A completely awesome message box

The July 2007 CTP's of the Guidance Automation Extensions horks up Visual Studio 2008. This guy has a fix and says "it's an easy one". I didn't care; I have nothing invested in these tools so I just attempted to uninstall it. However, while doing that, I got this ... less than helpful message box:

Turns out you have to uninstall Enterprise Library >= 3.0 before uninstalling the GAX/GAT. Did that and was able to uninstall.

I found that there is now a February 2008 release (not CTP, get it here). So, I pressed my luck and installed those. I guess it works. At least it didn't blow up when I tried to create a new web project. Here's the order of events that I did:

1. Uninstall EntLib 3.1
   
2. Uninstall GAT July 2007
   
3. Uninstall GAX July 2007
   
4. Re-install EntLib 3.1
   
5. Install GAX February 2008
   
6. Install GAT February 2008
   

Remember that the GAT is dependent on the GAX.

Secure Pages

Here's a short one. Like most web applications, the one that I am working on right now has pages that only a subset of users should have access to (admin pages, for instance). We are using the built in ASP.NET authorization mechanism. When an authenticated user attempts to get to a page they shouldn't see, we would like to show a generic error message and do some logging on the server. It turns out that ASP.NET simply redirects the user to the configured login page.

So, the scenarios are currently like this:

Figure 1: Default authentication scenarios

What we would prefer is the following:

Figure 2: Desired authentication scenarios

I was unable to find a normal way to configure this. The hunting we did produced a few hits for handling the 403 HTTP code (Unauthorized). Actually no 400 codes get sent in this situation, so I played with it until I got a workable solution. Basically, I configured the forms loginUrl
to the error page. Then, in Global.asax, added some code to the PostAuthenticateRequest event handler to send an unauthenticated user back to the login page. Here are a few snippets.

<configuration>
<system.web>
</compilation>
<authentication
mode="Forms">
<forms
loginUrl="~/Unauthorized.aspx">
</credentials>
</forms>
</authentication>
<authorization>
<deny
users="?"/>
</authorization>
</system.web>
<location
path="Login.aspx">
<system.web>
<authorization>
<allow
users="?"/>
</authorization>
</system.web>
</location>
<location
path="Admin.aspx">
<system.web>
<authorization>
<allow
users="AdminGuy"/>
<deny
users="*"/>
</authorization>
</system.web>
</location>
</configuration>

Listing 1: Portion of web.config

protected
void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{

int compare =

String.Compare(HttpContext.Current.Request.PhysicalPath
, Server.MapPath("~/Unauthorized.aspx"), true);


bool unauthenticated = ((HttpContext.Current.User == null)
(!HttpContext.Current.User.Identity.IsAuthenticated));


if ((compare == 0) && unauthenticated)
{
Response.Redirect("~/Login.aspx?" + HttpContext.Current.Request.QueryString);
}
}

Listing 2: Global.asax code

Here is a stripped down solution that demonstrates the idea.

Windows Server 2003 R2 on Virtual PC 2007

Here is my first "guide". This one is beefy enough to warrant a PDF. This document demonstrates configuring three virtual servers with Windows Server 2003 R2 in Virtual PC to communicate with each other and with the host PC. Recently, this has been a pretty useful model for testing out distributed applications. I will post on the specifics of that in a future installment.

Click here to get the guide.

What is a framewreck?

The word itself is a portmanteau of framework and train wreck. The word framework seems to be a bit of an overused buzzword in software development these days. It seems like every library or component or runtime is described as a framework. Of course, train wreck implies carnage, chaos, confusion and failure. Fusing these words gives the sense of that precarious path that a software developer and architect walks between creating an elegant solution or causing total disaster.

Sometimes I find that when I need to solve a problem, the documentation is either too vague and "high level" to be of any help or it is focused on some irrelevant esoterica. So, like most people, I just roll up my sleeves and try to fill in the blanks between the nebulous and minutial resources at my disposal. I have built hundreds, if not thousands of samples, proofs of concept, mock-ups and the like just to get my head (or somebody else's head) around how a technology really works. However, I rarely if ever capture that knowledge into anything other than my own short term memory. Consequently, after a few days or weeks, it is gone.

This is my attempt to keep what I learn, when I learn it, and then turn it around into something that I can share with others. If that resonates with you, then tuck me away at the bottom of your RRS list and stay tuned as I try to keep track of my own attempts to string together meaningful solutions.