Indexed Mind – Search your Company’s Brainpower!

How do you track down experts in your Organization? Indexedmind helps you find who knows what in your organization at the click of a button. No more relying on stale documentation and wikis. We engage everybody in your organization to collectively build your Company’s knowledge-base.

Think of it as LinkedIn + Quora for your Company!

We are in Private Beta! Check us out and request a FREE Beta Invite https://indexedmind.com

im_search_capture

Advertisements

Backing up and fail-safing your ADAM / LDS instance

This could potentially be very long post, but I am going to stick to the high-level objectives only. Leave a comment if you want more details and I will reply to you.

OBJECTIVE: Your users are stored in an ADAM database and your ASP.net website sits on top of this utilizing the ASP.Net membership framework to interface with ADAM to authenticate users. You want to make sure that you are covered in case of any disaster scenarios (like disk corruption, ADAM server blowing up, and manually unintended corruption by your system admins)

PROBLEM: If you notice carefully, we are talking two different things here.

  • Hardware failures – i.e Poof!!!! and your ADAM instance just disappears. Panic your website is down!!!
  • Manual data corruption – So, if your sysadmin does something foolish and say he updates all users with the same last name using a vbs script or something. This is more insidious because your website is not down, ADAM is not down but your user data is corrupt.

SOLUTION: So although we have two distinct ways of getting into trouble, the end result is the same and the solutions are also the same. But first let us talk about what is required at the minimum to recover from a failure scenario.

ADAM Replication – Fortunately, for us, ADAM (or LDS) comes out of the box with support for replication. What this means, is once your main ADAM instance is up and running you can install multiple ADAM instances on other servers as “replicated instances” and all these servers magically know how to talk to each other and keep their data in sync with each other.

Plus, it gives you the flexibility of turning on “two way” replication. i.e you change data on the replicated instance and the main ADAM server reflects these changes. You have the option of staggered replication. i.e the replicated instances will receive deltas from the main server only after XX minutes or hours. Any light bulbs yet on how you will use this to recover from bad things happening?

Windows Backups – I know, I know. Nobody uses Windows Backup and Restore. But this is the perfect place to use it. You simply setup a backup job which backs up your ADAM directory to a file server. We have done it where I work and this gives us nightly backups for every day going back to last 60 days. Also, ADAM has a lock on the files on disk, but Windows Backup used Volume Shadow Copy which takes care backing up files even if they are locked by a process. We use the append option, so backups are not overwritten every night, but are appended (Keep an eye on that backup file though…it can grow pretty fast !!!)

So, now that we know the proper way to protect us from bad things. Here is how you will apply it to various situations:

  1. Hardware failures – If your main ADAM server blows up, you could simply point your website to the replicated instance since it has the latest and greatest data.
  2. Data Corruption by SysAdmin – So, if your sysadmin writes a script which updates every one’s SSN to 000-00-0000 for example, you could either restore the ADAM data from last night’s backup (believe me it is amazing simple to overwrite ADAM data from backup and get up and running in no time). Or, if you had staggered replication setup (i.e replicated instances receive change deltas only after 1 hour and your sysadmin reports the data corruption to you in time, you can shutdown the main ADAM instance and point your website to the replicated instances because they still have good data.

Bottom-line, you can use replicated instances for instantly recovering from the failure scenario, while you are busy building the main instance from the backups. If you have two way replication setup then when you bring the main instance online, the replicated instances will send their deltas back to the main instance (so for example 100 users signed up before you could restore the main instance from backups), these 100 users are only in the replicated instance now. But the moment you bring back the main ADAM instance up, replication will send these users back to the main instance and you will be in sync.

Phone buddy for HTC Touch diamond and Touch PRO released !!!

