Skip to content

Switching to Windows Azure

The annoying sound of the alarm clock crying for attention at 5:00am in the morning woke me up. Everybody in my house was still sleeping, after all it is summer and it was just 5 in the morning! For a moment I thought about going back to sleep and forget about the reason I setup the alarm at such an early time, especially after going to bed around 3am, just a few hours earlier.

About 30 minutes later I was outside and in my car, and I started to drive on IH35, heading north, I was on my way to Dallas to attend a Microsoft Azure Summit. For a while I have been thinking about using Azure for my software startup but have been avoiding it since other cloud solutions offered by Amazon and Rackspace have been sufficient to host a few web applications and image files. The reason I have been avoiding Azure is because the first time I tried it, almost two years ago, I was disappointed with it for various reasons, the product didn’t seem to be ready, it lacked many basic features and there was not enough documentation. I have been using Amazon S3 for file storage and Rackspace’s Cloud Servers for my web servers and database.Continue Reading →

My Facebook feed is starting to look like my inbox back in the late 90s…

Remember back in the day when everyone started to get into email and sharing messages and photographs was the main reason to use email? It was a new way of communication and sharing personal information and pictures was a cool and painful thing to do. It was painful because images took a while to download with the modems we used to receive these email messages.

Today, most of my Facebook “friends” are family members and close friends, I don’t follow or “friend” people I don’t know personally. For a while, Facebook has been a great source to reconnect with old friends and distant family members. We’ll share photos, messages, comments, etc… However, in the past few months it seems as if most of my Facebook contacts have been attracted or pulled into those non-useful messages that ask you to “like” an image featuring a handicapped person, or a hungry kid, etc…

The “Like This” Chain Status

This is so much like those old “chain mail” campaigns that always have something somewhere telling you to email this or else! This is very unfortunate and expected at the same time, my Facebook feed has reached the point where it looks a lot like my Hotmail account when most of my family and friends started using email and sharing the same things I see in Facebook now like jokes, “funny” photographs they find in the interwebs, “chain mail” like status updates, invitations to play stupid games, etc…

Facebook latest updates are not helping with this, the way the default sort works helps these junk messages to show up on top of my feed as they are the ones with the most comments and likes making them the “top stories” making my Facebook feed unreadable and full of junk information. Yes you can change the sort of your feed, and you can block certain type if updates and invitations, and even some friends that keep on pushing the junk content… and after a while you might even create a new Facebook account where you only connect with really close friends and family in order to avoid the junk information… just like we did with email years and years ago, but I refuse to believe Facebook has become the email of the 90s, and I don’t want to end up having multiple Facebook accounts.

I still have my Hotmail account and I cannot remember the last time I checked it. I know many of my family members and friends keep sending me online jokes, images and chain messages to that account, I am OK with that, I don’t use it anymore, it has become my catch-all junk email account.

Below is an example of the content I am talking about, notice the number of likes and shares…

What to do?

I guess Facebook could do something to help us better filter our feed or even better block those annoying updates that show up on your feed when one of your friends falls for it and click “Like” on even worst, decides to share it publicly. I mentioned above that this behavior and contamination of Facebook is expected, as it is with any network or service that reaches a point where the network effect is so powerful that eventually someone starts to abuse it in this manner. Facebook and all of its users will have a hard time eliminating these type of messages, first because Facebook’s success relies on people liking and sharing content and secondly because most of its users actually enjoy reading, viewing and sharing junk information, unfortunately.

This is a serious problem that is affecting many people who want to use FB to really connect with friends and share things that they care about, and not spend time cleaning and avoiding all these chain statuses which many people seem to enjoy liking and sharing. To see more examples and comments about these FB chain statuses, look at this Tumblr page, showing all messages regarding FB chain statuses.

