You may have experienced the problem with FileUpload control in an UpdatePanel – when you hit the submit button, Request.Files.Count always returns 0, even though you had registered the submit button as a PostBackControl and a PostBackTrigger of the UpdatePanel containing the FileUpload control.

In my case, the FileUpload only works when it is visible when the page is first time loaded (not a postback).  It will not work (Request.Files.Count returns 0) when it is hidden originally and then made visible during later AsyncPostBacks.  Maybe ASP.NET is confused, because I am also changing the submit button’s postback type between full postback and aysnc postback.  The submit button is used by other things, and I only want it to fire a full post back when files need to be uploaded, and in all other cases, I want it to fire async postback and only do partial update on my page.

I spent many hours trying many different solutions I saw on the internet, but none of them worked for me.  However, I found an important hint which led me to the final working solution.  That is the Enctype attribute of the Form.  I learned that the Form.Enctype has to be “multipart/form-data” when files need to be uploaded.  I think this is set automatically for you in normal cases, but it isn’t set up correctly in my case.  So, I manually set it to “multipart/form-data” in OnInit of my user control, and it solves the problem.

One of the missing features in MOSS 2007 is the ability to recognize PDF files in a document library. It can be frustrating when all you see is a blank page icon instead of SharePoint recognizing the document type properly. This is a common portal issue that is easily remedied with a bit of extra configuration. Here is an example of how PDF items are normally displayed inside of a library view.

Following the Microsoft KB you can see that you need to edit the docicon.xml file located at the path C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\XML

The Docicon.xml configuration file is a listing of all document types that are supported by SharePoint. To support the PDF icon, you need to add the following Mapping XML element to the XPath //DocIcons/ByExtension. The Mappings are listed in alphabetical order, so you should insert the PDF mapping accordingly.

<Mapping Key="pdf" Value="pdficon.gif"/>

Here is the Docicon.xml file after the edit.

The next step is retrieving the small PDF icon from Adobe. When you have download the icon image, you need to save the image as “pdficon.gif” to match the mappings entry we created earlier. The last step is to copy the PDF icon image to the SharePoint template images path: C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\TEMPLATE\IMAGES\pdficon.gif. This is the location where SharePoint will search for document type icons for rendering in document library views – according to the configured file extension mappings in docicon.xml.

After these steps have been completed, you can now visually distinguish the document type for PDF extensions with a quick icon type indicator.

Remembering exact syntax seems to be a common issue for programmers.  We tend to rely on Google or previous projects for a quick example to get us on the right path.  Whether it’s a one line regular expression or an entire method, programmers are frequently looking at code samples.

Visual Studio has built in support for snippets, but some of the functionality is limited.  For a while, I have kept simple methods and queries stored in files on my computer for quick access.  I have found a simple solution for Visual Studio, as well as online for quickly accessing, storing and sharing routinely used snippets of code that will replace my old ways of storing snippets.

<code:keep> (www.CodeKeep.net) allows users to store and easily retrieve code snippets in many common programming languages.  At the time of this posting, there are currently 28 languages that you can store, share, and search.  There are two easy ways of adding and viewing your snippets.  First, is on their website.  The website allows you to not only view and manager your snippets, but it also lets you look through snippets other have chosen to share – when adding snippets, you have the ability to make your snippets private or public.  The other way to access snippets is through a Visual Studio add-in (available in for both Visual Studio 2005 and 2008).  Both options will let you store, browse, and search for code snippets.

Installation instructions

When installing, I recommend setting up an online account first.  This will make the installation flow a little more smoothly.  Make sure to have Visual Studio closed for the installation. Once you have an account setup, download and run the MSI to install CodeKeep.  Make sure the read the ReadMe file.  After installing the application, you will also need to copy three files into the Addins directory in you default project folder.

Once installed, the add-in is available through the Tools Menu

Because this is an online service, the snippets are not stored on your computer by default.   However, the website does allow users to export their snippets.  Whether you want to take them on the go, or simply back them up, browse to “My Snippets” and click Export Snippets.  All of your snippets can be saved to an XML file.


