Recently we started getting the following error message on our ASP.NET 2.0 web application running on IIS6.

• Exception type:
  • CryptographicException
• Exception message:
  • Padding is invalid and cannot be removed.
• Stack trace:
  • at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
  • at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
  • at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
  • at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo)
  • at System.Web.UI.Page.DecryptString(String s)
  • [...]

The application provides forms authentication as the login mechanism for the end-user.

Apparently, whilst tuning the IIS settings for the application's App Pool (we forgot to set the max CPU use) we inadvertently turned on Web Garden and increased the "Max number of worker processes" from 1 (default) to 2.

Doing this created an unhandled problem, forms authentication uses the worker process to create an encrypted login chunk in the site's cookie. The encryption is specific to the worker process (even if it's on the same box). Therefore, if your user logs in using one worker process, then is shifted to another worker process, their login (as stored in the cookie) is invalid and they are prompted with to re-authenticate (which will be valid until they are shifted from that worker process to another).

There are ways to handle this, of course, so the user can hop between worker processes (or even entirely different servers) and still maintain a valid, authenticated session. But for us, we just set the worker processes back to 1 and restarted the app pool and all was well.

You can thank me later.

If you liked this post, please be sure to subscribe to my RSS Feed.

 

 

1. Two ASP.NET server controls
   1. Both ship in SDK: System.Web. Silverlight.dll
   2. Deploys to /bin folder
   3. Available at design-time within Visual Studio 2008
2. MediaPlayer control
   1. E-commerce sites are going more and more to media right inline inside the store
   2. No more need for RealPlayer or other (proprietary) players
   3. Training on an intranet becomes much easier with rich media
3. Client customizations
   1. hook various media events
      1. embedded media markers
      2. media start/stop
      3. chapter events
   2. javascript type provides access to "VCR" (should that say "DVR") - style controls

If you liked this post, please be sure to subscribe to my RSS Feed.

If your bag of goodies wasn't good enough for you, pick up some additional bits at https://content.visitmix.com/content/thebits.aspx

The Johnny Cash singer (Vince -- didn't catch his last name) is only 15 years old! Wow!!

MIX09 will be held March 18th through March 20th 2009!

Guy Kawasaki and Steve Ballmer

1. Why do you want to buy Yahoo!?
   1. MS wants to be a very serious player in the search and advertising online
   2. Search is the killer application of advertising
   3. "We've got a long way to go ... Yahoo [is a way to accelerate] that"
   4. "We've made an offer... and... we've made an offer"
2. Do you have to "do Google in"?
   1. they have to be a player
   2. I can say "google"... Google google google google...
   3. Google isn't there on desktop (Apple, Linux, yes)
   4. Google isn't there on servers and databases (IBM, SAP, yes)
   5. Google isn't in entertainment
   6. Google IS online...
   7. ... yeah we're the underdog
3. Is apple the chihuahua that you kick in the morning?
   1. Apple does a decent desktop machine
   2. Apple has a real good music player... again there, we're the underdog
   3. Apple has a new phone... we sell more phones than Apple
4. Facebook?
   1. It's all about the online presence
   2. We decided to partner with them
   3. We only put in a few hundred million
   4. I'm a Ford guy (no Lexus)
   5. MS is making $60 Billion a year in revenue
5. What drives you?
   1. I love what we do
      1. I'm pretty jazzed up about Silverlight 2
      2. Being at the forefront of changing technology
   2. Working with the smartest, funnest, more energetic people in the world
   3. Challenge
6. Describe your day...
   1. Customer days: 11 hours a day then on a plane and repeat the next day
   2. The doctor is in: one meeting after another after another
   3. Personal day:
7. How much email?
   1. About 60 a day
   2. No personal assistance filtering messages
   3. steveb@microsoft.com
   4. I'll probably get more than that tomorrow (laughter)
8. What about Silverlight?
   1. in the past you've had a choice, a rich application, or a web application; Silverlight is the bridge that makes it so you don't have to compromise
9. What's the deal with Vista? Seriously. The one that you get no choice of getting... (pulls out the Macbook Air)
   1. You mean the second most popular OS in the world?
   2. That thing is missing 1/2 the stuff of my Toshiba...
   3. and it's heavier too... (picks up the Air, falls to the ground descriptive of it's "weight")
   4. We made the choice to improve security and compatibility suffered... customers have been made us very aware of that
10. Let's talk about Firefox and IE...
    1. FF has certainly built position over the last couple of years
    2. I expect you'll see a lot of browser innovation from us in the near future
    3. No MSIE Mac, how come? Better to focus efforts on the larger market share than to bring another browser to the Mac
11. Social Networking
    1. It's not a fad, it's here to stay
    2. MySpace, Facebook, XBOX Live
    3. MSN Messenger, Live Communicator
    4. We have openness with our business customers with Sharepoint, etc.
12. It's a different Microsoft today
    1. Thanks, I really appreciate that.
    2. But if I get 150 to a thousand emails from this group tomorrow, don't expect an answer

