Posts

Unable to start debugging on the Web server. An authentication error occurred while communicating with the web server

Even had this annoying error when staring a debugging session from Visual Studio, and you have configured it to use IIS. I have, today actually. This is what worked for me. Disable the loopback check 1. Open the Registry Editor (click Start, click Run, type regedit and then click OK.) 2. In the Registry Editor, locate and click the following registry key: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Lsa 3. Right-click Lsa, point to New, and then click DWORD value. 4. Type DisableLoopbackCheck and then press Enter. 5. Right DisableLoopbackCheck, and then click Modify. 6. In the Value data box, type 1, and then click OK. 7. Quit Registry Editor, and restart the computer. (I didn’t and it still worked :)) Hope this helps, and if so, spread the word. Happy Coding

Mitigating cookies theft using HttpOnly

Image
Cross Side Scripting (XSS) Cross Side Scripting is a technique that enables attackers to inject client-side script into Web pages viewed by other users. It's a computer security vulnerability typically found in Web applications. This means that a hacker would be able to insert JavaScript in a text field, say a blog post. This script would be executed by the browser, through this page, for every user that reads the post thread after it is published. The script could in turn read the current users cookie and send it to a a remote service and store is for later use. To protect a cookie against the XSS vulnerability there is a header flag available for the “Set-Cookie” HTTP response header. This header will mitigate the risk of client side script accessing the protected cookie (if the browser supports it). Testing the theory To test this theory, I will demonstrate it using a test application. Our test application consists of a ASP.Net web application and some javascript. The fo

Integrating WinMerge in Visual Studio

Image
I've been using WinMerge for a long time now because i think it's the best, FREE, comparison and merge tool available today. What i really don't like is the comparison tool that ships with Visual Studio. For instance, the following line has a difference, but what is the difference exactly. You can figure out what it is by really staring at the line OR use WinMerge instead.   The cool part about VS2008 is that you can configure a lot of things, and this also count for customizing tools. To intergrate WinMerge follow these simple steps. Go to tools -> options -> source control -> visual studio team foundation server -> "configure user tools" button. Click Add Choose the following settings Extension: .* Operation: Compare Compare: C:\Program Files\WinMerge\WinMergeU.exe Arguments: %1 %2 Now if you compare the files, you get the nice interface of WinMerge and can see di

Yet Another WiX Tutorial Part 3: Customizing the UI dialogs

Image
Introduction In a previous post I showed you how to use the UIExtensions library to add predefined user interfaces to you installer. These UIExtensions are easy to use, but what if none of these suit your needs. It is possible to customize the selected UI Extension and it is quit easy to do. The following example will show you have to remove the LicenseAgreementDlg from the UI sequence of the WixUI_InstallDir extension. Steps Get the source code for the UIExtension First thing you need to do is get the sources for the version of WiX you are using. After you have downloaded them, you van browse to the UIExtension folder to get the wxs fragment file that contains the extension <SOURCE FOLDER>\src\ext\UIExtension\wixlib When you open the extension WiX file (in this case WixUI_InstallDir) you will see a fragment with the ID used by the UIRef node. < Wix xmlns = "http://schemas.microsoft.com/wix/2006/wi" > < Fragment > < UI

Yet Another WiX Tutorial - Index

Image
I am working on new project where i am introducing the WiX Toolkit as part of our automated build process using TFSBuild. As the project evolves I am publishing my findings on this blog. The Yet Another WiX Tutorial consists of the following parts: Yet Another WiX Tutorial Part 1 : An Introduction Yet Another WiX Tutorial Part 2: Your First Installer Yet another WiX Tutorial Part 3: Customizing the UI dialogs More to come … Enjoy.

Encrypted Cookies using ASP.NET

Image
Introduction In order to store use specific information during a ASP.Net session you have to option to place state data in a browser cookie . These cookie are send in plain text and using various tool it is possible to read the content of these cookies. Although reading might not always be a problem, the ability to change the content of a cookie is a big thread. Tampering with the cookie is actually very easy, and i will demonstrate this using a Firefox extension called TamperData . Tampering a Cookie Setup I started by creating a small ASP.NET application that checks the presence of our cookie. If not sets, a cookie is create and filled in the page load. After that i print the values on the page. 1: protected void Page_Load( object sender, EventArgs e) 2: { 3: if (Request.Cookies[" __IGUZA.NET "] == null ) 4: { 5: HttpCookie cookie = new HttpCookie(" __IGUZA.NET "); 6: cookie[" SomeKey "] = " Some

Yet Another WiX Tutorial Part 2: Your First Installer

Image
Introduction What is in this tutorial In this part of the WiX tutorial i will guide you trough your first WiX installer and explain what the important concepts are when creating a WiX file. Requirements for this part of the tutorial is that you installed the WiX toolkit as described in part 1 of this tutorial. Structure of a WiX script If we look at the structure of a MSI package you will see some principles that come back in the WiX script. A MSI has one or more features . A feature has one or more components . A component consists of one or more items to be installed. A component is a group of items and actions that should be installed or executed when that component is selected to be installed. The most common items would be some files and a shortcut , and an action could be to copy a file. Creating the project The WiX project We start by creating a new solution that contains a WiX project. The WiX Project template presents you with the following