Search Results

Search found 3004 results on 121 pages for 'plain'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 24/121 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • What are the steps needed to achieve EAL4

    - by Anonymous
    I read the wikipedia article on EAL (http://en.wikipedia.org/wiki/Evaluation_Assurance_Level) but didn't find it very helpful in laying out the steps needed to achieve EAL4. Can someone please lay out in plain English what's involved and what's required?

    Read the article

  • Is there a way to get Apache to blank sensitive data from logs?

    - by i..
    We're trying to clean up one of our systems as much as possible & have found that despite our attempts to block, users are accessing a certain part of our system through a HTTP GET with their password in the URL. This results in our Apache logs recording their password in plain text on the server. Is there an Apache directive or module that can filter out (or replace) certain patterns in its logs?

    Read the article

  • Java JPanel not showing up....

    - by user69514
    I'm not sure what I am doing wrong, but the text for my JPanels is not showing up. I just get the question number text, but the question is not showing up. Any ideas what I am doing wrong? import java.awt.*; import java.awt.event.*; import javax.swing.*; import javax.swing.event.*; class NewFrame extends JFrame { JPanel centerpanel; // For the questions. CardLayout card; // For the centerpanel. JTextField tf; // Used in question 1. boolean // Store selections for Q2. q2Option1, q2Option2, q2Option3, q2Option4; JList q4List; // For question 4. double // Score on each question. q1Score = 0, q2Score = 0, q3Score = 0, q4Score = 0; // Constructor. public NewFrame (int width, int height) { this.setTitle ("Snoot Club Membership Test"); this.setResizable (true); this.setSize (width, height); Container cPane = this.getContentPane(); // cPane.setLayout (new BorderLayout()); // First, a welcome message, as a Label. JLabel L = new JLabel ("<html><b>Are you elitist enough for our exclusive club?" + " <br>Fill out the form and find out</b></html>"); L.setForeground (Color.blue); cPane.add (L, BorderLayout.NORTH); // Now the center panel with the questions. card = new CardLayout (); centerpanel = new JPanel (); centerpanel.setLayout (card); centerpanel.setOpaque (false); // Each question will be created in a separate method. // The cardlayout requires a label as second parameter. centerpanel.add (firstQuestion (), "1"); centerpanel.add (secondQuestion(), "2"); centerpanel.add (thirdQuestion(), "3"); centerpanel.add (fourthQuestion(), "4"); cPane.add (centerpanel, BorderLayout.CENTER); // Next, a panel of four buttons at the bottom. // The four buttons: quit, submit, next-question, previous-question. JPanel bottomPanel = getBottomPanel (); cPane.add (bottomPanel, BorderLayout.SOUTH); // Finally, show the frame. this.setVisible (true); } // No-parameter constructor. public NewFrame () { this (500, 300); } // The first question uses labels for the question and // gets input via a textfield. A panel containing all // these things is returned. The question asks for // a vacation destination: the more exotic the location, // the higher the score. JPanel firstQuestion () { // We will package everything into a panel and return the panel. JPanel subpanel = new JPanel (); // We will place things in a single column, so // a GridLayout with one column is appropriate. subpanel.setLayout (new GridLayout (8,1)); JLabel L1 = new JLabel ("Question 1:"); L1.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L1); JLabel L2 = new JLabel (" Select a vacation destination"); L2.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L2); JLabel L3 = new JLabel (" 1. Baltimore"); L3.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L3); JLabel L4 = new JLabel (" 2. Disneyland"); L4.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L4); JLabel L5 = new JLabel (" 3. Grand Canyon"); L5.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L5); JLabel L6 = new JLabel (" 4. French Riviera"); L6.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L6); JLabel L7 = new JLabel ("Enter 1,2,3 or 4 below:"); L7.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L7); // Here's the textfield to get user-input. tf = new JTextField (); tf.addActionListener ( new ActionListener () { // This interface has only one method. public void actionPerformed (ActionEvent a) { String q1String = a.getActionCommand(); if (q1String.equals ("2")) q1Score = 2; else if (q1String.equals ("3")) q1Score = 3; else if (q1String.equals ("4")) q1Score = 4; else q1Score = 1; } } ); subpanel.add (tf); return subpanel; } // For the second question, a collection of checkboxes // will be used. More than one selection can be made. // A listener is required for each checkbox. The state // of each checkbox is recorded. JPanel secondQuestion () { JPanel subpanel = new JPanel (); subpanel.setLayout (new GridLayout (7,1)); JLabel L1 = new JLabel ("Question 2:"); L1.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L1); JLabel L2 = new JLabel (" Select ONE OR MORE things that "); L2.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L2); JLabel L3 = new JLabel (" you put into your lunch sandwich"); L3.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L3); // Initialize the selections to false. q2Option1 = q2Option2 = q2Option3 = q2Option4 = false; // First checkbox. JCheckBox c1 = new JCheckBox ("Ham, beef or turkey"); c1.addItemListener ( new ItemListener () { public void itemStateChanged (ItemEvent i) { JCheckBox c = (JCheckBox) i.getSource(); q2Option1 = c.isSelected(); } } ); subpanel.add (c1); // Second checkbox. JCheckBox c2 = new JCheckBox ("Cheese"); c2.addItemListener ( new ItemListener () { // This is where we will react to a change in checkbox. public void itemStateChanged (ItemEvent i) { JCheckBox c = (JCheckBox) i.getSource(); q2Option2 = c.isSelected(); } } ); subpanel.add (c2); // Third checkbox. JCheckBox c3 = new JCheckBox ("Sun-dried Arugula leaves"); c3.addItemListener ( new ItemListener () { public void itemStateChanged (ItemEvent i) { JCheckBox c = (JCheckBox) i.getSource(); q2Option3 = c.isSelected(); } } ); subpanel.add (c3); // Fourth checkbox. JCheckBox c4 = new JCheckBox ("Lemon-enhanced smoked Siberian caviar"); c4.addItemListener ( new ItemListener () { public void itemStateChanged (ItemEvent i) { JCheckBox c = (JCheckBox) i.getSource(); q2Option4 = c.isSelected(); } } ); subpanel.add (c4); return subpanel; } // The third question allows only one among four choices // to be selected. We will use radio buttons. JPanel thirdQuestion () { JPanel subpanel = new JPanel (); subpanel.setLayout (new GridLayout (6,1)); JLabel L1 = new JLabel ("Question 3:"); L1.