For now we should just sit and wait to see what happens, in the meantime I am once again looking for a service that can offer image hosting and sharing, and that is easy to use so that my non-technical inclined friends and family members can once again share photos about our family events, kids, vacations, etc… in a platform that will allow us to control the privacy and sharing of our personal media, without bombarding us with ads and other junk content.

Peace out.

You are not a robot

As babies, we learn everything by getting to know our surroundings. We listen, we touch, we taste, we smell and we watch. Then we start pushing ourselves to try out something new every minute, every hour and every day. We are restless and never stop, we keep trying over and over again. Our nature is to be curious and imaginative, and at the same time we are very sensitive. As babies we cry, we are loud, we laugh and we get mad… and as adults we are always trying hard to hide these feelings, as if it was a bad thing.

As we grow, we distract ourselves from our surroundings with the so-called entertainment industry, we spent endless hours watching TV, sports, movies, social networks, etc… without paying attention to our surroundings and all the incredible things about it. And do not get me wrong, it is OK to do all these things as long as you also spent time to look around, meet real people, reading, writing and trying out new things.

It is human nature to be curious and creative, and yet we as a society always find ways to make sure we teach our kids not to try new things in the name of good behavior and uniformity, this is wrong. We teach our kids that using a pen with colorful ink at school is wrong, we teach our kids that drawing an elephant with the unnatural shape and using different colors is wrong… and yet we ask ourselves why creativity and innovation is so hard to find these days… I wonder why.

As kids we try hard to learn what we want, we don’t see anything as impossible, our mind is full of adventure and our imagination is at a maximum at all times… until we start going to school and between some teachers and parents we start to hear that all those things we think and believe in are not possible, we hear that to be a good person we need to be reasonable, that we need to think realistically and put our feet on the floor, we are told we need to be realistic… why?!

A while ago one of my sons who is now 10 years old came to me with a Lego car he had built using pieces from different Lego models including a brand new set I had bought for him just hours ago… my first reaction was to get upset because he had not followed the instructions in the Lego manual, I remember  telling him that what he did was not right. How could he have mixed all these pieces to create something that was not in a Lego manual? I was completely blind to the fact that my son was doing what kids do, using his imagination to create something, without following any rules or instructions, just creating something that he liked. He was being creative. I soon realized my mistake, apologized and suggested him to continue building this car anyway he wanted, I told him how much I liked the idea of him creating something with Legos that did not look nothing like the models from which these pieces came from. He smiled.

In most schools our kids are taught to follow directions and to memorize things… they get used to an environment where uniformity is the rule and any sign of creativity is usually seemed as disruptive and it is discouraged rapidly.

That needs to change.

While at home, let kids use their imagination, let them be creative and try not to formalize the way they learn or interact, it is not easy but it is worth trying to offer them a better chance at not loosing their creativity and imagination as they transition into adulthood.

This is something you can also try achieving at work, everybody talks about innovation and creativity, and at the same time most companies don’t have an open mind about new services, products or internal procedures… innovation is something that can only be achieved by taking some risks and accepting change. It is very discouraging to work in environments where everything and everybody looks and acts in the same way or very similar. A place where showing personality and individualism is not allowed or it is discouraged by Human Resources departments usually in the name of wanting to have a “professional” environment.

Be different, be creative, be you. You are not a Robot.

OnTechies

This past month was very memorable for the world of tech and a very important day in Wall Street with Facebook’s IPO. A company who started in 2004 was worth $104 billion for one day, on paper. Underwriters valued the shares at $38 each, pricing the company at $104 billion, the largest valuation to date for a newly public company. On May 16, one day before the IPO, Facebook announced that it would sell 25% more shares than originally planned due to high demand. The IPO raised $16 billion, making it the third largest in U.S. history (just ahead of AT&T Wireless and behind only General Motors and Visa). The stock price left the company with a higher market capitalization than all but a few U.S. corporations – surpassing heavyweights such as Amazon.com, McDonald’s, Disney, and Kraft – and made Zuckerberg’s stock worth $19 billion. And this only lasted a day or two since the stock tanked shortly after and this morning it was at $31.74.

