Shared .NET stuff

Monday, April 21, 2008

Error 1316 when installing Office 2007 PIA’s

If you build a setup for an Office 2007 VSTO add-in following the steps described in Deploying Visual Studio 2005 Tools for Office Second Edition Solutions Using Windows Installer, your setup may report that the installation of the Office 2007 PIA's have failed. Looking at the log or installing o2007PIA.msi separately, you will get "Error 1316. Setup cannot read from file <tempdir>\PIARedist.msi. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM".

This occurs on fresh installs of Office 2007 with Microsoft Business Contact Manager and more generally, it seems to occur on any computer which has the Office 2007 PIA's installed using another installer than o2007pia.msi, which is the one Microsoft recommends using.

There seems to be a workaround which is to rename o2007pia.msi into PIARedist.msi both in the file system where bootstrapper packages are stored and in the product.xml file as shown below:

...

<Command PackageFile="PIARedist.msi"
Arguments=""
EstimatedInstalledBytes="30000000"
EstimatedInstallSeconds="60">

You will need to rebuild your setup project.

Please let me know if this workaround does not work for you.

Monday, March 31, 2008

Validating email notification HTML for Outlook 2007

Velodoc issues numerous email notifications. The presentation uses the latest CSS tags and sophisticated layered HTML. Everything worked fine in Outlook 2003 which uses Internet Explorer as the HTML rendering engine. Outlook 2007 and its Word 2007 rendering engine broke many little things.

Although it is definitely a step back in terms of HTML rendering capability for emails, everything is explained in Word 2007 HTML and CSS Rendering Capabilities in Outlook 2007. The article comes with a very handy tool to validate HTML and CSS in your development environment.

I have not been able to install the tool for Visual Studio 2005 SP1 on Windows Vista Ultimate x64 because I could not instantly find the registry keys described in the setup instructions, but it works perfectly with Dreamweaver 8 provided you replace "Dreamweaver MX 2004" by "Dreamweaver 8" in the default installation path.

FileNotFoundException in Visual Studio Setup Project

The Velodoc XP setup project would consistently fail on a specific Windows Server 2003 server of ours but not on other computers of our network. The complete issue is described at http://www.codeplex.com/VelodocXP/WorkItem/View.aspx?WorkItemId=1005. The error message was:

Exception occurred while initializing the installation: System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\WINDOWS\system32\and' or one of its dependencies. The system cannot find the file specified.

Obviously, there is no such "C:\WINDOWS\system32\and" file in our application or on the system. MSI logs and fusion logs would not give any more information.

We have been puzzled by this issue for quite some time. We have finally removed features from our setup one by one until we have been able to identify that a specific custom action was at the source of the problem.

In the literature and samples that you will find regarding developing Visual Studio setup projects, custom action data is passed in the form /NAME = VALUE which works fine unless value contains a space.

The reference documentation at http://msdn2.microsoft.com/en-us/library/2w2fhwzz.aspx states that in setup custom actions, data should be passed as:

/NAME = VALUE if not a directory and value has no space
/NAME = "VALUE" if spaces are expected in a value which is not a directory
/NAME = "VALUE\" if the expected value is a directory

I wish we had not simply read how-to articles and sample code, but also the reference documentation.

Monday, March 17, 2008

Installing Visual Studio Extensions for WCF after an upgrade to .NET 3.0 Service Pack 1

Yesterday, I got stuck installing Visual Studio 2005 extensions for .NET Framework 3.0 (WCF & WPF), November 2006 CTP after my computer had been upgraded to .NET Framework 3.0 Service Pack 1. The installation fails with a warning that a prerequisite, i.e. Microsoft .NET framework 3.0, is missing.

A quick search on the Internet gave me the following trick which works:

Add the following key and value to the registry aimed at luring the installer:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15095BF3-A3D7-4DDF-B193-3A496881E003}]
"DisplayName"="Microsoft .NET Framework 3.0"
Install vsextwfx.msi.
Remove the key above.

Source: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=2550726&SiteID=1.
Thanks Erich.

Thursday, December 20, 2007

New series of articles in relation to Velodoc XP Edition

We have released a series of articles on codeproject.com in relation to Velodoc XP Edition:

Enjoy the reading.

Friday, November 30, 2007

Velodoc XP Edition released as open-source

Customers have been asking us about building Velodoc functionality into their own .NET applications. This is now possible with Velodoc XP Edition which has been released as an open-source project and published on:

Velodoc XP Edition includes:

ASP.NET Ajax server controls, http modules and http handlers which provide file upload and download functionality;
A sample application for sending and receiving large files;
A comprehensive documentation kit.

