I have made so many new friends this year through blogging, attending conferences and the many community related things I have been involved in (INETA, other user groups, MVP, etc etc).

There is now way in the world I can think to send individual holiday cheers to each and every one of the people I would like to.

So hopefully a good chunk of those people read my blog and know that  I am wishing everyone a Happy Hannukah, Merry Christmas, Happy New Year, Happy [fill in the blank if your not covered] and all good wishes for happiness and success.

Also to Steven and Amy, THANKS!!!!

Truly,

Julie

I just had a thought about what I was working on yesterday with encrypting data that is passed back to a client in a SOAP response. I was using examples from two sources. In those samples, there was a key created in the webservice for encrypting. That same key was added into the client app in order to unlock the encrypted data. I used the sample “to a T”, including the example key. If I didn't change it, that means that anyone who read the article could create a client that uses the same key and have access to my data. Not really, because the web service also requires authentication... but you get the point, right? It's kind of like the www.tempuri.com problem. Many people don't change that “placeholder” URI and leave the possibility (very slight as it may be) that someone accessing two separate web services with functions of the same name and the same namespace (”www.tempuri.com”) will have a definite conflict.

Anyway, time to go change my keys!

ahh - another lost post - why oh why?

ok here's the short version... I just spent all day working with SOAP and encryption and xmldocuments. Don Box just wrote a post that addresses a misconception that I had when working on my solution today. “What caught my attention was the implication that there are somehow two classes of XML - documents and something else.” Because I was dealing with SOAP I thought I had to send a “real” xmldocument, not whatever xml is created magically when you send a dataset from a webservice. So I converted my dataset to an xmldocument object, sent that back to my client then took the resulting xmlNode, converted back to an xmldoc and then back to a dataset.

Another thing I wanted to point out about his post was that it addressed my little nit with the fact that the xmldoc is transformed into an xmlNode somewhere in the pipe. In his post, Don says that “it's exceedingly tricky for a SOAP envelope to contain an XML Document due to the problems of embedding XML inside of XML (embedded DOCTYPE, ID collisions, non-nesting CDATA sections, etc.).” OK, I can live with the transformation! 

So, if you have missed his post, definitely read it if you are not 100% solid on SOAP and would like some clarity. 

(add: as per this and this, I modified my webservice to return a plain old dataset in the encrypted soap header - as I would for any other dataset returned by a web service - rather than turning it into an xmldocument first. Actually, also check out this from Sean Wildermuth, which is what convinced me over a year ago that it is a-o-k to return datasets from webservices)

Well! That was educational!

I now have a web service that grabs a dataset of super-secret information from sql server, converts it to an xmldocument and returns it to my client as the body of an encypted Soap message. It's possible to encrypt different pieces of the soap message. And I had to deal with that p.i.a. transformation of an xmldoc to an xmlnode on it's way through the pipe. But at least I remembered that from the last time I encountered it!

My smart client retrieves this encrypted message (thanks to the last key of remembering to modify the web service proxy by replacing
Inherits System.Web.Services.Protocols.SoapHttpClientProtocol
with
Inherits Microsoft.Web.Services.WebServicesClientProtocol)

I was able to pull this part off with both Bill's book and Jeannine's article (see previous blog for details) close at hand.

Once I had the data safely in my client's clutches I still had another task which was to persist the data for off-line use. Of course, if the data is sensitive enough to need to encrypt it on the way through the pipe, I didn't want to just create a little xml file that could be opened up in notepad! So I used a System.Security.CryptoStream (and a little help from this article) to encrypt the data, yet again, along with WriteXML to persist the data. The application that needs the data offline then got a reverse engineering job to do a dataset readxml and decrypt the data.

Phew! I am whooped. Now on to WSE2 where I have been promised I'll be hitting my head wondering why I wasted all of that time with this WSE solution. Though the true answer is that I needed to use it in production and the WSE2 tech preview is not licensed for production use. That's why.

Inspired by Rory Blyth's post on what .NET techonology we fear the most (hands down for me, it's WSE) and a need to return login data from a web service in a secure manner, I am about to finally (finally!) use WSE. I have just installed WSE1 SP1 SDK on my dev machine and the runtime on my webserver. (add: and the WSE Settings Tool!!)

