Tuesday, November 15, 2011

Saturday, February 12, 2011

A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").

While implementing authentication using Windows Azure Access Control Service v2 in the ASP.NET MVC 3/.NET 4.0 web application I am working on, I came across the following error when the authentication page hands control back to my web application:

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (wresult="<t:RequestSecurityTo...").

I had previously worked my way through the Intro to ACS v2 lab in the Windows Azure Platform Kit and was surprised to see this error, as it had not happened in the Lab.

My initial investigation seemed to indicate that turning off request validation might be the only way to resolve this, but I was not very happy with having to manually validate requests for security purposes and besides, I knew that it was working in the Lab, so continued investigating.

It turns out that the solution you are using in the Lab above is not a Web Application, but a Website, and the Federation Utility that launches when you do "Add STS reference ..." will automatically add a WIFSampleRequestValidator.cs file that contains a class called "SampleRequestValidator", and the following key to the web.config if the project is a Website -- but will not do this for a Web Application:

public class SampleRequestValidator : RequestValidator
    protected override bool IsValidRequestString( HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex )
        validationFailureIndex = 0;
        if ( requestValidationSource == RequestValidationSource.Form 
            && collectionKey.Equals( WSFederationConstants.Parameters.Result, StringComparison.Ordinal ) )
            SignInResponseMessage message = WSFederationMessage.CreateFromFormPost( context.Request ) as SignInResponseMessage;
            if ( message != null )
                return true;
        return base.IsValidRequestString( context, value, requestValidationSource, collectionKey, out validationFailureIndex );

Once I knew what the solution was, I could easily find some confirming evidence on the web, and from there it was simple enough to include the WIFSampleRequestValidator.cs and modify the web.config to include the requestValidationType setting and everything worked as expected.  If you come across this issue, I hope this helps clarify and resolve it for you.

Friday, February 11, 2011

Melbourne Azure BizSpark Startup Camp

Congratulation to the team at Rome2Rio for taking top honours at the Melbourne Azure BizSpark Startup Camp and winning first prize -- I am sure those Windows 7 Phones will come in handy when you are realising your mobile strategy, and Pavel Chuchuva's mobile version of your site created for the competition was a testament to your existing API.

I was very lucky to attend this event as my BizSpark membership was only approved on Thursday, the day before the event started; thanks again to Catherine Eibner for expediting my approval.

The Windows Azure platform is so comprehensive that after Friday's technical presentations I had to talk myself down from trying to implement something that used NoSQL Table/Blob Storage, Background Worker Processes and Queues, all of which were described in tantalising detail by Graham Elliot who also gave us a sneak peek at features that are still in CTP, like Federated Identity.  All this information really helped get my creative juices flowing for what I might achieve over the next couple of days, and I have never taken so many notes in all my life!

I did have a little bit of a head-start having read some of Programming Windows Azure, and having used Windows Azure Compute and SQL Azure as a staging environment for a previous project, but the presentations provided so much more context that they were much more worthwhile than any book or article I have read.

Coming up with an idea on Friday and implementing it over the following 2 days was challenging, but very rewarding, as there is nothing like green fields development to keep you motivated.  The co-working atmosphere was great and the assistance provided by Steve Nagy and David Burela was indispensable in keeping the flow of development happening.

I feel like I bombed in the practice presentation, but the advice the "pre-presentation" judges gave me helped me tighten up my pitch which I think helped immeasurably, allowing me to be one of 2 runner-up prize winners alongside TrendFrendz.  This was a total surprise as there were so many great and varied presentations; I am so glad that my presentation was first and I did not have to follow the other killer presentations.

Overall, this was a great experience to meet and work alongside some great startups and I would highly recommend getting along to any BizSpark Startup Camps that are running in your area, or even flying in from another state like the guys from Mexia!

Monday, January 10, 2011

Getting the Output parameter from a Stored Procedure using PowerShell

I might be the only person still supporting SpatialWare for SQL Server, and so this example might only be useful to me and a few others, but the principle is still worth demonstrating.  In SpatialWare, you can check to see if the R-Tree spatial index is created by calling a stored procedure and inspecting the @truth output parameter.  The PowerShell script below shows how you can call the sp_sw_rtree_is_created stored procedure, and get the value of the @truth output parameter.

$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = "integrated security=SSPI;`
    data source=$ServerName;`
    initial catalog=$DatabaseName;"
$SqlCmd = New-Object System.Data.SqlClient.SqlCommand
$SqlCmd.CommandText = "sp_sw_rtree_is_created"
$SqlCmd.Connection = $SqlConnection
$SqlCmd.CommandType = [System.Data.CommandType]'StoredProcedure';
$SqlCmd.Parameters.AddWithValue("@owner", "$OwnerName") >> $null;
$SqlCmd.Parameters.AddWithValue("@table", "$TableName") >> $null;
$SqlCmd.Parameters.AddWithValue("@spatialcolumn", "$SpatialColumn") >> $null;
$SqlCmd.Parameters.AddWithValue("@keycolumn", "$KeyColumn") >> $null;
$outParameter = new-object System.Data.SqlClient.SqlParameter;
$outParameter.ParameterName = "@truth";
$outParameter.Direction = [System.Data.ParameterDirection]'Output';
$outParameter.DbType = [System.Data.DbType]'Boolean';
$SqlCmd.Parameters.Add($outParameter) >> $null;
$result = $SqlCmd.ExecuteNonQuery();
$truth = $SqlCmd.Parameters["@truth"].Value;

When you run this PowerShell script, you should get response of True or False depending on whether the R-Tree spatial index is created or not.