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L1); JLabel L2 = new JLabel (" And which mustard do you use?"); L2.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L2); // First, create the ButtonGroup instance. // We will add radio buttons to this group. ButtonGroup bGroup = new ButtonGroup(); // First checkbox. JRadioButton r1 = new JRadioButton ("Who cares?"); r1.addItemListener ( new ItemListener () { public void itemStateChanged (ItemEvent i) { JRadioButton r = (JRadioButton) i.getSource(); if (r.isSelected()) q3Score = 1; } } ); bGroup.add (r1); subpanel.add (r1); // Second checkbox. JRadioButton r2 = new JRadioButton ("Safeway Brand"); r2.addItemListener ( new ItemListener () { public void itemStateChanged (ItemEvent i) { JRadioButton r = (JRadioButton) i.getSource(); if (r.isSelected()) q3Score = 2; } } ); bGroup.add (r2); subpanel.add (r2); // Third checkbox. JRadioButton r3 = new JRadioButton ("Fleishman's"); r3.addItemListener ( new ItemListener () { public void itemStateChanged (ItemEvent i) { JRadioButton r = (JRadioButton) i.getSource(); if (r.isSelected()) q3Score = 3; } } ); bGroup.add (r3); subpanel.add (r3); // Fourth checkbox. JRadioButton r4 = new JRadioButton ("Grey Poupon"); r4.addItemListener ( new ItemListener () { public void itemStateChanged (ItemEvent i) { JRadioButton r = (JRadioButton) i.getSource(); if (r.isSelected()) q3Score = 4; } } ); bGroup.add (r4); subpanel.add (r4); return subpanel; } // For the fourth question we will use a drop-down Choice. JPanel fourthQuestion () { JPanel subpanel = new JPanel (); subpanel.setLayout (new GridLayout (3,1)); JLabel L1 = new JLabel ("Question 4:"); L1.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L1); JLabel L2 = new JLabel (" Your movie preference, among these:"); L2.setFont (new Font ("SansSerif", Font.ITALIC, 15)); subpanel.add (L2); // Create a JList with options. String[] movies = { "Lethal Weapon IV", "Titanic", "Saving Private Ryan", "Le Art Movie avec subtitles"}; q4List = new JList (movies); q4Score = 1; q4List.addListSelectionListener ( new ListSelectionListener () { public void valueChanged (ListSelectionEvent e) { q4Score = 1 + q4List.getSelectedIndex(); } } ); subpanel.add (q4List); return subpanel; } void computeResult () { // Clear the center panel. centerpanel.removeAll(); // Create a new panel to display in the center. JPanel subpanel = new JPanel (new GridLayout (5,1)); // Score on question 1. JLabel L1 = new JLabel ("Score on question 1: " + q1Score); L1.setFont (new Font ("Serif", Font.ITALIC, 15)); subpanel.add (L1); // Score on question 2. if (q2Option1) q2Score += 1; if (q2Option2) q2Score += 2; if (q2Option3) q2Score += 3; if (q2Option4) q2Score += 4; q2Score = 0.6 * q2Score; JLabel L2 = new JLabel ("Score on question 2: " + q2Score); L2.setFont (new Font ("Serif", Font.ITALIC, 15)); subpanel.add (L2); // Score on question 3. JLabel L3 = new JLabel ("Score on question 3: " + q3Score); L3.setFont (new Font ("Serif", Font.ITALIC, 15)); subpanel.add (L3); // Score on question 4. JLabel L4 = new JLabel ("Score on question 4: " + q4Score); L4.setFont (new Font ("Serif", Font.ITALIC, 15)); subpanel.add (L4); // Weighted score. double avg = (q1Score + q2Score + q3Score + q4Score) / (double) 4; JLabel L5; if (avg <= 3.5) L5 = new JLabel ("Your average score: " + avg + " - REJECTED!"); else L5 = new JLabel ("Your average score: " + avg + " - WELCOME!"); L5.setFont (new Font ("Serif", Font.BOLD, 20)); //L5.setAlignment (JLabel.CENTER); subpanel.add (L5); // Now add the new subpanel. centerpanel.add (subpanel, "5"); // Need to mark the centerpanel as "altered" centerpanel.invalidate(); // Everything "invalid" (e.g., the centerpanel above) // is now re-computed. this.validate(); } JPanel getBottomPanel () { // Create a panel into which we will place buttons. JPanel bottomPanel = new JPanel (); // A "previous-question" button. JButton backward = new JButton ("Previous question"); backward.setFont (new Font ("Serif", Font.PLAIN | Font.BOLD, 15)); backward.addActionListener ( new ActionListener () { public void actionPerformed (ActionEvent a) { // Go back in the card layout. card.previous (centerpanel); } } ); bottomPanel.add (backward); // A forward button. JButton forward = new JButton ("Next question"); forward.setFont (new Font ("Serif", Font.PLAIN | Font.BOLD, 15)); forward.addActionListener ( new ActionListener () { public void actionPerformed (ActionEvent a) { // Go forward in the card layout. card.next (centerpanel); } } ); bottomPanel.add (forward); // A submit button. JButton submit = new JButton ("Submit"); submit.setFont (new Font ("Serif", Font.PLAIN | Font.BOLD, 15)); submit.addActionListener ( new ActionListener () { public void actionPerformed (ActionEvent a) { // Perform submit task. computeResult(); } } ); bottomPanel.add (submit); JButton quitb = new JButton ("Quit"); quitb.setFont (new Font ("Serif", Font.PLAIN | Font.BOLD, 15)); quitb.addActionListener ( new ActionListener () { public void actionPerformed (ActionEvent a) { System.exit (0); } } ); bottomPanel.add (quitb); return bottomPanel; } } public class Survey { public static void main (String[] argv) { NewFrame nf = new NewFrame (600, 300); } }

    Read the article

  • WCF WS-Security and WSE Nonce Authentication

    - by Rick Strahl
