Technology 'n Me (Sukesh)

How to configure SSL on IIS7 under Windows 2008 Server Core

Due to the popularity of Windows 2008 Server Core I have seen frequently questions about how to configure SSL on IIS7 with only command-line. Since I wandered that path few months back I thought of putting this article/guide together.

http://www.awesomeideas.net/post/2008/05/18/How-to-configure-SSL-on-IIS7-under-Windows-2008-Server-Core.aspx

IIS7 Mobile Admin now on codeplex !!!

IIS7 Mobile Admin is a simple web application to administer IIS7 remotely using a mobile phone browser.  I provided few screenshots of IIS7 Mobile Admin in my previous blog post here http://www.awesomeideas.net/post/2008/03/04/IIS7-Mobile-Admin.aspx

And I promised to get it on codeplex for your download pleasure and finally it's ready and available

Project Home (Screenshots,FAQ) - http://www.awesomeideas.net/page/IIS7-Mobile-Admin.aspx
Download & Discussion - http://www.codeplex.com/iis7mobileadmin/

What are the features available in this release (called R1)?
Search Application Pools & Web Sites

• Application Pool
  • Show Requests (Top 10 requests sort in descending order of 'Time Elapsed'
  • Show Applications
  • Recycle Application Pool
  • TODO:Your wishes...
• Web Sites
  • Show Configuration (Show all bindings for the website)
  • Start Website
  • Stop Website
  • TODO:Your wishes

Get more screenshots on Project Home http://www.awesomeideas.net/page/IIS7-Mobile-Admin.aspx

IIS7 Mobile Admin

I wanted to introduce something I’ve been working during last couple of weekends. Yes you guessed it “IIS7 Mobile Admin” to show some love to our web server administrators who keeps our Web 2.0 world up and running!

Ingredients

• IIS7 Hosted Web core Service (which I wrote in C++, just like WMSVC IIS Management Service) 
  http://www.awesomeideas.net/page/IIS7-Hostable-WebCore.aspx
• ASP.NET website specifically designed for use on browser of a cell phone using LINQ + IIS7 managed API (Microsoft.Web.Administration)

I would like to know what are some of the “must have” features you expect from this application.
(Keep in mind this is not developed to replace or even be on par with desktop IIS7 manager)

Please add your suggestions/comments/ideas under the following blog post and check out more screenshots.
http://www.awesomeideas.net/post/2008/03/04/IIS7-Mobile-Admin.aspx

Plan is to get this complete package (both binary & source) on http://www.codeplex.com by next weekend!
Picture is worth a “how many words do they say?” so a picture below showing how it looks when it runs inside Pocket IE in full-screen.

IIS7 Hostable Web Core Custom Service (WebCoreService)

Hostable Web Core (known as HWC) is a new concept in IIS7 to host a website/webservice inside your own process. In short a smaller hosted version of IIS (an IIS7 express edition?).
This is accomplished by making a LoadLibrary call to load hwebcore.dll (%systemdrive%\Windows\System32\inetsrv\hwebcore.dll)

From IIS7 onwards you can administer IIS7 remotely using IIS Manager (through HTTPS). When you connect remotely you are actually connecting to a "Web Management Service" called WMSVC. This service uses HWC so that it's not dependent on IIS7 services directly.

I had some idea around building alternative UI for IIS7, but since WMSVC service calls are not publicly documented I didn't want to start using it since my application might break anytime. So HWC was a surprise to me but with a glitch. I'm too used to managed code that I haven't written C++ code from last 6years. During 1996-2000 C/C++ was my favorite language and then got into languages which are less fussy (VB/VB.net & C#).

But I had multiple challenges 1) Writing something in a language which I've not used for last 6 years. 2) Writing a windows service which I haven't done before.

Before diving into the code let's see limitations of HWC (Calling it limitation is wrong so let's say it's by design)

1. Only one application pool
2. Only one website/webservice
3. Separate configuration file
4. No monitoring like available for IIS7 application pools
5. Require IIS7 to be installed

PS: Project files are in VS2008 but the application doesn't have any dependency with newer versions.

Ingredients of my WebCoreService.

