Using Windows WF, you can create processor flow-based workflows and host them in any type of .NET application. ASP.NET developers face a unique set of issues that can benefit from workflows, such as maintaining state and page navigation.

Todd Kitta shows a sample implementation of the MVC Pattern using WF and ASP.NET in his devx article "Working with Windows Workflow Foundation in ASP.NET"

Photo(s) courtesy of Photocase.com

Strike! 2 Karten für Michl am 27.04.2006 in Pforzheim ergattert.

Oder wie Michl sagen würde "Ich bin der Chef! Ich bin der Chef! Ich bin der Chef!" ;-)

Scott Mitchell steps into .NET 2.0 and explores the ASP.NET 2.0's Membership, Roles, and Profile features. If you do also, Scott's articles on this may be useful.

• Examining ASP.NET 2.0's Membership, Roles, and Profile - Part 1
• Examining ASP.NET 2.0's Membership, Roles, and Profile - Part 2

If you do anything in the integration/web-services space, you should read Jason Hogg's articles "Introduction, Integration and Securing Web Services"

• Part 1
• Part 2
• Part 3

JD Meier of the Patterns and Architecture Group at Microsoft has started a wiki concerning threats and countermeasures at https://www.threatsandcountermeasures.com handling threats and countermeasures at the following levels:

• Network
• Host
• Web Application
• Desktop Application
• Product / Technology
• Attack Patterns
• Security Patterns

Actually I'm developing an online shop where one of the software requirements is, that users can register themself - but their accounts will be disabled until they're proofed by an Admin.

Since ASP.NET 2.0 Membership default providers don't provide a simple method for disabling an user's account, I solved it this way (without implementing my own Membership Provider):

1. Setup ASP.NET 2.0 Membership Database (or enhance existing database with Membership features):

Run: aspnet_regsql.exe -E -S localhost -A mrp -d MyExistingDB

which add's membership, role and profile tables, views and stored procedures to your database.

2. Add SqlMembershipProvider and SqlProfileProvider declaration to your web.config:

<connectionStrings>
<add name="MyShopConnectionString" connectionString="Data Source=DEVBOX\SQL2K;Initial Catalog=MyShop;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>

<system.web>
<profile defaultProvider="SqlProfileProvider">
<providers>
<add name="SqlProfileProvider"
type="System.Web.Profile.SqlProfileProvider"
connectionStringName="MyShopConnectionString" />
</providers>
<properties>
<add name="Enabled" type="bool"/>
</properties>
</profile>

<membership defaultProvider="SqlMemberShipProvider">
<providers>
<add name="SqlMemberShipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="MyShopConnectionString"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0" />
</providers>
</membership>

As you can see, I've added a Profile property called "Enabeld" type of "bool" which holds the information whether the user is enabled or disabled.

The next step leads to the register.aspx, which contains a CreateUserWizard control which has been modified optically (that doesn't matter at all):

The required changes made to the CreateUserWizard are:

Changing the LoginCreatedUser property to false and...

Adding the following code to the CreatedUser-Event of your CreateUserWizard:

ProfileCommon prof = Profile.GetProfile(MyCreateUserWizard.UserName);
prof.Enabled = false;
prof.Save();

The last step is to add a Login Control to your login.aspx:

and adding the following code to the LoggedIn-Event of your Login control:

ProfileCommon pc = Profile.GetProfile(MyLoginControl.UserName);
if (!pc.Enabled) {
   FormsAuthentication.SignOut();
   Response.Redirect("AccountDisabled.aspx");
}

If you're running Sharepoint on Microsoft Windows Server with MS-SQL and you are getting an error along the lines of “SQLAgent is not allowed to run”, you have to make a small registry change.  Navigate to:

HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/MICROSOFT SQL SERVER/SHAREPOINT/SQLSERVERAGENT

Look for the key “GUID” and delete it.

The SQLAgent service should now start up without any problems - but be careful, you're hacking your registry!

This guide will help you quickly make the most appropriate security decisions in the context of your Web service's requirements while providing the rationale and education for each option. A scenario-driven approach is provided to demonstrate situations where different security patterns are successful. The guide also combines a series of decision matrices to assist you in applying your own criteria to use the Web service security patterns to meet the requirements of your environment.

Since being ill for almost 4 weeks starting with stomach flu, heading over to tonsilitis and ending up (fairly) with otitis, it seems that I'm back on track now (hopefully).

Lot's of work to catch up!