    WCF makes it fairly easy to access WS-* Web Services, except when you run into a service format that it doesn't support. Even then WCF provides a huge amount of flexibility to make the service clients work, however finding the proper interfaces to make that happen is not easy to discover and for the most part undocumented unless you're lucky enough to run into a blog, forum or StackOverflow post on the matter. This is definitely true for the Password Nonce as part of the WS-Security/WSE protocol, which is not natively supported in WCF. Specifically I had a need to create a WCF message on the client that includes a WS-Security header that looks like this from their spec document:<soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-8" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>TeStUsErNaMe1</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >TeStPaSsWoRd1</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" >f8nUe3YupTU5ISdCy3X9Gg==</wsse:Nonce> <wsu:Created>2011-05-04T19:01:40.981Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> Specifically, the Nonce and Created keys are what WCF doesn't create or have a built in formatting for. Why is there a nonce? My first thought here was WTF? The username and password are there in clear text, what does the Nonce accomplish? The Nonce and created keys are are part of WSE Security specification and are meant to allow the server to detect and prevent replay attacks. The hashed nonce should be unique per request which the server can store and check for before running another request thus ensuring that a request is not replayed with exactly the same values. Basic ServiceUtl Import - not much Luck The first thing I did when I imported this service with a service reference was to simply import it as a Service Reference. The Add Service Reference import automatically detects that WS-Security is required and appropariately adds the WS-Security to the basicHttpBinding in the config file:<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="RealTimeOnlineSoapBinding"> <security mode="Transport" /> </binding> <binding name="RealTimeOnlineSoapBinding1" /> </basicHttpBinding> </bindings> <client> <endpoint address="https://notarealurl.com:443/services/RealTimeOnline" binding="basicHttpBinding" bindingConfiguration="RealTimeOnlineSoapBinding" contract="RealTimeOnline.RealTimeOnline" name="RealTimeOnline" /> </client> </system.serviceModel> </configuration> If if I run this as is using code like this:var client = new RealTimeOnlineClient(); client.ClientCredentials.UserName.UserName = "TheUsername"; client.ClientCredentials.UserName.Password = "ThePassword"; … I get nothing in terms of WS-Security headers. The request is sent, but the the binding expects transport level security to be applied, rather than message level security. To fix this so that a WS-Security message header is sent the security mode can be changed to: <security mode="TransportWithMessageCredential" /> Now if I re-run I at least get a WS-Security header which looks like this:<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2012-11-24T02:55:18.011Z</u:Created> <u:Expires>2012-11-24T03:00:18.011Z</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="uuid-18c215d4-1106-40a5-8dd1-c81fdddf19d3-1"> <o:Username>TheUserName</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >ThePassword</o:Password> </o:UsernameToken> </o:Security> </s:Header> Closer! Now the WS-Security header is there along with a timestamp field (which might not be accepted by some WS-Security expecting services), but there's no Nonce or created timestamp as required by my original service. Using a CustomBinding instead My next try was to go with a CustomBinding instead of basicHttpBinding as it allows a bit more control over the protocol and transport configurations for the binding. Specifically I can explicitly specify the message protocol(s) used. Using configuration file settings here's what the config file looks like:<?xml version="1.0"?> <configuration> <system.serviceModel> <bindings> <customBinding> <binding name="CustomSoapBinding"> <security includeTimestamp="false" authenticationMode="UserNameOverTransport" defaultAlgorithmSuite="Basic256" requireDerivedKeys="false" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> </security> <textMessageEncoding messageVersion="Soap11"></textMessageEncoding> <httpsTransport maxReceivedMessageSize="2000000000"/> </binding> </customBinding> </bindings> <client> <endpoint address="https://notrealurl.com:443/services/RealTimeOnline" binding="customBinding" bindingConfiguration="CustomSoapBinding" contract="RealTimeOnline.RealTimeOnline" name="RealTimeOnline" /> </client> </system.serviceModel> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/> </startup> </configuration> This ends up creating a cleaner header that's missing the timestamp field which can cause some services problems. The WS-Security header output generated with the above looks like this:<s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-291622ca-4c11-460f-9886-ac1c78813b24-1"> <o:Username>TheUsername</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >ThePassword</o:Password> </o:UsernameToken> </o:Security> </s:Header> This is closer as it includes only the username and password. The key here is the protocol for WS-Security:messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" which explicitly specifies the protocol version. There are several variants of this specification but none of them seem to support the nonce unfortunately. This protocol does allow for optional omission of the Nonce and created timestamp provided (which effectively makes those keys optional). With some services I tried that requested a Nonce just using this protocol actually worked where the default basicHttpBinding failed to connect, so this is a possible solution for access to some services. Unfortunately for my target service that was not an option. The nonce has to be there. Creating Custom ClientCredentials As it turns out WCF doesn't have support for the Digest Nonce as part of WS-Security, and so as far as I can tell there's no way to do it just with configuration settings. I did a bunch of research on this trying to find workarounds for this, and I did find a couple of entries on StackOverflow as well as on the MSDN forums. However, none of these are particularily clear and I ended up using bits and pieces of several of them to arrive at a working solution in the end. http://stackoverflow.com/questions/896901/wcf-adding-nonce-to-usernametoken http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/4df3354f-0627-42d9-b5fb-6e880b60f8ee The latter forum message is the more useful of the two (the last message on the thread in particular) and it has most of the information required to make this work. But it took some experimentation for me to get this right so I'll recount the process here maybe a bit more comprehensively. In order for this to work a number of classes have to be overridden: ClientCredentials ClientCredentialsSecurityTokenManager