Archive

Archive for May, 2005

Change .NET versions on the fly with the IIS snap in.

May 30, 2005 Leave a comment

I had found with ASP.NET 2.0 beta 1, that it converted all my websites hosted on my server to .NET 2.0 – even though they were developed in .NET 1.1, this didn’t cause too many problems, since .NET 2.0 is very much backwards compatible with .NET 1.1. After installing .NET 2.0 beta 2, it reverted all my websites back to .NET 1.1, even though some were developed in .NET 2.0, thus crashing some websites, such as www.downloadsoft-ware.co.uk 

There is the IIS MMC snap in that is supposed to toggle versions, (under properties / ASP.NET) but it never worked under Beta 1, and in Beta 2, it was nowhere to be seen!

After hunting on the web for a solution, I found this blog http://dotnet.org.za/ahmeds/archive/2005/04/26/19028.aspx?Pending=true which recomended "Microsoft comments: If a previous version was not uninstalled correctly, please regedit eliminate all versions except 2.0.0.0 in the following locations:
HKEY_CLASSES_ROOTCLSID{7D23CCC6-A390-406E-AB67-2F8B7558F6F6}InprocServer32
HKEY_CLASSES_ROOTCLSID{FD5CD8B1-6FE0-44F3-BBFB-65E3655B096E} InprocServer32
HKEY_CLASSES_ROOTCLSID{FEDB2179-2335-48F0-AA28-5CDA35A2B36D}InprocServer32"

I did this, and the website crashed with a "Server Application unavailable". I rebooted the server, toggled the site back to .NET 1.1 then back to .NET 2.0 and it worked!

Advertisements
Categories: Uncategorized

OleDB access for SQL server 2005

May 29, 2005 Leave a comment

After upgrading my server from ASP.NET 2.0 Beta 1 to ASP.NET 2.0 beta 2, I found, to my horror, it could no longer connect to my SQL server 2005 database – with an "Access is denied" error.

However, I found out that I can use an OLEDB connection string thus

Provider=SQLNCLI.1;
Integrated Security=SSPI;
Persist Security Info=False;
Initial Catalog=<your database>;
Data Source=.SQLEXPRESS;
Use Procedure for Prepare=1;
Auto Translate=True;
Packet Size=4096;
Use Encryption for Data=False;
Tag with column collation when possible=False;
MARS Connection=True;
DataTypeCompatibility=0

— Not the prettiest thing in the world, but it works!

http://www.devnewsgroups.net/group/microsoft.public.dotnet.framework.adonet/topic13589.aspx

 

 

Categories: Uncategorized

Unzipping GZIP files on the fly (C#)

May 27, 2005 Leave a comment

I recently set about writing some code to download a file named pf[1].csv.gz – which was GZIP’ed and creating the corresponding CSV file on disk. Using the ICSharpCode Zip compression library, I used this code:

string strCSVFile = "c:\pf[1].csv";
string strUrl = "http://www.someurl.com/pf[1].csv.gz";
WebClient wc =
new WebClient();
Byte[] bZip = wc.DownloadData(strUrl);
MemoryStream msZip =
new MemoryStream(bZip);
GZipInputStream gzisZip =
new GZipInputStream(msZip);
FileStream fsOutput =
new FileStream(strCSVFile,FileMode.Create);
Byte[] bCSV =
new Byte[Byte.MaxValue];
Int32 iReadCount = Byte.MaxValue;
while(iReadCount>0)
{
   iReadCount = gzisZip.Read(bCSV,0,iReadCount);
   fsOutput.Write(bCSV,0,iReadCount);
}
fsOutput.Close();
gzisZip.Close();

Categories: Uncategorized

Printer friendly CSS

May 26, 2005 Leave a comment

A tip I just learned this morning, if you need a website to appear different when it prints, you can add a CSS style that is only applied during printing. – For instance, if you wanted to strip off menus, or remove certain graphics, you could use display:none in the printer css style.

The trick to it is to use this format to include your CSS

<style type="text/css" media="screen">@import "screen.css";</style>
<style type="text/css" media="print">@import "print.css";</style>

On a personal note, I just noticed that one of my domains has either not been listed or removed from google http://www.listofestateagents.info, which was a bit of a pity. For some reason over the last week my Page impressions have gone down, but my CTR has gone up. Net result being that revenue took a hit. But I guess that means that at least google is targeting my pages better.

 

Categories: Uncategorized

ASP.NET chatroom with out of band calls.

