About the author

J Sawyer is a developer based in Houston, TX who absolutely loves to write code. After spending 9 years at Microsoft, he moved on to other things and is currently the Lead Developer for the RealTime Data Management team at Logica US. He spends his days building Really Cool Things around StreamInsight and having a blast doing it.

He has been involved with HDNUG, one of the oldest and largest .NET-focused user groups in the US, since its inception in 2001 and has watched it grow from 5-10 technologists meeting around a conference table to a thriving community of over 5000 with regular meeting attendance averaging 100 attendees. He currently serves as the Vice President. You can join him at HDNUG on the second Thursday of every month at the Houston Microsoft office.

He also loves to ride his Yamaha FZ1. And sometimes his Ninja 650. And also his Honday XR-400 dirt bike. But he doesn't code and ride at the same time. That would be bad.

Some stuff from Zain's session today

January 10, 2008 9:21 PM

Hung out today to watch my buddy Zain deliver his Microsoft Across America presentation today. Cool stuff and he did an awesome job (as always)!

So ... some resources that were mentioned out there today:

OWASP (Open Web Application Security Project): www.owasp.org. All kinds of great stuff here. 

Houston OWASP Group: http://www.owasp.org/index.php/Houston. David Nester runs this.  Great guy ... and great content.

For completeness, two other great resources for security stuff:

Microsoft Security Central: http://www.microsoft.com/security/default.mspx.  One place for all kinds of security related content, from end-user to advanced administrator.

MSDN Security Developer Center: http://msdn2.microsoft.com/en-us/security/default.aspx. Good resources for security-conscious devs, including how-to videos and more. Also has a link to Michael Howard's blog where you'll find all kinds of good security stuff. He's one of the authors of Writing Secure Code. And that book changed my life. I am not kidding there. It was eye-opening and terrifying the first time I read it.

When removing all of the modules in IIS 7, it returns an HTTP 401 (Unauthorized). This is different from HTTP 403 (Forbidden). With 401, authentication will make no difference. Here is the raw response:

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/7.0
Date: Fri, 11 Jan 2008 01:51:02 GMT
Content-Length: 0

I got this from Fiddler. Now, why it didn't work for Zain, I can't say. I think he was jinxed.

ASP.NET Membership Provider Stuff

Here's where the Access Providers live: http://msdn2.microsoft.com/en-us/asp.net/aa336558.aspx.  There is also a bunch of good stuff for creating providers there. Here's a web cast that goes through it as well: http://www.asp.net/learn/videos/video-189.aspx. And, if you are going to do your own provider, keep your eyes here. I'm going to talk about hashing shortly ... this is the best way to store passwords!

Adding users to ASP.NET membership in code (like when you need to import several thousand records):

System.Web.Security.Membership.CreateUser()

There a few overloads for this that have different options (of course).  Now ... the other thing that you can do is to create a membership provider that uses the existing database. There's a couple of ways to skin that cat. (Poor kitty!)

I think that's all ... I'm out!

Tags: ,

.NET Stuff | Events

E-mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0) | Post RSSRSS comment feed