WSSecurityTokenizer The idea is that we need to create a custom ClientCredential class to hold the custom properties so they can be set from the UI or via configuration settings. The TokenManager and Tokenizer are mainly required to allow the custom credentials class to flow through the WCF pipeline and eventually provide custom serialization. Here are the three classes required and their full implementations:public class CustomCredentials : ClientCredentials { public CustomCredentials() { } protected CustomCredentials(CustomCredentials cc) : base(cc) { } public override System.IdentityModel.Selectors.SecurityTokenManager CreateSecurityTokenManager() { return new CustomSecurityTokenManager(this); } protected override ClientCredentials CloneCore() { return new CustomCredentials(this); } } public class CustomSecurityTokenManager : ClientCredentialsSecurityTokenManager { public CustomSecurityTokenManager(CustomCredentials cred) : base(cred) { } public override System.IdentityModel.Selectors.SecurityTokenSerializer CreateSecurityTokenSerializer(System.IdentityModel.Selectors.SecurityTokenVersion version) { return new CustomTokenSerializer(System.ServiceModel.Security.SecurityVersion.WSSecurity11); } } public class CustomTokenSerializer : WSSecurityTokenSerializer { public CustomTokenSerializer(SecurityVersion sv) : base(sv) { } protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token) { UserNameSecurityToken userToken = token as UserNameSecurityToken; string tokennamespace = "o"; DateTime created = DateTime.Now; string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ"); // unique Nonce value - encode with SHA-1 for 'randomness' // in theory the nonce could just be the GUID by itself string phrase = Guid.NewGuid().ToString(); var nonce = GetSHA1String(phrase); // in this case password is plain text // for digest mode password needs to be encoded as: // PasswordAsDigest = Base64(SHA-1(Nonce + Created + Password)) // and profile needs to change to //string password = GetSHA1String(nonce + createdStr + userToken.Password); string password = userToken.Password; writer.WriteRaw(string.Format( "<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<{0}:Username>" + userToken.UserName + "</{0}:Username>" + "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" + password + "</{0}:Password>" + "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</{0}:Nonce>" + "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace)); } protected string GetSHA1String(string phrase) { SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider(); byte[] hashedDataBytes = sha1Hasher.ComputeHash(Encoding.UTF8.GetBytes(phrase)); return Convert.ToBase64String(hashedDataBytes); } } Realistically only the CustomTokenSerializer has any significant code in. The code there deals with actually serializing the custom credentials using low level XML semantics by writing output into an XML writer. I can't take credit for this code - most of the code comes from the MSDN forum post mentioned earlier - I made a few adjustments to simplify the nonce generation and also added some notes to allow for PasswordDigest generation. Per spec the nonce is nothing more than a unique value that's supposed to be 'random'. I'm thinking that this value can be any string that's unique and a GUID on its own probably would have sufficed. Comments on other posts that GUIDs can be potentially guessed are highly exaggerated to say the least IMHO. To satisfy even that aspect though I added the SHA1 encryption and binary decoding to give a more random value that would be impossible to 'guess'. The original example from the forum post used another level of encoding and decoding to string in between - but that really didn't accomplish anything but extra overhead. The header output generated from this looks like this:<s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-f43d8b0d-0ebb-482e-998d-f544401a3c91-1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <o:Username>TheUsername</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ThePassword</o:Password> <o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" >PjVE24TC6HtdAnsf3U9c5WMsECY=</o:Nonce> <u:Created>2012-11-23T07:10:04.670Z</u:Created> </o:UsernameToken> </o:Security> </s:Header> which is exactly as it should be. Password Digest? In my case the password is passed in plain text over an SSL connection, so there's no digest required so I was done with the code above. Since I don't have a service handy that requires a password digest,  I had no way of testing the code for the digest implementation, but here is how this is likely to work. If you need to pass a digest encoded password things are a little bit trickier. The password type namespace needs to change to: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Digest and then the password value needs to be encoded. The format for password digest encoding is this: Base64(SHA-1(Nonce + Created + Password)) and it can be handled in the code above with this code (that's commented in the snippet above): string password = GetSHA1String(nonce + createdStr + userToken.Password); The entire WriteTokenCore method for digest code looks like this:protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token) { UserNameSecurityToken userToken = token as UserNameSecurityToken; string tokennamespace = "o"; DateTime created = DateTime.Now; string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ"); // unique Nonce value - encode with SHA-1 for 'randomness' // in theory the nonce could just be the GUID by itself string phrase = Guid.NewGuid().ToString(); var nonce = GetSHA1String(phrase); string password = GetSHA1String(nonce + createdStr + userToken.Password); writer.WriteRaw(string.Format( "<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<{0}:Username>" + userToken.UserName + "</{0}:Username>" + "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Digest\">" + password + "</{0}:Password>" + "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</{0}:Nonce>" + "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace)); } I had no service to connect to to try out Digest auth - if you end up needing it and get it to work please drop a comment… How to use the custom Credentials The easiest way to use the custom credentials is to create the client in code. Here's a factory method I use to create an instance of my service client:  public static RealTimeOnlineClient CreateRealTimeOnlineProxy(string url, string username, string password) { if (string.IsNullOrEmpty(url)) url = "https://notrealurl.com:443/cows/services/RealTimeOnline"; CustomBinding binding = new CustomBinding(); var security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement(); security.IncludeTimestamp = false; security.