo.

Now playing: Dave Matthews Band - Stay (Wasting Time)

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Microsoft Fingerprint Reader - a Mini Review

February 9, '05 Comments [17] Posted in Reviews
Sponsored By

Fingerprint2I picked up a Microsoft Fingerprint Reader, which is a Digital Persona straight re-brand.

I'm seriously digging it. The registration process (shown at left) is fantastic. It's smooth, it's accurate and best of all it's simple.

Once you've clicked a few fingers and registered it, you can use any finger you want to indicate that it's you.

If you're on a web page with a name/password dialog when you touch the reader, you're prompted to enter your combo. After that, the software will automatically enter your password when you touch the reader. You can also touch the reader first, then pick what page you'd like to visit.

Either way, I've stopped entering passwords since I got this little gem. I've plugged it into the USB Hub on my DELL LCD Monitor, so it's always at hand (no pun intended) and it doesn't take up a USB Root Port on the main system.

Good Things:

  • It integrates with the Windows XP Ctrl-Alt-Del Login or Welcome Screen without changing it.
  • Non-intrusive and stays our of your way. No modal dialogs.
  • It's shiny

Bad Things:

  • You could cut off my finger, go to my house and log into my machine. Ah, but which finger!? I gotcha, evil doers. Unless, you take the whole hand. Er. Ick.
  • I can't figure out from the super-simple interface where to EDIT or DELETE an existing password. It must be there, and it's mentioned in the help, but I swear, I can't find it.
  • Rare: If you already have a Ctrl-Alt-Del replacement, perhaps for VPN software like Cisco, you can't use the reader for your primary login.
  • Can be spoofed if you use a gummy bear with ridges cut to register your fingers initially.

It's definitely worth the money and I use it every day.

Now playing: Eve - Gotta Man

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.