terça-feira, 21 de agosto de 2007


Autenticação Basic remota

Como obter um recurso remoto, tendo que passar pela autenticação integrada?

void Page_Load()
string url = "http://remoteurl/imagem.jpg";
System.Net.WebClient client = new System.Net.WebClient();
System.Net.CredentialCache cache=new System.Net.CredentialCache();
new Uri(url), "Basic",
new System.Net.NetworkCredential("usuario", "senha"));

sábado, 23 de junho de 2007


Nova versão do ASP.NET AJAX Control Toolkit

No último dia 06, o time do ASP.NET AJAX Toolkit lançou uma versão atualizada. Você pode baixá-la no site http://ajax.asp.net e executar os exemplos aqui.

Há também 44 vídeos até o momento, ensinando a utilizar cada um dos recursos.





quarta-feira, 20 de junho de 2007


Treinamentos Microsoft gratuitos

Às vezes nós queremos fazer algum treinamento e acaba faltando uma combinação de tempo/dinheiro. O que dizer então de treinamentos online, que podem ser feitos em casa, no seu tempo vago, além de serem gratuitos?


Muitas pessoas não conhecem o site do Microsoft Learning, mas há diversas opções de treinamentos lá disponíveis, pagos ou não. Para logar, utilize o mesmo email/senha que você usa no seu MSN, que é uma conta Passport. Podemos destacar os seguintes cursos:


·         Clinic 3402: ASP.NET for PHP Developers: Introduction to ASP.NET

·         Clinic 7045: What's New in Microsoft SQL Server 2008

·         Clinic 5045: Inside Look at Developing with Microsoft Windows SharePoint Services 3.0

·         Clinic 5046: Inside Look at Building and Developing Solutions with Microsoft Office SharePoint Server 2007

·         Clinic 5135: Introduction to Developing with Windows Presentation Foundation and Visual Studio 2005

·         Clinic 5230: Developing Enhanced Web Experiences with Microsoft ASP.NET AJAX Extensions

·         Collection 5134: Developing Rich Experiences with Microsoft .NET Framework 3.0 and Visual Studio 2005


Bons estudos!




Top 15 free SQL Injection Scanners

From Security-Hacks


SQL Injection is perhaps the most common web-application hacking technique which attempts to pass SQL commands through a web application for execution by the back-end database. The vulnerability is presented when user input is incorrectly sanitized and thereby executed.


Checking for SQL Injection vulnerabilities involves auditing your web applications and the best way to do it is by using automated SQL Injection Scanners. We’ve compiled a list of free SQL Injection Scanners we believe will be of a value to both web application developers and professional security auditors.




Tweak Vista with Vispa

From help.net


There are many reasons why you wouldn't want your operating system connect to Microsoft's server, be it for practical reasons or pure idealism. Based on the source-code of the award-winning xpy (version 0.9.8), Vispa allows you to easily tweak your Windows Vista for better privacy and security, even system performance. Do a few clicks rather than finding the write registry keys or program settings.


The SqlCacheDependency Class

Feed: ASP.NET Daily Articles
Posted on: Wednesday, June 13, 2007 9:48 AM
Author: Luke Stratman
Subject: The SqlCacheDependency Class


Luke Stratman shows how and why to use the SqlCacheDependency class.

View article...


Configure ASP.NET AJAX Extensions

Feed: ASP.NET Daily Articles
Posted on: Monday, June 18, 2007 9:48 AM
Author: Dan Wahlin
Subject: Configure ASP.NET AJAX Extensions


Explore ASP.NET AJAX configuration sections in Web.config, and learn how handlers and modules fit into the overall picture.

View article...

quarta-feira, 13 de junho de 2007


FW: Windows-Based iPhone Rival for Business Users

O mundo como a gente conhece…


Feed: Slashdot
Posted on: Tuesday, June 05, 2007 1:07 PM
Author: Zonk
Subject: Windows-Based iPhone Rival for Business Users


MsManhattan writes "High Tech Computer Corp. (HTC) has unveiled a touch-screen mobile device that offers many of the same features as the iPhone but with an emphasis on business applications vs. entertainment value. The HTC Touch is based on Microsoft's Windows Mobile 6 Professional OS and features a 2.8-inch touch screen offering access to emails, contacts and appointments. But unlike the iPhone, which will feature large internal flash memory capacity for music and movie storage, the HTC Touch offers a microSD drive, and a 1G-byte microSD card comes with the handset."