1. Native Windows Service which host HWC which provides install/uninstall options
2. Good IIS7 configuration file (applicationHost.config) which contains all configuration required to run ASP/ASPX/ASMX... pages
3. TODO: Web/WCF service hosted inside this service which publishes all the management API's for consumption
4. TODO: Alternate client for managing IIS7

1. Native Windows Service which host HWC. Below is a screenshot to see the options available using command-line
    
2. All the configuration including where the website points to and what port it's hosting the site etc are mentioned in the configuration file called "WebCoreService.config". This is nothing but the actual applicationHost.config file after few of those things removed from it.
3. This could be a good managed Webservice or WCF service which would expose management API's.
4. How about a Mobile Client? which supports SMS (Texting). Just imagine sending a text message to recycle one of the application pool ?
   Hosting management site running inside this?
   These are only few of those possibilities though :) think crazy stuff and let me know.

How to RUN the service?

Extract the zip files with source and the binary files.
Follow these steps to setup the service (make sure you are doing this from an elevated command prompt)

• Create a folder called "TestPath" inside your "C:\inetpub\" folder
• Create 2 folder inside called "wwwroot" and "Logs"
• Drop "time.asp" and "time.aspx" pages inside the "wwwroot" folder
• Enable event logs notification from the service
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WebCoreService]
  Create a string key "EventMessageFile" and set value as full path to "sample.dll" under the bin folder
  Create a DWORD key "TypesSupported" and give value of "00000007"
• Goto the folder where the EXE file resides "WebCoreService.EXE"
• Install the service using the following command
  WebCoreService install
• Start the service using the following command
  net start WebCoreService
• Browse to the page http://localhost:8080/time.asp

Bingo! Hostable webcore service is ready.

All the configuration mentioned above like folder path, port number etc can be modified inside the configuration file "WebCoreService.exe.config"

Do let me know if you have any questions or suggestions or even ideas !!!
Source & binary => http://code.msdn.com/hwc/

Hotfix - After installing MS07-045 Cumulative Security Update for Internet Explorer - CreateObject call fails with 8000ffff

I had reported an issue which happens after installing MS07-045 IE security update.
"After installing MS07-045 Cumulative Security Update for Internet Explorer - CreateObject call fails with 8000ffff "

We have a hotfix available for the same and it's KB 945701. KB is not yet available (as of today) and it might take a while to be public.

If you are struggling with this issue you can call PSS and request for the hotfix. It should be publically available during next IE patch schedule.

Kernel mode authentication in IIS7

Here is another featured moved to kernel mode. Yea it's Windows Authentication which is by default configured to run in kernel mode.

To see the dialog right click on "Windows Authentication" and select "Advanced Settings..."

This applies to Windows 2008 build and not Vista RTM.

Differences in SSL request/response flow on IIS6 vs IIS7 (Kernel mode SSL)

There are so many things which has changed in IIS7 for the better and one of them is about the way SSL works. Although IIS6 allowed kernel mode SSL (starting with Windows 2003 SP1) that wasn't the default option. As far as I know (AFAIK) not many customers used it or knew about it.

Starting with IIS7 kernel mode SSL is going to be the default setting and the only setting. This was primarily for performance reasons. So let us see how it differs.

IIS6 SSL request/response flow

IIS7 SSL request/response flow

You know that context switching between kernel mode and user mode is expensive and this new design of how SSL processing is done inside kernel mode increases performance on IIS7.

IIS7 Rocks!!!

After installing MS07-045 Cumulative Security Update for Internet Explorer - CreateObject call fails with 8000ffff

We have noticed an issue of CreateObject call failure after installing MS07-045 IE update. This issues goes away if you uninstall the patch.  As per the information available it's happening only when .NET managed component (using interop) is called from an ASP page.

Error shown in the browser looks like below

Server object error 'ASP 0177 : 8000ffff'
Server.CreateObject Failed
/hellocom.asp, line 2
8000ffff

Repro steps given below

• Install MS07-045 security patch
• Create a .NET managed component (helloworld.dll)
• Make it COM visible and register it using "regasm helloworld.dll /codebase"
• Create an ASP page (inside your website folder) which calls this component using CreateObject (hellocom.asp)
• The page fails with the error mentioned above

For repro and testing I'm attaching following repro files

• helloworld.dll (managed component)
• hellocom.asp (which uses the above component using CreateObject call)

Code inside helloworld.dll

using System;
using System.Collections.Generic;
using System.Text;

    public class HelloWorldClass
    {
        public HelloWorldClass() 
        {}

        public String SayHello()
        {
            return "Hello World!";
        }
    }

Code inside hellocom.asp

<%
   1:  
   2: Set hello = Server.CreateObject("HelloWorldClass")
   3: Response.Write hello.SayHello()
%>

In my repro I get access denied for these registry keys for IUSR account

Till an official update is available on this issue, please run regmon and fix the permission issues shown in the logs. Please give permission to only the user account shown in regmon logs and not for everyone group since it would increase security risk.