By releasing the core of the Velodoc platform as an open-source project, we expect to gather more customer intelligence and improve the software, so please provide feedback.

Tuesday, October 23, 2007

The Ajax Control Toolkit NoBot control and session state

You need to prevent hackers using robots to run dictionaries of user names and passwords against your login pages. The most common way to achieve that is the use of Captchas ("Completely Automated Public Turing test to tell Computers and Humans Apart"), which display an image with a code which you need to type in a text box. Captchas are often difficult to read and push away genuine users with disabilities. More elaborated Captchas include sound but they are not mainstream.

The NoBot control in the Microsoft Ajax Control Toolkit can be used for any type of request and in particular to protect the sign in function of a login page:

It makes sure too many requests (to sign in) are not issued from the same IP address;
It provides an automated challenge response mechanism to ensure the request (to sign in) is issued by the (login) page;
It enforces a delay between the time the (login) page is displayed and the request (to sign in) is issued.

The benefit of the NoBot control is that this is transparent to the user, contrary to Captchas.

You implement the NoBot control on your ASP.NET page as follows:

<ajaxToolkit:NoBot
ID="PageNoBot"
runat="server"
OnGenerateChallengeAndResponse="PageNoBot_GenerateChallengeAndResponse"
ResponseMinimumDelaySeconds="3"
CutoffMaximumInstances="5"
CutoffWindowSeconds="60"
/>

You implement the OnGenerateChallengeAndResponse event handler in code as follows:

protected
void PageNoBot_GenerateChallengeAndResponse(object sender, AjaxControlToolkit.NoBotEventArgs e)

{

Random r = new
Random();

int iFirst = r.Next(100);

int iSecond = r.Next(100);

e.ChallengeScript = String.Format("eval('{0}+{1}')", iFirst, iSecond);

e.RequiredResponse = Convert.ToString(iFirst + iSecond);

}

Then the documentation tells you to implement the click event handler of the sign in button as follows:

if (!PageNoBot.IsValid()) {

//Display a message that a robot has been detected and the request cannot be processed

}

else {

//Process the postback event

}

On most sites users are redirected to the login page when sessions time out. Because the NoBot control stores the calculation in session state and session state is reset in this case, the calculation challenge response would fail teh next time the user logs in unless he/she refreshes the page.

The following solves the problem from the user perspective, but it also opens the door to hackers:

if ((!Page.Session.IsNewSession) && (!PageNoBot.IsValid()))

Apart from redesigning the NoBot control, not to use session state but to use the context cache instead, I have not found a really good solution to solve this issue.

Wednesday, September 12, 2007

Nesting the Ajax Control Toolkit Accordion control and the ASP.NET Repeater control

Requirements

Install ASP.NET Ajax extensions 1.0.

The ASP.NET page

Create an ASP.NET Ajax web site (see ASP.NET Ajax extensions) and reference the Ajax Control Toolkit in your project.

Add the following statement at the top of your web page:

<%@ Import Namespace="System.Collections.Generic" %>

Then insert the following code between the form tags of your web page.

<asp:ScriptManager ID="ScriptManager" runat="server" ></asp:ScriptManager>
<ajaxToolkit:Accordion ID="Accordion1" runat="server" SelectedIndex="0"
  FadeTransitions="true" FramesPerSecond="40" TransitionDuration="250"
  AutoSize="None" >
  <Panes></Panes>

  <HeaderTemplate>
<div style="color:white;background-color:blue;cursor:pointer;">
<%# ((KeyValuePair<String, List<File>>)(Container.DataItem)).Key %>
</div>
  </HeaderTemplate>

  <ContentTemplate>
    <asp:repeater id="child" datasource='<%# (List<File>)(((KeyValuePair<String, List<File>>)(Container.DataItem)).Value) %>' runat="server">

      <HeaderTemplate>
<table border="0" cellpadding="0" cellspacing="5" style="width:100%">
<thead><tr>
<th>Id</th><th>Name</th>
<th>Description</th>
<th>Date</th>
</tr></thead>
<tbody>
      </HeaderTemplate>

      <ItemTemplate>
<tr>
<td><%# ((File)(Container.DataItem)).id.ToString() %></td>
<td><%# ((File)(Container.DataItem)).Name %></td>
<td><%# ((File)(Container.DataItem)).Description %></td>
<td><%# ((File)(Container.DataItem)).Date.ToString() %></td>
</tr>
      </ItemTemplate>

