It’s a shame how many applications, even popular ones, have huge security gaps regarding passwords. The most recent case to hit the news was Reddit but this is only the tip of the iceberg. How many internals applications out there uses plain text password. A whole lot! You probably did it at some point, and so do I. But the object of this post is not to rant and whine about that situation. I just want to show those who don’t know about it how easy it is to integrate Windows Active Directory authentication to your application. So now, if you read this my blog, no more excuses to have that “password” field in your database.
First you need to add a reference in your project to System.DirectoryServices
Here is the code, I will catch you up on the other side.
String Username = "username";
String domainAndUsername = "domain\\username";
String Password = "password";
DirectoryEntry entry = new DirectoryEntry("", domainAndUsername, Password);
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + Username + ")";
// search.FindOne() will throw an exception if there is a bad username/password combination provided
SearchResult result = search.FindOne();
throw new System.Security.SecurityException("Access denied.");
Pretty straightforward isn’t it? Obviously, you need to change the first lines with the user’s input but other than that, it’s all that’s needed for a basic username/password authentication using Active Directory. You can copy this code and use it in your application and see for yourself. If you want more information on what you can get from Active Directory, there is a good article on the different name attributes here. You can also go to the homepage of System.DirectoryService on MSDN here.
I want to add that I’m not an Active Directory expert. If a reader see something wrong with this code, please let me know and I’ll update it right away!
How to create user accounts in active directory using C#
It’s simply amazing! Scott Guthrie announced today that the .NET framework source code is going to be released later this year. He says it will be released at the same time that Visual Studio 2008 and the 3.5 Framework are going to be released. This means that you will be able to drill down inside the framework when debugging your applications in Visual Studio 2008.
This is a bold move from Microsoft’s part by any standards. I think the motivation behind this release is two-fold:
1. This seems to be part of a larger company-wide politic to show to developers that Microsoft genuinely care about them.
2. They also need to work with the flow. More and more, tools like Lutz Roeder’s .NET Reflector (a utility and Visual Studio plugin to decompile and visualize .NET assemblies) are becoming popular and the Framework is, for all intent and purposes, already opened and ripped apart. I look at classes of the framework myself using this tool from time to time.
All that being said, this is really great news and I can’t wait to play with this and see the internals of the framework “in action”.
Click here to view the full article from Scott.
If you don’t know who Scott Guthrie is.. Well he’s the team leader for :
- The AJAX Toolkit
- The CLR
- The Compact Framework
- Windows Forms
- Commerce Server
- Visual Web Developer 2005
- Visual Studio Tools for WPF
In others words, if you love your job as a programmer using Microsoft’s technologies, it’s because of this guy.
If you haven’t already heard about it, (very unlikely since it has been all over the news) there is a bug in Microsoft’s Excel 2007 that display the wrong result when doing a multiplication. The bug first shown up with the multiplication of 77.1 * 850 but the Excel team blog tells us that there are 12 specific calculations that are subject to this flaw.
Basically, this is a problem with the internal representation of numbers in Excel that gets translated for displaying. It’s a conversion bug in the UI part so it won’t affect any calculation, charting or other number analysis on those numbers. VBA script and COM Interop are also immune to this bug because they use the internal representation and not the number actually rendered on the Excel interface. Joel of joelonsoftware.com has a really good article that explains the specifics of this bug.
Every forum and blog posts that I've seen out there, with the exception of Joel’s one, shouts that this is a major/critical bug and start bashing on Microsoft for their “gross incompetence”. My humble opinion on this is that those guys are going totally overboard and see critical problems when there are, in fact, none. Since the bug we’re talking about affect only the number displaying but not the internal representation it will affect people’s life only if they do those exact calculations and don’t use the calculation result to do anything else. The chances of that happening out there exists, I agree. However, they are so slim that this bug should not be considered critical at all. Microsoft will probably release a hotfix in the next days/weeks and it will all be history soon.
UPDATE: The Excel team has released a hotfix to correct this issue. The fix can be found here.
Today, I’ll introduce you to some tools that I like a lot and that have improved my productivity and efficiency in both my job and my day to day computer use. I ordered them with the ones that I like the most first but I suggest you to try them all to see if some are of more use to you than me in your particular context.
