Tag Cloud

CRM 2011 (161) CRM 4.0 (144) C# (116) JScript (109) Plugin (92) Registry (90) Techpedia (77) PyS60 (68) WScript (43) Plugin Message (31) Exploit (27) ShellCode (26) FAQ (22) JavaScript (21) Killer Codes (21) Hax (18) VB 6.0 (17) Commands (16) VBScript (16) Quotes (15) Turbo C++ (13) WMI (13) Security (11) 1337 (10) Tutorials (10) Asp.Net (9) Safe Boot (9) Python (8) Interview Questions (6) video (6) Ajax (5) VC++ (5) WebService (5) Workflow (5) Bat (4) Dorks (4) Sql Server (4) Aptitude (3) Picklist (3) Tweak (3) WCF (3) regex (3) Config (2) LINQ (2) PHP (2) Shell (2) Silverlight (2) TSql (2) flowchart (2) serialize (2) ASHX (1) CRM 4.0 Videos (1) Debug (1) FetchXml (1) GAC (1) General (1) Generics (1) HttpWebRequest (1) InputParameters (1) Lookup (1) Offline Plug-ins (1) OutputParameters (1) Plug-in Constructor (1) Protocol (1) RIA (1) Sharepoint (1) Walkthrough (1) Web.config (1) design patterns (1) generic (1) iframe (1) secure config (1) unsecure config (1) url (1)

Pages

Tuesday, December 20, 2011

Obtaining a license key from the Microsoft Dynamics CRM database

If all of a sudden it happened that you lost your LicenseKey for MS CRM , it can peep in the database MS SQL.

It should do the following query to your database MS CRM :



SELECT * from License
SELECT LicenseKey from License




Thursday, December 15, 2011

select * from sys.databases


"Contains one row per database in the instance of Microsoft SQL Server."

select * from sys.databases; 

If the caller of sys.databases is not the owner of the database and the database is not master
or tempdb, the minimum permissions required to see the corresponding row are
ALTER ANY DATABASE or VIEW ANY DATABASE server-level permission,
or CREATE DATABASE permission in the master database. If a database is not ONLINE
or AUTO_CLOSE is set to ON, the values of some columns may be NULL. If a database is
OFFLINE, the corresponding row is not visible to low-privileged users.
To see the corresponding row if the database is OFFLINE, a user must have at least the
ALTER ANY DATABASE server-level permission or the CREATE DATABASE permission
in the master database.

name
Name of database, unique within an instance of SQL Server.

database_id
ID of the database, unique within an instance of SQL Server.

source_database_id
Non-NULL = ID of the source database of this database snapshot.

owner_sid
SID (Security-Identifier) of the external owner of the database, as registered to the server.

create_date
Date the database was created or renamed. For tempdb, this value changes every time the server restarts.

compatibility_level
Integer corresponding to the version of SQL Server for which behavior is compatible:

collation_name
Collation for the database. Acts as the default collation in the database.

user_access
User-access setting:

user_access_desc
Description of user-access setting:

is_trustworthy_on
1 = Database has been marked trustworthy.
0 = Database has not been marked trustworthy.

is_db_chaining_on
1 = Cross-database ownership chaining is ON.
0 = Cross-database ownership chaining is OFF.

is_parameterization_forced
1 = Parameterization is FORCED.
0 = Parameterization is SIMPLE.

is_master_key_encrypted_by_server
1 = Database has an encrypted master key.
0 = Database does not have an encrypted master key.

is_read_only
1 = Database is READ_ONLY.
0 = Database is READ_WRITE.

is_auto_close_on
1 = AUTO_CLOSE is ON.
0 = AUTO_CLOSE is OFF.

is_auto_shrink_on
1 = AUTO_SHRINK is ON.
0 = AUTO_SHRINK is OFF.

state
Database state:
0 = ONLINE
1 = RESTORING
2 = RECOVERING
3 = RECOVERY_PENDING
4 = SUSPECT
5 = EMERGENCY
6 = OFFLINE

state_desc
Description of the database state:
ONLINE
RESTORING
RECOVERING
RECOVERY_PENDING
SUSPECT
EMERGENCY
OFFLINE

is_in_standby
Database is read-only for restore log.

is_cleanly_shutdown
1 = Database shutdown cleanly; no recovery required on startup.
0 = Database did not shutdown cleanly; recovery is required on startup.

snapshot_isolation_state
State of snapshot-isolation transactions being allowed, as set by the ALLOW_SNAPSHOT_ISOLATION option:
0 = Snapshot isolation state is OFF (default). Snapshot isolation is disallowed.
1 = Snapshot isolation state ON. Snapshot isolation is allowed.
2 = Snapshot isolation state is in transition to OFF state. All transactions have their modifications versioned. Cannot start new transactions using snapshot isolation. The database remains in the transition to OFF state until all transactions that were active when ALTER DATABASE was run can be completed.
3 = Snapshot isolation state is in transition to ON state. New transactions have their modifications versioned. Transactions cannot use snapshot isolation until the snapshot isolation state becomes 1 (ON). The database remains in the transition to ON state until all update transactions that were active when ALTER DATABASE was run can be completed.

snapshot_isolation_state_desc
Description of state of snapshot-isolation transactions being allowed, as set by the ALLOW_SNAPSHOT_ISOLATION option:
OFF
ON
IN_TRANSITION_TO_ON
IN_TRANSITION_TO_OFF



is_read_committed_snapshot_on
1 = Read-committed-snapshot option is ON. Read operations under the read-committed isolation level are based on snapshot scans and do not acquire locks.
0 = Read-committed-snapshot option is OFF (default). Read operations under the read-committed isolation level use share locks.

recovery_model
Recovery model selected:
1 = FULL
2 = BULK_LOGGED
3 = SIMPLE

recovery_model_desc
Description of recovery model selected:
FULL
BULK_LOGGED
SIMPLE

page_verify_option
Setting of PAGE_VERIFY option:
0 = NONE
1 = TORN_PAGE_DETECTION
2 = CHECKSUM

page_verify_option_desc
Description of PAGE_VERIFY option setting:
NONE.TORN_PAGE_DETECTION
CHECKSUM

is_date_correlation_on
1 = DATE_CORRELATION_OPTIMIZATION is ON.
0 = DATE_CORRELATION_OPTIMIZATION is OFF.

