Joseph Michael Pesch
VP Programming

aspnet_... Security Configuration

by 21. November 2008 19:36

Consists of SQL script to install database objects along with ASP.Net web site components.

Run %systemroot%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe to install the ASP.Net user framework objects (tables, procs, etc.) into a SQL server database. 


Script to create database objects (in lieu of running the exe above): 
aspnet_Security.sql (238.96 kb)

Backup copy of emtpy database containing just the standard security objects: aspnet_Security.bak (1.83 mb)

Script to export data from: aspnet_Applications, aspnet_Users, aspnet_Membership, aspnet_Roles and aspnet_UsersInRoles tables: aspnet_SecurityDataExport.sql (4.80 kb)

See sample web.config and Login.aspx with some security features in code-behind: Sample.zipx (2.81 kb)

Adding a user to basic security roles:

EXEC sp_addrolemember 'aspnet_Membership_BasicAccess', 'usernamehere'
GO
EXEC sp_addrolemember 'aspnet_Personalization_BasicAccess', 'usernamehere'
GO
EXEC sp_addrolemember 'aspnet_Profile_BasicAccess', 'usernamehere'
GO
EXEC sp_addrolemember 'aspnet_Roles_BasicAccess', 'usernamehere'
GO
EXEC sp_addrolemember 'db_datareader', 'usernamehere'
GO
EXEC sp_addrolemember 'db_datawriter', 'usernamehere'
GO

Script to add new user to application and role (adds the application and role also if necessary)

declare
  @appName varchar(50)
, @userName varchar(50)
, @emailAddress varchar(100)
, @roleName varchar(50)

select
  @appName = 'ApplicationNameHere'
, @userName = 'UserNameHere'
, @emailAddress = 'UserEmailHere@Something.com'
, @roleName = 'RoleNameHere'

declare
  @appId uniqueidentifier
, @userId uniqueidentifier
, @roleId uniqueidentifier

select @appId = ApplicationId from dbo.aspnet_Applications where ApplicationName = @appName
if(@appId is null) begin
  set @appId = newid()
  insert into aspnet_Applications values(@appName, lower(@appName), @appId, @appId)
end

select @roleId = RoleId from dbo.aspnet_Roles where RoleName = @roleName
if(@roleId is null) begin
  set @roleId = newid()
  insert into aspnet_Roles values(@appId, @roleId, @roleName, lower(@roleName), @roleName)
end

set @userId = newid()
insert into aspnet_Users values(@appId, @userId, @userName, lower(@userName), null, 0, '1/1/1900')
insert into aspnet_Membership values(@appId, @userId, '5lxSnTx3kTUzWgnLr8C2xHXOZYM=', 2, 't8DHyWEWq+/Yr/RNBvo6hw==', null, @emailAddress, lower(@emailAddress), null, null, 1, 0, getdate(), '1/1/1900', '1/1/1900', '1/1/1900', 0, '1/1/1900', 0, '1/1/1900', null)

insert into aspnet_UsersInRoles values(@userId, @roleId)

Tags:

ASP.Net | Security

Agile Development

by 18. November 2008 15:39

 

Neudesic - Microsoft - Agile Training Materials.zip (4.59 mb)

William Salazar – Development Contact for all development technologies including Visual Studio.

 

http://scrumforteamsystem.com/en/default.aspx

 

Infrastructure Optimization (IO)

 

Grady Booch - Object Solutions: Managing the object oriented project, 1996

People are more important than any process. Good people with a good process will outperform good people with no process every time.

 

Alistar Cockburn - Agile Software Development, 2002

I found no interesting correlation in the projects that I studied among process, language or tools and process success.  A well functioning team of adequate people will complete a project almost regardless of process, or technology they are asked to use.

 

A big process with heavy "Ceremonies and Artifacts" will not improve the likelihood of a successful project.  Having good people, with "enough" process provides the best likelihood of a successful project.