UPDATES :

  • [3/3/2009] Added a new option which allows you to enable tilt even in darkness. I had deliberately disabled it for valid reasons, but some people thought the tilt feature suddenly stops working not realizing that it is intentionally disabled in darkness (i.e in your pocket)
  • [2/9/2009] Two major improvements. Added very precise calculation for the Tilting feature. Also, the Shake feature is extremely sensitive and reliable(try with Sensitivity 15)
  • [1/27/2009] The fully functional 5 day trial version is available for download here. Please uninstall Meeting Buddy from your phone first if you have it installed.
  • Microsoft.NET 3.5 framework can be downloaded here. Copy this cab to your phone and run it from the phone.
  • If you like the trial version it is also available for purchase : (I prefer the Paypal method because Pocketgear pockets more than 50% of the sales proceeds from me)
  • PAYPAL : (Preferred) – $5 only !!
    btn_buynowcc_lg
  • POCKETGEAR :$6
    pocketgear

Phone Buddy is an upgrade to Meeting Buddy for HTC Diamond. It has many more features than Meeting Buddy and the price is the same. I have highlighted all the new features in Red

  • Tilt Control: The biggest featuer that I have added to Phone Buddy compared to Meeting Buddy is Tilt Control. When enabled it will go forward/backward depending on the screen you are on when you tilt your phone left or right. See video below
  • Flip phone to vibrate : Puts your phone into vibrate mode when you put your HTC Diamond face down, and will set it back to normal ringer when you put it face-up. It uses HTC Diamond’s built in accelerometer/G-Sensor for this.
  • If you check ‘Use Outlook Integration’, Phone buddy will put your phone into vibrate mode only if it sees that you are in a meeting (It does this by checking your phone’s outlook calendar)
  • If you use ‘Outlook Integration’ another settings becomes available to you called ‘Pocket Sensor’, if you check this, Phone Buddy will put your phone into vibrate mode, if it senses darkness (i.e your phone is probably in your pocket). It uses HTC Diamond’s light sensor for this.
  • Phone Buddy also has an option which allows you to lock/unlock the phone automatically using ambient light. So, if it is dark it will lock the phone’s keyboard. (So you don’t accidentally dial someone when your phone is in your pocket). It will unlock the keyboard as soon as you take it out of your pocket. You can also tell Phone buddy to activate this feature between certain hours of the day. eg. between 7 Am and 5 Pm.
  • Another option that it gives you is to lock/unlock the phone when you shake your phone. I have added the option to control Shake sensitivity too.
  • ‘Auto unlock on Incoming call’ is very obvious. If your phone’s keyboard is locked and Phone Buddy detects an incoming call, it will unlock the keyboard or you, so you don’t have to fumble around.
  • Auto unlock when Stylus removed’ unlocks your phone as soon as you take out the Stylus.
  • Hassle Free Installation’ No need to copy a .CAB file to your phone and run it. You can simply run the setup on your desktop and it will automatically install it to your phone.

Here are screenshots of the Configuration options for Phone Buddy :

  • fliptovibrateautolock
  • tiltcontrolfeedback

The good news is that it will be available for the same price, and all existing buyers will get a free upgrade. I will continue to offer Meeting Buddy for download as well (Although I don’t know why people would want that)

If you like the software buy it here :

PAYPAL :
btn_buynowcc_lg

POCKETGEAR :
pocketgear

Check out these other Titles too :

Get rid of Regsvr32, Regasm, Gacutil… A Shellextension for .Net and COM dlls

I had originally written a Shellextension for COM dlls, which would give you the option of registering/unregistering a dll (if it is a com dll) by right clicking on it. Here is the original post :https://nishantpant.wordpress.com/wp-admin/post.php?action=edit&post=11

After several years, I finally took out some time and created a Shellextension which works for .Net assemblies as well. These are the few features it has :

1. If you right click on a DLL and if it is a COM Plus dll it will show you the following menu.

COM Plus DllsIf you click on a COM dll but it is not installed in COM+, then you will get all above options except, the last 3 options which are relevant to COM+ only. Also, if you right clik a COM only dll, then it WILL give you an option called “Create COM+ package”.

2. IF you Right click on a dll which is a .Net assembly and is Strong Named as well, you will see the following menu :

If you right click on an Assembly which is not Strong Named, you will see all options except GACUTIL

3. If you hover your mouse over a dll which is a .Net dll, you will see some brief information about the dll like below :

4. If you right click on an Assembly, you will see a menu option called “Open with Lutz Reflector”. In case you dont know what Lutz Reflector is, it is an awesome free tool written by Lutz Roeder which disassembles any .Net assembly and shows you the source code in a very easy to view typelibrary browser. Since you could have downloaded Lutz Reflector anywhere in your PC, my shellextension will prompt you for the location just once when you first click on this option. It will then remember the location and will just open the Reflector with your assembly loaded in it.