I have at my disposal Bill Evjen's Web Service Enhancements book and this MSDN article (Encrypting SOAP Messages Using Web Services Enhancements) by Jeannine Hall Gailey.

My plan to grab the data via a dataset, writexml to an xmldoc and then send the xmldoc back to the client inside an encrypte soap body. (BTW - I am not looking for instruction, correction, hints, etc - I want to do this myself!!)

I am a perfect guinea pig for WSE. I even concede: the person who they are writing Indigo for. Once I get past this, then I can confidently say “if *I* can do it, anyone can!”.

P.S.  I'm well aware that WSE2 is right around the corner and I'm SOSOSO far behind with this but WSE2 is not for production. So I'll cust my teeth on with WSE1 and then look at the tech preview of 2.

I read at night. I read novels. It is how I clear my head of bits and bytes and problem solving.

I just finished reading Life of Pi. You don't need to hear from me how marvelous this book was. In looking for this jpeg, I stumbled upon an essay by Yann Martel on www.powells.com about his writing the book. If you have read the book, you must certainly read this essay. It can answer some possible lingering questions.

Now I have begun a collection of short stories called “The Interpreter of Maladies“ which coincidentally is also of Indian theme. This collection was written by a young woman, her first publication, for which she won a Pulitzer!

I also read a number of other books based in India in the past year.

I seem to get on tracks like that. I recently went through a slew of books by Chinese authors and then a handful of Japanese. It is not by design that I do this - just happens that way. The book I read prior to Life of Pi was The Silent Cry by Kenzaburo Oe. This gorgeous book was written in the late 60's and Oe won a Nobel prize in the late 90's with this book being noted as one of his highest achievements.

This is my next test with BLInk! lam writing in the Tablet Input Panel right now. Now ' ill draw a picture. oh the talent! That is the little chair I sat in for 2.5 hours yesterday. Icant get "enter" to work here.oops.will have to fix that!

I even made a little logo I mean icon - for the representatino of the app on a desktop and for the corner of the window.

Ain't it cute?

I am not going to make excuses for playing hookey today after working day and night, seven days a week for few years trying to learn .NET. So I played hookey today. Yesterday was notably one of the best ski days ever at Mad River Glen as reported by many many locals who have skiid there for years. So we went today since it is only 7.5 miles from our house to the parking lot . Got right on the [famous, landmark] single chair to go up to the top and ski the absolutely magical Antelope and Lower Antelope. Just past the mid-station, the lift stopped. I was about 25 feet in the air. It was probably about 20 degrees. Two and a half hours later, I was lowered down from the chair lift. Something had broken and they had to evacuate everyone on the entire chair lift. I was the 2nd to last person off. Brrrrr. So much for a play day. Thanks to everyone who worked so hard to get us all safely down.

Have you been waiting and waiting and waiting for a response to your application to participate in the reporting services beta? (Like I was?) I just happened to go to Beta Place today and there was Reporting Services in my area of “active programs”. I know I get a gazillion emails, but I can't imagine I would have missed/deleted the typical “welcome to the beta” email. So if you are waiting, go check www.betaplace.com, you may actually already be in the program.

Waitaminutehere! Lonestar is listed there, too. Now why didn't I get any kind of notification? Hmmmmm...

'This is a test from

I had some difficulty figuring this out. ALthough the ink can interact with the clipboard, I wanted to have an explicit place to tuck away my strokes and retrieve them again. A few hints in the Tablet Newsgroup pointed me in to some interesting methods and I was able to come up with the following solution. Take a look at the functionality of ink.CreateStrokes, ink.ExtractStrokes and ink.AddStrokestoRectangle to better understand this code.

