I am sure that many of us use PaintShop Pro. I have since version 4,though I stopped upgrading after version 7 as it has about 4 gazillion times more things in it than I need.

I found it interesting news that Corel acquired Jasc Software (announced today – all users received an email).

After 2 years of just giving up on updating my .net apps through the web server, I finally went to patterns and practices guru, Chris Kinsman who helped me figure out how to combine a feature from the AppUpdater component (that is unavailable in the Application Block) with a feature from the Application Block (that is unavailable in the component).

Basically I wanted to be able to update on demand, before my application loads and then not do any updating after that while the application is running. In addition, I wanted my updater to be able to discover dll’s that it would not be able to identify through reflection within the execution path. These dll’s are randomly added to the application and are loaded dynamically.

So – Chris worked out that part of it, whipped up some code for me, and I have been working out the problem of incorporating this into my application so that I can go through this process:

1) user starts up the app by way of the stub application (the appupdater program)

2) user logs in using WSE2 for authentication and authorizaton 🙂

3) upon being properly authorized, the app updater component does it’s job, checking for updates and downloading them. If the user is unrecognized, it just fails. If the authorization returns some “interesting“ information about the user, something “interesting“ will happen to the application on the client machine.

4) the app udater then fires up the latest version of the program I want to run

Sounds simple – and in hindsight it will be, but it has been a bear! At some point, I will dig in to Chris’ code to see what magic he worked to make the app block deal with my needs, but for now I am just happy that I have the update working!

Most of my difficulties with implementing the solution he sent revolved around the fact that the basic setup for the application block is dependent on local host. So I had some setup and configuration problems and then had to understand how to use the manifest utility to create and ecrtypted manifest that actually uses digital signing to verify the downloads to the client.

It is completely senseless to remain stuck on a problem and be so bull-headed to think that additional instances of whacking your skull on a brick wall is going to somehow solve the problem. There are some incredible resources available in our community to sub-contract even for little pieces of expertise. Chris has proven to be one of those people I know I can turn to help me solve some problems that I just don’t have the skill or knowlege for.

This is from the policy tracing file created by my client where I am fiddling around and trying to use policy to sign with a use usernametoken. Here’s a screenshot and then just a copy/paste so you can read the actual message. My point here is not to get help ,but to show you the level of detailed information that is output by WSE2 so that if you need to do some problem solving, you’ve got gobs of info. Pretty educational stuff.

<wset:message action=”http://tempuri.org/GetUserInfoInit” messageId=”uuid:ef64131b-543d-4df6-a50e-ec90cd6a6e5d” appDomain=”FieldApplication_TESTS_UI.exe” time=”2004-09-28T11:21:45.7968275-04:00″>

<wset:compile qname=”wsp:Policy” wsu:Id=”#Sign-Username-1″ usage=”Required” canEnforce=”true”>

<wset:compile qname=”wsp:MessagePredicate” usage=”Required” canEnforce=”true” />

<wset:compile qname=”wssp:Integrity” usage=”Required” canEnforce=”true”>

<wset:annotation>Looking for a satisfactory token in the current message’s token collection…</wset:annotation>

<wset:annotation>Looking for a satisfactory token in policy enforcement token cache…</wset:annotation>

<wset:annotation>DerivedKeyTokenAssertion will never be satisfied with existing tokens during compilation or enforcement. Not satisfied with this token: Id=SecurityToken-8e8a551b-5120-4506-902b-8e3abd171fef, Type=UsernameToken</wset:annotation>

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching is set to false in the token manager registered for this token type. We will assume this assertion is enforceable. Failures will be revealed during enforcement.</wset:annotation>

</wset:compile>

</wset:compile>

<wset:enforce qname=”wsp:MessagePredicate” usage=”Required” satisfied=”true” enforced=”false” />

<wset:enforce qname=”wssp:Integrity” usage=”Required” satisfied=”false” enforced=”true”>

<wset:annotation>Looking for a satisfactory token in the current message’s token collection…</wset:annotation>

<wset:annotation>Looking for a satisfactory token in policy enforcement token cache…</wset:annotation>

<wset:annotation>DerivedKeyTokenAssertion will never be satisfied with existing tokens during compilation or enforcement. Not satisfied with this token: Id=SecurityToken-8e8a551b-5120-4506-902b-8e3abd171fef, Type=UsernameToken</wset:annotation>

<wset:annotation>Invoking ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token manager registered for this token type.</wset:annotation>

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching is set to true in the token manager registered for this token type. A token will be loaded from the token manager and cached for subsequent message enforcement.</wset:annotation>

<wset:annotation>Invoking ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token manager registered for this token type.</wset:annotation>

<wset:annotation>Could not find a security token.</wset:annotation>

<wset:annotation>Looking for a satisfactory token in the current message’s token collection…</wset:annotation>

<wset:annotation>Looking for a satisfactory token in policy enforcement token cache…</wset:annotation>

<wset:annotation>Found a token: Id=SecurityToken-0090e2a4-7f5e-4279-8292-6fcdc78a78f2, Type=UsernameToken</wset:annotation>

<wset:annotation>Found a token: Id=SecurityToken-2013f98e-5994-4a8b-87ed-2b80ade897f6, Type=DerivedKeyToken</wset:annotation>

</wset:enforce>

</wset:message>

(slaps herself in the forehead!)

