Connect:    



Event Calendar

Some useful links

Webcast Series

Articles


A software architect, Azure expert, and former Microsoft evangelist, Mike Benkovich dedicates huge amounts of his time to helping his fellow developers and burgeoning programmers learn about new technologies and platforms. Mike’s website equips developers with tips and resources to help them get to grips with technologies including cloud, data and devices, and he produces online courses covering areas like Azure enterprise development and serverless computing. Mike is also a chronic sharer of puns, so head over to his Twitter feed if you’re after a laugh (or a groan).

BenkoBLOG by Tags


Blog Roll...
Conferences
Regional User Groups



Stumbler


Security

Welcome to BlogEngine.NET using Microsoft SQL Server

@MikeBenkovich 02/11/2016

If you see this post it means that BlogEngine.NET is running and the hard part of creating your own blog is done. There is only a few things left to do.

Write Permissions

To be able to log in, write posts and customize blog, you need to enable write permissions on the App_Data and Custom folders. If your blog is hosted at a hosting provider, you can either log into your account’s admin page or call the support.

If you wish to use a database to store your blog data, we still encourage you to enable this write access for an images you may wish to store for your blog posts.  If you are interested in using Microsoft SQL Server, MySQL, SQL CE, or other databases, please see the BlogEngine docs to get started.

Security

When you`ve got write permissions set, you need to change the username and password. Find the sign-in link located either at the bottom or top of the page depending on your current theme and click it. Now enter "admin" in both the username and password fields and click the button. You will now see an admin menu appear. It has a link to the "Users" admin page. From there you can change password, create new users and set roles and permissions. Passwords are hashed by default so you better configure email in settings for password recovery to work or learn how to do it manually.

Configuration and Profile

Now that you have your blog secured, take a look through the settings and give your new blog a title.  BlogEngine.NET is set up to take full advantage of many semantic formats and technologies such as FOAF, SIOC and APML. It means that the content stored in your BlogEngine.NET installation will be fully portable and auto-discoverable.  Be sure to fill in your author profile to take better advantage of this.

Themes, Widgets & Extensions

One last thing to consider is customizing the look and behavior of your blog. We have themes, widgets and extensions available right out of the box. You can install more right from admin panel under Custom/Gallery.

On the web

You can find news about BlogEngine.NET on the official website. For tutorials, documentation, tips and tricks visit our docs site. The ongoing development of BlogEngine.NET can be followed at CodePlex where the daily builds will be published for anyone to download.

Good luck and happy writing.

The BlogEngine.NET team


CloudTip 15-Avoid a gotcha in naming projects with Mobile Services

@MikeBenkovich 12/15/2014

Short Answer – Don’t use special characters in a Mobile Service’s project name when you create it, the local SQL won’t be able to open the database and you may spend a lot of time figuring out why chasing down false leads…

The Long Answer…

In my last role at Microsoft as an Azure Evangelist I posted a series of cloud tips, which were intended to be quick tips for using the latest tools & services. This one is the next in that series, and focuses around some esoteric gotcha’s that come up when you’re following a convention for organizing your solution in Visual Studio. As you probably are aware you can have multiple projects in a solution, and one approach for keeping them organized is to follow a naming standard that uses a dot-syntax to keep related related things in their right spot.

For example if my project is a solution to a to-do list, I might create the solution called “TestData”, and within that solution have a project for the web called “TestData.web” and a shared project called “TestData.shared”. Following this convention it makes sense if I want to add a data service project I might call it “TestData.svc”, right? When I try this out and build it, I was finding an error that took longer to expose than I had planned, and that’s the focus of this post.

image

I started with this solution and added some custom classes to the data tables to work with my TestData and found that I was getting  errors. The Mobile Services project type includes a testing page that allows me to try out the service and test the calls to my data, which is great. But I found that I was getting an error when I was running the project without adding or changing anything…Isn’t the stuff supposed to work “out of the box”? Instead I get the error - “The database name 'TR_TestData_svc]_TodoItems_InsertUpdateDelete' is invalid. Database names must be of the form [<schema_name>.]<object_name>”. What does this mean???

image

Don’t do this…

It looks like something’s not right with EF, so I tried updating my NuGet’s to make sure I have the latest packages…Right click the project explorer and go to the NuGet page and try update packages…this is the wrong thing to do because the template was created using specific versions of specific packages, and while some can be updated others shouldn’t.