(DeletedStrokes is just a ListArray created elsewhere in the class)

Case "undo"

With (InkPicture1.Ink)
Dim id As Int32 = .Strokes(.Strokes.Count - 1).Id
Dim ids() As Int32 = {id}
Dim delStrokes As Strokes = .CreateStrokes(ids)
Dim storeInk As Ink = .ExtractStrokes(delStrokes, ExtractFlags.RemoveFromOriginal)
DeletedStrokes.Add(storeInk)
.Strokes.Remove(.Strokes(.Strokes.Count - 1))
End With
InkPicture1.Refresh()

Case "redo"
If DeletedStrokes.Count > 0 Then
Dim storeInk As Ink = DeletedStrokes(DeletedStrokes.Count - 1)
InkPicture1.Ink.AddStrokesAtRectangle(storeInk.Strokes, thisink.GetBoundingBox)
DeletedStrokes.Remove(thisink)
InkPicture1.Refresh()
End If

Another generator day. We had about 1.5 more feet of snow last night. I had a client call me and say “why aren't you skiing?  GO SKIING!”. But unfortunately, I have to figure out how to print out a 300 page report for another client even though my printer doesn't work to well on the generator and get it to FedEx before they close tonight. I may have to pick up my printer (uggh - an old LaserJet IVsi) and go somewhere else.

your message has been received and will be replied to when J Lerman returns

I wonder if anyone will ever get the sick joke that is my blog title... heh heh heh

note: I gave up on the webclient class and used Vick Soulios' VB FTP class on GotDotNet. It hangs for a few seconds when it's making the connection, but the upload works like a charm. Thanks Vick! But if someone can explain WHY the webclient.UploadFile was failing - translation ...what was I doing wrong...I'd love to know and share the answer.

I have been having some fun with the WebClient.UploadFile method for the last few days. My IIS Admin is joining in as well. According to the docs, this is the non asp.net way to emulate the HTMLInput file posting methodology. One advantage you have in asp.net is that if you are posting the file to the same domain, then it's easy enough to set the proper permissions to let this happen. However, when you are trying to do this from outside of the domain, it ain't so easy. IIS doesn't see a referral page, so it blocks the request. The only suggestion I have found anywhere is to bag the UploadFile and go with TCPClient and a network Stream. Sure I can do that if I have to, but then what's the purpose of the UploadFile? When I am setting the proper credentials using my ftp login and password, I can't see how this is any different than using a standard FTP app such as WS_FTP.

Another thing I have found in my queries is a number of people trying to upload files to web services. Someone always asks - “why on earth do you want to upload a file to a web service?” Now I know the answer! Because the web service will have all of the same authentication that the asp.net app does.

But I will figure out how to use the WebClient.UploadFile because now I'm determined to make it work and I'll definitely share the solution here.

If anyone was wondering what ever happened to BLInk!, my tablet blogging app, this (and work and some damned fine skiing snow) has been part of the holdup.

Seems like everyone's quickly willing to accept that it truly is Saddam they have captured. I'm a bit of a skeptic. Even my husband noted that he had one heck of a beard for only 9 months of not shaving. It is clearly an advantage politically to have us think that this is indeed Saddam - especially since he is suddenly being referred to as “the biggest terrorist on earth“ - but I will wait a bit longer. Remember that Saddam had a large number of look-a-like stand-ins that were used for public and televised/taped appearances.

add: I wasn't the only person to wonder about this... Though the raid occurred Saturday afternoon American time, U.S. officials went to great length to keep it quiet until medical tests and DNA testing confirmed Saddam’s identity. I guess by now, they are pretty sure.

Gulp. Guess it's official. I'm only doing the talk once, but maybe they just wanted it to look like they've got lots of women speakers by putting me on that home page twice! Just kidding. There are at least two others that I can see. My task is to pack a laundry list of what's new in the Whidbey CLR into a very short period of time. I am still trying to decide if I should whiz through the list (boring), or just pick out my favorites and focus on them. I think a combo of those two would be the best - though timing will determine this. I'd also like to get a little into how these classes relate to WinFX. This is NOT the same as doing a talk on something you have great experience with - since it's all new stuff. But it's a great means of making sure I get my ass in gear!!

...when it's time to get out my ruby red slippers for hiking...

Anybody that I have ever met that has these boots (http://www.koflach.com/Koflach Degre) feels the same way about them. My magic boots.

I noticde dasblog.com a few weeks ago and wondered why newtelligence was wasting their time with webhosting and since I hadn't seen an announcement, did not mention it myself. The real site for dasBlog is dasBlog.NET. This morning I see this from Clemens Vasters assuring us that this is just some unknown person using the dasBlog engine, but it is not associated with them (newtelligence) at all.