Tuesday, March 31, 2015

Github for Windows: Where can I find Git.exe?

Yesterday I mentioned an issue about Bower where Git.exe was not part of the PATH environment variable. Now if have installed msysgit , your path will be something like c:\program files\git\bin\ or c:\program files (x86)\git\bin. But what if you are using GitHub for Windows? In that case the correct path is little bit harder to find.

GitHub for Windows is using a portable version of msysgit.

To find the location of this portable version, open up windows explorer and go the following folder: %USERPROFILE%\AppData\Local\GitHub\

image

Inside this folder, you should find a folder PortableGit_<some guid> . Open up this folder. Inside you’ll find a bin folder with the git.exe:

image

Copy this path to your PATH environment variable.

Monday, March 30, 2015

Bower - ENOGIT git is not installed or not in the PATH

I’m currently switching from NuGet to Bower as my client side package manager. The process is not going as smoothly as I hoped. During the process I got a range of problems.

bower

One of the problems was that Bower throw the following error when I tried to install the Bower packages:

ENOGIT git is not installed or not in the PATH

clip_image002

This one is easy to fix, just add the path to Git.exe to the PATH environment variable.

image

Friday, March 27, 2015

Microsoft cloud IT architecture posters

Microsoft published a list of posters about the core infrastructure components of Microsoft cloud services and platforms.

“These architecture posters give you information about Microsoft cloud services and platforms, including Office 365, Microsoft Azure, private cloud datacenter, and hybrid on-premises and cloud solutions. IT decision makers and architects can use these resources to determine the ideal solutions for their workloads and to make decisions about core infrastructure components such as identity and security.”

Very useful if you want a quick, concise view of the Azure IT landscape.

image

Thursday, March 26, 2015

Multiple ‘Definitions of Done’

One of the signs of a good Agile team is that they have well defined ‘Definition of Done’. One thing that I learned over time is that you need multiple ‘Definitions of Done’ depending on the context(user story, release, sprint, and so on…).

Mitch Lacey did a blog post where he shared his Team “Done” List:

Lacey 1 Sampledonelist

Daniel Gullo goes even further and split the Definition of Done in 2 parts: Completion Criteria and Acceptance Criteria:

Completion criteria and acceptance criteria for user stories

What are your ‘Definitions of Done’?

Wednesday, March 25, 2015

Save time and disk space when using Git

By default Git will copy the full history when you clone a repository. This is one of the advantages of a distributed source control system as you have the full history locally. But what if you have a project that accumulated years of project history in your repository?

The solution is a shallow clone. A shallow clone allows you to clone a repository keeping only the latest n commits of history.

How can you do this? Just use the - -depth option:

git clone --depth depth remote-url

Remark: This can also save some time on your build server. Hint, hint…

Tuesday, March 24, 2015

Free Angular.js ebook

If you are new to Angular.js and want to learn the basics, I can recommend the free Angular Basics e-book. It covers everything you need to know to get started and best of all it includes a large list of editable and runnable examples…

image

Monday, March 23, 2015

ASP.NET MVC Identity–Registration

I was listening today to DotNetRocks episode 1109 with Troy Hunt, a well known security expert. In this episode Troy was sharing the following story(I summarized it):

“Some people claim that they have hacked DropBox or iCloud. But instead the only thing they did was trying out a list of available usernames and password(acquired from other hacks), until one of them works.

To make this more difficult for a hacker, it’s important that your application doesn’t expose any information if a specific email address is used inside your application or not. For example, on the login page when a user types a wrong email address to login, don’t say that the email address can not be found but give a more generic error mentioning that ‘username and/or password are incorrect’. Do the same thing on your forgot password page, don’t tell the users that the email address  can not be found but tell them that ‘a password reset mail is send to the specified email address’. Last place where you could accidently expose if an email address is used or not is on the registration page. Allow users to use any email address they want and don’t tell them if the email address is already in use or not.

You maybe lose some usability, but you gain a lot in terms of security”.

His explanation made me wonder if  the built-in authentication system in ASP.NET MVC is following all these recommendations.

