Pablo Cibraro (who should be an MVP) is, in my opinion, one of the most knowledgable WSE guys around. He is up there with Michele and Softwaremaker (who have both moved on to be WCF gurus, of course). But besides having a wealth of practical knowledge, he spends an inordinate amount of time sharing it in the WSE newsgroups, answering myriad questions and following up on many of them.

He has answered questions for me too.

But today, he really impressed me even more. I was runing up against a problem that I could not figure out or find the answer to anywhere. In fact, I found two other questions on the web with the same problem but no answers.

The more I dug into the problem the more I learned and I finally was able to google the right keywords. And where did I find the solution to my problem? In Pablo's blog (see below). He does not post very often, but boy am I glad he wrote about this. I had even been fiddling in the right section of my web.config file, but just wasn't tweaking quite the correct thing.

So thanks Pablo!

And for google's sake, the problem was some encryption being done in a request for a securityContextToken in WSE3.0. On Windows 2000 machines, it was encrypting the requested key with RSA15, but WIndows XP clients were encrypting with OAEP and the win2003 server was expecting OAEP.

Windows 2000 does not have the ability to wrap with OAEP. So I had to force all clients to wrap security tokens with RSA15 (Win2000 will do it by default, but XP won't) and then force the server to use RSA15 also.

But I couldn't figure out how. Pablo's post on using the web.config in WSE 3.0 to override the default encryption led me to my solution. He also followed up with a reply in the newsgroup as I was typing this very post.

The error

An unsupported signature or encryption algorithm was used --->
System.Exception: WSE3002: The receiver is expecting the key wrapping algorithm to be http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p, but the incoming message used http://www.w3.org/2001/04/xmlenc#rsa-1_5. You can change the key wrapping algorithm through configuring security token manager.

The solution in both web.config of the service and app.config of the client (inside of the security tags of the microsoft.web.services3 tags):

<binarySecurityTokenManager>
    <add
valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
     <keyAlgorithm name="RSA15" />
    </add>
   </binarySecurityTokenManager>

Don't Forget: www.acehaid.org

How cool is this? Here is a college kid at Champlain College in Burlington who started an Ipod accessory company and is making it big! (And he's probably all of 19 years old, now.)

Mophie is a developer of innovative, value-added solutions for the digital lifestyle accessory market The Company was founded in March of 2005 by an 18 year-old optimist with a head full of ideas and a renegade marketing consultant with an arm full of tattoos. Our goal was to create a funky product development firm built around good people and great ideas.

The products start with a base case to put your ipod in and then is extended by a variety of forms that the base case fits into.

Don't Forget: www.acehaid.org

This spring I will be heading out to speak at the fourth Deeper in .NET event that is hosted by the Wisconsin.NET user group. This is Scott Isaac's first time coordinating it, as former group leader Brian Tinkler has gone to work for Microsoft.

This will be a one day event with 5 talks. Michele Leroux Bustamante will be (very appropriately) doing a session on WCF. Scott Hanselman, Rob Howard and Jason Beres (returning for his 4th year!) are also on the roster.

I'll be doing a talk on ADO.NET 2.0 integration with SQL Server 2005. I could easily spend at least 1/2 of the entire day talking about that, but I will limit myself to my 90 minute slot.

An added benefit of going to Wisconsin is that I am going to spend a few extra days there visiting with a friend who I haven't seen in too many years.

Don't Forget: www.acehaid.org

I'm sure all of the big cities in the Northeast that are getting seriously dumped on today would gladly send their snow here if they could. And we would be happy to have it. Once again, the big dump has missed us completely. Countless ski resorts will suffer greatly this season which will also have a big negative impact on Vermont's economy.

It's not even snowing here. And this picture from Charles' window in Manhattan just makes my wanna cry. It reminds me of a magical moonlit night out in Prospect Park (Brooklyn) after a huge snow storm nearly 15 years ago. I went out there with my dog and there were hundreds of people out there walking and even cross country skiing. Of course, normally, going to a NYC park at night is unheard of.

This is what many of us live for here in Vermont. But alas, there are only about 3 inches of snow in my front yard and no base underneath. It is so bad that we can't even use our "rock skis" in the woods. Just a pair of regular hiking boots will suffice.

Well, good day to continue getting through my myriad commitments that keep me in front of the computer.

Don't Forget: www.acehaid.org

Here's a cool trick you can do using the new IE Developer Toolbar if you want to find out meta data about a Virtual Earth (Windows Live Local) map. [Read more...]

[A DevLife post]

Don't Forget: www.acehaid.org

I replaced one of my 512MB modules with a 1GB module in October. Time to get the old one off my desk.

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=6848791085&rd=1&sspagename=STRK%3AMESE%3AIT&rd=1

 

Don't Forget: www.acehaid.org

Thom Robbins is presenting a 1/2 day seminar on Programming Virtual Earth on March 1st  in Boston and it will also be accessible over Live Meeting.

