Re: Windows Impersonation in ASP.NET

Pierre posted an entry bout impersonation in ASP.NET szenarios. [Pierre]There are several scenario where you have to use the impersonation in ASP.NET. Consider, for example, you have to save and load files from a network share (file server). In that case, if the web site accept anonymous authentications, you have to impersonate a windows user who has enought privileges to access to that resource. You have three choices (I guess): Elevate the ASP.NET process identity - worse case since you could compromise the whole site security Impersonate a windows user during the single call ( Demand the task to a COM+ server application I think that the last is the best since we have more security and maintenance control[...] I agree with him that "Demand the task to a COM+ server application" is the best way of the three he listed. But for me impersonation it is still a don't. By the way i wanted to post this as a comment but "Comments on this post are closed". Yes this is some criticism on :-) ... So here my opinion as post in my blog: Avoid impersonation! If you need to "redirect a binary that is located on a different box than the webserver to the client" utilize another IIS on the 2nd machine or write a service that returns the binary data.  

Indicate if the current web is running in debug mode...

public static bool IsWebInDebugMode{    get    {        bool _isDebug = false;                if(HttpContext.Current.Cache["IsDebug"]==null)        {            XmlDocument _doc = new XmlDocument();            string _cfgfile = HttpContext.Current.Server.MapPath("~/Web.Config");                _doc.Load(_cfgfile);                        XmlNode _node = _doc.SelectSingleNode("configuration/system.web/compilation");            if(_node==null || _node.Attributes["debug"]==null ||                _node.Attributes["debug"].Value.ToLower()!="true")            {                _isDebug = false;            }            else            {                _isDebug = true;            }            HttpContext.Current.Cache.Insert("IsDebug", _isDebug,                new System.Web.Caching.CacheDependency(_cfgfile),                DateTime.Now.AddDays(1),                TimeSpan.Zero);        }        else        {            _isDebug = bool.Parse(HttpContext.Current.Cache["IsDebug"].ToString());        }                return _isDebug;    }}

Next to XSS is SSS - Same Site Scripting

Via Willem Odendaal I opend the following web site It holds an interesting collection of bookmarklets (Javascript commands that can be saved as bookmarks so they can be applied to every page that is opend in your browser). For example: "remove MaxLength" ... shows how important it is to use ASP.NET Validation Controls in your Web Applications.  

.NET 2.0 Only 99.9% backwards compatible?

While re-writing a few WebServices for .NET 2.0 i ran across following: ...public static void WaitProc(object state, bool timedOut){   MyAsyncResult myAsyncResult = (MyAsyncResult)state;   myAsyncResult.OriginalCallback.Invoke(myAsyncResult);}... This compiles without any problems in Visual Studio .NET 2003 but makes the compiler scream (Invoke cannot be called directly on a delegate) untill you change the lines to the following: ...public static void WaitProc(object state, bool timedOut){   MyAsyncResult myAsyncResult = (MyAsyncResult)state;   myAsyncResult.OriginalCallback(myAsyncResult);}...

Using IFused with the FCKEditor

Miroslaw Maslyk has sent this small tutorial on how to use iFused with the FCKEditor. Thank you very much Miro ;-) 1. Rename file FCKeditor\editor\dialog\fck_image.html to fck_image.aspx. 2. On the top this file (fck_image.aspx) add this code: <%@ Page Language="C#" %><%@ Register TagPrefix="Uploader"  namespace="StaticDust.Web.UI.Controls"  assembly="StaticDust.Web.UI.Controls.UploadDialog" %><script runat="server">protected void Page_Load(Object source, EventArgs e) {    StaticDust.Web.UI.Controls.UploadDialogButton _u =      new StaticDust.Web.UI.Controls.UploadDialogButton();    _u.UploadDirectory = "~/images";    _u.ReturnFunction = "SetUrl()";    btnBrowse.Attributes["OnClick"] =      "javascript:" + _u.JavascriptLink; } </script> 3. Find btnBrowse input html tag , add runat="server" attribute and close tag (/>) 4. Replace in files FCKEditor\FCKeditor\editor\js\fckeditorcode_ie_2.js and fckeditorcode_gecko_2.js all fck_image.html sentence to fck_image.aspx

@BASTA! #1

Yesterday I arrived in Frankfurt with a delay of 2 hours (thanks to the Deutsche Bahn). Monday is Workshop day and so I just sat arround and did the same stuff that I would normally do in the office. I'm currently working on an ASP.NET project that uses v. 1.1 but will be converted to 2.0 with it's "Go-Live". So I need to make sure that I don't do things that will stand in the way in the next version. Here are a few questions I'm currently asking myself: Do i like the idea to save the properties of the Profile class in a ntext database column with the length of 6000? Will i accept that i can only user MemberShip with MediumTrust or higher? In germany we say: "Kommt Zeit, kommt Rat".

What ASP.NET Developers Should Always Do

[Dino Esposito] ...Introduced with ASP.NET 1.1, ViewStateUserKey is a string property on the Page class that only few developers admit to be familiar with. Why? Let's read what the documentation has to say about it.[...]void Page_Init (object sender, EventArgs e) { ViewStateUserKey = Session.SessionID; } There will be a few more that are familiar with that now :-)

C# Image 2 ASCII

What i really like about the days between x-mas and new year is that you have time for things that you usually don't have time for. The stroy: I love my girlfriend. I likle C# and I like asciiart. So it happend that she showed me some ascii's. I asked myself if somebody has written some image to ascii in C#. I googled but found nothing. I did some image manipulation stuff for the company before x-mas and so I builded a basic image to ascii conversion library in C#. can grab the source at :