  • Let’s first try to register a user with an email address that is already used:

image

That’s bad, on the registration page, you get a specific error if the email address is already in use. -1 for ASP.NET MVC… Bedroefde emoticon

  • Let’s now try to log in using a non existing email address:

image

Same error message for an existing and non-existing user. +1 for ASP.NET MVC… Glimlach

  • Let’s now try to reset our password:

image

image

Same message no matter if the email address exists in the application or not. +1 for ASP.NET MVC… Glimlach

Conclusion

2 out of 3 doesn’t sound bad, but one location where information about your users is exposed is one location too much…

Friday, March 20, 2015

Excel Team Explorer Add-in: HTTP code 407: Proxy Authentication Required

Did you ever had the following error when you tried to connect to Team Foundation Server(TFS) use the Team Explorer add-in in Excel?

HTTP code 407: Proxy Authentication Required

When you see this error, most of the time, it’s caused by the fact that your organization is using a proxy. The proxy credentials are not properly passed through the Excel add-in and you end up with the error above.

I had the same problem when connecting to TFS from Visual Studio. There I solved it by updating the devenv.exe.config with the following section:

But Excel doesn’t have a config file, so I was thinking I couldn’t use the same solution. I was wrong, what you can do is create a new Excel.exe.config file, put the same information in as above and place it on the same location as Excel.exe.

This solved the problem for me…

Thursday, March 19, 2015

Xamarin and Caliburn

This news made my week! My favorite cross-platform framework(Xamarin) and my favorite MVVM framework(Caliburn.Micro) are finally coming together. The team after Caliburn.Micro announced that they have a working port of Caliburn for Xamarin.

Not everything is ported yet, but I expect that some of the platform specific features will be ported as well.

A working sample can be found here: nigel-sampson/xamarin-experiements.

Wednesday, March 18, 2015

System.InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details).

Last week I spend a lot of time searching for a specific WIF issue we encountered.

The Facts

Let’s first describe the situation before I come to the error itself. We have a root ASP.NET MVC Website e.g. portal.sample.be/ and a list of subsites portal.sample.be/subsite1, portal.sample.be/subbsite2,…  Users always have to login through the root site before they can use any of the subsites. Login is handled through WIF and a range of STS instances(depending on the  authentication type). Once logged in on the root site, users have Single-Sign-On and can connect to any of the subsites without authenticating again.

The Issue

Last week we upgraded the root site to ASP.NET MVC 5, .NET 4.5 and the build-in System.IdentityModel and System.IdentityModel.Services. The sub sites are still using .NET 4.0, System.IdentityModel and Microsoft.IdentityModel. Authentication on the root site works as expected, but when we try to connect to any of the subsites, SSO fails and WIF returns the following exception:

System.InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false. ---> System.Security.Cryptography.CryptographicException: The data is invalid.

at System.Security.Cryptography.ProtectedData.Unprotect(Byte[] encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded)
--- End of inner exception stack trace ---
at System.IdentityModel.ProtectedDataCookieTransform.Decode(Byte[] encoded)
at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound)
at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(XmlReader reader, SecurityTokenResolver tokenResolver)
at System.IdentityModel.Tokens.SessionSecurityTokenHandler.ReadToken(Byte[] token, SecurityTokenResolver tokenResolver)
at System.IdentityModel.Services.SessionAuthenticationModule.ReadSessionTokenFromCookie(Byte[] sessionCookie)
at System.IdentityModel.Services.SessionAuthenticationModule.TryReadSessionTokenFromCookie(SessionSecurityToken& sessionToken)
at System.IdentityModel.Services.SessionAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs eventArgs)

If you search for this fault on the Internet, you find a small range of possible reasons and solutions:

  • The LoadUserProfile setting in IIS is set to false. This should be true to make DPAPI work.
  • Switch to MachineKey protection in WIF for .NET 4.5.
  • You are using an old cookie. Clear the browser cache.

We tried them all but none of them brought a solution. After a long quest, we finally figured it out:

The internal format of the cookie has changed between WIF version for .NET 4.0 and .NET 4.5. So we can no longer share the cookie between sites as we are running multiple versions of .NET (and WIF). As a workaround, we switched back to the old WIF version on .NET 4.5. This solved the issue for now…

Remark: We are planning to implement a better solution in the long run by letting each site go back to the STS and use it’s own cookies.