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; var encoding = new TextMessageEncodingBindingElement(); encoding.MessageVersion = MessageVersion.Soap11; var transport = new HttpsTransportBindingElement(); transport.MaxReceivedMessageSize = 20000000; // 20 megs binding.Elements.Add(security); binding.Elements.Add(encoding); binding.Elements.Add(transport); RealTimeOnlineClient client = new RealTimeOnlineClient(binding, new EndpointAddress(url)); // to use full client credential with Nonce uncomment this code: // it looks like this might not be required - the service seems to work without it client.ChannelFactory.Endpoint.Behaviors.Remove<System.ServiceModel.Description.ClientCredentials>(); client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials()); client.ClientCredentials.UserName.UserName = username; client.ClientCredentials.UserName.Password = password; return client; } This returns a service client that's ready to call other service methods. The key item in this code is the ChannelFactory endpoint behavior modification that that first removes the original ClientCredentials and then adds the new one. The ClientCredentials property on the client is read only and this is the way it has to be added.   Summary It's a bummer that WCF doesn't suport WSE Security authentication with nonce values out of the box. From reading the comments in posts/articles while I was trying to find a solution, I found that this feature was omitted by design as this protocol is considered unsecure. While I agree that plain text passwords are rarely a good idea even if they go over secured SSL connection as WSE Security does, there are unfortunately quite a few services (mosly Java services I suspect) that use this protocol. I've run into this twice now and trying to find a solution online I can see that this is not an isolated problem - many others seem to have struggled with this. It seems there are about a dozen questions about this on StackOverflow all with varying incomplete answers. Hopefully this post provides a little more coherent content in one place. Again I marvel at WCF and its breadth of support for protocol features it has in a single tool. And even when it can't handle something there are ways to get it working via extensibility. But at the same time I marvel at how freaking difficult it is to arrive at these solutions. I mean there's no way I could have ever figured this out on my own. It takes somebody working on the WCF team or at least being very, very intricately involved in the innards of WCF to figure out the interconnection of the various objects to do this from scratch. Luckily this is an older problem that has been discussed extensively online and I was able to cobble together a solution from the online content. I'm glad it worked out that way, but it feels dirty and incomplete in that there's a whole learning path that was omitted to get here… Man am I glad I'm not dealing with SOAP services much anymore. REST service security - even when using some sort of federation is a piece of cake by comparison :-) I'm sure once standards bodies gets involved we'll be right back in security standard hell…© Rick Strahl, West Wind Technologies, 2005-2012Posted in WCF  Web Services   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • Rendering ASP.NET MVC Views to String

    - by Rick Strahl
    It's not uncommon in my applications that I require longish text output that does not have to be rendered into the HTTP output stream. The most common scenario I have for 'template driven' non-Web text is for emails of all sorts. Logon confirmations and verifications, email confirmations for things like orders, status updates or scheduler notifications - all of which require merged text output both within and sometimes outside of Web applications. On other occasions I also need to capture the output from certain views for logging purposes. Rather than creating text output in code, it's much nicer to use the rendering mechanism that ASP.NET MVC already provides by way of it's ViewEngines - using Razor or WebForms views - to render output to a string. This is nice because it uses the same familiar rendering mechanism that I already use for my HTTP output and it also solves the problem of where to store the templates for rendering this content in nothing more than perhaps a separate view folder. The good news is that ASP.NET MVC's rendering engine is much more modular than the full ASP.NET runtime engine which was a real pain in the butt to coerce into rendering output to string. With MVC the rendering engine has been separated out from core ASP.NET runtime, so it's actually a lot easier to get View output into a string. Getting View Output from within an MVC Application If you need to generate string output from an MVC and pass some model data to it, the process to capture this output is fairly straight forward and involves only a handful of lines of code. The catch is that this particular approach requires that you have an active ControllerContext that can be passed to the view. This means that the following approach is limited to access from within Controller methods. Here's a class that wraps the process and provides both instance and static methods to handle the rendering:/// <summary> /// Class that renders MVC views to a string using the /// standard MVC View Engine to render the view. /// /// Note: This class can only be used within MVC /// applications that have an active ControllerContext. /// </summary> public class ViewRenderer { /// <summary> /// Required Controller Context /// </summary> protected ControllerContext Context { get; set; } public ViewRenderer(ControllerContext controllerContext) { Context = controllerContext; } /// <summary> /// Renders a full MVC view to a string. Will render with the full MVC /// View engine including running _ViewStart and merging into _Layout /// </summary> /// <param name="viewPath"> /// The path to the view to render. Either in same controller, shared by /// name or