is_auto_create_stats_on
1 = AUTO_CREATE_STATISTICS is ON.
0 = AUTO_CREATE_STATISTICS is OFF.

is_auto_update_stats_on
1 = AUTO_UPDATE_STATISTICS is ON.
0 = AUTO_UPDATE_STATISTICS is OFF.

is_auto_update_stats_async_on
1 = AUTO_UPDATE_STATISTICS_ASYNC is ON.
0 = AUTO_UPDATE_STATISTICS_ASYNC is OFF.

is_ansi_null_default_on
1 = ANSI_NULL_DEFAULT is ON.
0 = ANSI_NULL_DEFAULT is OFF.

is_ansi_nulls_on
1 = ANSI_NULLS is ON.
0 = ANSI_NULLS is OFF.

is_ansi_padding_on
1 = ANSI_PADDING is ON.
0 = ANSI_PADDING is OFF.

is_ansi_warnings_on
1 = ANSI_WARNINGS is ON.
0 = ANSI_WARNINGS is OFF.

is_arithabort_on
1 = ARITHABORT is ON.
0 = ARITHABORT is OFF.

is_concat_null_yields_null_on
1 = CONCAT_NULL_YIELDS_NULL is ON.
0 = CONCAT_NULL_YIELDS_NULL is OFF.

is_numeric_roundabort_on
1 = NUMERIC_ROUNDABORT is ON.
0 = NUMERIC_ROUNDABORT is OFF.

is_quoted_identifier_on
1 = QUOTED_IDENTIFIER is ON.
0 = QUOTED_IDENTIFIER is OFF.

is_recursive_triggers_on
1 = RECURSIVE_TRIGGERS is ON.
0 = RECURSIVE_TRIGGERS is OFF.

is_cursor_close_on_commit_on
1 = CURSOR_CLOSE_ON_COMMIT is ON.
0 = CURSOR_CLOSE_ON_COMMIT is OFF.

is_local_cursor_default
1 = CURSOR_DEFAULT is local.
0 = CURSOR_DEFAULT is global.

is_fulltext_enabled
1 = Full-text is enabled for the database.
0 = Full-text is disabled for the database.

is_supplemental_logging_enabled
1 = SUPPLEMENTAL_LOGGING is ON.
0 = SUPPLEMENTAL_LOGGING is OFF.

is_published
1 = Database is a publication database in a transactional or snapshot replication topology.
0 = Is not a publication database.

is_subscribed
1 = Database is a subscription database in a replication topology.
0 = Is not a subscription database.

is_merge_published
1 = Database is a publication database in a merge replication topology.
0 = Is not a publication database in a merge replication topology.

is_distributor
1 = Database is the distribution database for a replication topology.
0 = Is not the distribution database for a replication topology.

is_sync_with_backup
1 = Database is marked for replication synchronization with backup.
0 = Is not marked for replication synchronization with backup.

service_broker_guid
Identifier of the service broker for this database. Used as the broker_instance of the target in the routing table.

is_broker_enabled
1 = The broker in this database is currently sending and receiving messages.
0 = All sent messages will stay on the transmission queue and received messages will not be put on queues in this database.

By default, restored or attached databases have the broker disabled.

log_reuse_wait
Reuse of transaction log space is currently waiting on one of the following:
0 = Nothing
1 = Checkpoint
2 = Log backup
3 = Active backup or restore
4 = Active transaction
6 = Replication
7 = database snapshot Creation
8 = Log Scan
9 = Other (transient)

If the reason is LOG_BACKUP, it may take two backups to actually free the space.

log_reuse_wait_desc
Description of reuse of transaction log space is currently waiting on one of the following:
NOTHING
CHECKPOINT
LOG_BACKUP
ACTIVE_BACKUP_OR_RESTORE
ACTIVE_TRANSACTION
DATABASE_MIRRORING
REPLICATION
DATABASE_SNAPSHOT_CREATION
LOG_SCAN
OTHER_TRANSIENT






Wednesday, December 14, 2011

select * from sys.backup_devices

Contains a row for each backup-device registered by using sp_addumpdevice  or created in SQL Server Management Studio.

select * from sys.backup_devices;


Column names

name:  Name of the backup device. Is unique in the set.
type: Type of backup device:
type_desc: Description of backup device type:
physical_name: Physical file name or path of the backup device.

Wednesday, December 07, 2011

Crm 2011 Configure IFD Hosted Setup

Like many, we have struggled to configure Microsoft CRM 2011 as an Internet Facing Deployment. There is quite a bit of disjointed and some what typical Microsoft "junk" on how to set this up.

So after reading the White Papers, blogs and YouTube videos on the topic, I figured I would need notes for myself as much as anything. This is mostly because I am yet to find one single example that covered the setup I was after. That being:

Single Server

On an existing domain

Running true IFD ready for customer access.

The last point it telling, as all the Microsoft examples give a self generated SSL cert, that really is an example of a DEV environment only. We want to test the "real deal", and don’t mind spending a few $ on a real Certificate to see this in a true working environment.

The Existing Setup

Because this is a test environment, we are running the server on a Hyper V server. A single VM machine, that is running a fully patched version of:

  • Windows 2008 R2 SP1 64 Bit
  • SQL 2008 R2 64 Bit
  • Microsoft CRM 2011 64 Bit

Interesting enough, something that always takes me 15 min, it ensuring I download the correct version of the ISO files from MSDN. I get it that I am somewhat lame, but if you get a wrong version you can waste a load of time and energy later.

image

With a list looking like this it can be painful. Anyway, these are the files we used for install:

image

For those who care, the VM was set to run with 6000 MB ram, and fold out to use more.

image

Importantly

When we setup CRM, we selected the option to NOT use the default website, but configure a new one with the default settings of port 5555. This is necessary as you will see later.