 

Repeatability vs. Invention

“Repeatability” of end product must have deviation of less than 3%.

“Invention” is process of defining new product (i.e. larger deviation from existing product), often involves a lot of research in addition to normal design and development (research time can be especially hard to estimate).

 

Extreme innovation, Sydney opera house, original estimate 3 years and 7 Million dollars, actually took 7 years and 100 Million dollars.  Construction keeps incredible statistics on building process estimations; as opposed to Software development which has no statistics to look at.  This points out the significant challenge that Software development faces specifically in the realm of estimation.

 

Statistically, small and medium size projects experience 25% change from conception to completion, large projects experience 35% change.

 

Responding to Change

·         “Loading the boat” vs. “Packing light”

·         Predicatively planned projejcts typically waste time on unneeded scope.

 

“Scope Bloat” – Example, winning year’s worth of groceries:

·         Style 1:  List everything you will need for the year (once and only once)

·         Style 2:  Request items as needed throughout the year

·         NOTE: With style 1 you will inevitably forget some things and request others you may not really need, just to be safe.

 

1988 study by the Standish Group:

·         45%  of features built are never used

·         19% are rarely used

·         16% sometimes

·         13% often

·         7% regularly

 
 

Predictive vs. Adaptive – Game of chess:  As complicated as chess is from a perspective of number of possible moves, building software is even more complicated.  We can invest heavily in an illusion of predictability in software development; however, that is all it is “an illusion”.

 

Command and Control vs. Empowered Teams – “Walk to your car and get me a pen”:  Stand up, turn left, 10 steps forward, turn left 20 steps forward, etc.  Most likely, he will get off track somewhere along the way, if he deviates from the plan and fails it will be his fault, if he sticks to the bad plan he will fail but at least it will be the planners fault rather than his.  The alternative is to just request a pen and let the capable person improvise and find a pen by his own means.

 

< Adaptive   Preditive >
Agile Iterative Waterfall

MSF 4.0 for Agile 2006 **

MSF 4.0 2006 **

MSF 4.0 for CMM 2006 **

Scrum 1993

MSF 1994 **

PMM PMBOCK (PMP) 1999

 

CMM 1991 *

CMM 1991 *

 

Rational Unified Process 1981

 

* CMM (Capacity Maturity Model) – Not necessarily a process; however, it is typically misused as a label that you are CMM Level X… (Example of correct use: Scrum is a CMM Level III process).** Not a specific/rigid methodology; but rather, a framework for creation/adaptation into a custom methodology of your own.*** Other Agile Methods: Crystal Clear 2005, Lean, Adaptive (ASD) 2003, Feature Driven (FDD) 2000, Extreme Programming 1999, DSDM 1995, Test Driven Development (TDD). 

Agile Software Development Manifesto (http://www.agilemanifesto.org)

“We are uncovering better ways of developing software by doing it and helping others do it.”

Through this work we have come to value:

·         Individuals and interactions over processes and tools

·         Working software over comprehensive documentation

·         Customer collaboration over contract negotiation

·         Responding to change over following a plan

That is, while there is value in the items on the right, we value the items on the left more.

 

Not “No Documentation”; but rather, what is the minimally sufficient level of documentation.

 

With all projects seeing an average of 25-35% change, why fight change, need to embrace it and work with it.  Need to be on same side of table (i.e. “our problem” vs. “their problem”) with the customer.

 

“Some problems are just hard, some people are just difficult, and processes cannot solve these issues.”


  Key Principals of Agile

·         Deliver actual working software (not demo software)

·         Harness change vs. fighting change

·         Start with teams of motivated people

·         Continuous open communication (identifying and solving issues, not getting into “blame game”)

·         “Empowered teams” over “command and control”

·         Time-boxed iterations in weeks

·         Strive for “sustainable page”

·         Team motivation, vs. individual motivation

Key stumbling block is horizontal development (e.g. UI developer waiting on DBA, etc.), need to work on “unblocking” self (e.g. define your interfaces as needed if the source developer is not available to do so).

