Thursday, February 22, 2007
Tuesday, February 20, 2007
This morning I finally passed Exam 70–536: Microsoft .NET Framework 2.0 - Application Development Foundation. Which is a good start to become Microsoft Certified Technology Specialist: .NET Framework 2.0 Web Applications.
To study this exam, I used the MCTS Self-Paced Training Kit (Exam 70-536): Microsoft .NET Framework 2.0–Application Development Foundation. A very good study guide to pass this exam!
Monday, February 19, 2007
Follow these steps to decouple your VS .NET 2005 Solution from Visual Source Safe 2005 by yourself:
- First of all: take a backup ! ;-)
- Go to the properties of the folder where you can find all your project files.
Uncheck the 'Read-only' checkbox.
- Open the .csproj file and delete following tags
You can find them below the Project > PropertyGroup tags
- Delete following files:
- Go to the solution file and delete following lines
SccProjectName = ...
SccAuxPath = ...
SccLocalPath = ...
SccProvider = ...
GlobalSection(SourceCodeControl) = preSolution
SccNumberOfProjects = ...
SccLocalPath0 = ...
SccProjectUniqueName1 = ...
SccLocalPath1 = ...
SccProjectFilePathRelativizedFromConnection1 = ...
SccProjectUniqueName2 = ...
SccLocalPath9 = .
SccProjectFilePathRelativizedFromConnection9 = ...
- Open your solution file again...
If your solution doesn't want to open Visual Studio, then you have to open Visual Studio 2005 manually.Open the solution file through the Open Dialog in VS 2005.
Thursday, February 15, 2007
What the hell is Impersonation?
Impersonation is one of the most useful mechanisms in Windows security. It's also fragile and easy to misuse. Careful use of impersonation can lead to a secure, easy-to-administer application. Misuse can open gaping security holes. In fact Bob can be Sarah and Sarah can be Bob :-)
Impersonation is still useful in some cases. This story is about WSS 2.0/Microsoft Sharepoint Portal Server 2003, but is still interesting for other applications in .NET.
You have to create a webpart which can give users read permissions to certain files or folders.
You want to store extra information in a custom list with custom properties (from/until/user's full name).
The SharePoint List, which is the data store, must be synchronized through the webpart. Attention, the user may not modify the list by himself. So in this case, the list is read-only for a certain group of people and the webpart is our user interface, which can modify the list.
To be sure that the current user can only view the list, we will deny the edit list items' permission and only give him the read-only permission on the list.
Now we have a problem ... How can we write data programmatically to the custom List if you haven't the 'edit list items' permission? Of course, "Bob will we Sarah" ... impersonation !
The webpart is running as the current user called Bob. Suppose that 'Sarah' is a 'background user' which has the permission to edit list items. Bob hasn't the permission so ... He transforms into 'Sarah'. Click here to download the Impersonator class which helps you by transforming Bob into Sarah.
// current user : Bob (read only list permission)
Impersonator imp = new Impersonator("domain", "Sarah", "password");
// current user : Sarah (edit list permission)
// => now you can create new list items into the custom list
// Do not forget to call Undo(). This will stop the impersonation, which transforms Sarah back into Bob.
Editing List Items and Security conflicts
Please write the code below after the Impersonate() call and before the Undo() call.
It seems to be very easy. It is logical ... but permissions are tricky ...
SPSite site = new SPSite("http://server");
site.AllowUnsafeUpdates = true; //resolves this problem: The security validation for this page is invalid
SPWeb web = site.Rootweb;
SPList list = web.Lists["My Custom List"];
SPListItem newItem = list.Items.Add();
newItem["from"] = DateTime.Now;
newItem["until"] = DateTime.Now.AddDays(10);
newItem.Update(); // you only need the permission to edit List Items.
list.Update(); //when updating the list, you need to have the permission to modify List settings
//in this case we don't need an list update, because Sarah has no sufficient rights.
Difference between SPListItem.Update() and SPList.Update()
If you are administrator or another person which can modify the List settings, you can call the SPList.Update() without any problems. SPList.Update() do not only update the data in the list, but also fields and settings. That's why you need some more rights.
If you can only edit List Items, you need to call the SPListItem.Update() method.
This is very logical, but so frustrating when receiving an E_ACCESSDENIED exception.
More Information on SharePoint Security and Impersonation
Click here to read Jay Nathan's article on 15seconds.
Tuesday, February 06, 2007
Did you know ... ?!
- ... I love Spain. A great country, The sun and an attractive language! If I have some leisure time I would follow spanish lessons (long term course). Kristof goes latino ;-)
- ... I followed 'spanish lessons for travelling' Last year?
- ... I love the French wines. The wines in the region Languedoc-Roussillon are absolutely fantastic and fruity. Mmm.. Once I visited a castle in Fitou (the best and sweetest white wine I ever met).
Muscat De Rivesaltes http://www.twis.info/wineregion.php?ID=241&action=setLanguage&LANGUAGE=nl
- I am very fascinated in trains and miniature trains. Once i had the opportunity to have a ride from Ghent to Ostend with a real Belgian engine.
- . Favorite computer games
- Roller Coaster Tycoon 3
- Sim City 4
- I have a Roland Synthesizer (E-60) at home to make some music (yeah ... a keyboard with PS/2 ... ;-)
(this is the renewed design of this keyboard.)
Now it's my turn to tag some people ;-)