Backup First

In all things Microsoft world, it is vital what you establish a working point to avoid unnecessarily installing things all over again. To get things working we have started fresh over 4 times.

Hyper V is great for this, as we just stopped the server, and made a copy of the VHD file. Then when it is time to start all over, it is just a matter of restoring from copy/backup.

Test First

Test that your CRM setup is working. Go to the local computer name (ours is VSERVER08) on the correct port: http://vserver08:5555

We called our Deployment of CRM – "CRM2011" So the URL redirects to: http://vserver08:5555/CRM2011/main.aspx

and after being prompted for login, we are in and testing.

image

Apply a Wildcard SSL Certificate

In CRM, the accessing of deployments is handled by the sub domains. So if we call a deployment "business1" we will access that as:  https://business1.domain.com

For testing, we purchased a standard Wildcard SSL certificate that applied that to the IIS7 server.

We will let you work out that bundle of joy, but a few tips.

1. Godaddy was about as cheap as you find on the net.

2. Setup involves creating a certificate request from within IIS, then pasting that text into the online providers order system. They then generate the certificates that you then import back into IIS and the server.

3.

Application for a certificate

Here, I will be a wildcard certificate, for example, describes how to create a certificate:

1) Open IIS Manager

2) Click the server name in the main screen double click Server Certificates

3) In the right panel, click Create Certificate Request…

image

4) fill in the following diagram each column, click Next

image

5) Cryptographic Service Provider Properties page to keep the default, click Next.

6) In the File Name page, enter C: \ req.txt , and then click Finish.

7) Run cmd , run

certreq-submit -attrib "CertificateTemplate: WebServer" C: \ req.txt

8) Select the CA , click OK.

9) the certificate is stored as C: \ Wildcard.cer . ( 7-9 can also be in the CA to complete)

10) back to the IIS Manager, click No. 3)  Step graph Complete Certificate Request …

11) Select the C: \ Wildcard.cer , Friendly name named *. contoso.com , of course, you can take a different name.

12) Click OK.

13) so that we completed the wildcard certificate request.

Additional SSL Certificate Imports

1) RUN MMC at the start / search

2) Select File / Add Remove Snapin – Select Certificates – ADD

image

Computer Account

image NEXT / Finish

3) Expand the first two folders, and Right Click on the Certificates Folder and select: All Tasks /  Import.

4) Browse to your wildcard SSL certificate file, and import that into the Personal and Trusted Root Certification Authorities.

image

Ensure that you

Binding site for the default SSL certificate

1) Open IIS Manager.

2) In the Connections panel, expand Sites , click Default Web Site.

3) In the Actions pane, click Bindings.

image

4) In the Site Bindings dialog box, click Add.

5) Type select HTTPS.

6) SSL Certificate , select the certificate you just created *. contoso.com , and then click OK.

image Ours is interactivewebs.com

7) Click Close.

8) Repeat for the Personal certificate folder.

For the CRM 2011 binding site SSL certificate

1) Open IIS Manager.

2) In the Connections panel, expand Sites , click CRM Web Site.

3) In the Actions pane, click Bindings.

4) In the Site Bindings dialog box, click Add.

5) Type select HTTPS.

6) SSL Certificate , select the certificate you just created *. contoso.com .

7) Port to select a different 443 (e.g. 444 ) and port number, and then click OK

8) Click Close.

DNS configuration

For MS CRM 2011 configuration Claims-based authentication, you need the DNS to add some records to make CRM 2011 for each breakpoint can be resolved correctly.

There are two ways you can achieve the desired result. But first lets understand the desired result.

  1. We make the assumption that your server is running at least one static IP address.
  2. Because this is Internet Facing, that IP needs to be accessible to the world.
  3. That same IP can be used for access to your server both internally on the matching we are playing with, and externally form anyone on the net.
Lets Get Basic

Start a Command Prompt, and work out what your IP address of the server is.

Click START > RUN > CMD

Type IPCONFIG – Enter

Under the name: IPv4 Address is a number that looks like: 66.34.204.220

image

That is Your IP Address of the Server.

The DNS Goal

Make sure that when you PING xxx.domain.com that it points to that IP address. Both for the world and for you when you do that on your server.

(xxx is the sub domain that we are about to configure.)

To configure CRM, we need some sub domains to point to the server IP.

  1. sts.domain.com
  2. auth.domain.com
  3. dev.domain.com
  4. Your ORG name.  org.domain.com (Where ORG is the CRM deployment name of your organization or organizations), e.g.

image

We have two setup here: CRM and CRM2011. So we need to configure crm.interactivewebs.com and crm2011.interactivewebs.com.

Hosting Your Own DNS

If you host your own Domain Name Server (DNS) and you host the domain name that you are using to setup IFD. Then configuring an A record for the above mentioned sub domains is easy.

START > Administrative Tools > DNS

Find your Domain Name

Right Click and select NEW HOST A

image

image

Add an A record that points to your servers IP address.

Repeat this process for all of the above mentioned sub domains. auth, sts1, dev, and your own organization names.

Test DNS

You must be able to ping all of those names and get the correct server IP address. Both from computers on the internet, and from the server.

Note: If you have added the DNS records, but still encounter name resolution problems, you can try running on the client ipconfig / flushdns to clean up the cache. You can also click the DNS server root and click CLEAR CACHE so that the server is responding with the latest updates.

image

Note: Don’t bother proceeding past this step if you cannot ping your sub domains internally and externally correctly.

Firewall configuration

You need to set the firewall to allow the CRM 2011 and the AD FS 2.0 port used by the incoming data stream. HTTPS (SSL) is the default port 443.

For Initial setup testing etc. We recommend just turning the thing off. Better start from a place where it does not muck you around, then turn it all back on after you are successful.

image

Configuration Claim-based authentication -internal access

Configure the internal access Claim-based authentication requires the following steps:

  • Install and configure AD FS 2.0 .
  • Set Claims-based authentication configuration CRM 2011 server.
  • Set the Claims-based authentication configuration AD FS 2.0 server.
  • Test claims-based authentication within the access.
Install and configure AD FS 2.0

CRM 2011 with a variety of STS provider ( STS Provider ) together. This article uses Active Directory Federation Services (AD FS) 2.0 to provide a security token service (security token service ).