 What agile feels like

·         Committed to “DONE” software list

·         People help each other and interact face-to-face

·         People don’t wait a day to communicate

·         Team members know to “give and take”

·         Team members remove roadblocks that other can’t or won’t

·         Non-team members “help” remove roadblocks, and avoid becoming roadblocks

·         Team members willing to “wear multiple hats”

·         Team members pull their weight

·         Team members help each other to pull more weight

·         “I know and trust that we are doing what will best move the project forward today.”

 

The Agile Toolkit Podcast http://agiletoolkit.libsyn.com/

 

Avoid “Velocity Pressure” which can create “Code Debt”, that is, pressure to meet unrealistic goal may result in short-cuts taken that will need to be cleaned up at some later point.

 

Fibinachi sequence (1, 2, 3, 5, 8, 13) plus epics 20, 40, 100 (where epics represent big features not yet broken down e.g. report generator).

 

Relative estimates (e.g. how complex/large one task is compared to another), should remain constant across team member abilities; whereas, velocity estimation is unique to peoples skills, ability, motivation/performance, environment, tools, team makeup, etc.  Good velocity planning is really only achievable after one or two sprints at which point you can apply the actual history of velocity against remaining tasks.

    

 

Tags:

[None]

Windows File Copy/Move Permissions Rules

by 18. November 2008 14:28

When copying or moving files in windows, the following matrix of rules applies to how permissions are either retained from the source or inherited from the target.

Permission Matrix

A
c
t
i
o
 n 

Move 

Keep

Inherit 

 Copy

Inherit 

Inherit 

 

Same
Volume
 

Different
Volume
 

Target Location 

            

Tags:

Windows

RoboCopy Usage Info

by 18. November 2008 14:25

-------------------------------------------------------------------------------
   ROBOCOPY     ::     Robust File Copy for Windows                             
-------------------------------------------------------------------------------

  Started : Mon Aug 25 09:31:13 2008

              Usage :: ROBOCOPY source destination [file [file]...] [options]

             source :: Source Directory (drive:\path or \\server\share\path).
        destination :: Destination Dir  (drive:\path or
\\server\share\path).
               file :: File(s) to copy  (names/wildcards: default is "*.*").

::
:: Copy options :
::
                 /S :: copy Subdirectories, but not empty ones.
                 /E :: copy subdirectories, including Empty ones.
             /LEV:n :: only copy the top n LEVels of the source directory tree.

                 /Z :: copy files in restartable mode.
                 /B :: copy files in Backup mode.
                /ZB :: use restartable mode; if access denied use Backup mode.
            /EFSRAW :: copy all encrypted files in EFS RAW mode.

  /COPY:copyflag[s] :: what to COPY for files (default is /COPY:DAT).
                       (copyflags : D=Data, A=Attributes, T=Timestamps).
                       (S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

           /DCOPY:T :: COPY Directory Timestamps.

               /SEC :: copy files with SECurity (equivalent to /COPY:DATS).
           /COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU).
            /NOCOPY :: COPY NO file info (useful with /PURGE).

            /SECFIX :: FIX file SECurity on all files, even skipped files.
            /TIMFIX :: FIX file TIMes on all files, even skipped files.

             /PURGE :: delete dest files/dirs that no longer exist in source.
               /MIR :: MIRror a directory tree (equivalent to /E plus /PURGE).

               /MOV :: MOVe files (delete from source after copying).
              /MOVE :: MOVE files AND dirs (delete from source after copying).

     /A+:[RASHCNET] :: add the given Attributes to copied files.
     /A-:[RASHCNET] :: remove the given Attributes from copied files.

            /CREATE :: CREATE directory tree and zero-length files only.
               /FAT :: create destination files using 8.3 FAT file names only.
               /256 :: turn off very long path (> 256 characters) support.