Disclaimer : I have not been paid in any way to endorse these products. Some of them are free and, for those that cost money, I personally think that their price is right for the functionalities they provides. I have bought all these tools with my own personal money. Also, all of these tools have a free evaluation version so you can try them out and see for yourself if they are worth the cost for your situation.
DevExpress Productivity Tools :
CodeRush and Refactor! are my best picks so far. They are both really easy to use, have a fast learning curve and integrates seamlessly with Visual Studio (all versions except for the express editions).
CodeRush is a template based code generation tool that speeds up the development process by providing a lot of useful and easy templates. There are templates for properties, methods, classes, NUnit in both VB.NET and C#. There are also navigation tools, selection tools and a lot of others interesting utilities.
Both of these tools are totally extensible via the DXCore free plug-in. In fact, CodeRush and Refactor! are really just a load of DXCore templates (and by “a load”, I mean that there are over a thousand individual templates that you can use). And if there is something in particular that you want to automate, the sky’s the limit with this tool. I will post some of my favorites customizations in the near future.
You can see these tools in actions on the DevExpress Web site here. If you never tried these tools, I suggest strongly that you give CodeRush and Refactor! a try. Trust me, it will be worth it.
Here’s a convenient Download Link (Evaluation version)
Slickrun is a free utility that replaces the over used Windows+R key combination, the quick launch tool-bar and the start menu. This little tool can hook-up and “override” the Win+R key to give you a simple command line that can be used to start any program. With features like Magic Words and auto-completion this became rapidly (for me at least) the standard way to start any piece of software that I use more than once a week. It even have the option to track your mouse position and appear right besides it so you don’t even have to move your eyes to the bottom left corner of the screen to see what you are typing.
This tool have the notion of “Magic Words”. These words are just aliases to executables where you can specify startup command line parameters. For example, C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE becomes “mail”. Doubled with auto-completion, starting a program became almost instantaneous.
That’s it for today, I’ll write some follow-ups to this article with more tools and utilities that made my life and my work so much easier.
My name is Stanislas Biron. I'm currently working at Versacom in Montréal, Canada, as the Research and Development Director. Versacom is the biggest Canadian translation firm and, as R&D Director, I try to discover new ways to tackle translation's workflow (From customer's initial request to the final product) and process (Improving translation itself). Before that, I was the President of a very small consulting company based in Quebec, Canada.
You might say I'm a business savvy developer with a strong entrepreneur's spirit.
I'm writing this blog to share my thought on software project management, tools, programming, entrepreneurship, database administration and the occasional humor post. In fact, I blog about everything that I think would help other developers, DBAs, and software industry execs.
You can contact me at email@example.com
Hmmm.. It seems that I have started myself a nifty little blog! I might be a little late on the train, starting a technical blog in 2007, am I? But more importantly, why am I doing this ? Well, for starters I like to help others. I want to share my knowledge and ideas with the most people possible, and I want to connect with other people who like the same things as I do.
Who am I? I’m Stanislas Biron, software consultant in Montreal, Canada. I have a lot of interests in everything that is tech-related but I'm especially fond of the Microsoft’s .NET technologies (C#, VB.NET, ASP.NET) and I will probably blog a lot of content about those. I also want this blog to become some kind of code repository for interesting snippets or whole projects. So if you have some interesting code that you want to share with the others readers, feel free to email it to me at : firstname.lastname@example.org. I’ll make sure to include it into my posts and maybe that someday, I'll be able to do a “Stan’s daily piece of code” to showcase the numerous marvels that we can come across in our work as developers. Sometimes, I'll also show some bad code (that I may or may not have written at some point) and show you how that kind of code can be refactored and transformed to become better. Everyone of us makes mistakes but it’s by sharing those mistakes and by listening to others that we can really learn from them.
And by the way, I'm using the Dasblog blogging engine to run this blog and so far it’s a very smooth and nice experience. It’s written in ASP.NET and is Open Source so if you’re interested in seeing some interesting blogging engine code or if you want to start a blog yourself and wonders what technology to use, Dasblog is a good choice in my opinion.
So let’s get started, shall we?