Note:  While using the add-in, I have hit a few bugs that will crash Visual Studio.   Upon restarting VS, I get an error “Object reference not set to an instance of an object”.  To get rid of this, I had run the MSI again and  repair the installation.

This also required me to log into my account again.

Google has opened up their hosting services to the cloud with their free Google App Engine offering. Google makes it quick and easy to get going with their cloud offerings. Here a quick review of how to get started with the App Engine.

To use App Engine, you need a Google Account. Once you have your Google Account, you can enable App Engine services by entering in your cell phone number and carrier on the App Engine setup page. Google will send you an SMS with an access code you need to enter into the website. This activation scheme is Google’s way of restricting you from creating multiple App Engine accounts.

When you have received your code via SMS and entered your activation code, you can begin creating applications. The following appears after you have activated your App Engine account.

When you click “Create an Application” you can enter an application alias where your new application will be hosted on the appspot.com domain.

If your alias is available, you can then create an application and deploy to your new cloud application. In this example, we created the alias “pearlcompanies”.

Since we’re running in a windows environment, our next step is to setup Eclipse and the Google Plugin for Eclipse to deploy to our cloud application. We used Eclipse 3.5 (Galileo) in our example. After unpacking the Eclipse folder contents, we tell Eclipse where to get the Google Plugin. We add the available software site “http://dl.google.com/eclipse/plugin/3.5″ to our Eclipse Preferences.

Download and Install both the Google Eclipse plugin and GWT and App Engine SDKs.

After installing the Google SDKs, we can create Google App Engine projects (Web Application Projects). The nice thing here is that we can run the cloud application locally and verify it before deploying remotely to the cloud. The Google SDK comes with the components necessary to simulate the cloud environment.

Once we have our web project, we can begin creating our WAR package for deployment into the App Engine cloud service. The current App Engine supports Java and Python environments, but in this example we are going to use the Java runtime. Since we’re demonstrating deployment here, we are not going to use any servlets, but simply an HTML front-end. After changing the index.html page in our web project, we click the App Engine icon in the Eclipse toolbar.

After clicking the icon, we are prompted with the deployment wizard which has our Google account credentials and a link to the App Engine project settings. Click the project settings and enter the Application ID and version for the application (use the alias we setup previously).

Click ‘Ok’ on the properties dialog, and then enter your login credentials. Once you click ‘Deploy’, your application will be pushed into the Google App Engine cloud. You can view and manage your applications that are live in the Google App Engine site.

You can view the clone of our Pearl Companies website which we deployed to pearlcompanies.appspot.com. Please let us know about your App Engine experiences. We look forward to using this new powerful platform.

Microsoft is expected to remove the CTP from their Azure Platform this month at PDC in Los Angeles. Until then, you can still receive access to their free cloud services platform. To get started with Azure you need a Windows Live ID and signup with Microsoft Connect to receive an access code (aka tokens).

When you receive your access token, you can begin creating projects on the Azure platform with the Azure Developer Portal. You can only create one project with the CTP, but you can have multiple services inside each project (web/worker roles).

After you’ve created your project in the developer portal, you can add services which will be the endpoints you deploy to for Windows Azure. We will add a Windows Azure Service in this example.

To create our Windows Azure application, we need to create a package (cspkg) that contains our application contents and a configuration definition (cscfg) that defines our roles. Microsoft has created Azure tools to assist in generating the package and configuration file. You can download the Azure SDK to create Azure applications using Visual Studio. The Azure SDK allows you to run your own local development fabric before pushing your application into the cloud. Eclipse also has its own Azure Tools if you prefer to develop in the Eclipse environment.

After installation of the Azure Tools, you now have a new project template “Cloud Service” which we’ll use to create our web role.

After providing a name for your Cloud Service project, you are prompted to select which roles you would like to use. We will choose “ASP.NET Web Role” for this example.

After clicking “Ok”, you will now have a Cloud Service project and a Web Role project in your solution. We will now remove the Web Role for this exercise, and replace it with an existing ASP.NET application called ASP.NET Chart Controls which Scott Guthrie announced last year. This application did not work on the PDC release of Azure, but Azure now allows web applications to run in Full Trust with some minor tweaking.