as fully qualified ~/ path including extension /// </param> /// <param name="model">The model to render the view with</param> /// <returns>String of the rendered view or null on error</returns> public string RenderView(string viewPath, object model) { return RenderViewToStringInternal(viewPath, model, false); } /// <summary> /// Renders a partial MVC view to string. Use this method to render /// a partial view that doesn't merge with _Layout and doesn't fire /// _ViewStart. /// </summary> /// <param name="viewPath"> /// The path to the view to render. Either in same controller, shared by /// name or as fully qualified ~/ path including extension /// </param> /// <param name="model">The model to pass to the viewRenderer</param> /// <returns>String of the rendered view or null on error</returns> public string RenderPartialView(string viewPath, object model) { return RenderViewToStringInternal(viewPath, model, true); } public static string RenderView(string viewPath, object model, ControllerContext controllerContext) { ViewRenderer renderer = new ViewRenderer(controllerContext); return renderer.RenderView(viewPath, model); } public static string RenderPartialView(string viewPath, object model, ControllerContext controllerContext) { ViewRenderer renderer = new ViewRenderer(controllerContext); return renderer.RenderPartialView(viewPath, model); } protected string RenderViewToStringInternal(string viewPath, object model, bool partial = false) { // first find the ViewEngine for this view ViewEngineResult viewEngineResult = null; if (partial) viewEngineResult = ViewEngines.Engines.FindPartialView(Context, viewPath); else viewEngineResult = ViewEngines.Engines.FindView(Context, viewPath, null); if (viewEngineResult == null) throw new FileNotFoundException(Properties.Resources.ViewCouldNotBeFound); // get the view and attach the model to view data var view = viewEngineResult.View; Context.Controller.ViewData.Model = model; string result = null; using (var sw = new StringWriter()) { var ctx = new ViewContext(Context, view, Context.Controller.ViewData, Context.Controller.TempData, sw); view.Render(ctx, sw); result = sw.ToString(); } return result; } } The key is the RenderViewToStringInternal method. The method first tries to find the view to render based on its path which can either be in the current controller's view path or the shared view path using its simple name (PasswordRecovery) or alternately by its full virtual path (~/Views/Templates/PasswordRecovery.cshtml). This code should work both for Razor and WebForms views although I've only tried it with Razor Views. Note that WebForms Views might actually be better for plain text as Razor adds all sorts of white space into its output when there are code blocks in the template. The Web Forms engine provides more accurate rendering for raw text scenarios. Once a view engine is found the view to render can be retrieved. Views in MVC render based on data that comes off the controller like the ViewData which contains the model along with the actual ViewData and ViewBag. From the View and some of the Context data a ViewContext is created which is then used to render the view with. The View picks up the Model and other data from the ViewContext internally and processes the View the same it would be processed if it were to send its output into the HTTP output stream. The difference is that we can override the ViewContext's output stream which we provide and capture into a StringWriter(). After rendering completes the result holds the output string. If an error occurs the error behavior is similar what you see with regular MVC errors - you get a full yellow screen of death including the view error information with the line of error highlighted. It's your responsibility to handle the error - or let it bubble up to your regular Controller Error filter if you have one. To use the simple class you only need a single line of code if you call the static methods. Here's an example of some Controller code that is used to send a user notification to a customer via email in one of my applications:[HttpPost] public ActionResult ContactSeller(ContactSellerViewModel model) { InitializeViewModel(model); var entryBus = new busEntry(); var entry = entryBus.LoadByDisplayId(model.EntryId); if ( string.IsNullOrEmpty(model.Email) ) entryBus.ValidationErrors.Add("Email address can't be empty.","Email"); if ( string.IsNullOrEmpty(model.Message)) entryBus.ValidationErrors.Add("Message can't be empty.","Message"); model.EntryId = entry.DisplayId; model.EntryTitle = entry.Title; if (entryBus.ValidationErrors.Count > 0) { ErrorDisplay.AddMessages(entryBus.ValidationErrors); ErrorDisplay.ShowError("Please correct the following:"); } else { string message = ViewRenderer.RenderView("~/views/template/ContactSellerEmail.cshtml",model, ControllerContext); string title = entry.Title + " (" + entry.DisplayId + ") - " + App.Configuration.ApplicationName; AppUtils.SendEmail(title, message, model.Email, entry.User.Email, false, false)) } return View(model); } Simple! The view in this case is just a plain MVC view and in this case it's a very simple plain text email message (edited for brevity here) that is created and sent off:@model ContactSellerViewModel @{ Layout = null; }re: @Model.EntryTitle @Model.ListingUrl @Model.Message ** SECURITY ADVISORY - AVOID SCAMS ** Avoid: wiring money, cross-border deals, work-at-home ** Beware: cashier checks, money orders, escrow, shipping ** More Info: @(App.Configuration.ApplicationBaseUrl)scams.html Obviously this is a very simple view (I edited out more from this page to keep it brief) -  but other template views are much more complex HTML documents or long messages that are occasionally updated and they are a perfect fit for Razor rendering. It even works with nested partial views and _layout pages. Partial Rendering Notice that I'm rendering a full View here. In the view I explicitly set the Layout=null to avoid pulling in _layout.cshtml for this view. This can also be controlled externally by calling the RenderPartial method instead: string message = ViewRenderer.RenderPartialView("~/views/template/ContactSellerEmail.cshtml",model, ControllerContext); with this line of code no layout page (or _viewstart) will be loaded, so the output generated is just what's in the view. I find myself using Partials most of the time when rendering