.NET Experts on Tap Ask the Experts Consulting and Mentoring Ardent Sites
Derek Hatchard blogs on
Church Radius Blog


Feed Yourself:


Subscribe in Bloglines

Add to Google

Subscribe by Email:


.NET Experts on Tap
About ArdentDev.com
Ardent Sites
Ask the Experts
Careers
Consulting and Mentoring
Contact Ardent
News & Noteworthy
Portfolio
Writing


On this page....
Obtuse Error Messages Are Evil
Windows Workflow Articles
Go to VSLive Toronto - I'll pay 10% (sort of)
Sure, pop a random CD in your computer - what's the harm?
ASP.NET Membership and passwordStrengthRegularExpression

Send mail to the authors Email Us

Archives
March, 2007 (1)
January, 2007 (3)
December, 2006 (9)
November, 2006 (9)
October, 2006 (1)
September, 2006 (3)
August, 2006 (1)
July, 2006 (1)
June, 2006 (4)
May, 2006 (5)
April, 2006 (6)
March, 2006 (5)
February, 2006 (5)
January, 2006 (5)
December, 2005 (2)

Navigation
Home
.NET Experts on Tap

Categories
 Code
 Tools

Disclaimer
The opinions expressed in this site are those of the individual authors and do not necessarily represent the official view of Ardent Development nor its employees, subsidiaries, partners, or customers.

© Copyright 2008, Ardent Development

Powered by: newtelligence dasBlog 1.8.5223.1
 Thursday, March 30, 2006

  Obtuse Error Messages Are Evil  
     

I was getting this error message when I tried to open a document in Word 2003: "This document could not be registered. It will not be possible to create links from other documents to this document."

Word still worked but I was unable to drag-and-drop content. And Outlook would not let me use Word as the editor for my email (which is perhaps an evil thing to do anyway).

Turns out the problem was that a service was not starting automatically (DCOM Server Process Launcher). I don't recall making that change but that's beside the point.  The point is that the error message is terrible. It is disrespectful to the user because it hints at an underlying problem but does not give you any guidance on how to fix it. Sadly, disrespectful error messages are much too common.

Posted by Derek Hatchard 3/30/2006 9:00:04 AM (Atlantic Standard Time, UTC-04:00)
#   Disclaimer  |  Comments [1]  | 
 Tuesday, March 28, 2006

  Windows Workflow Articles  
     

A couple articles on Windows Workflow from Scott Allen:

http://www.odetocode.com/Articles/447.aspx

http://www.odetocode.com/Articles/448.aspx

Posted by Derek Hatchard 3/28/2006 11:18:16 AM (Atlantic Standard Time, UTC-04:00)
#   Disclaimer  |  Comments [0]  | 

  Go to VSLive Toronto - I'll pay 10% (sort of)  
     

Here's what you need to do:

  1. Go to https://ftponline.com/conferences/register/vslive/2006/toronto/
  2. Enter TDERE as your priority code for a 10% discount
  3. Complete your registration
  4. Go to VSLive Toronto and learn some stuff

There is some good content this year including a bunch of promising stuff on Day 1 (.NET Focus Day) and lots of interesting sessions from some well-known speakers.  Looks like some really solid technical content this year - I don't see any dud time slots.  Here's the agenda:

http://www.ftponline.com/conferences/vslive/2006/toronto/agenda.aspx

Posted by Derek Hatchard 3/28/2006 10:59:36 AM (Atlantic Standard Time, UTC-04:00)
#   Disclaimer  |  Comments [0]  | 

  Sure, pop a random CD in your computer - what's the harm?  
     

From http://mcpmag.com/columns/article.asp?editorialsid=1275:

An IT training firm in the U.K. conducted a stunt (or promotion, depending on your feelings about it) to demonstrate that users in London's Golden Mile, its financial district, need more security training. They stood alongside the road and handed out CDs claiming to contain a special Valentine's Day promotion. While no numbers have been provided, a spokesperson for the firm indicated that the CD, when inserted, would "call home" to the firm indicating the user had run it.

The CDs had written on the outside that you ought not to do this because it might be a violation of policy. Despite this, some employees ran the CDs anyway.

As a security conscious guy, this makes me scream, "Aaaaaaaaaaaarrrrrrrrrrrggggggggggghhhhhhhhhhhh."  <heaving sigh>

This column also has some interesting thoughts on the Search Across Computers feature of the Google Desktop that you might want to read.  Personally I loathe the Google Desktop.  I love the Google Deskbar which has been discontinued as a standalone product.  Too bad (thankfully I have a copy of the installer backed up for the future).

Posted by Derek Hatchard 3/28/2006 10:51:19 AM (Atlantic Standard Time, UTC-04:00)
#   Disclaimer  |  Comments [0]  | 
 Tuesday, March 21, 2006

  ASP.NET Membership and passwordStrengthRegularExpression  
     
Membership in the .NET framework 2.0 allows you to add security to your application with little to no code.

When trying to enforce strong password rules in our church software I encountered an interesting problem.

At first I modified the web.config by adding the following line to our membership provider section.

passwordStrengthRegularExpression="(?=.{8,})[a-z]+[^a-z]+|[^a-z]+[a-z]+"

RegEx explained: 8 characters or more in length, at least 1 lowercase letter, at least 1 character that is not a lower letter.

I removed:

minRequiredPasswordLength="0"
minRequiredNonalphanumericCharacters="1"

After some testing I found that even when following the password rules, a password change would fail.

The ChangePassword control, which is part of the Login suite of controls, doesn’t give you any information as to why the password changed failed.

After a few reviews of my RegEx and confirming that the syntax is correct in code and with some useful online regular expression testers (see links below), I tried changing the password using the following code:

MembershipUser mUser = Membership.GetUser(); // gets the current logged in user
//change the password
mUser.ChangePassword(mUser.GetPassword(), “invalidpassword”);

That caused the following exception: System.ArgumentException: Non alpha numeric characters in 'newPassword' needs to be greater than or equal to '1'.

So I added this line:

minRequiredNonalphanumericCharacters="0"

And our password complexity rule started working properly.

I won’t start a debate on the merit of setting the minimum required non alphanumeric characters (say that ten times) to 1, but hopefully this will help someone somewhere some time.

Links:

JavaScript Regular Expression Tester
http://www.roblocher.com/technotes/regexp.aspx

.NET Regular Expression Tester
http://www.dotnetcoders.com/web/Learning/Regex/RegexTester.aspx
Posted by Sebastien Aube 3/21/2006 4:28:48 PM (Atlantic Standard Time, UTC-04:00)
#   Disclaimer  |  Comments [8]  | 
 
© 2005 Ardent Development Solutions