Tuesday, March 17, 2015

Xamarin Forms Succintly

The Syncfusion ‘Succintly’ collection of free e-books keeps growing. The latest addition is  Xamarin.Forms Succintly. It is available for free here (registration required).

xamarinformsXamarin.Forms Succinctly

With the fragmented landscape of mobile device platforms, tools for creating cross-platform apps have sprung up as varied and numerous as apps themselves. Most of these tools create their own APIs and translate them into the mobile platform APIs, which works fine for some. And then there’s Xamarin.Forms, which creates mappings from its C# classes and controls directly to the native platform APIs and controls. With Xamarin.Forms Succinctly by Derek Jensen, you will learn how to use Xamarin.Forms to build a common code base that can be deployed to iOS, Android, and Windows Phone devices, coming as close as possible as to the mythical “write once, run everywhere.” You’ll also learn how to build UIs with some of the 40 controls included in Xamarin.Forms, and even how to access native APIs that aren’t exposed by Xamarin.Forms.

Monday, March 16, 2015

123D Circuits

I’m dusting of my soldering and electronic skills to play around with Raspberry PI and Arduino circuit boards.  The only problem is that electronics is less forgiving than software development. A bug can blow up some components or even the whole board (don’t ask me how I know…).

If you want to experiment in a safe environment before trying it on your real board, have a look at 123D Circuits. It allows you to design and simulate circuit boards and share the results with the rest of the world.
image

Friday, March 13, 2015

Common Weakness Enumeration

In software development, errors, bugs and mistakes are so common that we even have a website dedicated to it; Common Weakness Enumeration:

International in scope and free for public use, CWE provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems as well as better understanding and management of software weaknesses related to architecture and design.

It offers a large list of (almost) everything that can go wrong inside a software project, frightening but also very insightful material!

For example, let’s have a look at weakness number 369, the good old ‘divide-by-zero’ exception:

image

Remark: Couldn’t find a better post for a Friday the 13th… Glimlach

Thursday, March 12, 2015

DTExec error: Unable to load the package as XML because of package does not have a valid XML format

Today I had some trouble to get a DTSX package up & running. On the command line I tried to execute the following command:

DTEXEC /FILE "S:\Data Files\dtsx\Package.dtsx" /REPORTING EW /CONFIGFILE "S:\Data Files\dtsx\importjob.dtsConfig"

But no luck, instead of a running DTSX package, I got a very explaining (*ahum*) error message:

143910:T:M584D4:tsk> Microsoft (R) SQL Server Execute Package Utility

143910:T:M584D4:tsk> Version 11.0.2100.60 for 64-bit

143910:T:M584D4:tsk> Copyright (C) Microsoft Corporation. All rights reserved.

143910:T:M584D4:tsk>

143910:T:M584D4:tsk> Started:  2:39:09 PM

143910:T:M584D4:tsk> Error: 2015-03-12 14:39:10.83

143910:T:M584D4:tsk>    Code: 0xC0011007

143910:T:M584D4:tsk>    Source: {4B5520B2-BF3D-41B0-83F6-C266A50A51BB}

143910:T:M584D4:tsk>    Description: Unable to load the package as XML because of package does not have a valid XML format. A specific XML parser error will be posted.

143910:T:M584D4:tsk> End Error

143910:T:M584D4:tsk> Error: 2015-03-12 14:39:10.83

Now the error message is somewhat misleading. It had nothing to do with an invalid XML package or something but instead we were using an incorrect filename. My DTSX package was called ImportJob.dtsx and not Package.dtsx…

So after updating the filename, the DTSX was running happily ever after…

DTEXEC /FILE "S:\Data Files\dtsx\importjob.dtsx" /REPORTING EW /CONFIGFILE "S:\Data Files\dtsx\importjob.dtsConfig"

Wednesday, March 11, 2015

Free e-book: Azure Automation

This is one for every devops guy out there, over 100 pages describing how to automate common tasks inside Windows Azure.

imageThis ebook introduces a fairly new feature of Microsoft Azure called Azure Automation. Using a highly scalable workflow execution environment, Azure Automation allows you to orchestrate frequent deployment and life cycle management tasks using runbooks based on Windows PowerShell Workflow functionality. These runbooks are stored in and backed up by Azure. By automating runbooks, you can greatly minimize the occurrence of errors when carrying out repeated tasks and process automation.

It discusses the creation and authoring of the runbooks along with their deployment and troubleshooting. Microsoft has provided some sample runbooks after which you can pattern your runbooks, copy and modify, or use as-is to help your scripts be more effective and concise. It explores uses of some of those sample runbooks.