templates, since the target of templates usually tend to be emails or other HTML fragment like output, so the RenderPartialView() method is definitely useful to me. Rendering without a ControllerContext The preceding class is great when you're need template rendering from within MVC controller actions or anywhere where you have access to the request Controller. But if you don't have a controller context handy - maybe inside a utility function that is static, a non-Web application, or an operation that runs asynchronously in ASP.NET - which makes using the above code impossible. I haven't found a way to manually create a Controller context to provide the ViewContext() what it needs from outside of the MVC infrastructure. However, there are ways to accomplish this,  but they are a bit more complex. It's possible to host the RazorEngine on your own, which side steps all of the MVC framework and HTTP and just deals with the raw rendering engine. I wrote about this process in Hosting the Razor Engine in Non-Web Applications a long while back. It's quite a process to create a custom Razor engine and runtime, but it allows for all sorts of flexibility. There's also a RazorEngine CodePlex project that does something similar. I've been meaning to check out the latter but haven't gotten around to it since I have my own code to do this. The trick to hosting the RazorEngine to have it behave properly inside of an ASP.NET application and properly cache content so templates aren't constantly rebuild and reparsed. Anyway, in the same app as above I have one scenario where no ControllerContext is available: I have a background scheduler running inside of the app that fires on timed intervals. This process could be external but because it's lightweight we decided to fire it right inside of the ASP.NET app on a separate thread. In my app the code that renders these templates does something like this:var model = new SearchNotificationViewModel() { Entries = entries, Notification = notification, User = user }; // TODO: Need logging for errors sending string razorError = null; var result = AppUtils.RenderRazorTemplate("~/views/template/SearchNotificationTemplate.cshtml", model, razorError); which references a couple of helper functions that set up my RazorFolderHostContainer class:public static string RenderRazorTemplate(string virtualPath, object model,string errorMessage = null) { var razor = AppUtils.CreateRazorHost(); var path = virtualPath.Replace("~/", "").Replace("~", "").Replace("/", "\\"); var merged = razor.RenderTemplateToString(path, model); if (merged == null) errorMessage = razor.ErrorMessage; return merged; } /// <summary> /// Creates a RazorStringHostContainer and starts it /// Call .Stop() when you're done with it. /// /// This is a static instance /// </summary> /// <param name="virtualPath"></param> /// <param name="binBasePath"></param> /// <param name="forceLoad"></param> /// <returns></returns> public static RazorFolderHostContainer CreateRazorHost(string binBasePath = null, bool forceLoad = false) { if (binBasePath == null) { if (HttpContext.Current != null) binBasePath = HttpContext.Current.Server.MapPath("~/"); else binBasePath = AppDomain.CurrentDomain.BaseDirectory; } if (_RazorHost == null || forceLoad) { if (!binBasePath.EndsWith("\\")) binBasePath += "\\"; //var razor = new RazorStringHostContainer(); var razor = new RazorFolderHostContainer(); razor.TemplatePath = binBasePath; binBasePath += "bin\\"; razor.BaseBinaryFolder = binBasePath; razor.UseAppDomain = false; razor.ReferencedAssemblies.Add(binBasePath + "ClassifiedsBusiness.dll"); razor.ReferencedAssemblies.Add(binBasePath + "ClassifiedsWeb.dll"); razor.ReferencedAssemblies.Add(binBasePath + "Westwind.Utilities.dll"); razor.ReferencedAssemblies.Add(binBasePath + "Westwind.Web.dll"); razor.ReferencedAssemblies.Add(binBasePath + "Westwind.Web.Mvc.dll"); razor.ReferencedAssemblies.Add("System.Web.dll"); razor.ReferencedNamespaces.Add("System.Web"); razor.ReferencedNamespaces.Add("ClassifiedsBusiness"); razor.ReferencedNamespaces.Add("ClassifiedsWeb"); razor.ReferencedNamespaces.Add("Westwind.Web"); razor.ReferencedNamespaces.Add("Westwind.Utilities"); _RazorHost = razor; _RazorHost.Start(); //_RazorHost.Engine.Configuration.CompileToMemory = false; } return _RazorHost; } The RazorFolderHostContainer essentially is a full runtime that mimics a folder structure like a typical Web app does including caching semantics and compiling code only if code changes on disk. It maps a folder hierarchy to views using the ~/ path syntax. The host is then configured to add assemblies and namespaces. Unfortunately the engine is not exactly like MVC's Razor - the expression expansion and code execution are the same, but some of the support methods like sections, helpers etc. are not all there so templates have to be a bit simpler. There are other folder hosts provided as well to directly execute templates from strings (using RazorStringHostContainer). The following is an example of an HTML email template @inherits RazorHosting.RazorTemplateFolderHost <ClassifiedsWeb.SearchNotificationViewModel> <html> <head> <title>Search Notifications</title> <style> body { margin: 5px;font-family: Verdana, Arial; font-size: 10pt;} h3 { color: SteelBlue; } .entry-item { border-bottom: 1px solid grey; padding: 8px; margin-bottom: 5px; } </style> </head> <body> Hello @Model.User.Name,<br /> <p>Below are your Search Results for the search phrase:</p> <h3>@Model.Notification.SearchPhrase</h3> <small>since @TimeUtils.ShortDateString(Model.Notification.LastSearch)</small> <hr /> You can see that the syntax is a little different. Instead of the familiar @model header the raw Razor  @inherits tag is used to specify the template base class (which you can extend). I took a quick look through the feature set of RazorEngine on CodePlex (now Github I guess) and the template implementation they use is closer to MVC's razor but there are other differences. In the end don't expect exact behavior like MVC templates if you use an external Razor rendering engine. This is not what I would consider an ideal solution, but it works well enough for this project. My biggest concern is the overhead of hosting a second razor engine in a Web app and the fact that here the differences in template rendering between 'real' MVC Razor views and another RazorEngine really are noticeable. You