At the end of the session, Thom will announce how you can participate in the a Virtual Earth Mashup and even win an XBOX 360.

Thom will also have help from the ViaVirtualEarth's  Neil Roodyn and maybe even me.

For information on go to the registration page for the virtual event.

Don't Forget: www.acehaid.org

Why on earth do I find myself reading whitepapers on the NASA or ACM websites? (read more ...)

[A DevLife post]

Don't Forget: www.acehaid.org

Next Mondays VTdotNET meeting marks our 4th anniversary. I think after 4 years, I'm allowed to say that I'm very proud of this! VTdotNEt has created a real community out of the many .NET developers in Northwest Vermont. That was my ultimate goal. We also have a bevy of highly skilled .NET developers in the area, many of whom are already deploying .NET 2.0 applications. We have brought amazing speakers here month after month and definitely put the .NET developer community on the map.

I think everyone in the whole group should give themselves a pat on the back.

Mondays' meeting is the part 2 of the VS/SQL 2005 launch, and a joint meeting with the VTSQL.org group. Since INETA and PASS were both creating these user group events, we got to do two between our two groups. So we have another 5 sets of VS2005 Pro/SQL Server 2005 Standard licenses to raffle off, certification test vouchers and some other swag. Laura Blood and Roman Rehak will be presenting. Rumor has it that Roman is going to be the demo god for the night.

Competitive Computing, who is hosting the meeting, is also providing the group with pizza and soda for the evening.

And, we will, of course, have birthday cake.

Thanks to everyone who has helped make this group be a great success!! That includes not only our members, but INETA, Thom Robbins, Joe Stagner, Russ Fustino (who encouraged me to start the group) and the many sponsors who have helped us with pizza, books and other awesome swag over the years.

Here's to many more!

Don't Forget: www.acehaid.org

I decided this needed it's very own post as it is buried in another one.

I was way too eager to finally get .NET 2.0 onto my web server and missed a step and did not recognize the red flags going up trying to tell me that I missed this step.

If you are putting .NET 2.0 onto a web server already running 1.1, you need to create a separate application pool and set the app pool for .NET 1.1 apps to one of them and .NET 2.0 apps to the other one.

Most likely, if you are not creating any new 1.1 apps, you should attach the 1.1 apps to the new app pool and if you use a default app pool, let the .NET 2.0 apps own that.

Each application pool owns a different process. So I had the 1.1 and 2.0 apps running in the same process and they were really tangling with each other. I was getting Server Unavailable errors and even had a bizarre effect on a web service*.

In case you haven't dealt explicity with application pools yet, that is a separate section in IIS. You have Application Pools Websites and Web Service Extensions. You can easily create a new application pool.

Then, in the properties of each web site you want to change, the application pool option is a drop down at the bottom of the first tab (Directory).

*That was a doozy. It was a 1.1 service that returns a DataSet comprised of 8 tables. Before returning the ds, I use XCeed stream compression to compress the stream. On the client end, I decompress and then read the stream into a new dataset. Suddenly the resulting dataset had taken two columns from the first table and created new tables out of each one. Once I figured out what was happening, I had no clue how to deal with it other than remove the compression and just return the datatable. In the end, the problem disappeared when I sorted out the App Pools!!

Don't Forget: www.acehaid.org

I had an email today from someone asking this question. They have a web service and a client app that use WSE2 to encrypt, sign and otherwise secure their data.

However, they were able to open up the asmx file, the operation and look at raw xml data in a web browser over the web. No authentication, no encryption, no signing. I could see it, too!

What a nightmare after all of the work to secure this data.

The reason for this problem was another case of debugging tools getting deployed to the production web server. Something I tend to rant about occasionally.

In order to browse from their development machine to the web service on a remote web server, they had added

<webServices>
 <protocols>
   <add name="HttpGet" />
   <add name="HttpPost" />
 </protocols>
</webServices>

and left them in the web.config when it was deployed to the server.

I was able to guess this pretty quickly since I once learned this the hard way, too. Sadly most of our best lessons are the ones that leave bruises. 

For some more web.config tricks to hide your web service from public view as well as the wsdl, see this msdn doc on configuring web services for deployment.

Don't Forget: www.acehaid.org

What do you think is going to be the most likely need for ClickOnce?

Deploying apps to anyone in the world? Not for me, I write custom apps for my client.

Deploying apps on the intranet? Sure, but we have had a very simple hack for that for a long time.

C'mon, think smart client....

Yep - deploying apps to users on the go over the web.

I need ClickOnce to work for mobile workers who need to be able to install and update their company's custom software.

And what's the best way to do this? You would think it was Forms Authentication. That's what I want to use. Not all of these people have windows accounts or will be using VPN. But they do have logins to get to the company portal, fill out their timesheets online, etc. Additionally, we are already using web services as the back end to their smart-client applications so that they can do their work over HTTP.

But guess what - sure I have had two years to discover this, but I am just coming up for air on this one now - Forms Authentication is not supported for Click Once. See this msdn document.