We now have our solution complete and have one web role we would like to deploy to the cloud. We must now publish the solution to Azure. We right-click on the Cloud Service project and click “Publish” which opens up the Azure Developer Portal.

After logging in with Windows Live, you want to deploy your application to the Staging Environment before pushing it live. To deploy, you simply select the application package (cspkg) and configuration definition (cscfg) from your “/publish” folder in the cloud service “/bin/Debug” directory.

Clicking on “Deploy” will load the Azure package and service definition to the cloud and create a VM necessary to run the application. The environment takes some time to setup and will show its state as “Initialization” until the VM is entirely ready. You are given a URI based upon a randomly generated GUID to view your application and test it before moving it into production. Having two environments is nice if you also have database changes that need to coincide with your deployment.

Once the application has been verified, you can click the center arrows icon to swap the Staging site into Production. You can see the two environments have now been switched.

Azure does make the deployment process a bit more involved, but there is an managed Azure Deployment API in the works to automate the build and deploy steps you may need in your organization. You can view our sample ASP.NET Chart Controls application running on Azure Services (cloudapp.net). Kudos to Microsoft for allowing full trust applications! We will be watching for more exciting features from the Azure Team.

I’ve grabbed this post directly off of teh US-CERT security site.  To review the original and other great articles, please visit the site at

http://www.us-cert.gov/cas/tips/ST04-014.html

National Cyber Alert System

Cyber Security Tip ST04-014

Avoiding Social Engineering and Phishing Attacks Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information.   What is a social engineering attack? In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility. What is a phishing attack? Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as natural disasters (e.g., Hurricane Katrina, Indonesian tsunami) epidemics and health scares (e.g., H1N1) economic concerns (e.g., IRS scams) major political elections holidays How do you avoid being a victim?   Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.  Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.  Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.  Don’t send sensitive information over the Internet before checking a website’s security (see Protecting Your Privacy for more information).  Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).  If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).  Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic (see Understanding Firewalls, Understanding Anti-Virus Software, and Reducing Spam for more information).  Take advantage of any anti-phishing features offered by your email client and web browser. What do you do if you think you are a victim? If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.  If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.  Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.  Watch for other signs of identity theft (see Preventing and Responding to Identity Theft for more information).  Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).

So, you’ve installed SharePoint Portal 2007 on a Windows 2003 R2 box.  You go to launch IIS manager and BAM…nothing there.

 

 

 

 

 

WHAT! ARG! I QUIT!.  But settle down, we’ve got you covered.
This is a bug and MS has a hotfix. 
It appears the problem has to do with the SharePoint Timer Service. 
Generally, doing an iisreset fixes the issue, but for a permanent fix, check out this KB, and get yourself the hotfix!

 http://support.microsoft.com/kb/946517

Happy Collaborating!

I imagine most of us are familiar with the newest technology buzz phrase…”Cloud Computing”.  I would also be willing to bet that most of us are even using some sort of “Cloud Computing” service (whether we know it or not).  In this post, I’d like to talk about a gem of an integration program a client just introduced me to. 

The Programs:

• Microsoft SkyDrive http://skydrive.live.com
  Free Online Cloud storage service provided by Microsoft Live which allows up to 25GB of storage space!
• Gladinet http://www.gladinet.com
  Free or Purchase Desktop Integrator for Cloud Storage

The Setup

The first thing you need to do is get yourself a Windows Live account if you dont have one.  Then simply go to skydrive.live.com and login.  you should see a screen similar to this:

 
 

 

 

 

 

Pretty straight forward as far as what you can do…Now, let’s kick it up a notch. 

Adding Spice:

Now that you have your Cloud Storage vendor/account ready to go, it’s now time to add a little “cool factor”  by going out and getting an application called Gladinet.  Gladinet is a Desktop Integrator for Cloud Storage and has a free version as well as a Professional version.  Be sure to check them out here:  http://www.gladinet.com/

Just download and follow the simple install.
64bit Version
32bit Version

Once your done, simply go to programs and launch the application:

Now you have a new drive that you can drag and drop files into!! What’s even better? Gladinet supports automated backups and a whole host of vendors outside of Microsoft, like Google, etc.

