.comment-link {margin-left:.6em;}

Tuesday, April 25, 2006


Referencing 2 versions of the same DLL at the same time

I need this feature in VB
Only C# has this feature nowwwwwwwww :(

You can do this in C# :
Csc /r:ver1=assembly1.dll /r:ver2=c:\assembly1.dll myapp.cs

Here is a sample of myapp.cs file
extern alias ver1;
extern alias ver2;

using System;

class MyApp
static void Main(string[] args)


Sunday, April 23, 2006


Connection Pooling

This is a very interesting funny notice :
Connection Strings must be IDENTICAL . so what is new ?

Conn1 : "Server=SQL01;Database=AdventureWorks;Integrated
Conn2 : "Server=SQL01;Database=AdventureWorks;Integrated Security=SSPI

These are not identical since the second connection string has a SPACE after
the word SSPI, so they generate two different pools.you can examine that by
SQL Profiler .
It is very interesting ha .

Saturday, April 22, 2006


Connection Pooling Series or parallel ?

If we have a connection like this :

Conn1 : "Server=SQL01;Database=AdventureWorks;Integrated
Security=SSPI;Pooling=true;Min Pool Size=100"

Are the 100 connections created in series(one after the other) or
parallel(all nearly at the same time) ?
To avoid Flooding the Database with Connections they are created in series .
You can check that by executing the above connection and notice the
"starttime" column in Profiler , you will notice in the profiler that they
are opened serially after each other by fractions of seconds.

Wednesday, April 19, 2006


Why do I have to press CTRL+ALT+DELETE to logon

Why don't the logon screen just appears directly without having to press
this combination ?
As Keith Brown says in his book "A .NET Developer's Guide to Windows
Security" . Always Asking the user for his password trains the user to
always type his password whenever asked. And since it can be any
malicious code asking the user for his password so logon screens must be
kept to minimal.
The Sequence of CTRL+ALT+DELETE can only be traced by Kernel mode , so
this is a clear message from the user to the OS that "I need to type my
password to logon". This Sequence cannot be tracked by user mode. So try
seriously to use the logon user account instead of asking him.

Tuesday, April 18, 2006



Unfortunately I still see some developers and architects see that VB is
untrustable and you still cant do a lot of things using VB, I would say to
those people "please read the Developer Division Manager Somasegar's blog
entry" http://blogs.msdn.com/somasegar/archive/2004/08/01/204540.aspx

And you can read also the Man behind VB's Blog entry :

I hope you completely change your mind now specially when you know that a
lot of .NET 2.0 classes have been written entirely with VB as well as the VB
engine itself and parts of the VS IDE.

The comparison between C# and VB.NET now becomes like "which of my 2 eyes I
like better " as SomaSegar has said .i really like this phrase


Impersonation in .NET

  1. Impersonation is done on a thread basis not on a process level. So when we say that something is impersonating a user, then this something must be for sure a Thread not a process.
  2. A thread impersonating a specific user means that the thread will be working with the security context of that user.
  3. New created processes inherits their parents’ tokens
  4. When a thread needs to stop impersonation for a while for example in ASP.NET if we used impersonation in web.config and a certain page needs to do a task with a specific privilege regardless the impersonated account then in that case we have to stop impersonation temporarily . there is a specific function to call in this case called “RevertToSelf”
    We can do this in .NET by :

    Console.WriteLine(WindowsIdentity.GetCurrent().Name); //print the impersonated account name

    This line will remove the token impersonated and will revert back to the process identity.
    WindowsImpersonationContext c = WindowsIdentity.Impersonate(System.IntPtr.Zero);

    Console.WriteLine(WindowsIdentity.GetCurrent().Name); //print the process identity account name

    //go back to Imopersonation
    c.Undo(); // will get the impersonated token back
    Console.WriteLine(WindowsIdentity.GetCurrent().Name); //print the impersonated account name
  5. Flow of tokens to new threads is different in .NET 1.1 than 2.0
    in the image above you can see...

    A process running under Administrator Token. And a thread that is running under the same account

    The thread impersonates HusseinA.

    The current thread in the process spawns a new thread

    If thread1 spawned a new thread, what will be the token flown from thread1 to the spawned thread.

    In .NET v1.1 it is the original Process token which is Administrator in this case.
    Example: if a process running under “local system” and a thread in this process impersonated another lower privilege account then the current thread decided to spawn another thread. the new thread will run under local system not under the impersonated account. This is very dangerous and can lead to some flaws.

    In .NET 2.0 the default now is to flow the impersonated account and not the original process account.

    using System;
    using System.Text;
    using System.Runtime.InteropServices;
    using System.Security;
    using System.Security.Principal;
    using System.Threading;

    namespace ImpersonateTest
    class Program

    [DllImport("advapi32.dll", SetLastError = true)]
    static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword,
    int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

    static void Main(string[] args)
    //get a token for a user
    IntPtr token = IntPtr.Zero;;
    bool loggedin = LogonUser("user1", "MyMachine", "P@ssw0rd", 3, 0, ref token);
    //prints the name of the process identity name Console.WriteLine(WindowsIdentity.GetCurrent().Name);

    WindowsIdentity w = new WindowsIdentity(token);
    WindowsImpersonationContext oldWindowsIdentity = w.Impersonate();

    //prints the name of the Impersonated account name Console.WriteLine(WindowsIdentity.GetCurrent().Name);

    Thread t1 = new Thread(new ThreadStart(Test));
    static void Test()
    //in .NET 1.1 prints the name of the Process account name
    //in .NET 2.0 prints the name of the Impersonated account name

Sunday, April 09, 2006


Web Application Projects vs Web Site Projects

The motivation for building a new Application Project Model :

A very useful comparison between the two models :

Very useful Tutorials :

This page is powered by Blogger. Isn't yours?