Their suggestion? Just let anyone in the whole world download your client's application and then use web service based authentication (which I just happen to already have built into this smart client app) to make sure they can't use it.

No no no no no.  I do not think this would make my client very happy at all.

So I am struggling wtih hacking this together. The forms authentication works just great for accessing the installation page, but setup.exe and myapp.application are not protected by forms authentication. Anyone can browse right to them.

Next step is to feed them to ISAPI for this web app, which for some reason I can't get to work yet.

I'm sure there have already been many discussions and rants about this problem but I have been focused on other things and am pretty late to the game.

Web deployment has become my a#1 pet peeve with .NET. I have been trying to use it since it was called zero touch deployment. ClickOnce is supposed to be my savior and I have ported their app to VS2005 just for ClickOnce. I won't give up, but I might have to rant and rave every so often as I get this to work for me.

Don't Forget: www.acehaid.org

I put .NET 2.0 on my client's web server the other day. Both 2.0 and 1.1 asp.net apps continued to run just fine.

Last night I was mucking with some of the mappings in .NET 2.0 and they weren't taking. So I did an iisreset. Here's where that led me (to the best of my recollection)

• 1.1 apps: Server Unavailable, 2.0 apps okay
• run aspnet_regiis -i  for 1.1
• 2.0 apps Server Unavailable, 1.1 apps okay
• iis reset
• 1.1 apps: Server unavailable, 2.0 apps okay
• aspnet_regiis -i for 1.1
• 1.1 apps okay, 2.0 apps okay
• close the MMC for iis
• 1.1 apps okay, 2.0 apps server unavailable
• aaargh!! That shouldn't have happened.
• aspnet_regiiis -i for 2.0
• 1.1 apps: Server Unavailable, 2.0 apps okay
• aspnet_regiiis -i for 1.1
• both okay
• don't touch a damned thing
• slept with my fingers crossed
• this morning - both still okay but I realize that clickonce deployment on the 2.0 site is broken.

Most of the above problems could have probably been avoided if I used some of the other available parameters for aspnet_regiis, such as -sn for fixing the mappings on just one application.

Update, though using the -sn was a good thing, the root of the problem (thanks to some reminders in the comments) was that I had neglected to create a separate Application Pool for the .net 2.0 websites. They were running in the same process as the asp.net 1.1 sites. So far, everyone has been behaving properly.

Don't Forget: www.acehaid.org

CAS is confusing! Mike Downen's MSDN Mag article about CAS in 2.0 is really an excellent explanation of CAS along with some great info on what's new in 2.0 as well. [read more ...]

[A DevLife post]

Don't Forget: www.acehaid.org

One of the big factors that drew us to move to Vermont in 1999 was the skiing. We can ski out our back door to the back country or drive 7 miles to our favorite lift-serve ski area: Mad River Glen.

But what is this?

I took this on Jan 21 out my front window

and this one I took 5 minutes ago

Congratulations to the Windows Live Local team on being selected for an Editors Choice Award by PC Magazine!!

I had to laugh when I saw the screen shot in the PC Mag article. One of the tags is for Ft. Green Park in Brooklyn. In a former life (my 20's) I lived 1/2 block from that park.

(add'l plug for the WLL team: Want to join this "winning team"? They are hiring!!)

Don't Forget: www.acehaid.org

Now here's a guy about whom I can literally say "I knew him when."

I knew Ken Levy when he was a wee lad (a teen) who had written the most popular add-in for professional FoxPro developers everywhere - GenScrnX!

This was so long ago that rather than an email, Ken used an ID of  76350,2610. Yep, Compuserve.

Ken, along with YAG, has been doing great things at Microsoft for a whole lotta years now. But now Ken is straying from the fold and got lured over to Windows Live.

Don't Forget: www.acehaid.org

Well, I'm quoting Scott Watermasysk on that, but since he and I talked about this frequently over the years while I was heavily involved with INETA, I'm happy to see this finally happen! Looks like newlywed Jason Beres has a hand in this, too. Excellent!

Hopefully, everyone gets the little joke in the upper right hand corner of the home page.

Don't Forget: www.acehaid.org

Scott Hanselman comes out with his confession of being an A/V geek. I am always happy to know that I have a room filled with closet a/v geeks at the Vermont.NET meetings when we have problems iwth the project, or the screen, or the light bulb. Check Scott's latest list to see if you exhibit signs of an A/V geek.

Don't Forget: www.acehaid.org

These guys are NOT to be missed if you are able to get to Waltham, MA on March 25th. It's a "mini-code camp." A one day one track event.

Patrick Hynds and Duane LaFlotte are two guys you want on YOUR side when it comes to hacking. Had Duane found a different mentor in his youth, he'd be the guy downloading all of your credit card companies most secure data! Phew, we lucked out.

Not only do they know amazing things about security, but they are one hell of an entertaining duo!

One word of advice though. If Patrick offers to drive you around Boston, do NOT, I repeat, do NOT sit in the back seat!

Don't Forget: www.acehaid.org