Read more of this story at Slashdot.

View article...


FW: How to Keep Your Code From Destroying You

Eis uma boa dica: como melhorar o código que você cria?



Feed: Slashdot
Posted on: Wednesday, May 30, 2007 4:09 PM
Author: ScuttleMonkey
Subject: How to Keep Your Code From Destroying You


An anonymous reader writes "IBM DeveloperWorks has a few quick tips on how to write maintainable code that won't leech your most valuable resource — time. These six tips on how to write maintainable code are guaranteed to save you time and frustration: one minute spent writing comments can save you an hour of anguish. Bad code gets written all the time. But it doesn't have to be that way. Its time to ask yourself if its time for you to convert to the clean code religion."

Read more of this story at Slashdot.


sábado, 14 de abril de 2007


Os 46 melhores utilitários freeware

Vale a leitura: uma lista dos 46 melhores utilitários freeware. Destaque para os melhores:


·         Antivirus (AVG, Avast! e AOL Anti Virus Shield)

·         Firewall (Kerio Personal Firewall)

·         Zip utility (7-Zip)

·         FTP Client (FileZilla)


Para a lista completa e outras opções em cada categoria, visite o site original.


Debugger "Feature" for SharePoint

Feed: Aggregated Feed: SharePoint Team Blogs
Posted on: Tuesday, April 10, 2007 9:02 AM
Author: sptblog
Subject: Debugger "Feature" for SharePoint


While Windows SharePoint Services 3.0 provides an excellent platform for developing Web applications, debugging them can be a bit of a pain. It's often a case of finding the process ID (PID), attach the debugger, navigate to the error, rinse, and repeat, but programmers love to write code, not navigate through menus. J Fortunately, my good ol' buddy from Microsoft Consulting Services and developer extraordinaire, Jonathan Dibble, created a nifty "Debugger Feature" that can be installed and activated on a SharePoint site to make the debugging experience much easier to initiate. Jonathan is a brilliant guy, but he's too shy (for now) to engage the broad SharePoint community, so he has donated his code to Scot Hillier's SharePoint Features project on CodePlex for all to share and hopefully extend. The blog entry below was jointly written by Jonathan and Scot.

<Lawrence />

Debugger Feature for SharePoint

When activated, the Debugger Feature adds an "Attach Debugger" menu item to the Site Actions menu (see picture below). The feature provisions a simple page, which executes the System.Diagnostics.Debugger.Launch statement, causing an exception to be thrown and the debugger to be auto-attached. In some cases, the debugger cannot attach – for example, when the AppPool is running under a different user account. When that happens, the page will at least give you the correct PID, so you can attach the debugger yourself.


Figure: Attaching the Debugger from SharePoint

Beyond this very basic and useful function, this is a great example of how to write a simple SharePoint feature that provisions a page. Included in the VS 2005 solution project are all of the .XML and .DDF files needed to create a feature and then a solution cab file for deployment. Let's take a quick walkthrough of the most important files.

The first .XML file, feature.xml, is what defines the feature:

<?xml version="1.0" encoding="utf-8" ?>

<Feature Id="B5CF5C33-8178-4cb0-99DC-E14AA04D1C05"

   Title="Attach Debugger Feature"

   Description="Can be used in debug mode to attach a debugger to the site."





      <ElementManifest Location="elements.xml" />



The complete set of parameters can be found at http://msdn2.microsoft.com/en-us/library/ms436075.aspx. The critical element for us is the ElementManifest element, which specifies where WSS can find the provisioning instructions for our feature. The path is relative to the feature.xml, which in turn is relative to C:\Program Files\Common Files\Microsoft Shared\web server extensions\12. More on this when we construct our solution's .CAB file. For now, know that the feature.xml and elements.xml are usually in the same directory.


<?xml version="1.0" encoding="utf-8" ?>

<Elements xmlns="http://schemas.microsoft.com/sharepoint/">

   <!-- Add Command to Site Actions Dropdown -->

   <CustomAction Id="SiteActionsToolbar"




      Title="Attach Debugger"

      Description="Attaches debugger to current site">

      <UrlAction Url="~site/_layouts/Debugger/AttachDebugger.aspx" />



Right now, the documentation on the contents of the elements file is fairly light. Looking briefly at our CustomAction element, the important attributes are the GroupId and Location, which tell WSS where to place our new page (the site actions standard menu). The Sequence number is for sorting the menu, 2001 should ensure we are at the bottom. And most importantly is UrlAction, which tells WSS that this will be a hyperlink to the AttachDebugger.aspx page. Notice the relative path token ~site, which indicates the page is located in our current site.