Note: AD FS 2.0 will be installed to the default site, so install AD FS 2.0 , you must have CRM 2011 installation in the new site. (Remember we said that earlier)

IIS Looks like this if it is correctly installed: image

If you only see the default website with CRM installed in that. Start AGAIN!

Download the AD FS 2.0

From the following link to download the AD FS 2.0

Active Directory Federation Services 2.0 RTW( http://go.microsoft.com/fwlink/?LinkID=204237 ).

Install AD FS 2.0

In the installation wizard, select the federation server role installed, for more information refer to

Install the AD FS 2.0 Software( http://go.microsoft.com/fwlink/?LinkId=192792 ).

Configure AD FS 2.0

1 in the AD FS 2.0 server, click Start , then click AD FS 2.0 Management .

2 In the AD FS 2.0 Management page , click AD FS 2.0 Federation Server Configuration Wizard .

image

3 In the Welcome page , select Create a new Federation Service , and then click Next.

image

4 In the Select Deployment Type page , select Stand-alone Federation Server , and then click Next.

image

5 Choose your SSL certificate (the choice of a certificate created *. contoso.com ) ,add a Federation Service name ( for example , sts1.contoso.com), and then click Next.

image

Note: Only you as the AD FS 2.0 sites when using the wildcard certificate, only need to add the Federation Service name.

6 Summary page, click Next.

image

7 Click Close to close the AD FS 2.0 Configuration Wizard.

image

Note: If you have not added ( sts1.contoso.com ) to add DNS records, then do it now.

Verify the AD FS 2.0 is working

Follow the steps below to verify that the AD FS 2.0 is working :

1 Open Internet Explorer.

2 Enter the federation metadata of the URL , for example:

https://sts1.contoso.com/federationmetadata/2007-06/federationmetadata.xml

3. to ensure that no certificate associated with the warning appears.

image

Thursday, November 24, 2011

Quo: Sniper


"Morale was one of the most vital things a soldier could have. 
Without morale, a soldier became ineffective, skittish, and a liability to those around him. 
Few things in war destroy morale faster than an enemy sniper. "

Wednesday, November 23, 2011

What is XML?


  • XML stands for EXtensible Markup Language
  • XML is a markup language much like HTML
  • XML was designed to carry data, not to display data
  • XML tags are not predefined. You must define your own tags
  • XML is designed to be self-descriptive
  • XML is a W3C Recommendation


The Difference Between XML and HTML

  • XML is not a replacement for HTML.
  • XML and HTML were designed with different goals:
  • XML was designed to transport and store data, with focus on what data is
  • HTML was designed to display data, with focus on how data looks
  • HTML is about displaying information, while XML is about carrying information.
  • XML Does Not DO Anything


Maybe it is a little hard to understand, but XML does not DO anything. XML was created to structure, store, and transport information.

The following example is a note to Tove, from Jani, stored as XML:

 <note>
 <to>Tove</to>
 <from>Jani</from>
 <heading>Reminder</heading>
 <body>Don't forget me this weekend!</body>
 </note>


The note above is quite self descriptive. It has sender and receiver information, it also has a heading and a message body.

But still, this XML document does not DO anything. It is just information wrapped in tags. Someone must write a piece of software to send, receive or display it.

  • With XML You Invent Your Own Tags


The tags in the example above (like <to> and <from>) are not defined in any XML standard. These tags are "invented" by the author of the XML document.

That is because the XML language has no predefined tags.

The tags used in HTML are predefined. HTML documents can only use tags defined in the HTML standard (like <p>, <h1>, etc.).


  • XML allows the author to define his/her own tags and his/her own document structure.
  • XML is Not a Replacement for HTML
  • XML is a complement to HTML.


It is important to understand that XML is not a replacement for HTML. In most web applications, XML is used to transport data, while HTML is used to format and display the data.

My best description of XML is this:

  • XML is a software- and hardware-independent tool for carrying information.
  • XML is a W3C Recommendation
  • XML became a W3C Recommendation on February 10, 1998.
  • XML is Everywhere
  • XML is now as important for the Web as HTML was to the foundation of the Web.
  • XML is the most common tool for data transmissions between all sorts of applications.



There are 5 predefined entity references in XML:

  1. &lt; < less than
  2. &gt; > greater than
  3. &amp; & ampersand
  4. &apos; ' apostrophe
  5. &quot; " quotation mark




Valid XML Documents

A "Valid" XML document is a "Well Formed" XML document, which also conforms to the rules of a Document Type Definition (DTD):

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE note SYSTEM "Note.dtd">
 <note>
 <to>Tove</to>
 <from>Jani</from>
 <heading>Reminder</heading>
 <body>Don't forget me this weekend!</body>
 </note>


The DOCTYPE declaration in the example above, is a reference to an external DTD file. The content of the file is shown in the paragraph below.
XML DTD

The purpose of a DTD is to define the structure of an XML document. It defines the structure with a list of legal elements:

<!DOCTYPE note [
 <!ELEMENT note (to,from,heading,body)>
 <!ELEMENT to (#PCDATA)>
 <!ELEMENT from (#PCDATA)>
 <!ELEMENT heading (#PCDATA)>
 <!ELEMENT body (#PCDATA)>
 ]>


If you want to study DTD, you will find our DTD tutorial on our homepage.
XML Schema

W3C supports an XML-based alternative to DTD, called XML Schema:

<xs:element name="note">
 <xs:complexType>
   <xs:sequence>
     <xs:element name="to" type="xs:string"/>
     <xs:element name="from" type="xs:string"/>
     <xs:element name="heading" type="xs:string"/>
     <xs:element name="body" type="xs:string"/>
   </xs:sequence>
 </xs:complexType>


 </xs:element>

Tuesday, November 22, 2011

Attributes in C#


In the C# programming language, attributes are metadata attached to a field or a block of code, equivalent to annotations in Java. Attributes are accessible to both the compiler and programmatically through reflection.