I have been dancing circles around the fact that my client side policy was being totally ignored and I couldn’t get a trace file generated from WSE2 either.

Doh! I was configuring the component that was doing the web service call, but the configuration info needs to be with the main app!

I know this, but I suppose I have been too determined that I was doing something wrong in my WSE2 setup to have thought of it. So it’s here for future googlers.

This isn’t lookin’ good. It seems I may have to hand code my policies after all since my web service is not on localhost. When you click okay on this message you get a second one and finally enable policy flag gets unchecked. I’ve been trying to trick it, by creating the PolicyCache.Config file, by editing the web.config and more, but to no avail.

update ..and if I manually create a policy file, whether I name it with the extention config or xml, if I do anything in the wse2 settings config tool and save them (even if they have nothing to do with policy), the <cache name=“myconfigfile.xml“/> gets removed from the <policy> tags in my web.config. This can’t be right. I must be doing something wrong.

Stay by that phone! Your parents/friends/aunts/neighbors are bound to be calling soon! 🙂

I just checked my link on the previous post to Mindreef’s site, and was suprised to see that the version just changed from 3.0 to 4.0 since I looked at the site last week. Copying & pasting a list of new features as I have not had time to look more carefully yet!

• SOAPscope Workspace: Gather Web services resources for a particular test or problem. Focus on the relevant resources viewing, testing, analyzing and annotating within the workspace environment.
• SOAPscope Packaging: Workspaces may be saved to a package file for archival and sharing. Use Packaging to create artifacts of your testing process or capture and share problems between customers, support, operations, test, and development.
• WSDL Closures: WSDL documents may reference other documents, which may also reference documents. The complete hierarchy is called a WSDL closure. SOAPscope 4.0 is the first tool that can compare, analyze or graphically view a WSDL closure.
• Testing Secure Services: WSDL Invoke and Message Resend can now utilize SSL client certificates for mutual authentication. WS-Security compliant user and password header info can be included when invoking or resending messages.
• Support for New Standards and Technologies: Industries first product to support test against the newest WS-I standards including the WS-I Basic Profile 1.1 and WS-I Attachments Profile 1.0. Attachments support includes features to test, debug and support services that employ SwA/MIME attachments.
• Eclipse 2.x/3.0 Plug-in Support: Use SOAPscope directly within the popular Eclipse IDE without having to leave the IDE. New support for Eclipse 2.x makes the plugin available to a broader audience.
• Improved Scalability: As the sophistication of Web Services increases customer demands on SOAPscope are scaling as well. Release 4.0 is tuned for better thoughput, memory utilization, reliability and performace to meet the growing demands of our customers.

Fingerprint security on new Microsoft keyboards! (via whatisnew.com)

but somehow it made me think of this post…

So I took advantage of the Free for One Year offer of Computers Assoc. ETrust EZ Antivirus that you can get when you install XP SP2 (seems to be if there isn’t already an anti-virus app on your system).

I noticed a week ago that I hadn’t in fact gotten any updates. The reason was timing. The EZAV software was starting up and running at the same time that my wireless was starting itself up. EZAV is faster and therefore trying to download the updates before I had internet access. But there were no messages that I noticed. I finally saw it in the log files “Could not contact webserver…” and nothing ever downloaded. Over and over again.

So I have to remember to do this manually now.

Peter Blum has taken his great know how with asp.net server controls and validation and combined that with the awesome lessons we have learned about securing ASP.NET websites, to create “Visual Input Security” tools (and it’s clever nickname: VISE). I haven’t had a chance to play with them yet, but did spend some time looking at the extensive and educational manual which kept making me go “wow!“

The basics:Visual Input Security™ is a formidable defense against SQL Injection, Script Injection (Cross Site Scripting), Input Tampering, and Brute Force attacks on your ASP.NET web sites.

The tools allow the flexibility of everything from locking down a whole page to explicitly defining how to secure individual controls.

There’s a demo and even 30 day guarantee on the product.

I plan to retro-fit one of my client’s sites with these.

btw – the peterblum.com website got a design overhaual and looks awesome – I love the logo – nice job all around Peter!!