Court of Lord Zoltan v2

I’ve being doing a lot of work on Asp.Net MVC (now v2) over the past few months and, firstly, I have to say that it totally rocks. I will not go into any real detail about MVC here – this post is about the method System.Web.Mvc.HtmlHelper.AntiForgerytoken and that it highlights a bug in an internal class TokenPersister that you’re potentially going to get if you ever use spaces in your virtual directory names.  Ironically, the class in question is marked with a comment that says it’s difficult to unit test because of the way it fakes Asp.Net requests – ironic that it should be such a class in which we find a bug!  A better argument for unit-testing you’re unlikely to find. Detail – Reproduce that bug Using MVC it’s very easy to reproduce.  I should start by declaring my system configuration: Windows 2008 R2 IIS 7.5 installed and configured Visual Studio 2008 with all service packs etc .Net 3.5 sp1 plus security patches VS2010 and .Net 4 are also on this machine – and I would w

It’s a common problem – you want to return an object from a WCF service as XML, but you either want, or need, to deliver some or all of the property values as XML Attributes instead of XML Elements; but you can’t because the DataContractSerializer doesn’t support attributes (you’re most likely to have seen this StackOverflow QA if you’ve done a web search).  Most likely you’ve then migrated all your WCF service code to using the XmlSerializer (with all the XmlElement/XmlAttribute/XmlType attributes et al) – and you’ve cursed loudly. Well, I’m here to rescue you, because it is possible – and the answer to the problem is actually inferred from the MSDN article entitled ‘ Types supported by the Data Contract Serializer ’. The example I’m going to give is purely for illustration purposes only.  I don’t have a lot of time, so work with me! Create a new Asp.Net WCF service application, you can use Cassini as your web server (probably easier – otherwise you might have to enable Asp.Net

A couple of posts back I was bemoaning the inability to use custom username/password authentication for all endpoints (WsHttp, BasicHttp and WebHttp) for a WCF service hosted in IIS.  The problem arises when you get to the WebHttp binding, because you can’t use message-level authentication (since it’s just a JSON packet), therefore you have to use Transport-level authentication.  Then you get to the biggest issue - that using Transport-level means having to use Basic/Windows/Digest authentication and IIS always automatically intercepts those authentication headers and attempts to authenticate to the server’s default windows account store (typically the domain it’s on, or it’s own local user store). In this case, even if you configure your Custom UserName Password validator, it’ll never fire. My solution to do a full, roll-your-own solution using Message Inspectors etc.  This still wouldn’t have solved the JSON problem fully, but it did mean that I could use my own Http headers to tr

I've been playing around with RESTFul services in WCF following by the MSDN topic , and have found the guide to be both extremely helpful, and the overall support provided to be excellent.  If you've been writing WCF services for your cloud service offerings, or even just AJAX methods for web-page code, you should find the migration over to RESTful services relatively easy to manage. It also increases the accessibility of your services a huge amount - very basic jQuery code can be used, for example, to bind to these services. However, there are some issues surrounding the types of values for parameters that can be bound in either a path or query string segment - and it's all down to some url-encoded characters, and how they get interpreted (or rather not interpreted) before being serialised into method parameters. The following example is taken from a Microsoft Connect bug that I have posted: Setup a project to host a WCF .svc and create a method with two parameters: [

Following from my last post bemoaning the lack of transport-level client crediential authentication when running inside IIS, I've started implementing my own encrypted session-transfer between clients and the server. I want to to use Http Headers as a primary way of broadcasting session information, and also because it's difficult for a hacker to know exactly what value to add to the http headers if it's been encrypted left, right and centre.  I might extend this to using a cookie as well; but the advantage of relying on http headers is that it means clients other than web browsers will be able to access the services; so long as they can authenticate. The primary focus of my proof of concepts at the moment are on the AJAX side, both Asp.Net Ajax and 'vanilla' Ajax (e.g. jQuery or direct XmlHttp) - since I know that in Silverlight, for example, I'll be using a different endpoint and can probably add the same authentication data to the message itself. The scen

Update – I have found a way (with a little help from the community!) around the issues discussed in this post – please see this post I'm working on some WCF stuff at the moment whereby I want to expose business layer functionality to multiple clients (Javascript, Silverlight and WSHttp) and I want to have a security model that can be supported on all of them.  My authentication is totally custom, since we have all of our users in a custom database. Logically I want to be able to use the WCF security model since it is very rich, and automatic once you've done the configuration.  However - it's a nightmare - because when you expose AJAX - friendly endpoints, you're doing it with WebHttpBinding, and it's security modes are, well, frankly crap; in fact, in almost every way WebHttpBinding should be thought of as a 'special case', which goes against everything that WCF seeks to achieve. The problem is this - if you have a custom user name and password store, t

There are a few posts around the net about this, but a lot of them focus on taking XAML controls or pages, and turning parts of them into bitmaps. This is fine, but I want to be able to use WPF entirely off-screen in order to create rich graphical content. What I'm going to present here is a way of doing just that, in a console application just to press home the point. This is the image that you're going to produce - it's a little bit, well, crap - but it does the job. So, it's an Ellipse with a RadialGradientFill (off-centre, white-to-blue gradient stops), and a TextBlock in Arial Black/Bold font of around 40px size. The edges around the ellipse are going to be output as transparent (open up this file in Photoshop or Paint.Net and notice the checkerboard patterns around the edge - useful for web images! Step 1: Create the project Open a new Visual Studio, and create a new Console Application Project.  Make sure it targets .Net 3.5. Add references to: Pr

Ever wanted to call a method that takes a ref something in a generic (but not using generics!) way, say through a params object[] parameter array? I did, and was most frustrated that you can't. The Scenario Firstly - the scenario I encountered is pretty specialist - I'm dynamically generating types which override/implement base/interface methods with methods provided by XML files.  The target methods of the implementations are static methods, and therefore cannot use the 'base' keyword when calling 'up' the virtual call chain.  As a result, I have to have a common delegate through which the next method can be called.  My solution to this is to have two standard delegates: public delegate void ActionWithParameters( params object [] parms) public delegate object FuncWithParameters( params object [] parms) I like the params object[] route because it then means I can provide a public layer of methods, which are generics, which allow the developer to be mo