Users of the language see many examples where attributes are used to address cross-cutting concerns and other mechanistic or platform uses. This creates the false impression that this is their sole intended purpose.

Their specific use as meta-data is left to the developer and can cover a wide range of types of information about any given application, classes and members that is not instance specific. The decision to expose any given attribute as a property is also left to the developer as is the decision to use them as part of a larger application framework.

Attributes should be contrasted against XML Documentation which also defines meta-data but is not included in the compiled assembly and therefore cannot be accessed programmatically.

Monday, November 21, 2011

Google Dorks




"add.asp?bookid="
"add_cart.asp?num="
"addcart.asp?"
"addItem.asp"
"add-to-cart.asp?ID="
"addToCart.asp?idProduct="
"addtomylist.asp?ProdId="
"adminEditProductFields.asp?intProdID="
"advSearch_h.asp?idCategory="
"affiliate.asp?ID="
"affiliate-agreement.cfm?storeid="
"affiliates.asp?id="
"ancillary.asp?ID="
"archive.asp?id="
"article.asp?id="
"aspx?PageID"
"basket.asp?id="
"Book.asp?bookID="
"book_list.asp?bookid="
"book_view.asp?bookid="
"BookDetails.asp?ID="
"browse.asp?catid="
"browse_item_details.asp"
"Browse_Item_Details.asp?Store_Id="
"buy.asp?"
"buy.asp?bookid="
"bycategory.asp?id="
"cardinfo.asp?card="
"cart.asp?action="
"cart.asp?cart_id="
"cart.asp?id="
"cart_additem.asp?id="
"cart_validate.asp?id="
"cartadd.asp?id="
"cat.asp?iCat="
"catalog.asp"
"catalog.asp?CatalogID="
"catalog_item.asp?ID="
"catalog_main.asp?catid="
"category.asp"
"category.asp?catid="
"category_list.asp?id="
"categorydisplay.asp?catid="
"checkout.asp?cartid="
"checkout.asp?UserID="
"checkout_confirmed.asp?order_id="
"checkout1.asp?cartid="
"comersus_listCategoriesAndProducts.asp?idCategory ="
"comersus_optEmailToFriendForm.asp?idProduct="
"comersus_optReviewReadExec.asp?idProduct="
"comersus_viewItem.asp?idProduct="
"comments_form.asp?ID="
"contact.asp?cartId="
"content.asp?id="
"customerService.asp?TextID1="
"default.asp?catID="
"description.asp?bookid="
"details.asp?BookID="
"details.asp?Press_Release_ID="
"details.asp?Product_ID="
"details.asp?Service_ID="
"display_item.asp?id="
"displayproducts.asp"
"downloadTrial.asp?intProdID="
"emailproduct.asp?itemid="
"emailToFriend.asp?idProduct="
"events.asp?ID="
"faq.asp?cartID="
"faq_list.asp?id="
"faqs.asp?id="
"feedback.asp?title="
"freedownload.asp?bookid="
"fullDisplay.asp?item="
"getbook.asp?bookid="
"GetItems.asp?itemid="
"giftDetail.asp?id="
"help.asp?CartId="
"home.asp?id="
"index.asp?cart="
"index.asp?cartID="
"index.asp?ID="
"info.asp?ID="
"item.asp?eid="
"item.asp?item_id="
"item.asp?itemid="
"item.asp?model="
"item.asp?prodtype="
"item.asp?shopcd="
"item_details.asp?catid="
"item_list.asp?maingroup"
"item_show.asp?code_no="
"itemDesc.asp?CartId="
"itemdetail.asp?item="
"itemdetails.asp?catalogid="
"learnmore.asp?cartID="
"links.asp?catid="
"list.asp?bookid="
"List.asp?CatID="
"listcategoriesandproducts.asp?idCategory="
"modline.asp?id="
"myaccount.asp?catid="
"news.asp?id="
"order.asp?BookID="
"order.asp?id="
"order.asp?item_ID="
"OrderForm.asp?Cart="
"page.asp?PartID="
"payment.asp?CartID="
"pdetail.asp?item_id="
"powersearch.asp?CartId="
"price.asp"
"privacy.asp?cartID="
"prodbycat.asp?intCatalogID="
"prodetails.asp?prodid="
"prodlist.asp?catid="
"product.asp?bookID="
"product.asp?intProdID="
"product_info.asp?item_id="
"productDetails.asp?idProduct="
"productDisplay.asp"
"productinfo.asp?item="
"productlist.asp?ViewType=Category&CategoryID= "
"productpage.asp"
"products.asp?ID="
"products.asp?keyword="
"products_category.asp?CategoryID="
"products_detail.asp?CategoryID="
"productsByCategory.asp?intCatalogID="
"prodView.asp?idProduct="
"promo.asp?id="
"promotion.asp?catid="
"pview.asp?Item="
"resellers.asp?idCategory="
"results.asp?cat="
"savecart.asp?CartId="
"search.asp?CartID="
"searchcat.asp?search_id="
"Select_Item.asp?id="
"Services.asp?ID="
"shippinginfo.asp?CartId="
"shop.asp?a="
"shop.asp?action="
"shop.asp?bookid="
"shop.asp?cartID="
"shop_details.asp?prodid="
"shopaddtocart.asp"
"shopaddtocart.asp?catalogid="
"shopbasket.asp?bookid="
"shopbycategory.asp?catid="
"shopcart.asp?title="
"shopcreatorder.asp"
"shopcurrency.asp?cid="
"shopdc.asp?bookid="
"shopdisplaycategories.asp"
"shopdisplayproduct.asp?catalogid="
"shopdisplayproducts.asp"
"shopexd.asp"
"shopexd.asp?catalogid="
"shopping_basket.asp?cartID="
"shopprojectlogin.asp"
"shopquery.asp?catalogid="
"shopremoveitem.asp?cartid="
"shopreviewadd.asp?id="
"shopreviewlist.asp?id="
"ShopSearch.asp?CategoryID="
"shoptellafriend.asp?id="
"shopthanks.asp"
"shopwelcome.asp?title="
"show_item.asp?id="
"show_item_details.asp?item_id="
"showbook.asp?bookid="
"showStore.asp?catID="
"shprodde.asp?SKU="
"specials.asp?id="
"store.asp?id="
"store_bycat.asp?id="
"store_listing.asp?id="
"Store_ViewProducts.asp?Cat="
"store-details.asp?id="
"storefront.asp?id="
"storefronts.asp?title="
"storeitem.asp?item="
"StoreRedirect.asp?ID="
"subcategories.asp?id="
"tek9.asp?"
"template.asp?Action=Item&pid="
"topic.asp?ID="
"tuangou.asp?bookid="
"type.asp?iType="
"updatebasket.asp?bookid="
"updates.asp?ID="
"view.asp?cid="
"view_cart.asp?title="
"view_detail.asp?ID="
"viewcart.asp?CartId="
"viewCart.asp?userID="
"viewCat_h.asp?idCategory="
"viewevent.asp?EventID="
"viewitem.asp?recor="
"viewPrd.asp?idcategory="
"ViewProduct.asp?misc="
"voteList.asp?item_ID="
"whatsnew.asp?idCategory="
"WsAncillary.asp?ID