             /MON:n :: MONitor source; run again when more than n changes seen.
             /MOT:m :: MOnitor source; run again in m minutes Time, if changed.

      /RH:hhmm-hhmm :: Run Hours - times when new copies may be started.
                /PF :: check run hours on a Per File (not per pass) basis.

             /IPG:n :: Inter-Packet Gap (ms), to free bandwidth on slow lines.

                 /SL:: copy symbolic links versus the target.
::
:: File Selection Options :
::
                 /A :: copy only files with the Archive attribute set.
                 /M :: copy only files with the Archive attribute and reset it.
    /IA:[RASHCNETO] :: Include only files with any of the given Attributes set.
    /XA:[RASHCNETO] :: eXclude files with any of the given Attributes set.

 /XF file [file]... :: eXclude Files matching given names/paths/wildcards.
 /XD dirs [dirs]... :: eXclude Directories matching given names/paths.

                /XC :: eXclude Changed files.
                /XN :: eXclude Newer files.
                /XO :: eXclude Older files.
                /XX :: eXclude eXtra files and directories.
                /XL :: eXclude Lonely files and directories.
                /IS :: Include Same files.
                /IT :: Include Tweaked files.

             /MAX:n :: MAXimum file size - exclude files bigger than n bytes.
             /MIN:n :: MINimum file size - exclude files smaller than n bytes.

          /MAXAGE:n :: MAXimum file AGE - exclude files older than n days/date.
          /MINAGE:n :: MINimum file AGE - exclude files newer than n days/date.
          /MAXLAD:n :: MAXimum Last Access Date - exclude files unused since n.
          /MINLAD:n :: MINimum Last Access Date - exclude files used since n.
                       (If n < 1900 then n = n days, else n = YYYYMMDD date).

                /XJ :: eXclude Junction points. (normally included by default).

               /FFT :: assume FAT File Times (2-second granularity).
               /DST :: compensate for one-hour DST time differences.

               /XJD :: eXclude Junction points for Directories.
               /XJF :: eXclude Junction points for Files.

::
:: Retry Options :
::
               /R:n :: number of Retries on failed copies: default 1 million.
               /W:n :: Wait time between retries: default is 30 seconds.

               /REG :: Save /R:n and /W:n in the Registry as default settings.

               /TBD :: wait for sharenames To Be Defined (retry error 67).

::
:: Logging Options :
::
                 /L :: List only - don't copy, timestamp or delete any files.
                 /X :: report all eXtra files, not just those selected.
                 /V :: produce Verbose output, showing skipped files.
                /TS :: include source file Time Stamps in the output.
                /FP :: include Full Pathname of files in the output.
             /BYTES :: Print sizes as bytes.

                /NS :: No Size - don't log file sizes.
                /NC :: No Class - don't log file classes.
               /NFL :: No File List - don't log file names.
               /NDL :: No Directory List - don't log directory names.

                /NP :: No Progress - don't display % copied.
               /ETA :: show Estimated Time of Arrival of copied files.

          /LOG:file :: output status to LOG file (overwrite existing log).
         /LOG+:file :: output status to LOG file (append to existing log).

       /UNILOG:file :: output status to LOG file as UNICODE (overwrite existing log).
      /UNILOG+:file :: output status to LOG file as UNICODE (append to existing log).

               /TEE :: output to console window, as well as the log file.

               /NJH :: No Job Header.
               /NJS :: No Job Summary.

           /UNICODE :: output status as UNICODE.

::
:: Job Options :
::
       /JOB:jobname :: take parameters from the named JOB file.
      /SAVE:jobname :: SAVE parameters to the named job file
              /QUIT :: QUIT after processing command line (to view parameters).
              /NOSD :: NO Source Directory is specified.
              /NODD :: NO Destination Directory is specified.
                /IF :: Include the following Files.

Tags:

Windows