Thursday, October 21, 2004

MSN Search Technology Preview 2

Microsoft's new algorithmic search engine with a few more features and a bigger index.

Provide your comments here!!! .

# posted by ArunGG_MVP : 9:42 AM  0 comments  

Wednesday, October 20, 2004

Support for Edit & Continue (E&C) in C# in Visual Studio 2005

Check here: http://blogs.msdn.com/somasegar/archive/2004/10/15/242853.aspx

Suggestion Details: Edit and continue support for Visual C#:
http://lab.msdn.microsoft.com/productfeedback/viewFeedback.aspx?feedbackid=bbbf7d31-204c-4a93-af08-fb80328fbe86

For more details about this:http://www.mvpblog.com/arun/2004/07/whats-new-in-debugging-vs-2005.html

# posted by ArunGG_MVP : 6:46 AM  0 comments  

Tuesday, October 19, 2004

Shut Down the Computer using C# - WMI !!!

Before jumping into the code:

WMI Reference

Windows Management Instrumentation (WMI) provides access to information about objects in a managed environment. This is an implementation of the Desktop Management Task Force’s (DMTF) Web Based Enterprise Management (WBEM). WMI has a query language (WQL), one can use that to query Windows Management Service.

Fine. But how I use this WMI in .NET?! Here the answer.

System.Management Namespace

System.Management Namespace provides access to a rich set of management information (such as how much free space is left on the disk, what is the current CPU utilization ….) and management events about the system, devices, and applications instrumented to the Windows Management Instrumentation (WMI) infrastructure.

Here the Code:

using System.Management;

public class Win32OperatingSystem
{
public static void Shutdown(string machineName, string username, string password)
{
ManagementScope Scope = null;
ConnectionOptions ConnOptions = null;
ObjectQuery ObjQuery = null;
ManagementObjectSearcher ObjSearcher = null;
try
{
ConnOptions = new ConnectionOptions();
ConnOptions.Impersonation = ImpersonationLevel.Impersonate;
ConnOptions.EnablePrivileges = true;
if (machineName.ToUpper() == Environment.MachineName.ToUpper() )
Scope = new ManagementScope(@"\ROOT\CIMV2", ConnOptions); else
{
ConnOptions.Username = username;
ConnOptions.Password = password;
Scope = new ManagementScope(@"\\" + machineName + @"\ROOT\CIMV2", ConnOptions);
}
Scope.Connect();
ObjQuery = new ObjectQuery("SELECT * FROM Win32_OperatingSystem");
ObjSearcher = new ManagementObjectSearcher(Scope, ObjQuery );
foreach( ManagementObject operatingSystem in ObjSearcher.Get())
{
MessageBox.Show("Caption = " + operatingSystem.GetPropertyValue("Caption"));
MessageBox.Show("Version = " + operatingSystem.GetPropertyValue("Version"));
ManagementBaseObject outParams = operatingSystem.InvokeMethod ("Shutdown",null,null);

}
}
catch (Exception ex)
{
throw ex;
}
}
}

Call the function like:
[STAThread]
static void Main(string[] args)
{
Win32OperatingSystem.Shutdown(@"Machinename", @"UserName", @"Pwd");
}


# posted by ArunGG_MVP : 11:46 PM  1 comments  

Tuesday, October 12, 2004

Is System.Random class - Cryptographically secure?

In the .NET Framework, System.Random uses an algorithm based on the subtractive method described by Donald Knuth in The Art of Computer Programming, Volume 2: Seminumerical Algorithms (Addison-Wesley, 1997).

System.Random is not cryptographically secure and should not be used for any applications where predictability can pose a threat.

The RNGCryptoServiceProvider class in the System.Security.Cryptography namespace is, however, a cryptographically secure random number generator and can be used in situations where cryptographically strong random values are required.

# posted by ArunGG_MVP : 10:17 AM  0 comments  

Friday, October 08, 2004

Microsoft released -- ASP.NET ValidatePath Module

Microsoft has released an ASP.NET HTTP module that Web site administrators can apply to their Web server. This module will protect all ASP.NET applications against all potential canonicalization problems known to Microsoft.

Microsoft updated the security site with the updated new information and guidance related to the reported ASP.NET security vulnerability.

*** All customers with any ASP.NET deployments, on any operating systems should follow the guidance provided.

To ease the thing; Microsoft released a new HTTP Module mitigation best practice.

This is in the form of an MSI installer that will help protect all ASP.NET applications on a Web server. This MSI installer will place a binary into the GAC and update the machine.config file for ASP.NET.

Download information at
http://www.microsoft.com/downloads/details.aspx?FamilyID=da77b852-dfa0-4631-aaf9-8bcc6c743026&displaylang=en

You can download the MSI directly at
http://download.microsoft.com/download/4/6/1/461433d5-cbac-4721-85cb-c5a514fd0049/VPModule.msi

You can find the detailed guidance about the HTTP Module, how the MSI works, and how to deploy it etc in this KB Article:
http://support.microsoft.com/?kbid=887289

For more info about ASP.NET Security vulnerability; check my blog below!!!

# posted by ArunGG_MVP : 5:11 AM  2 comments  

Thursday, October 07, 2004

Vulnerability in Microsoft ASP.NET

Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This reported vulnerability exists in ASP.NET and does not affect ASP.

This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003.

