Archive for September, 2003

Very Long Week

My company just spent 3 days laying off tons of people. I survived this round, but the development group I am a part of lost three people. The company was about 8000 people worldwide, I wonder what it is now. Management is not interested in distributing the details. It’s pretty rough watching the CIO follow around the HR team that is laying people off, and then getting to listen to them cleaning out the cube on other side of the wall.  I am fortunate to have a good project that lets me learn .Net. If my turn comes at least I am acquiring new skills.

Posted on:
Posted in None | Comments Off on Very Long Week

Data Access Application Block and Oracle

I read about the Data Application Block yesterday and was intrigued, although for the life of me I cannot remember where I read about it originally to pass along some credit. So I checked it out and it is very nice and all, but alas my project uses Oracle not SQL Server. Initially I thought about porting it to Oracle, but I figured that it has already been done. So I did a little Googling and voila!, Microsoft themselves had already done the work in the Nile 3.0 demo application. Sadly, it was in C# and my current project is using Oracle and VB.Net. So now I am back to porting.

Posted on:
Posted in .Net 1.1, ADO.Net, Oracle | Comments Off on Data Access Application Block and Oracle

Query a Novell LDAP server with VB.Net

Once again, I am amazed at how simple tasks have become using .Net. Something I thought would be complex turns out to be completely handled by the framework. Kudos to the .Net team.

For my current project, I need to validate that a person is an internal employee before allowing them continued acccess to the web site. My company uses a Novell infrastructure, and luckily has an LDAP server that I can access for employee validation.

Luckily, Novell provides a resource for developers to begin working with LDAP at the Novell Developer Labs. You can create an account and query their server for free. So that is where I started, but eventually the Novell network admins in my company got around to my request and I was able to use the code almost without modification against our internal server.

Here is my quick console application I created to test against the Novell Developer Lab LDAP site (my container name is Fender and my login is admin.  The only modifications I had to do to get it to work with my company’s LDAP server was to learn the container names and the fields I could query.  

Imports System.DirectoryServices

Sub Main()
Dim
ds As New DirectorySearcher
Dim resultset As SearchResultCollection
Dim result As SearchResult
‘Return the securityEquals field and the cn field
Dim ResultFields() As String = {“securityEquals”, “cn”}

With ds
    ‘Set the container I want to search (.admin.Fender.user.novell)
    .SearchRoot = New DirectoryEntry(
LDAP://192.108.102.215/ou=Fender,ou=user,o=novell)
    ‘Use the array set above for return fields
    .PropertiesToLoad.AddRange(ResultFields)
   
‘Set a filter/query
    .Filter = “cn=ad*”
End With

Try
  
‘Perform the search

   
resultset = ds.FindAll()
    If resultset.Count > 0
Then
       
For Each result In resultset
            Console.WriteLine(result.Properties(“securityEquals”)(0))
       
Next
    Else
        ‘No results
       
Console.WriteLine(“No Data Found”)
    End If

Catch ex As Exception
   Console.WriteLine(“Error: “)
   Console.WriteLine(ex.Message)
End Try

End Sub

Posted on:
Posted in .Net 1.1, Novell, Security | Comments Off on Query a Novell LDAP server with VB.Net

Excel as a Web Service Client

As a small project, we were tasked with creating a data feed from a text report genereated by JD Edwards (not OneWorld, an older version) and our application. Instead of going the FTP and text file parsing route, I decided to try our first venture into a web service. Since the JD Edwards group were using Excel 2000 to manipulate the report before sending it to our system, I figured a VBA macro could send the data for them, using the XMLHTTP object.

‘Notes: Using late binding so the project won’t need explicit references
‘       Using MSXML 2.5 object model to be sure it will run on most PCs
Public Sub SendDataToEnCore()
    Dim oXML As Object
    Dim oDom
As Object
    Dim oNode
As Object
    Dim sXML As String
    Dim nResult As Integer
    Dim sResponse
As String
     
    On Error GoTo Handler
    Set oXML = CreateObject(“Microsoft.XMLHTTP”)
    Application.Cursor = xlWait ‘Change the cursor to a wait cursor
    Application.ScreenUpdating = False   ‘Stop screen redraw
    With oXML
         ‘Call the service, it only takes one parameter, the XML string

        .Open “POST”, & _
       
http://test.com/Redeployment.asmx/Redeployment_Update“, False
       
        ‘The following line is necessary for the web service to recognize the post
        .setRequestHeader “Content-Type”, “application/x-www-form-urlencoded”

        Application.StatusBar = “Waiting for a response…”
        ‘Create XML is a function that loops the spreadsheet building an XML string
        .Send CreateXML
 
   End With
   
    sResponse = oXML.responseText
    With Application
        .Cursor = xlDefault
        .StatusBar = “”
        .ScreenUpdating = False
    End With
    Set oDom = CreateObject(“MSXML.DOMDocument”)
    oDom.loadXML (sResponse)
   
    If oDom.hasChildNodes Then
        ‘Display the resulting message from the web service
        Set oNode = oDom.documentElement.firstChild
        nResult = MsgBox(oNode.Text, vbInformation, “EnCore Data Transfer”)
    Else ‘No response at all
        MsgBox (“The JDE upload failed. Please contact Development
for assistance.”)
   