Tested with Lutz Reflector 5.1

UPDATE (8/21/08) – Just heard from Lutz Roeder, that his software will be further developed and maintained by Red-Gate software from now on. (It will still be free though). See link for details –>Click to see article

5. If you go to the thumbnail view of any folder which has dlls, the shellextension analyzes the dlls and puts and changes their icon which helps you identify them. The Shellextension can distinguish between a regular dll, COM dll, .Net 1.0, 1.0, 2.0, 3.0 and 3.5 assembly. See below :

6. Last but not the least, you can customize the behavior of the dll and turn the ShellExtensions off or on. You can toggle, IconHandler extension, Right Click context menu extension and ToolTip extension. Here is a snapshot of the configuration screen :

This is the first time I am releasing this ShellExtension, so there may be a few bugs in it. I would really appreciate if you can report the bugs to me by leave a comment in this post. I will try to work on them as soon as I can find time.

DOWNLOAD/Setup :

An enhanced UpdateProgress control, which shows an animation at the point where mouse was clicked

Also Check Out: My latest venture. http://loqly.me – a way for you to ask questions and get answers about local businesses around you. iTunes link:http://bit.ly/e5u4jv (only available in US for now)

WHY DO IT ???

Before you read the post, let us answer why did I waste time in changing the behavior of the UpdateProgress control. Here is the deal. Suppose, you have 5 or 6 controls on your page, which when clicked result in an Ajax call. You know that the UpdateProgress control is pretty much static, meaning, wherever you put the <asp:UpdateProgress> tags, that is the place where the progressbar will show up when your Ajax call is in progress. So, no matter which control the user clicks the progressbar is being shown in a fixed place. Why may some people consider this bad ???

  • You or anyone looking at the screen, may lose track of why you are waiting because the progressbar just shows that you are waiting not what has triggered the wait.
  • If the page is long, and the progress bar is at a fixed place, there is a possibility that you clicked a control which is a scroll length away from where the progressbar will show.
  • If the control which was clicked can give a feedback for the user to wait, it prevents the user from clicking the same button twice.

So, much for justifying why I wrote this control. But those were just a few thoughts behind it. Let us get back to the nitty gritties. Btw, here is a YouTube vide of how it looks (video is a little fuzzy but it shows what I am trying to communicate)

The Code :

I will not go into too much detail explaining the code, because I am sharing the source code with you. But here is the high level overview :

  • Create a new control, which inherits from UpdateProgress control
  • Embed two resources in your control assembly. (the default hourglass image and the javascript used to make this control work)
  • Override Render method, and inject javascript. The javascript will hook into the AJAX InitializeRequest and EndRequest events, by calling add_initializeRequest() and add_endRequest() methods of Sys.WebForms.PageRequestManager class.
  • The first Image control in the <ProgressTemplate> of the UpdateProgress control will be assumed to be the hourglass image, and if you haven’t set an ImageURL value for it, a default image will be supplied. You can create your own hourglass images from this awesome website : http://www.ajaxload.info/#preview

That is it. Do leave comments and suggestions if you find this control useful. I am also attaching the source code and the assembly. If you don’t want to see the code, just use the assembly and things should work right away.

Recursive LDAP function to get nested groups

Here is a simple recursive function that I wrote which will give you nested groups and members for any given Active Directory group. Try it….it works! U can bind it to a tree later on to show it on the screen. I have also included an output of how it looks when bound to an iewc Treeview.

tree.jpg

Dim AdsPath as string
Dim XMLRoles as string

AdsPath = GetAdsPathOfGroupThroughADO(“Domain Admins”)

XMLRoles = GetRoleMembers(Adspath)

———————————————————————–

Public Function GetAdsPathOfGroupThroughADO(ByVal Group As String) As String
On Error Resume Next
Set rs = CreateObject(“ADODB.RecordSet”)
rs.Open “;(sAMAccountName=” & Group & “);adspath”, “provider=ADsDSOObject”

If Not rs.EOF Then
s = rs(0).Value
End If

GetAdsPathOfGroupThroughADO = s
End Function
———————————————————————–

Public Function GetRoleMembers(ByVal RoleAdsPath As String) As String
Dim eu As Object
Dim XML As String

Set eu = CreateObject(“ess.user”)
Set Group = GetObject(RoleAdsPath)
XML = “”