May 22, 2005 Leave a comment

Chatrooms are typically developed in Flash or java, since they both contain the facility to make HTTP requests to the server from which the Applet / SWF was downloaded from. An ActiveX control named Microsoft.XMLHTTP also has the same capability, and is capable of running on browsers with default security settings (I believe it may be marked ‘safe for scripting’). I also believe that it is compatible with FireFox, and IE7 are relaxing security for this specific control.

So, I decided to put together a simple chatroom example in asp.net using this technology. Based on an excellent example by Dino Esposito.

Starting off with a simple html form thus:

<form runat="server">
   <h1>Demonstrate Simple chatroom with Out-of-band Calls</h1>
   <hr>
   Message: <input type="text" name="txtMessage">
   <Button Runat="server" ID="ButtonGo">Send & Receive</Button>
   <hr>
   <span ID="Msg" />
  </form>

and some associated javascript:

<SCRIPT language="javascript">
    setTimeout("Callback(”)",2000);
 function DoCallback(url, params)
    {
  var pageUrl = url + "?callback=true&param=" + params;
  var xmlRequest = new ActiveXObject("Microsoft.XMLHTTP");
  xmlRequest.open("POST", pageUrl, false);
        xmlRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
        xmlRequest.send(null);
        return xmlRequest;
    }
   
    function Callback(message)
    {
  var xmlRequest = DoCallback("callback.aspx", message);  
  Msg.innerHTML = xmlRequest.responseText;
     if (message==”) setTimeout("Callback(”)",2000);
    }
</SCRIPT>

As we can see, a post request is sent back to callback.aspx, which handles the request thus:

<script runat="server">
private void Page_Load(object sender, EventArgs e)
{
 if (Request.QueryString["callback"] != null)
 {
  string param = Request.QueryString["param"].ToString();
  Response.Write(RaiseCallbackEvent(param));
  Response.Flush();
  Response.End();  
 }
 else
 {
  string callbackRef = "Callback(document.all[‘txtMessage’].value)";
  ButtonGo.Attributes["onclick"] = callbackRef;
 }
}

 string RaiseCallbackEvent(string eventArgument)
 {
  if (eventArgument!="")
  {
   Application["conversation"] += eventArgument + "<br>";
  }
  return Application["conversation"].ToString();
 }
 
</script>

Pretty simple. To check out a demo see www.globefinder.info/callback.aspx

 

 

 

Categories: Uncategorized

MSysObjects SQL injection attack

May 20, 2005 Leave a comment

A colleague of mine recently had his website hacked with a sql injection attack, with a url something like http://www.someurl.com/somepage.asp?
id=153%20union%20%20select%201,2,3,4,fldusername,
6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,fldpassword,
fldpassword,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,
39,40,41,42,43,44,45,46,47,48%20from%20tbluser%27

hense exposing all the usernames and passwords on the page. it lead me to think, how did the hacker guess the column names? – I knew about the sysobjects table in sql server, but being a classic ASP page, it would undoubtedly have an Access back end. Then I spotted the following hidden tables in access:

    MSysObjects
    MSysACEs
    MSysQueries
    MSysRelationships
    MSysAccessObjects
    MSysAccessXML
    MSysDb

    Which you can query to obtain the database schema. All I can say is . NEVER EVER BUILD SQL STATEMENTS DIRECTLY WITH USER PROVIDED TEXT (without calling Replace("’","”") at least!

Categories: Uncategorized

Error in OleAut32.Dll Offset 4c47

May 18, 2005 Leave a comment

AppName: vb6.exe AppVer: 6.0.97.82 ModName: oleaut32.dll

 

ModVer: 5.1.2600.2180 Offset: 00004c47

 

Unhandled exception at 0x77124c47 in VB6.EXE: 0xC0000005: Access violation reading location 0x80020000.

 

77124C47 mov eax,dword ptr [eax-4]

 

This is a lovely error that crashes VB6 if you make a little typo, and here’s how to fix it:

 

If you make write code like this

 

 Dim rsProduct As New ADODB.Recordset

 sql = " select *  from orderlines "

 rsOrderLines.Open sql, DSN

 Do While Not rsProduct

  ‘ process rsProduct

  rsOrderLines.MoveNext

 Loop

 

The application will compile, But, note that I have accidentaly ommitted the ".EOF" in the while loop. This causes VB6 to crash with the above error. To Fix it, use the EOF.

 

Categories: Uncategorized