Problems using anti-forgery token

January 27, 2017

ASP.Net MVC provides an anti-forgery mechanism using the methods @Html.AntiForgeryToken() and the [ValidateAntiForgeryToken] attribute.

I developed a web application using this mechanism for login, as the MVC template automatically provides this code. It worked fine using Chrome, but when I tried out the application in Internet Explorer, a couple of errors occurred relating to it:

Anti-forgery token is meant for user “” but the current user is “username”

The provided anti-forgery token was meant for a different claims-based user

The different answers on SO and various blogs offered no solution:

  • setting AntiForgeryConfig.SuppressIdentityHeuristicChecks to true
  • exchanging the anti-forgery token
  • changing AntiForgeryConfig.UniqueClaimTypeIdentifier

The solution that finally worked destroys the current ASP.Net session and signs out if the user is currently logged in:

[AllowAnonymous]
public ActionResult Login(string returnUrl)
{
  Session.Abandon();
  if (AuthenticationManager.User.Identity.IsAuthenticated)
    AuthenticationManager.SignOut();
  ViewBag.ReturnUrl = returnUrl;
  return View();
}

Viewing ELMAH Logs of multiple applications

January 26, 2017

I recently added ELMAH and ELMAH.Mvc to a couple of web applications, and configured them to log into the same MSSQL database.

The table ELMAH_Error distinguishes the source of error in the columns Host (storing the host name of the web application) and Application (storing the IIS Configuration Path of the web application, for explanations see e.g. here).

By default, the /elmah handler only displays the error messages of the current application.

However, I wanted to see the errors of all ELMAH-enabled applications.

After some research into the C# code and the MSSQL database, the solution is surprisingly simply:

  • Create a new database, e.g. “elmah-read”
  • Create synonyms to the original table and the logging SP (we won’t really need this SP)
CREATE SYNONYM ELMAH_Error FOR Elmah.dbo.ELMAH_Error 
GO
CREATE SYNONYM ELMAH_LogError FOR Elmah.dbo.ELMAH_LogError 
GO
  • Copy the stored procedure [dbo].[ELMAH_GetErrorXml] and remove the @Application from the WHERE clause
WHERE [ErrorId] = @ErrorId
 --AND [Application] = @Application
  • Copy the stored procedure [dbo].[ELMAH_GetErrorsXml], removing the @Application from the WHERE clauses, and extending the selected [host] column
 SELECT 
  errorId = [ErrorId], 
  application = [Application],
  host = [Host] + ' ' + 
    RIGHT( [Application], CHARINDEX( '/', REVERSE( [Application] ) + '/' ) - 1 ),
  • Create an empty ASP.Net Web Application in VS, add Elmah Core Library and Elmah.Mvc from NuGet, and configure the connection string as in the original web applications
  • To allow remote access to the log viewer, add in web.config:
<elmah>
      <security allowRemoteAccess="true"/>
</elmah>
  • Don’t forget to properly configure the Authentication feature of the log viewer application in IIS
  • Run

Fixing “The media could not be played.”

January 17, 2017

Firefox would not play embedded videos on Twitter. At first it displays the video’s preview image, but as soon as the video is loaded, it replaces the preview image with a black box containing the simple message

The media could not be played.

Now my browser has the FlashBlock add-on installed, and it could be the culprit.

So I checked the network traffic, and found the following domains to be involved:

  • twitter.com
  • abs.twimg.com for static content, such as gif, css, js
  • pbs.twimg.com for profile thumbnails
  • video.twimg.com for mp4’s

Adding video.twimg.com to FlashBlock’s whitelist did not change the behavior.

Whichever whitelisting semantics is built into FlashBlock, adding twitter.com solved my problem, and embedded videos now also play on Twitter.

 

 


Fixing PDFSharp hangs

January 12, 2017

To analyse a couple of PDF files whether they contain only images, I used the latest release build of PDFsharp, version 1.32.

However, when processing a certain file (of unknown origin) using code found in an SO answer

public static IEnumerable ExtractText(this PdfPage page)
{       
    var content = ContentReader.ReadContent(page);      
    var text = content.ExtractText();
    return text;
}   

the ExtractText() function simply would not return.

I upgraded to the most current build 1.50 beta 3, included the source in my project, and ran it in Debug mode, where execution halted in the file PDFsharp\src\PdfSharp\Pdf.Content\CParser.cs line 163 failing an assertion:

#if DEBUG
    default:
        Debug.Assert(false);
        break;
#endif

Without digging too deep into the analysis of PDF files, it was clear that the PDF contained a CSymbol that is not being handled by the library, and thus (most likely) ended up in an infinite loop inside CParser.ParseObject().

I fixed this by replacing the Debug.Assert statement with

        throw new Exception("unhandled PDF symbol " + symbol);

which fixed the situation for me.


Software Inventory: Firefox Extensions

October 24, 2016

Privacy

FoxyProxy Standard

Ghostery

Hide My IP

Content

Block site

Flashblock

Video DownloadHelper

Bookmark Management

Go Parent Folder

Show Parent Folder

Development

Quick Locale Switcher

Most of the functionality of previous developer’s extensions Firebug and Web Developer seems to be included in standard Firefox.

Screenshots

Screengrab (fix version)

Session Management

Session Manager

 


Retrieving the List of Installed Programs in Windows 7

October 14, 2016

The Programs and Features view in the Windows Control Panel does not provide a means to export the list of installed programs as a text file.

A quick web search brought up the information that the information about installed software resides under the registry key

HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall

or, on 64-bit systems, under

HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

(Source: social technet, Scripting Guy, HowToGeek, SuperUser)

PowerShell kann enumerate the information under these keys using the Get-ItemProperty commandlet. You can retrieve the PS properties of this data using the Get-Member commandlet.

So the first PS command to retrieve this list is

Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*

However, Control Panel does not display the registry entry if

  • its DisplayName is empty or not set
  • its UninstallString is empty or not set

which results in the command

Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | 
where-object {$_.DisplayName -and $_.UninstallString }

To retrieve the programs directly in PowerShell ISE, we can simply use the Format-Table commandlet

Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | 
Where-Object {$_.DisplayName -and $_.UninstallString } | 
Select-Object Publisher, DisplayName, DisplayVersion, InstallLocation, InstallDate, URLInfoAbout, UninstallString | 
Sort-Object Publisher,DisplayName | 
Format-Table

To output to a file for further processing in Excel, export to a .csv file like this

Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | 
Where-Object {$_.DisplayName -and $_.UninstallString } | 
Select-Object Publisher, DisplayName, DisplayVersion, InstallLocation, InstallDate, URLInfoAbout, UninstallString | 
Sort-Object Publisher,DisplayName | 
Export-Ssv -delimiter "`t" -encoding "unicode" c:\temp\installed.csv

Software Inventory: Chrome Extensions

October 13, 2016

Screenshot

Awesome Screenshot

FireShot

Full Page Screen Capture

Developer Tools

J CSS Reload

Page load time

Quick Javascript Switcher

Window Resizer

Viewport Dimensions

Tabs and Sessions

Session Buddy

Tab Ahead

Tab-Snap

The Great Suspender

Other

Google Translator

Ghostery