From here, I'd suggest opening the VS 2005 solution file and taking a look around. Notice how the directory layout inside the solution is similar to the layout in C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE. This is also to facilitate feature development. Check out install.bat and see how we use xcopy to copy the dev tree to the template tree. (BTW, the commented lines in the install.bat should be obvious – we have no need to GAC our assembly or restart IIS for our feature, but you might in future features. It's there if you need them.)

Finally, lets look at how the .CAB file is created. The most important file is the .DDF file in the \WSP directory:


.OPTION EXPLICIT; Generate errors

.Set CabinetNameTemplate=DebuggerFeature.wsp

.set DiskDirectoryTemplate=CDROM ; All cabinets go in a single directory

.Set CompressionType=MSZIP;** All files are compressed in cabinet files

.Set UniqueFiles="ON"

.Set Cabinet=on

.Set DiskDirectory1=Package

manifest.xml manifest.xml

..\TEMPLATE\FEATURES\Debugger\feature.xml Debugger\feature.xml

..\TEMPLATE\FEATURES\Debugger\elements.xml Debugger\elements.xml

..\TEMPLATE\LAYOUTS\Debugger\AttachDebugger.aspx LAYOUTS\Debugger\AttachDebugger.aspx

It's fairly easy to read, but take a look at the destination paths, which are relative to C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE. The location of the AttachDebugger.aspx file must match the TemplateFile Location path specified in the manifest.xml file:

<Solution SolutionId="3D615864-B200-4ff8-8D08-6D651CA9D5F6" xmlns="http://schemas.microsoft.com/sharepoint/">


      <FeatureManifest Location="Debugger\feature.xml"/>



      <TemplateFile Location="LAYOUTS\Debugger\AttachDebugger.aspx"/>



Once you've developed and deployed a feature or two, you'll have that light bulb ("a-ha!") moment about how everything required to implement a feature relates to each other, and then you'll want to create a SharePoint feature for every discreet piece of functionality that you'd like to add to SharePoint!

View article...

segunda-feira, 2 de abril de 2007


MSXML4 to be Disabled in Late 2007

[from the MSXML Blog]

As a part of our MSXML4 End of Life plan , we are going to kill bit MSXML4 in the October – December timeframe of this year. This kill bit applies to Internet Explorer only. After the kill bit, web applications will not be able to create MSXML4 objects in the browser. Applications which are not kill-bit aware will continue to work with MSXML4.

We are announcing this in advance so that our customers get sufficient time to try their applications with MSXML6 and give us feedback on their experience.  Please email us at msxml4@microsoft.com  with feedback/questions/concerns.


We are going to kill-bit MSXML4 to ensure a secure browsing experience for our customers. We are planning to also remove MSXML4 from the Download Center page within the next 12 months. Support for MSXML4 going forward will be restricted to high impact security issues only.

MSXML6 is the latest version available to MSXML customers today. This is where all the functionality, performance and security improvements are going in. In addition MSXML6 provides improved W3C compliance and increased compatibility with System.XML in .Net. The recommendation for MSXML customers is to program using MSXML6 and upgrade apps using older versions to MSXML6.

We strongly encourage everyone to start using MSXML6 SP1. MSXML6 SP1 is now available for all supported down-level platforms and can be downloaded from http://www.microsoft.com/downloads/details.aspx?FamilyID=d21c292c-368b-4ce1-9dab-3e9827b70604&displaylang=en

MSXML Supported Versions:

We addressed this in a blog entry http://blogs.msdn.com/xmlteam/archive/2006/10/23/using-the-right-version-of-msxml-in-internet-explorer.aspx

The  summary is:

MSXML6  - Should be your first choice. This is the MSXML version that will be carried forward. MSXML6 shipped with Vista and we are working on getting this in downlevel OS Service Packs

MSXML3 – This has the advantage of having shipped with every supported OS .We are committed to keeping MSXML3 robust and stable but won't be adding any functional improvements.

MSXML4  - This is in maintenance mode with a very high bar for fixes approaching End of Life.

MSXML 5 –  Exclusively meant for Office. Do not take any dependencies on it.