Sunday, November 20, 2011

Callback

In computer programming, a callback is a reference to executable code, or a piece of executable code, that is passed as an argument to other code. This allows a lower-level software layer to call a subroutine (or function) defined in a higher-level layer.

Saturday, November 19, 2011

Use FireFox Firebug to Edit HTML/CSS in Realtime



The Firebug extension for FireFox browser allows you to edit HTML and CSS in realtime.

This can save you a lot of time if you want to experiment with different fonts, colors, and layouts on the fly.

This is also very helpful when you are trying to analyze how someone else's site has the look and feel that it does.

Friday, November 18, 2011

Core Differences Between ASPNET Development Server and IIS




1. Security Context - In ASPNET Development Server, it is determined by who you login as on your computer. In IIS, it is typically IUSR_MachineName.

2. Accessing Static Pages - In ASPNET Development Server, you can not access static pages in a secure folder if you are not logged in, but in IIS, you can.

Thursday, November 17, 2011

WriteLog() - The Easy Way to Display Debugging Information in ASP.NET

It can often be difficult to display information in ASP.NET because System.Diagnostics, Response.Write, or the Trace object are not available - for example, when you are working in the global.asax or inside a class.

A simple way to display what lines are executing and what information is in a given field is by creating a simple  WriteLog() method in a class in the App_Code folder. Then, when you want to display the contents of a field anywhere in your program, you just use:

C#:
clsWriteLog.WriteLog("strXyz: " + strXyz);

VB.NET:
clsWriteLog.WriteLog("Line 203 executed")

You have two ways to view what is written to the log:

1. While in Visual Studio, you look at trace.log file in your root directory.

2. While in the website, you type http://www.yourwebsitename.com/trace.log

You can download the few lines of code for the class  clsWriteLog at clsWriteLog .  The code for the class is provided in vb.net and c#.

Wednesday, November 16, 2011

How Http.Request and Http.Response Work in ASP.NET


Prerequisites (Getting Your Website Publicly Hosted): 


Step 1: Buy Domain name from a Domain Registrar like GoDaddy (costs about $8.00 for 1 yr). This connects the domain name that you purchase to a unique ip address - example http://myqol.com is connected to 96.31.43.8 

Step 2: Buy asp.net hosting package from hosting company like DiscountAsp (costs about $10 each month) - the hosting company needs to use Microsoft's IIS (Internet Information Server) on a Windows operating system - it cannot use Apache Server on a Linux operating system 

Step 3: Buy add-on for SQL Server database from DiscountAsp (costs $10 a month) - this step can be skipped if you have already bought an add-on database for another web site, and you only want to add some tables to that existing database. 

Step 4: Update nameservers in GoDaddy to point to DiscountAsp nameservers. DiscountAsp sends you in an email telling you the nameservers to use: for example, ns1.discountasp.net, ns2.discountasp.net, ns3.discountasp.net 

Step 5: Publish, Web Copy, or FTP your website from the folder it was in when you developed it in Visual Studio to the ftp folder on DiscountAsp. For example, ftp.myqol.com 



Intial Http.Request: 

1. You enter the domain name into your browser (this is known as the client machine) - ex. http://myqol.com 

2. Domain Name Server on internet translates the domain name (http://myqol.com) into the ip address (96.31.43.8) that you bought from GoDaddy. GoDaddy takes ip address (96.31.43.8) and passes the request to Name Servers on DiscountAsp: ns1.discountasp.net, ns2.discountasp.net, ns3.discountasp.net 

3. DiscountAsp NameServers do port forwarding to translate the ip address you bought from GoDaddy (96.31.43.8) to a unique local ip address on DiscountAsp (192.168.5.94) 

4. Local address (192.168.5.94) on DiscountAsp points to your website hosted in IIS and that connects you to the folder where you Published, Web Copy-ed, or FTP-ed your website 

5. The Http.Request for a page reaches IIS on the DiscountAsp server (this is known as the server machine - hence, that is why the architecture is referred to as being client-server). The TCP/IP connection on the server was in the "listening" state, but now the connection state is changed to being "established." IIS checks to see if you have the authority to access the page. 



Initial Http.Response: 

If you do have the authority, the web server executes the code behind instructions to construct a web page and sends it to the ip address of the computer that requested the page 

Three Possible Scenarios after Initial Http.Request: 

Scenario #1 Request: you hover your mouse over a field 

Scenario #1 Response: javascript on the page that was sent to your browser executes without returning to the server and displays a tool tip on the page very efficently. 

Scenario #2 Request: you click on a button that is contained within in a ajax panel. 

