Fernando has just announced the release of DeKlarit 4.5 for Visual Studio 2008. It is a release candidate version but I'd say it's pretty stable so go ahead, download it and start working with it.
Keep in mind that the version Fernando uploaded here is just for VS2008, we will release a DeKlarit 4.5 for VS2005 with the same functionality the one for 2008 has in a few days. DeKlarit 4.5 will probably be the last version for VS2005 we will ship, we'll keep updating the VS2008 version so start planning your migration.
If you have DeKlarit 4.3 or prior on your machine you can install 4.5 for VS2008 without the need to uninstall 4.3. The whole idea is to have your VS2005 with DK 4.3 now (4.5 for VS2005 in a few days) and DK 4.5 for VS2008 in the same box.
To migrate to VS2008 just install DeKlarit 4.5 for VS2008, create a new DeKlarit project and import your components from your model. The import and export process are the same to previous versions so you can export from VS2005 and import in VS2008 and vice versa with no problems.
Read Full Post
Summary only...
Today I read an interesting article comparing Mac and Windows's flaws in 2007 and I wanted to share it. I don't trust these comparisons that much cause I really don't know the guy. Also, I don't know the place where the stats are taken from, even though he says they are impartial, maybe is well know Mac center and not so known for Window users.
All I know is that Alejandro bought a Mac and he's happy as kid with his new toy. The only problems he found (that I know of) are related with the Windows partition, which he got rid of.
Read the full article here: http://blogs.zdnet.com/security/?p=758
Read Full Post
Summary only...
I worked so hard on this that I thought I might share the final product with everybody.
Start here and download Michele's book's Appendix A, I know you want to start right away, but you need to read the whole chapter before you do. This chapter will help you install the security database and setting up your certificates. After reading that you can go ahead and download the projects I worked on. Here's the web application where the services are hosted and here's the client. Make sure you load them with VS in the same solution (these are for VS2005).
Keep in mind you'll have to change all the endpoint's url.
The web application also has a web service and an aspx page to test your credentials, so when you run the client you'll set up credentials you know are correct. If you can't log in using the aspx page, do not try to run the WCF client... it won't work.
Read Full Post
Summary only...
No, it's not Santa. I mean Santa is coming but he's not who I'm talking about... I'm talking about DeKlarit 4.5 for Visual Studio 2008. We are in our latest tests so expect it in a couple of weeks.
DeKlarit 4.5 has a few fixed bugs, many improvements our customers asked us for and a fully functional WCF addin letting you choose where to host your services and integrating the DeKlarit Security Database for authentication and authorization.
Here's a little preview :)
Read Full Post
Summary only...
I've been working in the DeKlarit's WCF addin for a long time now, and lately I've been trying to implement the security features. Security in WCF is "pretty easy", first of all cause by default, everything is secured. The problem comes when you want to move things around.
DeKlarit uses ASP.Net Membership Provider to implement security in its addin's generated applications. So I needed to bind WCF Security with our Membership Provider implementation in order to secure the communication between applications (client and services). Once I'd set everything up I got an error on the client side saying: "An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail." and the inner exception had the message: "At least one security token in the message could not be validated." :(
I googled around about these issues with no luck. I also opened many threads at the Indigo forum about it but nobody seemed to know what was it about. And I can't blame them, cause the problem was that I was missing the applicationName attribute in the membership provider configuration. It had nothing to do with WCF but the message I got was not clear enough. According to some people at the Indigo forum that was done on purpose, so an attacker wouldn't get much information about what's going on at the server side. The problem comes when the attacker is the developer trying to get in :)
So there!, if you come to those messages check everything in your config files cause it could be anything.
Read Full Post
Summary only...