For testing if the permission requirement is only for IUSR account, add IUSR account to administrators group and test. In my case it works and confirms that it's missing permission only for IUSR. This step is for only for testing and needs to be reverted immediately.

Uninstalling this patch is not recommended since it's a security update.

How to Check certificate expiry for webserver (IIS) certificates using script

Although the title says webserver certificates the script is not limited to webserver certificates only.

This script is useful for admins to check expiry dates of server certificates and be prepared to renew or change them. In case if you have ideas of using this in your server environment and you need help in tweaking this script do let me know.

Please copy & paste script below into a file called "CertExpiryCheck.vbs" and run the script from command line like

C:\> cscript certexpirycheck.vbs [SubjectName]

C:\> cscript certexpirycheck.vbs sukak

* here "sukak" is subject name which usually would be your domain name (FQDN)
* Issued by also shows "sukak" in my case since the test was done using self issued certificate created using selfSSL.exe

'**************************************************
'* CertExpiryCheck.vbs
'* Enumerate certificates with day left for expiry 
'**************************************************

Option Explicit
Dim SubjectName
If WScript.Arguments.Count > 0 Then
    SubjectName = LCase(WScript.Arguments(0))
Else
    CommandUsage
End If

Dim Store, Certificates, Certificate
Const CAPICOM_LOCAL_MACHINE_STORE = 1
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1        
Const CAPICOM_STORE_OPEN_READ_ONLY = 0

Set Store = CreateObject("CAPICOM.Store")
Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY
Set Certificates = Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, SubjectName, 0)

If Certificates.Count >0 Then
   For Each Certificate in Certificates
    'Certificate.display()    'If you want to see the Cert in UI
    WScript.Echo "*** Subject " & Certificate.SubjectName & " ***"
    WScript.Echo "Issued by " & Certificate.IssuerName 
    WScript.Echo "Valid from " & Certificate.ValidFromDate & " to " & Certificate.ValidToDate 
    WScript.Echo "Days to expiry " & DateDiff("d",now(),Certificate.ValidToDate)
    WScript.Echo 
   Next
 Else
  WScript.Echo "No certificates with SubjectName => '" & SubjectName & "'"
End If

Set Certificates = Nothing
Set Store = Nothing

Sub CommandUsage
  MsgBox "Usage: CertExpiryCheck.vbs  [SubjectName] ", vbInformation,"CertExpiryCheck"
  WScript.Quit(1)
End Sub

Just keep in mind you need capicom.dll to use this script. This comes default on Windows 2003 (I guess) but might need to be downloaded and registered on other platforms like Vista. Use regsvr32 capicom.dll to register it first before using the script.

Redirecting from http to https in IIS7 (http2https Updated)

I had written a sample to redirect all http traffic to https (secure) in September 2006 http://blogs.msdn.com/sukeshak/archive/2006/09/03/http2https.aspx

In one of our internal discussion alias the question came up that this method does not work when SSL is forced on the website. Step 5 below handles that scenario by checking the "403.4 SSL required" response and handling it during OnEndRequest event.

So let us get into action (I'm using C# for this sample)

1. Download and Install IIS7 Managed Module Starter Kit
   (Not really a requirement but it would make developing IIS7 modules easier)
2. Rename the default class name created to "redir.cs" and rename project/solution/namespace to "http2https"
3. Add the following code in "Init" method
   

   // register for the BeginRequest event
   application.BeginRequest += new EventHandler(OnBeginRequest); 
   application.EndRequest += new EventHandler(OnEndRequest);

    
4. Add the following method to implement "BeginRequest" event
   

   //BeginRequest implementation
   public void OnBeginRequest(Object sender, EventArgs e)
   {
   HttpApplication app = (HttpApplication)sender;
   string HttpUrl = app.Request.Url.ToString(); 
   
      if (HttpUrl.StartsWith("http:"))                           //Redirection done only if URL starts with http:
      {
      HttpUrl = HttpUrl.Replace("http:", "https:");
      app.Response.Redirect(HttpUrl.ToString(), true);           //Redirecting (http 302) to the same URL but with https
      app.Response.End();                                        //We don't want to any further so end
      }
   } 
   