Scenario #2 Response: javascript on the page only sends the information in the ajax update panel to the server and the server does whatever your code behind tells it. This allows the server to return a response without doing a full postback and without returning everything on the page - this is more efficient than doing a full postback 

Scenario #3 Request: you click on a submit button for a form that is not contained in ajax panel. This sends all the info on the page to the server in Http.Request 

Scenario #3 Response: Full PostBack Occurs: 

1. The server executes your code-behind instructions to do whatever is needed. For example, the code-behind instructions may cause the server to execute instructions to send commands to SQL Server that will insert the information in the form into the database. Once all the commands in the code-behind are executed the server sends back a Http.Respone with any information updated that the code behind said to update - for example, labels on the web form may be modified to indicate the update was successful 

2. The Http.Request and Http.Response are now complete and the transaction is over until you initiate another one with the mouse or keyboard. 

3. When you navigate away from the website, the TCP/IP connection changes from being in the "established" state to being "closed."

Tuesday, November 15, 2011

Hosts file to Create Browser Shortcuts

Use Windows Hosts file to Create Browser Shortcuts

Never type www.google.com again!

This tip by itself can save you enough time to allow you to read all the other tips in their entirety.

Windows operating systems have a file called hosts that allows you  connect any domain name to an ip address. For example, you can connect the letter g to the ip address for google and that will allow you just type g in the browser address bar to get to google.  Here are the steps you would take to do this:

Step 1: Find ip address for website - use this link to find the ip address for www.google.com - one ip address for google is 209.85.149.103

Step 2: Use NotePad to edit C:\Windows\System32\drivers\etc\hosts   - add a new line in the file that looks like this: 209.85.149.103 g

Step 3: Type g in your browser address bar - it should take you to google. If you are using internet explorer and it does not work, click on settings in upper right-hand corner of browser; select manage add-ons; select search providers; then disable search suggestions.

Notes: - In addition to creating shortcuts to save time, you can use the windows hosts file to access a new domain name you have bought before it has had time to propagate throughout the internet.

Monday, November 14, 2011

Read Object Data from an XML File

This example reads object data that was previously written to an XML file using the XmlSerializer class.



public class Book
{
public String title;
}

public void ReadXML()
{
System.Xml.Serialization.XmlSerializer reader =
new System.Xml.Serialization.XmlSerializer(typeof(Book));
System.IO.StreamReader file = new System.IO.StreamReader(
@"c:\temp\SerializationOverview.xml");
Book overview = new Book();
overview = (Book)reader.Deserialize(file);

Console.WriteLine(overview.title);

}


Protect your privacy on the Internet

Your privacy on the Internet depends on your ability to control both the amount of personal information that you provide and who has access to that information. To read about how your information gets on the Internet and how it is used,

Follow the practical advice below to help increase your privacy online.

Think before you share personal information

First, read the website's privacy policy
Privacy policies should clearly explain what data the website gathers about you, how it is used, shared, and secured, and how you can edit or delete it. (For example, look at the bottom of this and every page on Microsoft.com.) No privacy statement? Take your business elsewhere.
Do not share more than you need to
  • Do not post anything online that you would not want made public.
  • Minimize details that identify you or your whereabouts.
  • Keep your account numbers, user names, and passwords secret.
  • Only share your primary email address or Instant Message (IM) name with people who you know or with reputable organizations. Avoid listing your address or name on Internet directories and job-posting sites.
  • Enter only required information—often marked with an asterisk (*)—on registration and other forms.
Choose how private you want your profile or blog to be
Modify Windows Internet Explorer or website settings or options to manage who can see your online profile or photos, how people can search for you, who can make comments on what you post, and how to block unwanted access by others.

Monitor what others post

  • Search for your name on the Internet using at least two search engines. Search for text and images. If you find sensitive information on a website about yourself, look for contact information on the website and send a request to have your information removed.
  • Regularly review what others write about you on blogs and social networking websites. Ask friends not to post photos of you or your family without your permission. If you feel uncomfortable with material such as information or photos that are posted on others' websites, ask for it to be removed.


Guard your information

Protect your computer
You can greatly reduce your risk of online identity theft by taking these three steps to protect your computer:
  1. Use an Internet firewall.
    Note Windows 7, Windows Vista, and Windows XP with Service Pack 2 and Service Pack 3 have a firewall already built in and automatically turned on.
  2. Visit Microsoft Update to verify your settings and check for security updates.
    Note Microsoft Update will also update your Microsoft Office programs.
  3. Subscribe to antivirus software and keep it current. Microsoft Security Essentials is a free download for Windows 7, Windows Vista, and Windows XP. For more information, see Help protect your PC with Microsoft Security Essentials. For more information, see How to boost your malware defense and protect your PC.
Create strong passwords
Strong passwords are at least 14 characters long and include a combination of letters (both upper and lower case), numbers, and symbols. They are easy for you to remember but difficult for others to guess.
  1. Don't share your passwords with friends.
  2. Avoid using the same password everywhere. If someone steals it, all the information that password protects is at risk.
TipTip Learn how to create strong passwords.
Save sensitive business for your home computer
Avoid paying bills, banking, and shopping on a public computer, or on any device (such as a laptop or mobile phone) over a public wireless network.
TipTip Internet Explorer can help erase your tracks on a public computer, leaving no trace of specific activity. For more information, see InPrivate: Frequently asked questions.

Protect yourself from fraud

Spot the signs of a scam
Watch for deals that sound too good to be true, phony job ads, notices that you have won a lottery, or requests to help a distant stranger transfer funds. Other clues include urgent messages ("Your account will be closed!"), misspellings, and grammatical errors.
  1. Think before you click to visit a website or call a number in a suspicious email or phone message—both could be phony.
  2. Be cautious with links to video clips and games, or open photos, songs, or other files—even if you know the sender. Check with the sender first.
Look for signs that a web page is safe
Before you enter sensitive data, check for evidence that:
  1. The site uses encryption, a security measure that scrambles data as it crosses the Internet. Good indicators that a site is encrypted include a web address with https ("s" stands for secure) and a closed padlock beside it. (The lock might also be in the lower-right corner of the window.)
    Missing
  2. You are at the correct site—for example, at your bank's website, not a phony website. If you are using Internet Explorer, one sign of trustworthiness is a green address bar like the one above.
Use a phishing filter
Find a filter that warns you of suspicious websites and blocks visits to reported phishing sites. For example, try the SmartScreen Filter included in Internet Explorer.
Help detect potential fraud
In the United States, you are entitled to one free credit report every year from each of the three major U.S. credit bureaus: Experian, Equifax, and TransUnion. Get them by visiting AnnualCreditReport.com.