For Each member In Group.Members
If member.Class = “Group” Then
XML = XML & vbCrLf & GetRoleMembers(member.ADsPath)
ElseIf member.Class = “foreignSecurityPrincipal” Then
On Error Resume Next
Set u = GetObject(“LDAP://=” & eu.SidStringToHexString(member.cn) & “>”)
If Err.Number = 0 Then
XML = XML & vbCrLf & “”
End If
End If
Next

XML = XML & vbCrLf & “”
GetRoleMembers = XML
End Function

———————————————————————–

input.jpgTreetransform.XSLT
eg. TreeView1.TreeNodeSrc = “XML returned by GetRoleMembers()….”
TreeView1.TreeNodeXsltSrc = Server.MapPath(“Treetransform.xslt”)�
———————————————————————–

Use declarative security to show a Security trimmed navigation Menu along with enforcing role based security for your website

Hi All,

Here is what we are trying to achieve in this article.

  • Provide side-wide security without writing a single line of code
  • Show navigation menus to the user, which automatically hide the options which the user doesn’t have access to (also called Security Trimming)
  • Use declarative syntax in web.config to tighten your security so that even if the user knows a particular URL, he cannot get to it, unless he is explicitly granted access to the URL.

Background :-
I have this hierarchy of folders
/
|—UserManagement

|—Default.aspx

|—ChangePass.aspx

|—AdminPage.aspx (Only admins should have access to this page, and the menu control shouldn’t show this option)

I am using a ASP:Menu control and I want all logged in users to be able to see all menu options except the AdminPage link, but I want the administrator to be able to see every single menu option.

Here is a snapshot of the relevant tags from my web.config file —————————————————————-

<!–In this case my Roles are stored in an XML file, your roles can reside in SQL Server or AD or ADAM, it doesn’t matter–>

<add name=AzManPolicyStore connectionString=msxml://C:/Azman.xml />

<!–Here is how we enable the role manager. In this case the built in ASP.Net website config tool will automatically read and write Roles and their membership info in the file mentioned above. i.e Azman.xml–>

<roleManager enabled=true defaultProvider=RoleManagerProvider>

<providers>

<add name=RoleManagerProvider

type=System.Web.Security.AuthorizationStoreRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, publicKeyToken=b03f5f7f11d50a3a

connectionStringName=AzManPolicyStore

applicationName=TestApp/>

</providers>

</roleManager>

 


<!– To make security trimming and declarative security work, we need to follow the pessimistic approach. i.e first we will deny everyone access to our website–>

<authorization>

<deny users=*/>

</authorization>

<!– Then we selectively start permitting users and or Roles access to folders/files–>

<location path=UserManagement>

<system.web>

<authorization>

<allow roles=“Administrators, Managers, Users”/>

</authorization>

</system.web>

</location>

<!– Deny access to everyone except Admin on the Admin only page–>

<location path=UserManagement/AdminPage.aspx”>

<system.web>

<authorization>

 

<deny users=*/>

<allow roles=“Administrators”/>

</authorization>

</system.web>

</location>

Here is the excerpt from my Default.aspx page, which has the menu control ———————————–
<asp:Menu ID=Menu1 runat=server DataSourceID=SiteMapDataSource1

Orientation=Horizontal>

</asp:Menu>


<!–Note that I am explicitly mentioning Sitemapprovider=”” attribute, although if I dont mention it, it should pick up the default provider. But this is what made the security trimming work for me. If you don’t do this, the Security trimming in menus will not work !! –>

 

<asp:SiteMapDataSource ID=SiteMapDataSource1 runat=server SiteMapProvider=XmlSiteMapProvider />


 

 

Here is my Web.Sitemap file—————————–

 

<?xml version=1.0 encoding=utf-8 ?>

<siteMap xmlns=http://schemas.microsoft.com/AspNet/SiteMap-File-1.0>

<siteMapNode url=~/Default.aspx title=Home description=“”>

<siteMapNode url=~/UserManagement/Default.aspx title=Manage security settings description=“”/>

<siteMapNode url=~/UserManagement/ChangePass.aspx title=Change your password description=“”/>

<siteMapNode url=~/UserManagement/AdminPage.aspx title=Admin Only Functions description=“”/>

</siteMapNode>

</siteMap>

 

 

 

Thats it. Just by following these simple steps, you will have rock solid security for your website. And you don’t have to write a single line of code too.