Search results matching tag '.NET'

“Parser Error Message: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms.” when .net page has debug=”true”

Anonymous — Mon, 20 Jul 2009 16:37:00 GMT

Recently, I came across an issue where the customer faced an FIPS (Federal Information Processing Standards) related error on the .aspx pages which had debug=”true”. His ASP.net application was hosted on IIS7 running on Windows Server 2008 SP2. And, he was able to reproduce the issue using a very simple page. The error message was:

Looking at the error, we know that there are articles like KB 911722 and a good blog - Enforcing FIPS Certified Cryptography which discuss the same issue.

In Windows Server 2008, the FIPS related registry key is:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy] "Enabled"=dword:00000000

With the setting "Enabled"=dword:00000000 we know the FIPS enforcement is disabled.

While troubleshooting, we checked the Local Security Policy setting on the server, at Administrative Tools -> Local Security Policy -> Local Policies -> Security Options -> “System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing” and it showed that it was disabled.

The customer said that sometime back his domain administrators enabled FIPS on their Windows Server 2003 DC and that they enforced it domain-wide using Group Policy. They had then disabled the setting due to the application starting to fail with the Parser Error.

The customer did have a workaround, they can follow the article Disabling the FIPS Algorithm Check i.e. adding <enforceFIPSPolicy enabled="false"/> in their web.config file, however the customer was keen to know the cause of the issue..

So, we know on Windows Server 2003, the registry key for FIPS is

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "fipsalgorithmpolicy"=dword:00000001

With this in mind, we checked the registry hive on the customer’s WIN2K8 server and there was this WIN2K3 dword value set ("fipsalgorithmpolicy"=dword:00000001). This was in fact causing the issue. It looked like the Win2k3 domain Group Policy added the registry key on the Windows Server 2008 but did not change the value of the key back when the Group Policy was changed.

I tried to reproduce the issue on my own server by forcing FIPS using Windows Server 2003 DC on my Windows Server 2008 IIS server, and the registry key does gets modified when I enable FIPS from GPO. After disabling FIPS from GPO I did “gpupdate /force” from the command prompt on my Windows Server 2008 server and the registry value is changed from 1 to 0.

Resolution:

To resolve the customer’s problem, we removed "fipsalgorithmpolicy"=dword:00000001 from [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa].

Doing a bit more research into the mechanics of the issue, here is what I believe happens: first .NET checks to see if the applicable config file (web.config) has the FIPS enforcement disabled. If the config file doesn't have it disabled then it calls BCryptGetFipsAlgorithmMode (public API) to see what is set in the registry. Inside BCryptGetFipsAlgorithmMode it first reads "HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled". If that is not set it then reads "HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy"

HTH.

Tip #75: Did you know…How to maintain scrollposition after post back?

Anonymous — Mon, 08 Jun 2009 19:43:04 GMT

When web pages are posted back to the server, by default user is returned to the top of the page. On a large web page, you might have a requirement to scroll down the user automatically to the last position on the page.

MaintainScrollPositionOnPostBack page property can be used to achieve this in one of the following ways.

Application level: To set the property by default for all pages in the website, open web.config and add the attribute to the pages node.

<pages maintainScrollPositionOnPostBack="true">
Page Level: for a particular page, open the aspx and set the property

<%@ Page MaintainScrollPositionOnPostback="true" ...
Code level: to set the property programmatically

Page.MaintainScrollPositionOnPostBack = true;

Hope this helps.

Deepak Verma
SDET | Visual Web Developer

Episode #1 of the Misfit Geek Podcast is now LIVE !

Anonymous — Thu, 28 May 2009 12:56:34 GMT

The first podcast in my new series is now live at http://misfitgeek.com/podcast/misfit-geek-podcast/

This episode is an interview with Senior Lean PM Scott Hunter on the future of Web Forms.

Hope you will listen, subscribe and enjoy !

Technorati Tags: podcast,microsoft asp.net ajax training,.net,asp,asp.net,web forms

CannonPI teaser video

Anonymous — Thu, 07 May 2009 17:58:01 GMT

There is a new video up on youtube that is the beginning of many more videos. You should check it out and look for for more coming soon.

Also, see if you recognize any of the people in this, feel free to post here who you think they are.

Insides of Azure

Anonymous — Fri, 14 Nov 2008 11:00:00 GMT

Want to get more details about Windows Azure? There is a really helpful video done by Channel 9 that talks about this upcoming product and how it works.

I think this gives great details about the architecture and also how you will use this and what it will be good for. Check it out:

Dharma Shukla: Inside Live Framework

There are a bunch of other details you can find out about this product so feel free to post your favorites in the comments.

Windows Azure and you

Anonymous — Tue, 11 Nov 2008 11:00:00 GMT

So I have started to look at the new Windows Azure that we just announced, you can download the framework from here. You can also read more about it at Azure Services Platform Developer Center.