View original post 825 more words

Innovation

Innovation is an overused word and very often, not recognized for what it is or what it means but instead, for what each one of us wants to believe it means.

Innovation is not something you teach or buy; innovation is not something a consultant will find for you or much less help you create it. You cannot capture it. You cannot force it.

Innovation is a way of life for some people; it is the way some people see the world and the way they think and do things, from picking up groceries to creating a company.

When real innovation shows, most of us don’t even know it, it just happens. Focused on your craft and improving what you do, and innovation will show up.

Innovation is often dismissed by some of us because we often reject change or things that are different. When we don’t understand something, we commonly describe it as a bad idea or even as something foolish.

Innovation is all around us and if you are lucky enough to notice it, do not turn your back to it, be curious, have an open mind, and embrace it.

Cheers!

Ricardo.

 

 

How To: Secure your ASP.NET MVC application and use Active Directory as the Membership Provider

Securing your ASP.NET MVC application should be priority number one every time you start a new web application. Using the attributes Authorize and ValidateAntiForgeryToken in every controller and action is the only way to avoid any security holes. In this post, I’ll show you how to secure your ASP.NET application by implementing the AuthorizeAttribute and ValidateAntiForgeryTokenAttribute classes.

The basics

At the very least, you should add an [Authorize] attribute to every controller or controller Action in case you want some of the controller actions to be accessible by anonymous users. For example, you probably want ALL users to have access to the login and register actions of your web application.

By decorating the HomeController with the Authorize attribute (notice I did not specify any user role), the application will prevent any unauthenticated user from executing any of the actions in this controller.

[Authorize]
public class HomeController : Controller
{
  //...
}

The following is an example of decorating a controller action with the Authorize attribute, you want to do this when you only want to restrict access to some of the actions in a controller instead of all actions.

[Authorize]
public ActionResult Create()
{
  //...
}

Protecting against Cross-site request forgery attack (CSRF or XSRF)

The Authorize attribute offers protection that is sufficient in most cases. However, there is a security hole with this, and thus it opens your web application for a cross-site request forgery attack. For example, after a user logs into your site, the website will issue your browser an authentication token within a cookie. Each subsequent request, the browser sends the cookie back to the site to let the site know that you are authorized to take whatever action you’re making, so far everything is okay.

Here is the problem with only using the Authorize attribute, let’s say that a user is logged in to your website and then they go to a spam site by clicking on a link that points to another site which causes a form post back to your site… this is bad, your browser will send the authentication cookie to your site making it appear as if the request came from your website and initiated by an authenticated user when it really didn’t.

The above scenario is called cross-site request forgery and can be avoided by adding the ValidateAntiForgeryToken attribute available in the .NET framework, this attribute is used to detect whether a server request has been tampered with.

The first step is to add the ValidateAntiForgeryToken attribute to every Post Action as follows:

[HttpPost, Authorize, ValidateAntiForgeryToken]
public ActionResult Create()
{
  //...
}

The next step is to add the HtmlHelper method @Html.AntiForgeryToken() inside the form in your view.

The way the ValidateAntiForgeryToken attribute works is by checking to see that the cookie and hidden form field left by the Html.AntiForgeryToken() HtmlHelper essentially exists and match. If they do not exist or match, it throws an HttpAntiForgeryException shown below:

“A required anti-forgery token was not supplied or was invalid.”

By adding the ValidateAntiForgeryToken to your controller actions, your site will be prepared to prevent CSRF/XSRF attacks.

Implementing Forms Authentication using Active Directory (AD)

Often times you might run across a project where you need to authenticate users of your website using Active Directory credentials, the good news is that you can use the existing “Account” controller to achieve this, only a few modifications are necessary.