Saturday, January 8, 2011

Adding a Trusted Site using PowerShell

Some web-based applications, like IntraMaps, require elevated privileges to perform actions like client-side integration with Word and Excel or other enterprise systems, and one of the safest ways to limit your exposure is to add only those sites that require elevated privileges to your Trusted Sites for Internet Explorer and only elevate privileges in that Trust Zone.

In the past, I have used batch files and registry files to accomplish this, but PowerShell provides a much more robust way make an addition to your Trusted Sites.  In PowerShell you can navigate the registry hive using the Registry Provider in the same way that you can navigate the file-system in your PowerShell window.

set-location "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
set-location ZoneMap\Domains
new-item BRAD-SERVER
set-location BRAD-SERVER
new-itemproperty . -Name http -Value 2 -Type DWORD

Set-Location is used to navigate to the correct node in the Windows Registry, and then a New-Item is created for my server, named BRAD-SERVER.  Change into the new location using Set-Location and then use New-ItemProperty to create a Name/Value pair that represents the http protocol and 2 for the Trusted Sites Zone.

Performing the above commands in PowerShell will add BRAD-SERVER to the Trusted Sites of the machine that I run it on, and then I can elevate the privileges for the Trusted Sites Zone in Internet Explorer and only those sites that have explicitly been added to Trusted Sites will have those elevated privileges.

This method has the advantage that if the network administrator has locked down access to the Registry Editor via Group Policy, you can still sometimes use PowerShell to make edits to the registry if you have administrator access on the machine you are using.

Wednesday, May 19, 2010

WeoGeo and the PBBI Data Marketplace

I just finished listening to Podcast: Exploring PBBI's Vision for Geospatial Data as a Service at Direction Magazine, and I am quite interested to see what PBBI will deliver in June when they have indicated they will roll out the Data Marketplace -- the idea of being able to access a comprehensive library of GIS data "On Demand" is very exciting. PBBI have partnered with WeoGeo to deliver this, so it seems they are ready to come out of "stealth mode" :-)

With regards to the comparison to iTunes, it seems to me that the WeoGeo Applicance that would be hosted on premises would be like your iPod, that synchronises data with the central WeoGeo Cloud server [your PC/Mac running iTunes in the analogy].

The music that you download from the iTunes Store is protected by FairPlay, which is really the key to making music publishers comfortable with the idea of distributing their music digitally, as it protects its distribution to unauthorized parties.

I expect that the comparison made to iTunes Store is to emphasise this model of protection, not so much the packaging of the data for download. Streaming with Lala, which was recently acquired by Apple, would be like accessing the data in the WeoGeo Cloud.

Sunday, October 5, 2008

MapXtreme 2008 and Windows x64

MapXtreme 2008 is finally supported on 64-bit Windows x64, which is important for many of the reasons outlined in the Benefits of Windows x64 Editions, but most significantly because it gives you a much larger Virtual Address Space. MapXtreme ASP.NET web applications can typically run into the 800MB to 1200MB process memory limit on 32-bit Windows described here, and larger Virtual Address Space will alleviate this by allowing up to 2800MB. 

MapXtreme 2008 doesn't get to take full advantage of the Virtual Address Space available in 64-bit Windows, however, as it is still 32-bit code and so needs to run in Windows-on-Windows, WoW64, emulation mode.  If it was 64-bit code, the process memory limit would be around 70% of RAM + Pagefile.  As mentioned in this article though, if a .NET process is multiple GB in size, "it can become very difficult for the Garage Collector to keep up with the memory as Generation 2 will become very large", so it is probably best not to let it get that big!  Besides, MapXtreme will probably not have a 64-bit codebase until after the end of the 2009 calendar year, so you needn't worry about that for a while.

One last thing, if you are compiling a MapXtreme Desktop application, and you want to have all 2800MB meomory available to your application, then you will need to check that the IMAGE_FILE_LARGE_ADDRESS_AWARE flag has been set on your executable.  This flag can be set programmatically, or by the compiler, or you can alter the File Header after compilation using a PE editor such as CFF Explorer.  As you can see below, the w3wp.exe process that runs your ASP.NET applications already has this bit set, so there is nothing to do for your ASP.NET web applications.

Of course, if you want to develop full 64-bit web mapping applications today, you could always try Manifold IMS: 64-bit since version 7x, which was released around August 2006 -- the latest version 8.0 release has plenty more to offer as well.