Download it here(PDF).

Tuesday, March 10, 2015

ng-conf 2015

In case you missed it, last week it was ng-conf 2015. So if are you interested in Angular and want to know more about it’s future, you have a long list of sessions to watch…

image

Monday, March 9, 2015

TypeScript replaces AtScript as the preferred language for Angular 2

October last year, I wrote the following:

I heard some colleagues discuss if Angular.js will ever be written using TypeScript. The answer is no. In fact, the Angular.js team is using their own language AtScript to build Angular 2.0.

Man, could I have been more wrong! Last week S. Somasegar shared the following news:

For the last several months, the Microsoft TypeScript and Google Angular teams have been working closely together. Today at ng-conf in Salt Lake City, the Angular and the TypeScript teams are unveiling the first fruits of that collaboration.  We’re excited to announce that we have converged the TypeScript and AtScript languages, and that Angular 2, the next version of the popular JavaScript library for building web sites and web apps, will be developed with TypeScript.

Working closely with a rich library like Angular has helped TypeScript to evolve additional language features that simplify end-to-end application development, including annotations, a way to add metadata to class declarations for use by dependency injection or compilation directives.

That’s really great news and gives me hope for the future of both TypeScript and Angular.

More information:

Thursday, March 5, 2015

Building the Internet of Things: Early learnings from architecting solutions focused on predictive maintenance

With IoT(Internet of Things) around the corner as the next hype, Microsoft starts to share some useful information on their vision on IoT.

iot

A great read is the “Building the Internet of Things: Early learnings from architecting solutions focused on predictive maintenance” whitepaper.

This white paper provides a comprehensive overview of lessons learned from the authors' experiences in implementing large scale customer projects that target predictive maintenance as a space in IoT. It frames various elements and considerations of importance within the Internet of Things, highlighting tradeoffs, opportunities and grounding the implementation activities using a reference architecture and an associated comprehensive cost model.

Interesting bedtime literature…

Agile Pick ‘n Mix

Agile became such a bloated term that it’s hard to define what it actually is. Chris Roberts created a one page snapshot view of all Agile values, principles and activities grouped into logical categories.

Very useful!

Nimble-Agile-Pick-N-Mix

Wednesday, March 4, 2015

SQL Server Data Tools: Run SQL Server unit tests during your CI build

Last week I explained how to configure a CI build for your SQL Server Database project. This week we’ll continue by adding Unit testing into the mix.

Before we can run our test, we need to have one. So let’s start by adding a unit test to your database project. One way to do this is to click on a stored procedure, function,etc…  and choose Create Unit Tests…

image

On the Create Unit Tests screen, specify the Test project you want to use(or create a new one), choose a good class name and click OK.

image

Before we run our database test, we’ll have to specify which database we’ll use. Therefore right click on your test project and choose SQL Server Test Configuration…

image

Choose the database where you want to run your test. Optionally you can specify a different connection string(using different credentials) to run the test validations.

image

This is enough to run your tests locally, but if you want to integrate them into your CI build, we’ll have some extra work to do. First of all, we need to add an extra line to set the VisualStudioVersion environment variable in our test code.  If we don’t do this MSBuild will try to use the v11.0 tools and fail to deploy since they aren’t installed on our build controller.

image

We also have to do the same thing inside our build definition. So let’s open up our Build Definition again and add an extra build parameter: /p:VisualStudioVersion=12.0

image

That’s it! Time to check-in all our changes, and see how our build (hopefully) turns green again…

image

Tuesday, March 3, 2015

The dbType NVarChar is invalid for this constructor

To test some custom made mapping logic, I created a fake IDataRecord item.

However when I tried to run my test, it failed with the following error message:

clip_image002

The error message is not very explaining. The thing is that when you specify NVarChar as the dbType, you also have to specify the MaxLength. After doing that, the error was gone.

Monday, March 2, 2015

Team Foundation Server 2015–System Requirements

For a customer I’m preparing a roll-out of Team Foundation Server 2015 once it is released(yes, I know it’s still in CTP). The server guys were asking for the hardware and software specs, but I couldn’t find a definitive list of system requirements.

The only somewhat useful/official information I could find was in the comments of a blog post by Brian Harry.

image

If Brian is right(as the TFS Product Unit Manager, he should be), requirements will probably stay the same as for TFS 2013.