Sunday, November 13, 2011

Object Data to an XML File

This code example defines a class named Book, creates an instance of the class, and uses XML serialization to write the instance to an XML file.


public class Book
{
public String title;

}

public void WriteXML()
{
Book overview = new Book();
overview.title = "Serialization Overview";
System.Xml.Serialization.XmlSerializer writer =
new System.Xml.Serialization.XmlSerializer(typeof(Book));

System.IO.StreamWriter file = new System.IO.StreamWriter(
@"c:\temp\SerializationOverview.xml");
writer.Serialize(file, overview);
file.Close();
}





Security in Internet Explorer 9

Online threats usually fall into one of three categories:

  • Attacks on you (socially engineered attacks)
  • Attacks on your computer, web browser, or add-ons to your web browser.
  • Attacks on websites (for example, cross-site scripting)
Windows Internet Explorer 9, the newest version of the Microsoft web browser software, helps better protect you from these threats. Internet Explorer 9:
  1. Provides a better warning system for potentially dangerous downloads. A new feature, Application Reputation, helps you to make safer decisions when you download content from the Internet.
    It uses available reputation data to prevent unnecessary warnings for programs with established reputations. It also shows a warning only when a download carries a higher risk of being malicious.
    Security in Internet Explorer 9 - Application Reputation
  2. Filters content that might be dangerous. The ActiveX Filtering feature allows you to choose which websites can run ActiveX controls. By allowing ActiveX controls only on the sites you trust, you can reduce the number of ways cybercriminals can harm you.
    Security in Internet Explorer 9 - ActiveX Filtering
  3. Helps you avoid phishing scams and malware. SmartScreen Filter in Internet Explorer 9 helps protect you from websites that are suspected of hosting malicious content. When the SmartScreen Filter detects that a site may be unsafe, you will see an alert that will give you recommended actions. For more information, see SmartScreen Filter: Frequently asked questions.
  4. Protects your privacy from online tracking. Many websites use technology that tracks your activities as you browse the Internet. Internet Explorer 9 introduces Tracking Protection, a feature that helps to protect your privacy from third-party online trackers.
    You can install a Tracking Protection List from a provider you trust or enable your personalized list. Internet Explorer 9 uses the Tracking Protection Lists as a guide to block or allow third-party tracking.
    Security in Internet Explorer 9 - Tracking Protection
  5. Helps protect against cross-site scripting attacks. Cybercriminals look for vulnerabilities in website code so that they can insert malicious scripts which gather private information about site visitors.
    Cross-site scripting vulnerabilities are an example of what these criminals try to find. Once they exploit the vulnerability, they can hijack your web account, monitor your keystrokes, and perform unwanted actions on your behalf. Internet Explorer 9 can identify certain types of such attacks and neutralize them by blocking their malicious code.

Saturday, November 12, 2011

Email and web scams Protection

Email and web scams: How to help protect yourself

When you read email or surf the Internet, you should be wary of scams that try to steal your personal information (identity theft), your money, or both. Many of these scams are known as "phishing scams" because they "fish" for your information.
On This Page

How to recognize scams

New scams seem to appear every day. We try to keep up with them in our Security Tips & Talk blog. To see the latest scams, browse through our fraud section. In addition, you can learn to recognize a scam by familiarizing yourself with some of the telltale signs.
Scams can contain the following:
  • Alarmist messages and threats of account closures.
  • Promises of money for little or no effort.
  • Deals that sound too good to be true.
  • Requests to donate to a charitable organization after a disaster that has been in the news.
  • Bad grammar and misspellings.
For more information, see How to recognize phishing emails and links.

Popular scams

Here are some popular scams that you should be aware of:
Scams that use the Microsoft name or names of other well-known companies. These scams include fake email messages or websites that use the Microsoft name. The email message might claim that you have won a Microsoft contest, that Microsoft needs your logon information or password, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.) For more information, see Avoid scams that use the Microsoft name fraudulently.
Lottery scams. You might receive messages that claim that you have won the Microsoft lottery or sweepstakes. These messages might even look like they come from a Microsoft executive. There is no Microsoft Lottery. Delete the message. For more information, see What is the Microsoft Lottery Scam?
Rogue security software scams. Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not. For more information, see Watch out for fake virus alerts.

How to report a scam

You can use Microsoft tools to report a suspected scam.
  • Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
  • Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
  • Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it to reportphishing@antiphishing.org. To learn how to attach an email message to an email message, see Attach a file or other item to an email message.
You can also download the Microsoft Junk E-mail Reporting Add-in for Microsoft Office Outlook.

What to do if you think you have been a victim of a scam

If you suspect that you've responded to a phishing scam with personal or financial information, take these steps to minimize any damage and protect your identity.
  • Change the passwords or PINs on all your online accounts that you think might be compromised.
  • Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.
  • Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
  • If you know of any accounts that were accessed or opened fraudulently, close those accounts.
  • Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't initiate.

Identity theft protection tools to help you avoid scams

Microsoft offers several tools to help you avoid phishing scams when you browse the web or read your email.
  • Windows Internet Explorer. In Internet Explorer, the domain name in the address bar is emphasized with black type and the remainder of the address appears gray to make it easy to identify a website's true identity.
    Identify fake web addresses
    The SmartScreen Filter in Internet Explorer also gives you warnings about potentially unsafe websites as you browse. For more information, see SmartScreen Filter: frequently asked questions.
  • Windows Live Hotmail. Microsoft's free webmail program also uses SmartScreen technology to screen email. SmartScreen helps identify and separate phishing threats and other junk email from legitimate email. For more information, see SmartScreen helps keep spam out.
  • Microsoft Office Outlook. The Junk E-mail Filter in Outlook 2010, Outlook 2007, and other Microsoft email programs evaluates each incoming message to see if it includes suspicious characteristics common to phishing scams. For more information, see How Outlook helps protect you from viruses, spam, and phishing.
<