This blog is subject the DISCLAIMER below.

Tuesday, April 28, 2009

How to create SQL Server Login programmatically?

Q. How to create SQL Server Login programmatically?

I got this question from Daniweb C# forum, and of course when I need to do something against SQL Server object from .net I go to SMO (SQL Server Management Objects) which provides a great functionalities to do anything with SQL Server instead of going on SSMS and create some scripts then embedding them into stored procedure then call it…. off…

Anyway to avoid showing how much I’m talkative…

Create any C# project type (Windows, Class Library or even Console one), add reference to Microsoft.SqlServer.Smo, Microsoft.SqlServer.ConnectionInfo
and Microsoft.SqlServer.SqlEnum

Server sqlServerInstance = new Server(                 new Microsoft.SqlServer.Management.Common.ServerConnection(                 new System.Data.SqlClient.SqlConnection("Data Source=.;Initial Catalog=Master;Integrated Security=True")));// your connection string I place mine for illustration..             Login loginObj = new Login(sqlServerInstance, @"DomainName\UserName");             loginObj.DefaultDatabase = "Master";             loginObj.LoginType = LoginType.WindowsUser;             loginObj.Enable();             loginObj.Create("password"); //set the password             //there're many properties to do some tasks related to Login object...

If you used LoginType.WindowsUser, be sure to provide valid windows username and if you aren’t on Domain use the machine name instead.



If you need to create SQL login use LoginType.SqlLogin…



You can explore Login class more on http://msdn.microsoft.com/en-us/library/microsoft.sqlserver.management.smo.login.create.aspx

.. more.

Friday, April 24, 2009

How to secure my ASP.Net web Application (XSS)

mmm, I'm not good enough in wrting a good introduction to my posts, so i'm going to get into the point directly. How to write a secure ASP.Net web application.

I will show you in this post the most common attacks on ASP.Net applications and how to prevent these attacks to happen on our Application.

1) Cross site scripting(XSS)

is the most common attack, it represents about 85% from web sites attacks. XSS happens when the attacker tries to inject a java script in any input controls like textboxs for example then submit this input to the server.

example: try to input this code in a test page has a one textbox to take ur user name and a button to preview this username -

<script>alert("Hacked using XSS");</script> -

i hear someone says, hehehe, i can validate the input text to see if it contains the tag <script> or not !!
ok, please make ur check then compile, and enter this text in ur textbox and tell me the results
-<body onload="alert("Hacked too ??!!?");"> -

sure any attacker will not write these kind of scripts, s/he may get ur cookies values, may be s/he put a script on ur server which make an automatically redirect any user to any other page may be may be may be ...

I think now it is clear what is XSS, but how can we secure our ASP.Net application aginst this famous attack? there are many good practices like,

  1. Make sure that ValidateRequest attribute in Page tag is always true ( try to make it true and try this attack again.
  2. Use HtmlEncode Method in HttpUtility class which applies HTML encoding to a specified string and return the encoded string not to be executed as a client-side script(try to set ValidateRequest="False" and use HtmlEncode Method ).
  3. Don't trust user's input and always keep validating aginst any special characters in the input.

C u in the next post



.. more.

Sunday, April 12, 2009

Twitter Common Friends

For the past couple of months, A lot of people (who I don't know) have been following my twitter.. Mostly they don't look like anybody I know, not even Egyptians, & I'm not that popular anyway.. I'm ok with people following me anyway.. My twitter is public, & I'm not planning to change that.. But sometimes I need to know if these are real people who are in my twitter "social network" or just some sort of zombies or bots..

I've just created a small app to act like "common friends" in Facebook so I can find out whether I really know them or not.. Actually a couple of these followers are really interesting people & I'm following them now.. The app finds common people you're follwoing.. not common followers, the followers all is almost the same it just need authentacation..



The application depend on a single twitter API which takes the user name as a parameter & returns an xml (or JSON) file of their freinds for eg these are my friends xml file:

http://twitter.com/statuses/friends/mshady.xml



I used the "XML schema definition" tool (Xsd.exe) to generate the class to use the xml nodes directly as nodes rather than querying the XML document.. I'm such a lazy coder.. I know :D..

Once the xml is deserialised into the users datatype like this:


XmlSerializer oXmlSerializer = new XmlSerializer(typeof(users));
users oUsers1 = (users)oXmlSerializer.Deserialize(
                     XmlReader.Create(@"http://twitter.com/statuses/friends/"+textBox1.Text+".xml"
                        ));

All you need to do is to find the intersection set between the two list/sets.. & display them
 
The source code & binaries are available here: http://cid-570d40f05cc0dc13.skydrive.live.com/self.aspx/Sample%20Code/TwitterTest.rar

.. more.

dotNetWork.org April09 gathering

First thing to say, please don't mix this event with Microsoft Innovation day organized by MSFT jointly with almost every Egyptian UGs.. I'll be blogging about that later..

This month we are a bit earlier than usual (or should I say we are late for last month gathering? :D).. The gathering will be on April 18th (next Saturday)..

Concerning the venue, this gathering we will try a new thing, we will hold it at Fridays, City Stars.. This is a bit limiting so this time our maximum count of attendees will be around 60.. Also there's a special-priced menu for DNW.. So if (only if) you're interested & your schedule is free next Saturday from 10:00-13:00.. Please register..

So to know if you're interested The speakers are

Hossam Kamel
Senior Software Engineer - ESRI, Northeast Africa

Mohamed Samir
Technical Lead - Timeline Interactive, Inc.

Concerning the agenda:

10:15 - 11:15
Testing automation using VSTS 2008 (for Dev & QC):
Lots of demos for both developers & testers..So Testing Engineers, please join us!!
Hosam Kamel
11:45 - 12:45
"CellFactor®: Psychokinetic Wars", challenges and achievements:
CellFactor is first-person multiplayer shooter game, developed for  PS3 and XBOX 360 by a mostly-Egyptian team.
Mohamed Samir


Btw, Guys, just to make sure it won't be understood wrong (again) Attendees will be paying for their own meals.. DNW is only organising the event :)

For more info, updates, registration
http://dnkapril-emailinvite.eventbrite.com/
You can, Also, find the menu there :D

There's also a Facebook event but registration only counts on through eventbrite..
http://www.facebook.com/event.php?eid=68200144013


Other helpful links:

Yahoo!Group:
http://tech.groups.yahoo.com/group/dotnetworkorg/

Facebook Fan Page:
http://www.facebook.com/pages/netWorkorg/13135685545

Facebook Group:
http://www.facebook.com/group.php?gid=2409268236


PS: I'll update the post with the poster as soon as it's ready.. isA

.. more.

Tuesday, April 07, 2009

EgySUG Launch

Egypt SharePoint user group real launch (after a couple of sessions with DNW) is expected to be next Thursday, isA.. It will be featuring Joel Oleson. The session title is "10 Steps to Successful Deployments".. For more info, check the UG calendar..

Concerning the time & place:
18:30-21:00 @ Microsoft-Egypt, Smart Village..

Transportation will be available from in front of Masbiro mall beside Ramses Hilton, Abdel Moneim Raid Square starting from 17:15-17:30..

Attendance is free as usual.. but registration is needed here

For any further inquiries call Ebeid Soliman: 010 5064 838




PS. : Sorry for the late notice

.. more.