Good luck and Happy Cloud Computing!

JP

With the never ending fight to reduce spam, phishing messages, malicious attachments and other evil message trends it never amazes me how far some companies are willing to take their spam filters to protect themselves. It’s always that once piece of the security triad that seems to be the kicker. Availalbility! I completely understand companies saying “drop all attachments”, “no html”, etc. On the hand at what point can one crack down on the spammers yet still consider email as a valid and reliable source of communication. I have recently come across a scenario where maybe .05% of emails were not actually making it the intended recipeints but no NDR was produced. It turns out that the messages were being marked as spam.

So, I looked at the normal things that may cause that; are they on a blacklist, does the RDNS record exist and is it valid, can I email AOL/Gmail/etc (those will point out most issues), does the sending server show a clean record of delivering said items. Everything in this case proved successful. So I ran the messages, the same messages getting blocked through 2 different spam engines and look at what it was giving them a rating as. Barracuda and MailScanner/SpamAssassin showed the message in the negatives (perfectly fine) and were far from scoring a blockable item.

I started searching Microsoft’s sites to find out if there is an issue with Exchange 2007 failing to send out mail without providing an NDR. After several white papers I found that the problems were in the “Received:” and “Thread-Index:” message headers of the email. Custom rules were created at the recipient locations that blocked the message if the “Received:” routing information was not verifiable or the IP addresses in the header were anything other than the matching RDNS MX record.

There are a couple of different ways to correct this. For this specific scenario, where an Edge Transport server was utilized, removing not only the edge transport server from the permissions regarding the “Send Routing Headers” rights.

In the Exchange shell this would be:
Remove-AdPermission -identity “EdgeSync – ” -User “MS Exchange\Edge Transport Servers” -ExtendedRights MS-Exch-Send-Headers-Routing

(without an edge transport)
Remove-ADPermission -id “Organization to Internet” -User “NT Authority\Anonymous Logon” -ExtendedRights Ms-Exch-Send-Headers-Routing

This can also be accomplished by using ADSIEdit.msc and right clicking on “CN=Configuration -> CN=Services -> CN=Microsoft Exchange -> CN= -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Routing Groups -> CN=Exchange routing Group -> CN=Connections -> CN=”Select Send Header Name” Once there go to properties -> security -> Advanced. Here you can change the accounts permission on the Send Routing Headers and remove any “Account Unkowns”, Anonymous Logon and/or Edge Trasport users. By removing them from the permissions list it will also take them out of the Organization and Forest Header information. This seems to have takent the Thread-Index issue from getting caught as spam as well.

I was testing one of our web applications one day and happened to see a simple Stored Procedure took over a minute to complete.  The Stored Procedure only takes one parameter.  If I get rid of the parameter and directly run the SQL statement inside the Stored Procedure, it took less than a second to complete.  So, I bet the problem is about the parameter I am passing in the Stored Procedure.  I checked their Execution Plan.  The Execution Plan of the Stored Procedure is much more complex then the simple Query and it has a much higher estimated cost.

I did some research online, and people are saying that the Parameter Sniffing could be the cause.  I tried to avoid it according to this post, but it didn’t make much difference as far as how long it takes for the Stored Procedure to complete.

After trying many different things, I finally found out the problem.  The Stored Procedure was dynamically created from user-defined query using SQL Server Management Object within our .NET web application.  We also allow users to define parameters (such as @Param1) in their Queries.  Since we don’t know the maximum length of the string parameter, we used varchar(MAX) for all string type parameters.  That’s the cause of this problem.  Once I changed the varchar(MAX) to varchar(200), the Stored Procedure started running much faster and the Execution Plan looks very similar to the simple Query now.  Problem solved.

Just for curiosity, I compared some other scenarios.  I found out that varchar(MAX) doesn’t always make a huge difference in performance.  The Stored Procedure I had problem with had a target table in a remote database (Linked Server) and the version of the remote SQL Server is 2000 where varchar(MAX) is not supported.  I am surprised that I didn’t get any exception when I run the query.  I am not sure what SQL Server does in the back end to make this unsupported data type to work, but apparently it slows down the query execution.