Don't mess with sharepoint...

Carefully said I do not like that sharepoint "hijacks" the Internet Information Server. When you create a virtual directory it is just not accessable because SharePoint took over IIS. Funny fact: This is the second post how to fix issues with IIS and "extension" that cause issues :-) So i decided to hack a small utility serving my needs: ExcludeFromSharepoint.zip (3.46 KB) Enables to exclude applications from sharepoint services through the directory context menu. Install using the "-install" switch; Uninstall using "-uninstall" switch. Because I'm running my machine under a LUA (Limited User Account) i wrote the tool in a way that you can install and uninstall it without administative rights - the contextmenu will be installed per user! if(args[0]=="-install") {     RegistryKey _rkey = Registry.CurrentUser;     _rkey = _rkey.OpenSubKey("SOFTWARE\\Classes",true);     _rkey = _rkey.CreateSubKey("Folder").CreateSubKey("shell");     _rkey = _rkey.CreateSubKey("Exclude from Sharepoint");     _rkey = _rkey.CreateSubKey("command");     _rkey.SetValue(null, App.Application.ExecutablePath + " \"%1\""); } else if(args[0]=="-uninstall") {     RegistryKey _rkey = Registry.CurrentUser;     _rkey = _rkey.OpenSubKey("SOFTWARE\\Classes\\Folder\\shell",true);     _rkey.DeleteSubKeyTree("Exclude from Sharepoint"); } else { ... }   The Implementation works with the webserver extensions version 4.0 or higher       RegistryKey _rkey = Registry.LocalMachine;     _rkey = _rkey.OpenSubKey("SOFTWARE\\Microsoft\\Shared Tools\\" +         "Web Server Extensions",true);         foreach(string _subKeyName in _rkey.GetSubKeyNames())     {         try         {             int.Parse(_subKeyName.Replace(".",""));             RegistryKey _fpKey = _rkey.OpenSubKey(_subKeyName,true);             _fpDir = (string)_fpKey.GetValue("Location");         }         catch(Exception _ex)         {             string _err = _ex.ToString();             break;         }     }   and uses the stsadm.exe from the shared tools of the server extensions.     System.Diagnostics.Process _p = new System.Diagnostics.Process();     _p.StartInfo.FileName = Path.Combine(_fpDir, "BIN\\stsadm.exe");     _p.StartInfo.Arguments = "-o addpath -url http://localhost/" +         _strProjectName + " -type exclusion";     ...     _p.Start();  

Re: Windows Impersonation in ASP.NET

Pierre posted an entry bout impersonation in ASP.NET szenarios. [Pierre]There are several scenario where you have to use the impersonation in ASP.NET. Consider, for example, you have to save and load files from a network share (file server). In that case, if the web site accept anonymous authentications, you have to impersonate a windows user who has enought privileges to access to that resource. You have three choices (I guess): Elevate the ASP.NET process identity - worse case since you could compromise the whole site security Impersonate a windows user during the single call (http://blogs.msdn.com/shawnfa/archive/2005/03/22/400749.aspx) Demand the task to a COM+ server application I think that the last is the best since we have more security and maintenance control[...] I agree with him that "Demand the task to a COM+ server application" is the best way of the three he listed. But for me impersonation it is still a don't. By the way i wanted to post this as a comment but "Comments on this post are closed". Yes this is some criticism on weblogs.asp.net :-) ... So here my opinion as post in my blog: Avoid impersonation! If you need to "redirect a binary that is located on a different box than the webserver to the client" utilize another IIS on the 2nd machine or write a service that returns the binary data.  

Next to XSS is SSS - Same Site Scripting

Via Willem Odendaal I opend the following web site http://www.squarefree.com/bookmarklets/forms.html#frmget. It holds an interesting collection of bookmarklets (Javascript commands that can be saved as bookmarks so they can be applied to every page that is opend in your browser). For example: "remove MaxLength" ... shows how important it is to use ASP.NET Validation Controls in your Web Applications.  

@BASTA! #1

Yesterday I arrived in Frankfurt with a delay of 2 hours (thanks to the Deutsche Bahn). Monday is Workshop day and so I just sat arround and did the same stuff that I would normally do in the office. I'm currently working on an ASP.NET project that uses v. 1.1 but will be converted to 2.0 with it's "Go-Live". So I need to make sure that I don't do things that will stand in the way in the next version. Here are a few questions I'm currently asking myself: Do i like the idea to save the properties of the Profile class in a ntext database column with the length of 6000? Will i accept that i can only user MemberShip with MediumTrust or higher? In germany we say: "Kommt Zeit, kommt Rat".

What ASP.NET Developers Should Always Do

[Dino Esposito] ...Introduced with ASP.NET 1.1, ViewStateUserKey is a string property on the Page class that only few developers admit to be familiar with. Why? Let's read what the documentation has to say about it.[...]void Page_Init (object sender, EventArgs e) { ViewStateUserKey = Session.SessionID; } There will be a few more that are familiar with that now :-)