This time I get an error that the JWTSecurityTokenHandler is broken. After some digging I found a StackOverflow post that answers this.  In particular I find that EF is unhappy with the latest MobileServices entity versions so in the NuGet Package Manager I need to uninstall the WindowsAzure.MobileServices.Backend packages and install the specific version 1.0.342.

Do this…Don’t name your Mobile Service project with special characters in the name

The problem isn’t with EF or out of date packages, it has to do with the local database name not being recognizable with the dot-syntax naming convention (another StackOverflow post). In the web config you can fix it by removing the period in the names, or you can do what I did which is just recreate the project without the dot name and test to confirm it’s working, and then rename the services project in the solution.

image

And it works! Time to go and write some code.


Avoiding Hacker Trix

@MikeBenkovich 08/19/2014

ExtremeHackerThis week we're doing a session called "Avoiding Hacker Trix" which goes thru some of the top web exploits that you should be aware of. In this webcast we will cover a variety of things including what we call the secure development process, cross site scripting attack, one click attack, SQL Injection and more. There are a bunch of links we cover, but rather than having you copy these down I'm providing them here...

Links from the slide deck:


Starting out

@MikeBenkovich 06/16/2004

In the beginning...

A long, long time ago. I can still remember how that music used to make me smile. I know that if I had my chance, that I could make those people dance and maybe they'd be happy for a while...

- Don McClean (?)

How about a little American Pie? I like to throw down a few lines of verse to get the thoughts flowing when I sit down to do a little writing. Sort of sets the mood.  I guess that this song reminds us to look at the possible, and to remember the good times that were and the ones that will be. In the software industry we've definitely seen some challenges these last few years, but I think that the changes we're seeing, and the trends that are in the air will bring a resurgence or rennaisance in the software development industry.

The last few years have forced businesses to change how they view the world in order to remain profitable. Cutting costs, canceling projects, holding off on hiring have been the hallmark of the last couple years. But recently we are seeing that manufacturing is starting to get more orders. As stability in the world economy settles in, companies are starting to hire again. Projects that have been on hold are being released into the development stream and we are starting to see the sun rise again. But how can we make sure that we get a piece of that pie?

The secret, my friends, is to be efficient. To take advantage of the tools at our disposal to be more productive. Application blocks are a great idea, and are available in the public domain. They are stepping stones that allow us to build off a solid base and deliver our projects quicker. In the current MSDN Event series we talk about using the Exception and Configuration management blocks, as well as the Updater block which allows us to add the self updating functionality.  You can download these blocks by clicking on the links above. The blocks come with documentation on how they're built and quickstart sample applications that show them in use.

Other ways that we can reduce the development costs and be more effective is to take advantage of new products such as SQL Server Reporting Services. This new product gives us the ability to rapidly create and deploy business reports with our applications  and to simplify so many of those tedious tasks surrounding the simple job of reporting. Sure we have the information, but lets make it available and useful. Besides the great authoring environment that integrates with Visual Studio, we can manage the scalability, performance and delivery of the reports by simply configuring the caching, subscriptions and security of individual reports.

In order to continue to bring home the bacon, we must demonstrate that it is more efficient to have the developer working hand in hand (if not face to face) with the business in designing and building solutions. The new RAD features of Whidbey & Yukon promise to significantly reduce the amount of code required to perform basic functions. For example, have you ever written code to see whether or not a specific machine is currently connected to the network? If you're at a cmd line you can run the PING command and see whether it times out. But to implement that programmatically requires some complicated code. At the Des Moines User Group meeting last week someone had an example he had written to do just that. The code for the ping function was 140+ lines. In the .NET 2.0 we can use the “My” object and write the same thing in one (1) line of code (!!!). Do a little exploring and you find that this new object provides a tremendous amount of intelligence about our current runtime environment.  Sure, there's a lot of other cool features of Whidbey (like the automated layout guidelines, refactoring, etc) that will make rapid prototyping a reality, but until you actually have a chance to see it in action, you won't really appreciate the impact these advances will have.

As the developer becomes more productive and is able to provide the solutions that businesses require, they will start to ask better questions. Our goal then is to be at the front of the wave that is passing through the industry, so that maybe if we're lucky we can catch it and ride until we get to where we're going.


Security - Archive