More details at:
http://www.microsoft.com/security/incident/aspnet.mspx

Check this KB article - that provides prescriptive guidance on how to protect against canonicalization issues immediately on their site. This KB will help developers protect themselves on a per application basis.
The Microsoft Knowledge Base article can be viewed here:
http://support.microsoft.com/?kbid=887459
The vulnerability was first reported on NTBugtraq.

# posted by ArunGG_MVP : 8:44 AM  0 comments  

Wednesday, October 06, 2004

How to turn on dynamic discovery - XML Web Servcie

How to turn on dynamic discovery to allow XML Web service client applications to discover the available XML Web services on a Web server without creating a discovery document?

By publishing a .disco file, one can enable programmatic discovery of XML Web Services. A .disco file is an XML document that can contains links to other discovery documents, XSD schemas, and service descriptions.

By default, dynamic discovery is disabled when the .NET framework is installed on behalf of security.

To turn on dynamic discovery for a Web server, modify the machine.config to add the following element. (if you are using Visual Studio .NET)

#### Please note that the type attribute should be in one line.

<configuration>
<system.web>
<httphandlers>
<add verb="*" path="*.vsdisco"
type="System.Web.Services.Discovery.DiscoveryRequestHandler,
System.Web.Services, Version=1.0.3300.0,
Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
validate="false"/>
</httphandlers>
</system.web>
</configuration>

But please note that when dynamic discovery is turned on, all XML Web services and discovery documents existing on the Web server beneath the requested URL are discoverable. Hence I would suggest thinking twice before turning on dynamic discovery; unless you take the necessary precautionary steps.

There are two ways you can control the discoverability of an XML Web service.
1. Using the machine.config file that controls the overall discoverability of the server.
To enable discovery, you need to remove the comment characters in the following in machine.config.

2. The second one is a discovery file (You can create your custom disco file and publish it).

For more info check: Enabling Discovery for an XML Web Service
Publishing and Discovering Web Services with DISCO and UDDI

# posted by ArunGG_MVP : 7:13 AM  1 comments  

Tuesday, October 05, 2004

Calling Windows APIs from managed code – Good/Bad?

Windows application programming interfaces (API) are dynamic link libraries (DLLs) that are part of the Windows operating system. The .NET framework has wrapped major segment of the Win32 API into managed code. But still there are few remaining portion of unmanaged part that you can make use of that functionality using the platform invoke service.

You have to be aware the following things about calling Windows APIs from managed code:

1. Windows APIs are part of unmanaged world.

2. Windows APIs doesn’t have built-in type libraries and the data types used in managed code is entirely different.

3. Windows API’s are not COM Objects.

4. To make use of the Windows API functionalities, you have to make use of Platform invoke (PInvoke), which enables managed code to call the unmanaged functionality provided by Windows DLL’s.

5. The Platform Invoke service offers a method to call functions that are exported from an unmanaged DLL. The most distinctive use of PInvoke is to allow .NET components to interact with the Win32 API. PInvoke is also used to access functions exports defined in custom DLLs.

6. In behind the scenes the Platform Invoke will locate the DLL contain the function, load the DLL into memory and locating the address of the function in memory and invokes an exported function and marshals its arguments.

For more info check here: Consuming Unmanaged DLL Functions

Check my article on COM Interop:
http://www.microsoft.com/india/msdn/articles/24.aspx

Advantage:

1. Development time is less. Just utilize the function and get the functionality you required from the already written useful functions.

2. Less Complex (if you know the definition and usage of PInvoke signatures!). Make use of these functions, which are tricky to do in managed code.

Disadvantage:

1. If you don’t know the exact PInvoke signature, you are in trouble; it will take lot of time! I suggest visiting http://www.pinvoke.net before you try anything.

2. Win API’s are merciless when things go wrong. If you make any error, you’ll possibly corrupt memory.

3. More PInvoke calls - Performance is an issue, due to the data marshaling.

# posted by ArunGG_MVP : 2:15 AM  0 comments  

Monday, October 04, 2004

Do interop the wiki way!!!

1. Is there any need to use PInvoke in your code?
2. Is there any need to use DllImport Attribute in your code?
3. Is there any need to call unmanaged APIs in managed code in your code?
4. Want something like of VB6's "API Text Viewer?
5. Want to share some code/trips in calling unmanaged code?

Then check the site PINVOKE.NET, which is a Wiki (created with FlexWiki), enabling users to share the info regarding calling unmanaged code.

It really saves lot of time; when ever I want to use unmanaged call; First I will check this site.
Manual usage of PInvoke signatures is really dreadful.

Check this site where you can find, edit, and add PInvoke signatures, user-defined types, and any other information that helps us leverage each other's efforts.


# posted by ArunGG_MVP : 8:01 AM  0 comments  

Friday, October 01, 2004

New MVPs Announced

Microsoft announced the new MVP Members:

Here the List:

1. Hari K. Prasad, Trivandrum
2. Dhamayanthi N, Chennai
3. Sanjay Vyas, Mumbai
4. KS Naveen, Bangalore
5. Sarang Datye, Pune
6. Tarun Anand, Delhi

Great Work !!! Welcome to the Community. :)

For more info on MVP's:
Check here: http://mvp.support.microsoft.com/




# posted by ArunGG_MVP : 7:23 AM  0 comments  

This page is powered by Blogger. Isn't yours?