As I started looking at this, the main sample I was focused on was the PersonalWebSite Sample. It gives me a pretty good idea of how it is going to be to develop for this platform. But I haven’t been able to fully look into what it is going to be like to troubleshoot it. Especially from a production viewpoint.

Have you looked at this new platform yet? What are your thoughts?

IntelliSense for jQuery

Anonymous — Thu, 30 Oct 2008 15:28:00 GMT

As for reported here, we now have an official IntelliSense documentation file that will allow you to get rich intellisense for jQuery from inside of Visual Studio.

When you go to download jQuery, you will see a Documentation link. Or you can download it directly from here:
http://code.jquery.com/jquery-1.2.6-vsdoc.js

Using this file is simple, if you are inside an ASPX page, you can reference it like this:

<script src="jquery-1.2.6.js" type="text/javascript"></script>
<% if (false) { %>     <script src="jquery-1.2.6-vsdoc.js" type="text/javascript"></script>
<% } %>

The if (false) part will make sure we don’t render or execute this as a script but it will get loaded by IntelliSense.

If you are inside a javascript file, you can reference it in the normal way like:

/// <reference path="jquery-1.2.6-vsdoc.js" />

This also supports plug-ins. So you will get IntelliSense on the as well. Hope that those of you using jQuery can put this file to good use.

Strange callstacks

Anonymous — Wed, 29 Oct 2008 10:00:00 GMT

How many times have you been troubleshooting a dump or application, you look at the callstack and you see something that just doesn’t quite look right. Chances are the problem is that you don’t have correct symbols.

For example, if you see something like this:

Vswebdesign!DllCanUnloadNow+0xb02a0
Vswebdesign!DllCanUnloadNow+0xb8ef4
Vswebdesign!DllCanUnloadNow+0xb2203
Vswebdesign!DllCanUnloadNow+0xb248f
Vswebdesign!DllCanUnloadNow+0x2c406
Vswebdesign!DllCanUnloadNow+105a89
...

That usually is pointing to this problem. You can see that the offsets for the functions are very large. Also, the callstack is the same function repeated over and over. And most applications probably don’t call DllCanUnloadNow.

If you get this problem, you can try to get the correct symbols, or just understand what you are seeing here and know that you aren’t seeing the correct functions. For most things that concern you, you should be able to get the correct symbols so that you can properly resolve your callstacks.

XPerf: A CPU Sampler

Anonymous — Fri, 10 Oct 2008 10:00:00 GMT

Seema just had a great about using XPerf to troubleshoot CPU issues when using Silverlight. This can also be used in the same way to troubleshoot ASP.NET or IIS.

What can XPerf tell you? Seema answers that question, it can find out:

Is my app asking Silverlight to constantly spin on CPU cycles.
Whether one UI layout or design is more expensive than the other.
Whether the time is spent in drawing (agcore.dll), the plug-in’s interactions with (npctrl.dll), or in compilation/JIT (coreclr.dll)
How much is stretching/blending/rotating that video going to cost in terms of CPU cycles? How about if you encode it differently?

You can read more about XPerf and how to download and use it from Seema post here.

Note: The tools only work on Vista and Windows Server 2008.

ASP.NET Tip: When to use which Session Server

Anonymous — Fri, 03 Oct 2008 10:00:00 GMT

There are 3 different ways you can store session in an ASP.NET application:

InProc (default mode)
State Server
SQL Server

InProc means we store the data in the same process (in memory) on the web server, in the worker process. This has some distinct advantages in that it is faster since everything is in the same process. It also means you can store anything in session as you don’t have to worry about serializing the data.

State Server is a process that runs separate from the worker process. This can run on the same machine or on a different machine. The advantage to this one is that if the worker process crashes, you don’t lose your session. Also, you can do some sharing of session across multiple servers in the web farm. To enable using State Server, you add the following configuration setting:

<configuration>
  <system.web>
    <sessionState mode="StateServer"
      stateConnectionString="tcpip=SampleStateServer:42424"
      cookieless="false"
      timeout="20"/>
  </system.web>
</configuration>

SQL Server mode is similar to State Server except that the data is stored in a SQL Server database. This is the best option if you are expecting heavy use as SQL is designed to handle large loads of requests. To enable SQL Server, you add the following configuration setting:

<configuration>
  <system.web>
    <sessionState mode="SQLServer"
      sqlConnectionString="Integrated Security=SSPI;data 
        source=SampleSqlServer;" />
  </system.web>
</configuration>

For the last two choices, it is best to encrypt the connection string for security purposes. For steps to do that, check out Encrypting Configuration Information Using Protected Configuration.

There is another method, but it is creating your own provider. You can get more information on doing that at Implementing a Session-State Store Provider.