Have a look at this link: https://survey.google.com/wix/p0986235.aspx Uhm… let’s have a look at the source HTML of the page, and we’ll not find the “_VIEWSTATE” hidden field (it should be there also if we disable the viewstate in the @Page directly and for every control in the page) and the “__DoPostBack” Javascript method to submit the form… ? I may be completely wrong, they could have removed the unused _viewstate hidden field on the server right before sending the html stream to the client, but why? Just to save 2-3 Kb? Don’t know… sounds like a “trick”… maybe they just wanted to check the reaction about the file extension… ? Just to be clear: I don’t find anything wrong with it, just fun ? What do you think? Carlo
-
-
Channel9 speaks Italian
A few weeks after the Italian MS bloggers have joint in a (for the moment) small community and started promote their content, today I’ve been told that Channel9 started hosting non-English content, and guess what…? The first video of this series (in the home page ?) is in Italian! ? They’ll interview Italian people working in Redmond, of course talking about technology; in this first video Vittorio Bertocci interviews Mauro Ottaviani and they talk about WCF and performance. So, if you can read Italian keep an eye on https://channel9.msdn.com/tags/Italia? Carlo
-
Blog addict?
Uhm… should I try to improve or somehow “worsen” this figure? ?? Carlo
-
Your login attempt was not successful. Please try again
This time the customer was using the “Web Site Administrator Tool” wizard to create the authentication mechanism (based on SqlExpress membership) for his site. As usual everything was working fine on his development machine, but after deploying the application on the live web server users were no longer able to authenticate, and they got the message “You login attempt was not successful. Please try again.“, and in the event log we found a few messages like the following: Event code: 4006 Event message: Membership credential verification failed. Event time: 13/04/2006 13:23:30 Event time (UTC): 13/04/2006 12:23:30 Event ID: 89ff87b6e2d8490c9b873730e50af976 Event sequence: 3 Event occurrence: 1 Event detail code: 0 Application information: Application domain: /LM/W3SVC/1/Root/myapp-1-127894037524081250 Trust level: Full Application Virtual Path: /myapp Application Path: d:\inetpub\wwwroot\myapp\ Machine name: WEBSERVER Process information: Process ID: 5540 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Request information: Request URL: http://<web server ip>/myapp/login.aspx?ReturnUrl=/myapp/search.aspx Request path: /myapp/login.aspx User host address: <web server ip> User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Name to authenticate: administrator The problem is that this error message is misleading; we found out that the…
-
Debugger not debugging, and Response.Redirect() not redirecting…
The customer was working on a WinXP machine joined to a domain, but had logged in using a local account (I’ve not tested if this may have contributed to the problem so this may be a useless information). Anyway to make things easy I connected to the faulting machine using EasyAssist to have a better look at the configuration: everything looked fine both in IIS and Visual Studio. Interestingly browsing the application from IE directly we found that even if he was using “http://localhost/app” the page was shown in the “Internet” zone (hence the debugger error). This usually happens when the application is created using either the IP address or the FQDN (Fully Qualified Domain Name) of the web server; to verify, we created a new test project as “http://localhost/test” but got the same debugging problem, and again the page belongs to the Internet zone. As a test we enabled “Automatic logon with current username and password” for the Internet zone and then the debugging started working fine. Talking about this with my team colleagues they suggested uncheck “Automatically detect intranet network” in the “Local Intranet” settings and enable the three remaining checkboxes; this because under some circumstances IE may…
-
How to: contact Carlo
Lately I’ve been receiving emails and comments to my posts asking for help on specific issues, to request hotfixes etc…. Unfortunately I can’t guarantee the attention needed in those cases since I blog in my spare time (what’s left ) and can’t always be there monitor the blog; if you need assistance the best choice is go through official support channels such as http://support.microsoft.com, and you’ll have in depth assistance from either me or one of my colleagues depending on the technologies involved and where you are based around the globe. In any case, if you want to communicate with me directly and you open a Service Request you could specify to have the case to my attention (but this does not guarantee I’ll be really the person that will work on it, because of the technologies and different skillset we have in the team!), or you can use the “email” module you find in my blog; this will send a mail to me directly and I’ll hopefully be able to reply to you directly, without having to rely on post comments to communicate. Carlo
-
Avoid UAC prompt in IE component
Wow, this has been a tough one I closed this afternoon. The customer has developed a custom IE toolbar to interact with their portal, and found that when running this on Vista, IE displayed a warning dialog asking the user’s consent to run an external program; in particular that was happening when the toolbar was calling a Web Service to retrieve some content from the web server. If for test we denied the permission to run the external problem, we got this error message: “System.Runtime.InteropServices.ExternalException: Cannot execute a program. The command being executed was “C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe” /noconfig /fullpaths @”C:\Users\Vista\AppData\Local\Temp\Low\ev4a0rzg.cmdline“.” The exception occurred when the SOAP client proxy tries to spawn the compiler to generate the type serialization assemblies the first time the web service is called. After the usual log analysis we setup a repro in a virtual machine, and we found that this was not an UAC issue but rather an IE Protected Mode problem (by the way, Protected Mode in IE is currently available only on Vista, so maybe this is why the customer thought to this as an UAC issue); this was confirmed by turning off Protected Mode for a test, and the prompt to the user disappeared.…
-
Quick hint: “Server Unavailable” error
I stumbled into this error this afternoon, while working on a repro for a customer: if you need to have your application pool running under an account other than the default NETWORK SERVICE, and when you try to browse your application you get a nasty Service Unavailable error, check if you remembered to add that account to the IIS_WPG group… ? Carlo
-
ActiveX component can’t create object… a tough one!
This week I’ve been working on a case from a customer who was migrating his web application to Windows 2003, and while on the old servers (Windows 2000) and on his development machine everything was working fine (as usual š), after deployment on the production server he got a nasty “ActiveX component can’t create object” errorĀ message, and was not able to fix it. The troubleshooting started from the usual and maybe most obvious possible causes (component registration, permissions etc…), but we soon realized the problem was not that obvious as we expected. The application was made by a custom ActiveX VB6 object which internally referenced other custom dlls and msrdo20.dll; this was then embedded into a .aspx page to show some use interface in IE to the end user. The customer sent me his application to try to reproduce the problem on my machine, and at the first run I got exactly the same error message he reported! Ah Ah! I got you! šĀ On my machine IĀ got rid of it registering all the involvedĀ components, something we already tried on the phone, butĀ worth another check.Ā I came back to the customer and set up an EasyAssist session to carefully check his…
-
Security bug in Vista recovery console? Well… not quite…
My colleague Feliciano Intini (Chief Security Advisor here at Microsoft Italy) just pointed me to his postĀ were he comments about a news which is (re)spreading across the web about a security hole in the recovery console in Windows Vista: if you can read Italian here is the post, otherwise go on an ready my translation. Third episode of my anti-FUD column. True story (unfortunately): a few days ago someone has stolen the motorbike of a colleague of mine whom was working at a customer’s site.How was the bike protected? With that special padlock which locks the front wheel, without any sort of chain to fasten to a physical stand. How did they stole the bike? They arrived with a truck, a few guys got off it and they loaded the bike by sheer force in less than 5 minutes! What do I want to say? Here is a fundamental concept in security field: physical security is the basis for all security. False fact: I’m reading in variousĀ posts which quote an article by Finnish Kimmo Rousku, which Windows Vista apparently has a security hole which “allows to gain unlimited access to anyone who has physical access to the pc, even if…