When you create a new MVC Web Application project and choose the Internet Application template, the Account controller is added to the project, you can use this controller with AD to authenticate your users. For the Account controller to work with AD we need to remove all Actions but the following:

  • Logon()
  • Logon(LogOnModel model, string returnUrl)
  • LogOff()

Your Account controller should look like the following after you remove the unnecessary Actions such as ChangePassword, Register, etc…

public ActionResult LogOn()
        {
            return View();
        }

        [HttpPost]
        public ActionResult LogOn(LogOnModel model, string returnUrl)
        {
            if (ModelState.IsValid)
            {
                if (Membership.ValidateUser(model.UserName, model.Password))
                {
                    FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
                    if (Url.IsLocalUrl(returnUrl) && returnUrl.Length > 1 && returnUrl.StartsWith("/")
                        && !returnUrl.StartsWith("//") && !returnUrl.StartsWith("/"))
                    {
                        return Redirect(returnUrl);
                    }
                    else
                    {
                        return RedirectToAction("Index", "Home");
                    }
                }
                else
                {
                    ModelState.AddModelError("", "The user name or password provided is incorrect");
                }
            }

            // if we got this far, something failed, redisplay form
            return View(model);
        }

        public ActionResult LogOff()
        {
            FormsAuthentication.SignOut();

            return RedirectToAction("Index", "Home");
        }

After this, go ahead and clean up the AccountModel as well so the only model class left is the LogOnModel:

public class LogOnModel
{
[Required]
[Display(Name = "User name")]
public string UserName { get; set; }

[Required]
[DataType(DataType.Password)]
public string Password { get; set; }

[Display(Name = "Remember me?")]
public string RememberMe { get; set; }
}

Lastly, add the following to the project’s web.config file:

adconnection

That is all! The first code snippet is the connectionstring to your Active Directory server and the second one is where we specify Active Directory as the application’s default membership provider.

Save your changes, hit Ctrl-F5 and login to your application using your domain/AD account.

Hopefully, this will help you get started to secure your ASP.NET web apps and show you a straightforward way to use ASP.NET’s membership services with Active Directory.

In this post, I show how to use Active Directory groups to restrict access to controller actions and make your application even more secure!

How to: Configure SQL Express to accept remote connections

This is a copy of the post that used to exist here for which I got some complaints since some people where still trying to read it when looking at an answer I wrote on StackOverflow a few years ago and the page was not there anymore. The above is an exact replica of the original post, hope it helps:

I just installed SQL express 2008 recently and wanted to use it for a test application that I have in a hosted server. I wanted for this application to connect to my local SQL express 2008 database but soon I found out I needed to do some adjustments for this to work. So this is what I did to make my local SQL express 2008 db accept remote connections.

  1. Go to Start – All Programs – Microsoft SQL Server 2008 – Configuration Tools – SQL Server Configuration Manager
  2. Select and expand the SQL Server Network Configuration node and then select your SQL express 2008 database. In the window to the right, right-click on TCP/IP and click on “Enable”.
  3. Once you have enabled the TCP/IP protocol, right-click on it and select Properties, go to the tab labeled “IP Addresses” and make sure you clear any values under TCP Dynamic Ports (even if it is 0, remove it), and then add a new port number on each one of the TCP Portproperties. In my case I used port 14330.
    Click Apply and OK.
  4. You now need to restart SQL express 08, to do this, select the SQL Services node in the same SQL Server Configuration Manager and the right-click on the name of your SQL express 08 instance and select restart. If you receive any errors trying to restart your server, go back to step 3 and make sure you did everything I mentioned, if the error keeps coming up, then use a different port number.
  5. Finally, you need to make sure a remote connection can be made to your SQL server, so we need to open the port you assigned on step 3 (in my case 14330) in your router and make sure Windows firewall and/or any other firewall accept incoming connections to this port.

That’s it! your SQL express 2008 server should be able to accept remote connections now. As always, make sure you take the appropriate steps to make sure your systems are secure.

Good Luck!