      <FooterTemplate>
</tbody>
</table>
      </FooterTemplate>

    </asp:repeater>
  </ContentTemplate>
</ajaxToolkit:Accordion>

The code-behind file

Add the following in the code-behind file of your web page

protected class File
{
  public Guid id;
  public string Name;
  public string Description; 
  public DateTime Date;
  public File()
  {
    id = Guid.NewGuid();
    Date = DateTime.Now;
  }
}

protected void Page_Load(object sender, EventArgs e)
{
  if (!IsPostBack)
  {
    const string C = "Category {0}";
    const string N = "File {0}";
    const string D = "Description {0}";
    Dictionary<String, List<File>> dicCategories = new Dictionary<String, List<File>>();
    for (int i = 0; i < 5; i++)
    {
      List<File> objList = new List<File>();
      for (int j = 0; j < 10; j++)
      {
        File objFile = new File();
        objFile.Name = String.Format(N, j);
        objFile.Description = String.Format(D, j);
        objList.Add(objFile);
      }
      dicCategories.Add(String.Format(C, i), objList);
    }
    Accordion1.DataSource = dicCategories;
    Accordion1.DataBind();
  }
}

Friday, August 31, 2007

Getting Velodoc notifications out of junk email folders

Some Velodoc users have complained that they did not receive our email notifications.

We have looked into our application logs and these notifications have definitely been sent. Looking more closely at our SMTP server logs, we have found some entries similar to the following:

2007-08-28 09:07:16 65.55.245.8 OutboundConnectionResponse SMTPSVC1 SV1 - 25 - - 550+Your+e-mail+was+rejected+for+policy+reasons+on+this+gateway.++Reasons+for+rejection+may+be+related+to+content+with+spam-like+characteristics+or+IP/domain+reputation+problems.++If+you+are+not+an+e-mail/network+admin+please+contact+your+E-mail/Internet+Service+Provider+for+help.++For+e-mail+delivery+information,+please+go+to+http://postmaster.live.com 0 0 355 0 578 SMTP - - - -

I have confirmed myself that notifications sent to Live Hotmail addresses were not received, even in the junk e-mail folder.

Although I was pretty sure about the result, I have checked that Velodoc.net was not recorded in any spam database, using http://www.dnsstuff.com/tools/ip4r.ch?ip=velodoc.net.

Going to http://postmaster.live.com as suggested, I have read about SPF and Sender ID. I already knew about it, but our DNS Servers have been hosted by Network Solutions and they do not support SPF records. They know their stuff, don't they? I have even contacted their support team and I have been told that they get little demand for it.

Enquiring further, we have realized that more and more e-mail servers implement SPF/Sender ID. Some are now considering DKIM/DomainKeys to sign emails. So we have taken the decision to move our DNS to DNS Made Easy and to add SPF records to our domains. Note that we could have used UltraDNS or EasyDNS, which offer similar services.

We have used http://www.dnsreport.com to identify other DNS issues. We were only missing a PTR record pointing to mail.velodoc.net. Because each of our web servers has its own SMTP server, we have changed the MX record to www.velodoc.net which already has a PTR record and changed the HELO greeting of the SMTP servers to display the correct fully qualified domain name. Live Hotmail users now receive our email notifications.

In the near future we will be looking at DomainKeys, but contrary to Sender ID, DomainKeys have an impact on the infrastructure because they require that we change our SMTP Servers. If you have some experience with DKIM/DomainKeys and can recommend SMTP servers that implement email authentication, please leave a comment.

Wednesday, August 29, 2007

Turning the Velodoc Flash applet into a Yahoo widget

Yahoo widget documentation is available at http://widgets.yahoo.com/workshop/.

Yahoo widgets cannot host the browser to display Flash applets. All Yahoo widgets based on Flash require the use of a third party component called WebBrowser4Widgets available at http://www.centraltopic.com. Installing a Yahoo widget which uses this component is a very poor user experience. Several security warnings are displayed, which are too many reasons not to install the widget. Check samples at http://widgets.yahoo.com/gallery/?author=14327

For this reason, we have postponed the packaging of the Velodoc applet as a Yahoo widget and wait until Yahoo widget implements a native mechanism to host Flash applets. Considering the success of Video sites like YouTube, I cannot think of any reason why they should not do it very soon.