5. Add the following method to implement "OnEndRequest" event
   

   //This is for scenario where SSL is forced on the site
   public void OnEndRequest(Object sender, EventArgs e)
   {
     HttpApplication app = (HttpApplication)sender;
     if (app.Response.StatusCode == 403 && app.Response.SubStatusCode == 4)
     { 
       string HttpUrl = app.Request.Url.ToString();
   
       if (HttpUrl.StartsWith("http:"))
       {
           HttpUrl = HttpUrl.Replace("http:", "https:");
           app.Response.Redirect(HttpUrl.ToString(), true);
           app.Response.End();
       }
   }
   
   

   
   
6. Make sure you have the following in your web.config inside configuration tag
   

   <system.webServer>
   <modules>
      <add name="redir" type="http2https.redir" />
   </modules>
   </system.webServer> 
   

Your http to https redirection sample is ready and also works if you force SSL!!!

How to deploy the HttpModule
There are multiple ways you can deploy this component (I'm assuming that it's being deployed for "default website")

Method 1
Create a folder called "App_Code" inside "%systemdrive%\inetpub\wwwroot"
Copy "redir.cs" file into "App_Code" folder
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

Method 2
Create a folder called "bin" inside "%systemdrive%\inetpub\wwwroot"
Compile "redir.cs" into "redir.dll" and copy it into "bin" folder (to compile -> csc.exe /out:redir.dll /target:library redir.cs)
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

If you open IIS7 UI and go to Modules you can see your HttpModule listed there.

Source code attached with this post

MSN Cartoon Beta (cool way to create smiley's from photos)

Recently I stumbled upon a discussion on facial recognition and creating models from them. Came to know that MSN China had lunched a service called "MSN Cartoon Beta".

Chinese is like French to me; I know neither :)

But I thought it would be an awesome feature to have for all Windows Live Services so tried my predict & clicking skills to get it working!

The following video demonstrates how to use the web based page to create MSN Cartoon without learning Chinese :)

Before beginning with the application there is a small web based install which pops-up but you know which buttons to click if you have used Windows for long enough!

The last button click on the page gives you a zip file containing the newly created smiley's for all  your cool expressions... Now stop reading and check the video and the site ;)

URL => http://cartoon.msn.com.cn/ 

If there is enough demand for audio commentary I will add voice to explain the different buttons and it's options.

How to reuse contacts from Live Messenger in Vista?

Assume that you have a lot of contacts on Live Messenger which you would like to use in different applications provided in Vista.  By default you won't have direct access to contact due to security settings (encryption) to protect that information.

There is an easy tweak/option to enable this information.

In Windows Live Messenger go to
Tools -> Options -> Security (Uncheck the box shown below)

Now check your "C:\users\<login Name>\Contacts" folder, you will find a folder with your Live ID name and all your Messenger contacts inside that folder...

Understanding Vector Graphics

During multimedia era (Windows 3.1 to Windows 95) I had conducted several talks on different elements of multimedia and vector graphics was one of them. Explanation provided below is tweaked to make sure everyone can understand easily.

What does this sample do?
Draw a circle with 100 pixel radius with a mid-point of (200,200)

Non-vector graphics scenario
So in the case of bitmap graphics (bmp/jpg etc) you draw the circle and then save the entire square area pixel-by-pixel (I'm leaving out compression related differences to not make this sample complicated) inside the file. When you zoom the image since it's increasing pixel resolution, so you see the clarity going from good => bad => worse.

Vector Graphics scenario
In the case of Vector graphics, you save (usually) formula and values required for implementing the formula. In our sample

Formula
x1 = x + r * Sin (angle)
y1 = y + r * Cos (angle)

   1: //Sample code snippet

   2: int centerX = 200;

   3: int centerY = 200;

   4: int radius = 100; 

   5:  

   6: for (int i=0; i< 360;i++)  //move point from 0 to 360 degree

   7: { 

   8: int x1 = centerX + radius * sin(i); 

   9: int y1 = centerY + radius * cos(i);  

  10:  

  11: DrawPixel(x1,y1); //drawing pixel on the screen

  12: }

So going to XAML and lets see how we can implement this simple sample
This sample rotates a red circle around a circular path defined by "p_rot"