Questions from the audience

1. What about Adobe?
   1. What ~about~ Adobe, to repeat the question using a little different body language
   2. Offering rich tools or developers
   3. Supporting them now and in the future as an ISV
   4. PDF still important
   5. Driving interoperability, while still competing
2. .NET, Since .NET has gotten better and better over the years, how come Internet Explorer got left out of the development platform
   1. Some mistakes and good learning
   2. we're now having to really hustle
3. If Microsoft takes over Yahoo, what are you going to do with all those PHP apps?
   1. We shouldn't have two of everything, two mail services, two search services, two messenging services; whatever technology comes will have to have infrastructure behind it; if that day comes I'm sure you'll still have some PHP running live and and in the future
   2. I guess we'll be a PHP and an ASP.NET shop
   3. Windows Server runs PHP applications really well... not that we'd make that change right away
4. What synergies would you have with Yahoo and how could you push it through the anti-trust process
   1. I'll pass on the second... or Guy will just say I'm giving a PR answer
   2. The more ads are served, the more revenue comes in, the more revenue the more there is to reinvest
5. What about FastSearch?
   1. Fast sold their web search to yahoo years ago
   2. They still have the technology to search on websites and in corporations
   3. Still in regulatory review
6. Virtualization Platform, Amazon Cloud...
   1. We have the technology through Hyper V to let anyone build server farms
   2. Will we ever offer the service (Ray Albun said we would yesterday)... it's definitely a great interest
7. With apologies to this audience, what are your plans/thoughts on the Supersonics?
   1. With apologies to you and the Seattle Times, I'm not going to talk about that today
8. Silverlight on the iPhone?
   1. Wouldn't it be great if Apple let open development tools run on their platform instead of charging, what the most expensive development platform in the world?
9. Danger
   1. Danger is part of the strategy to do applications and services on Windows Mobile
10. What phone do you use?
    1. I'm constantly rotating between them
    2. Do I want to give out my phone number here, too? No... No I don't (laughter)
11. When will Silverlight come to other Microsoft properties?
    1. When it's appropriate to do so
12. Microsoft in Healthcare?
    1. What's it gong to take to bootstrap consumer health, and how does that help me as a consumer
    2. How does my doctor tie in to all that
    3. HealthVault
    4. We don't have anywhere near all the ideas out there and look for innovation from 3rd parties
13. BluRay?
    1. We don't make drives
    2. We thought HD-DVD would be the winner, it was first to market, had a larger share, etc.
    3. We had an HD-DVD drive for XBOX
    4. We will support Blu-Ray in ways that make sense, windows drivers, etc.
    5. Its probably less important to think about the format of the disc when you look at the whole HD content delivery. Now it's important to have an optical drive in your laptop, in 5 years I think it will be less so
14. Can you show some love for Web Developers?
    1. Web Developers web developers web developers!
    2. If that guy behind you just gave you a buck, I want 50 cents of it
15. Thank you for DreamSparc, Channel 8, Student Tools. Now that we have the tools, what can you do to help with the infrastructure?
    1. Will we have some kind of service based utility to enable to do this? See the answer earlier. Will we have student discounts, who knows.
    2. Students -- and everyone else -- can view all of the content on the MIX website, Microsoft.com, and I'd love for you to use Live Search
16. Apple announced today that it's licensing ActiveSync to connect with MS Exchange, how is that going to compete?
    1. We'll be glad to see iPhone participate and take advantage of Exchange
17. What are our plans for RazorFish?
    1. ...

If you liked this post, please be sure to subscribe to my RSS Feed.