MSXML4 & 6 Differences and Compatibility:

Key changes introduced between MSXML4 and MSXML6 and migration are described in the blog entry at http://blogs.msdn.com/xmlteam/archive/2007/03/12/upgrading-to-msxml-6-0.aspx


We believe this is the best plan for MSXML customers going forward – avoids confusion regarding multiple versions, ensures a safe browsing experience when using MSXML and provides a path to use future functional improvements . If you run into issues with the migration or have questions/feedback feel free to contact us at msxml4@microsoft.com . All of the MSXML team is on this alias eager to hear your feedback and assist with the migration.

View article...

sexta-feira, 16 de fevereiro de 2007


Download de arquivos com nomes acentuados em ASP.NET

Tivemos a necessidade, esses dias, de desenvolver uma página ASP.NET que se encarregaria de fazer o download de um documento que só estaria acessível via impersonate, uma vez que estaria armazenado em outro servidor HTTP, autenticando via NTLM.

Dentre as possibilidades, acabamos por utilizar o System.Net.WebClient, passando as credenciais default e obtendo o conteúdo do arquivo em questão. O código foi mais ou menos como o que segue:

WebClient webClient = new WebClient();
webClient.Credentials = CredentialCache.DefaultCredentials;
byte[] data = webClient.DownloadData(endereco);
O problema foi que o nome do arquivo remoto eventualmente poderia incluir caracteres acentuados. Após muita pesquisa, chegamos à conclusão que isso não é possível, pois os nomes de arquivos no cabeçalho Content-Disposition são codificados em ASCII.

Ai vim documentar isso aqui, antes de cair na gandaia do Carnaval. Resolvi fazer mais uns testes e criei o código abaixo:
void Page_Load(object sender, EventArgs e)
Response.AddHeader("Content-Disposition", "attachment; filename=\"áéíóúçãõüàèìòù.txt\"");
Acabei descobrindo coisas interessantes:

  • Se o nome do arquivo tiver caracteres especiais, o FireFox mantém os acentos corretos. Assim, o código acima funciona sem problemas para o FF2, mas gera caracteres estranhos no IE6;
  • Se você precisa de caracteres ASCII codificados, por que não usar o Server.UrlEncode? Alterei a página de testes e vi que o documento veio agora com o nome correto no IE6. Como nada vem fácil, o nome do documento no FF2 veio com os %nn característicos;
  • Sendo o alvo do meu trabalho apenas os browsers IE6, o problema estaria resolvido. Mas, por que não fazer o trabalho direito? Acabei com o código abaixo:
void Page_Load(object sender, EventArgs e)
string arquivo = "áéíóúçãõüàèìòù.txt";
if(Request.Browser.Browser == "IE")
arquivo = Server.UrlEncode(arquivo);
Response.AddHeader("Content-Disposition", "attachment; filename=\"" + arquivo + "\"");
E é isso. Até a próxima.

quarta-feira, 3 de janeiro de 2007


Using Dotfuscator in the post-build process

Hoje tive a necessidade de automatizar o processo de obfuscar um assembly usando o Dotfuscator. Estou utilizando neste projeto o Dotfuscator Community Edition 1.1.1019.14017, que vem com o Microsoft Visual Studio 2003.

Encontrei uma referência a isso no WWs Blog, mas que não fala nada sobre assemblies que estejam assinados com strong names (o meu caso). Pesquisando mais um pouco, achei algo no próprio site do Dotfuscator: How can I use Dotfuscator when the obfuscation process would invalidate the signing of the assembly?

Resumindo a história, marque no seu AssemblyInfo.cs:

[assembly: AssemblyDelaySign(true)]

E digite em Project Properties/Common Properties/Build Events / Post-build Event Command Line:
sn.exe -Vr $(TargetFileName)
dotfuscator.exe /q ..\..\Dotfuscator.xml
copy ..\*.dll *.dll
sn.exe -Vu $(TargetFileName)
sn.exe -R $(TargetFileName) ..\..\$(TargetName).snk

Omiti os caminhos dos executáveis para simplificar. Mas, para não esquecer:

  • "C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Bin\sn.exe"
  • "C:\Program Files\Microsoft Visual Studio .NET 2003\PreEmptive Solutions\Dotfuscator Community Edition\dotfuscator.exe"

Assume-se que você salvou um projeto do Dotfuscator com o nome de Dotfuscator.xml no diretório da solução, que também contém o seu arquivo de chave .SNK, e que o Dotfuscator salva a DLL modificada diretamente na pasta BIN.

Mais instruções podem ser obtidas aqui: Dotfuscating Strong Named Assemblies.