   1: <Canvas xmlns="http://schemas.microsoft.com/client/2007"

   2:         xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml">

   3:   <Canvas.Triggers>

   4:     <EventTrigger RoutedEvent="Canvas.Loaded">

   5:       <EventTrigger.Actions>

   6:         <BeginStoryboard>

   7:           <Storyboard BeginTime="0" Duration="Forever">

   8:             <DoubleAnimation Storyboard.TargetName="p_rot" Storyboard.TargetProperty="Angle" From="0" To="360" 

   9:                                                             BeginTime="0:0:0" Duration="0:0:5" RepeatBehavior="Forever"/>

  10:           </Storyboard>

  11:         </BeginStoryboard>

  12:       </EventTrigger.Actions>

  13:     </EventTrigger>

  14:   </Canvas.Triggers>

  15:   <Canvas>

  16:     <UIElement.RenderTransform>

  17:       <TransformGroup>

  18:         <TransformGroup.Children>

  19:           <RotateTransform x:Name="p_rot" CenterX="200" CenterY="200" Angle="0"/>

  20:         </TransformGroup.Children>

  21:       </TransformGroup>

  22:     </UIElement.RenderTransform>

  23:     <Ellipse Canvas.Top="50" Canvas.Left="100" Fill="Red" Width="50" Height="50"/>

  24:   </Canvas>

  25: </Canvas>

You can download the sample in Flash and WPF/E from the following URL

http://www.awesomeideas.net/community/Download/tabid/54/Default.aspx

Creating video of your cool application

I have seen people using a number of tools to create screen captures of thier cool application for demos, blogs posting on video sites etc...

I have been using this tool for a long time, but it's existense is unknown to many. So here are the details

Windows Media Encoder

Home Page : http://www.microsoft.com/windows/windowsmedia/forpros/encoder/default.mspx

Download Page : http://www.microsoft.com/downloads/details.aspx?FamilyID=5691ba02-e496-465a-bba9-b2f1182cdf24&DisplayLang=en

How much does it cost?

It's FREE !!!

Glimpse of the options in the wizard 1st page (loads of options more...)

Is this tool only for screen capturing?

No way, go ahead and explore yourself

The output file is either WMA or WMV, and you can also select target profile like desktop, pocket pc etc...

Go ahead and showcase your applications & mashups live on those video sites :)

What is Windows Vista Sideshow?

I read a lot of news and comments about Windows Vista Sideshow. Several comments are in the lines of saying... hmmm what is the big deal about this new feature? Why would I need a small display on my laptop to see my meeting room or tasks, I already have them on my mobile... So I thought I'll just add some of my dreams and some reality about Windows Vista Sideshow since the above thoughts are from people who are not ready to dream about the usage scenarios.

First of all Windows Vista Sideshow is not a feature but a technology powered by Windows Vista.

For more proof of another use of this technology you can see the new Windows Vista MCE remotes launched during CES.

http://www.engadget.com/search/?q=vista+side+show+remotes

Now is this only for laptops and Media Center Remotes? I don't think so!

Lets dream a little and see what else can be done or how this technology can be taken to the next level...

Lets say in next couple of years we get to buy these mini devices powered by Wifi/Bluetooth and have support for Windows Vista Sideshow. Assume that by year 2009, these mini devices become dirt cheap like 5 devices for $100 or so. So people (like me) would go and buy 5 or 10 or more of these devices and would fix it everywhere in the house

• On the refrigerator
• On the main door
• In the bed room
• In the car
• obviously in my MCE remote also and anywhere else you prefer...

and all these devices are being connected to the same computer running Windows Vista so that all the information required would be at your finger-tip anytime.

One of the differences with Microsoft Technologies is that you get a platform to develop and enhance it further. Which means that there are no bounds to how these mini devices can be used... for example these mini devices can be used in these scenarios (and many more which is limited by your ideas)

• Home automation, to an extend of replacing all the switches in the house
• Outlook calendar/tasks
• Windows Live Email/Calendar/Messenger Buddies
• Controlling music from your home theatre system (maybe Windows Vista MCE)
• Stock Quotes

After reading the above do you really think Windows Vista Sideshow is just a small little display attached to one of those expensive laptops?

Don't forget to check my blog website http://blogs.awesomeideas.net