I've recently renewed my effort to "use the right tool for the job" when developing xhtml and CSS, which got me to thinking. If using a <ul> rather than a <div> is better in a certain application, are there better ASP.NET tools for other jobs?

With that mindset I came across a task that required connecting to one of our databases. Rather than building a DAL (and no, I'm not LINQified yet) I decided to just grab the data though a SqlConnection and go from there. So far so good. I then was faced with how to "deal" with the stuff returned from the SqlCommand. Here ASP.NET has a couple controls that do can read the data from your SqlCommand: DataReader and DataSet. But which to use?

I've always been partial to using what you know, and knowing what you use. So for almost all my cases I've used the DataSet control. This has allowed me to not only get stuff out of a database, but update and insert stuff as well. In those cases, DataSet is ideal. But, with all that extra functionality comes extra overhead.

DataReader, on the other hand, doesn't "do everything for you" and then some. It does its job, and does it well, and doesn't do anything else (sound like a UNIX concept, doesn't it?). With DataReader you are doing just that, reading the data from the database, and handling it (parsing it into an object, writing it onto the page, etc.), and closing the SqlConnection.

4GuysFromRolla describe the DataReader thusly:

"[...] the DataReader is just a ferry of data between the application and database. [...] Furthermore, a DataReader is limited to being read-only and forward-only. That is, the information retrieved from the database cannot be modified by the DataReader, nor can the DataReader retrieve records in a random order. Instead, a DataReader is limited to accessing the records in sequential order, from the first one to the last one, one record at a time."

Wow, that seems awfully limited, doesn't it? If you want to do updates and inserts, sure. If you're only grabbing data from your database, DataReader is most likely the ideal tool for the job: Open the connection, grab the data, handle it, and close the connection. And that's where DataReader really shines; check out the graph. As far as graphs go, it doesn't get more dramatic than that. Even at 100 records being returned, the results are alarming, up that to 1,000 records and you can easily see why you'd want to use a DataReader over a DataSet (again, unless you need the added features that DataSet gives you).

You can read more (and dig into the minutia of the test results) at 4GuysFromRolla.

If you liked this post, please be sure to subscribe to my RSS Feed.

My boss just called my co-worker and I into his office to inform us that we're going to MIX again this year. That's awesome! Last year, MIX07 was information overload.

We learned so much we development goodness that we've struggled implementing it all this year. We've put into practice most of what we learned there and are looking forward to

The challenge is going to be getting 5 projects that we're currently working on into testing before we leave.

I'll probably have bruised finger-tips by then. Thanks, Steve and John!

If you liked this post, please be sure to subscribe to my RSS Feed.

As my last post infers, I've made the proverbial leap from my previous blog engine, to BlogEngine.NET.

Since I use Windows Live Writer for most of my blogging, I had to set it up to work with the new blog. Perhaps I'm getting ahead of myself.

Windows Live Writer is a free program just out of beta that is part of Microsoft's "Live" suite of tools. It's a Windows application that provides spell checking, an open plugin-architecture, online and offline draft support, and basically makes blogging a whole lot easier (and faster!). What's more, it can connect with virtually any blog engine (including many of the free, hosted solutions). If you're not using this software by now you owe it to yourself to get a copy and check it out.

Now, on to the guts of the post... I needed to add my new BlogEngine.NET blog to Windows Live Writer (WLW), to do so, fire up WLW, go to the Tools menu, choose Accounts, then click Add.  You'll notice that BlogEngine.NET isn't in the list, don't let this worry you, just choose "Another weblog service" and click Next. Fill in the information requested on the next page, and click Next.

There is where the openness of BlogEngine.NET begins to shine. From the list choose "MetaWeblog API", then supply your Remote Posting URL (this is the URL that WLW will interface with when posting your articles, for BlogEngine.NET it's going to be something like this: http://www.yourblogsite.com/yourblogdirectory/metaweblog.axd). Finish up the configuration wizard, if this is your first blog in WLW, you're done; if this is another blog that you're adding (yes, you can post to any of multiple configured blogs from WLW) you just need to make sure you're blogging to the right blog (click on the Weblog menu to change between those that you have configured).

That's it.

You can thank me later.

If you liked this post, please be sure to subscribe to my RSS Feed.