End If
    Set oXML = Nothing
    Set oDom = Nothing
    Set oNode = Nothing
    Exit Sub
Handler:
    With Application
        .Cursor = xlDefault
        .StatusBar = “”
        .ScreenUpdating = False
    End With
    MsgBox Err.Description
    Set oXML = Nothing
    Set oDom = Nothing
    Set oNode = Nothing
End Sub

So far this has worked well for us. One of the issues we encountered was URLEncoding the XML string before sending it. Otherwise, it just won’t parse properly on the web service end. Here is an abbreviated version of the web service function that is called by the above Excel VBA function.

Public Function Redeployment_Update(Byval sInput As string) As String

    Dim dt As DataTable
   
dim n as Integer

    sInput = cstr(sInput)

    n = sInput.Length
    If n <= 0 Then
       
return “File contains no data”
   
End If

    ‘ Load the input XML string into a DataTable
    dt = LoadDataTable(sInput)

    Dim drCurrent As DataRow
    For Each drCurrent In dt.Rows
       
ProcessRow(drCurrent) ‘Our custom function to parse a row
    next

   
return “File received OK. Characters Received=” & n

End Function

Posted on:
Posted in .Net 1.1, Office | Comments Off on Excel as a Web Service Client

Impersonation

All right, now that I have done a bunch of talking, how about some code? I stumbled across this recently while pouring through MSDN. The code lets you impersonate any other user, provided you know the credentials. In our case we needed to become the IIS user so we could access files on a remote file server. In our situation, there are multiple web applications within our domain, so the network admin has set up the IIS sites to all use a common domain-wide anonymous user, so it is easier for him to manage permissions. As we are the first .Net project, the ASPNet user has no rights whatsoever on the network. We talked with the admin and he was not interested in giving the ASPNet users from a bunch of different web servers rights to other network resources. We looked at changing the ASPNet user credentials Machine.config, but this broke debugging locally immediately. So I looked into impersonation and found out how to impersonate the IIS user in code:

Imports System.Security.Principal

Function impersonateAnonymous() As WindowsImpersonationContext

     ‘Grab the current Http context
    
Dim context As HttpContext = HttpContext.Current

    ‘Set up a Service Provider based on this context
     Dim
iServiceProvider As iServiceProvider = CType(context, iServiceProvider)

     ‘Create a type which represents an HTTPContext
     Dim
httpWorkerRequestType As Type = GetType(HttpWorkerRequest)

     ‘Get the HttpWorkerRequest service from the service provider
     Dim
workerRequest As HttpWorkerRequest = _
         
CType(iServiceProvider.GetService(httpWorkerRequestType), HttpWorkerRequest)

     ‘Get the token passed by IIS from the workerRequest service
     Dim
ptrUserToken As IntPtr = workerRequest.GetUserToken()

     ‘Create a Windows Identity from the token
     Dim
winIdentity As New WindowsIdentity(ptrUserToken)

    ‘Send back the IIS identity
     Return
winIdentity.Impersonate

End Function

To use the function, simply call it like so before the code that needs proper permissions:

Dim impContext As WindowsImpersonationContext = impersonateAnonymous()

Now the subsequent lines of code operate in the context of the user assigned to IIS. And then when you are done impersonating:

impContext.Undo()

I based this function on some C# code I found in a Patterns & Practices document on MSDN: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/thcmch10.asp

Migrating our ASP app to .Net

We are migrating an ASP app to ASP.Net, but not all at one time as my business customers within the company won’t pay for that kind of time all at once. So we are migrating piece-by-piece as we develop new functions within the app. Our plan is to develop all new pages using .Net, and convert classic ASP pages as we have to touch them due to new development. To get the remaining pages converted, we are just going to squeeze them in as often as possible along with the new development, mostly on a one or two at a time basis. So probably of the next 6-12 months the ASP and ASP.Net applications will coexist and appear to the users to be one application.

Right now, we have done what we considered the basic conversion necessary to implement our plan:

  • Convert the login process to .Net. We are using Forms authentication since users are checked from our own database. We may migrate this to LDAP sometime in the future. My company uses Novell Netware for network login and GroupWise for email. I would love to hear from anyone who has a web app that can create appointments in GroupWise!!
  • Move frequently used Session variables to cookies. Luckily, we were not using lots of Session variables in the classic ASP. We encrypt all the data written to the cookies so spoofing is harder. We are currently not a web farm, but that is also in our future so the Session variables need to go anyway.
  • Create a common time-out scheme between the applications using a cookie. The ASP app times out after 35 minutes of inactivity for what the HR folks call “security“, as the app contains lots of personal information about both employees and non-employees.
  • Convert common functions to .Net (like checking user roles, encryption, database access, search engine, etc.)
  • Convert ASP includes for page structure into .ascx files.

Of course, none of this has gone into production yet (sigh…). It is on the test sever and hopefully will roll out by the end of the month.

Posted on:
Posted in .Net 1.1, ASP.NET, Novell, Oracle | Comments Off on Migrating our ASP app to .Net

Why Is This Here?

I figure this first post can be an “About Me” to let readers know what to expect here.

I have been developing application sites with ASP since 1998 or so, mostly straight ASP, but some COM objects. I am currently part of a small team (2 of us) that develops an in-house application for my employer (MSX International in the Detroit area). It is an ASP app that is used internally. We are currently finishing up a small job board that will be part of the external web site and the job board part is 100% ASP.Net. We are about 6 months into the project, which is yet to be released, due to political problems within the company and also some feature creep.

At the same time, we are slowly converting the internal app that I work on from ASP to ASP.Net. We encountered some stumbling blocks along the way, but impressively all the answers were found within the .Net framework.

The main thread of this blog is to describe the stumbling blocks and how we overcome them.

Posted on:
Posted in None | Comments Off on Why Is This Here?