win some, you lose some It's extremely nice to see that if you have a ControllerContext handy (which probably addresses 99% of Web app scenarios) rendering a view to string using the native MVC Razor engine is pretty simple. Kudos on making that happen - as it solves a problem I see in just about every Web application I work on. But it is a bummer that a ControllerContext is required to make this simple code work. It'd be really sweet if there was a way to render views without being so closely coupled to the ASP.NET or MVC infrastructure that requires a ControllerContext. Alternately it'd be nice to have a way for an MVC based application to create a minimal ControllerContext from scratch - maybe somebody's been down that path. I tried for a few hours to come up with a way to make that work but gave up in the soup of nested contexts (MVC/Controller/View/Http). I suspect going down this path would be similar to hosting the ASP.NET runtime requiring a WorkerRequest. Brrr…. The sad part is that it seems to me that a View should really not require much 'context' of any kind to render output to string. Yes there are a few things that clearly are required like paths to the virtual and possibly the disk paths to the root of the app, but beyond that view rendering should not require much. But, no such luck. For now custom RazorHosting seems to be the only way to make Razor rendering go outside of the MVC context… Resources Full ViewRenderer.cs source code from Westwind.Web.Mvc library Hosting the Razor Engine for Non-Web Applications RazorEngine on GitHub© Rick Strahl, West Wind Technologies, 2005-2012Posted in ASP.NET   ASP.NET  MVC   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • The Challenge with HTML5 – In Pictures

    - by dwahlin
    I love working with Web technologies and am looking forward to the new functionality that HTML5 will ultimately bring to the table (some of which can be used today). Having been through the div versus layer battle back in the IE4 and Netscape 4 days I think we’re headed down that road again as a result of browsers implementing features differently. I’ve been spending a lot of time researching and playing around with HTML5 samples and features (mainly because we’re already seeing demand for training on HTML5) and there’s a lot of great stuff there that will truly revolutionize web applications as we know them. However, browsers just aren’t there yet and many people outside of the development world don’t really feel a need to upgrade their browser if it’s working reasonably well (Mom and Dad come to mind) so it’s going to be awhile. There’s a nice test site at http://www.HTML5Test.com that runs through different HTML5 features and scores how well they’re supported. They don’t test for everything and are very clear about that on the site: “The HTML5 test score is only an indication of how well your browser supports the upcoming HTML5 standard and related specifications. It does not try to test all of the new features offered by HTML5, nor does it try to test the functionality of each feature it does detect. Despite these shortcomings we hope that by quantifying the level of support users and web developers will get an idea of how hard the browser manufacturers work on improving their browsers and the web as a development platform. The score is calculated by testing for the many new features of HTML5. Each feature is worth one or more points. Apart from the main HTML5 specification and other specifications created the W3C HTML Working Group, this test also awards points for supporting related drafts and specifications. Some of these specifications were initially part of HTML5, but are now further developed by other W3C working groups. WebGL is also part of this test despite not being developed by the W3C, because it extends the HTML5 canvas element with a 3d context. The test also awards bonus points for supporting audio and video codecs and supporting SVG or MathML embedding in a plain HTML document. These test do not count towards the total score because HTML5 does not specify any required audio or video codec. Also SVG and MathML are not required by HTML5, the specification only specifies rules for how such content should be embedded inside a plain HTML file. Please be aware that the specifications that are being tested are still in development and could change before receiving an official status. In the future new tests will be added for the pieces of the specification that are currently still missing. The maximum number of points that can be scored is 300 at this moment, but this is a moving goalpost.” It looks like their tests haven’t been updated since June, but the numbers are pretty scary as a developer because it means I’m going to have to do a lot of browser sniffing before assuming a particular feature is available to use. Not that much different from what we do today as far as browser sniffing you say? I’d have to disagree since HTML5 takes it to a whole new level. In today’s world we have script libraries such as jQuery (my personal favorite), Prototype, script.aculo.us, YUI Library, MooTools, etc. that handle the heavy lifting for us. Until those libraries handle all of the key HTML5 features available it’s going to be a challenge. Certain features such as Canvas are supported fairly well across most of the major browsers while other features such as audio and video are hit or miss depending upon what codec you want to use. Run the tests yourself to see what passes and what fails for different browsers. You can also view the HTML5 Test Suite Conformance Results at http://test.w3.org/html/tests/reporting/report.htm (a work in progress). The table below lists the scores that the HTML5Test site returned for different browsers I have installed on my desktop PC and laptop. A specific list of tests run and features supported are given when you go to the site. Note that I went ahead and tested the IE9 beta and it didn’t do nearly as good as I expected it would, but it’s not officially out yet so I expect that number will change a lot. Am I opposed to HTML5 as a result of these tests? Of course not - I’m actually really excited about what it offers.  However, I’m trying to be realistic and feel it'll definitely add a new level of headache to the Web application development process having been through something like this many years ago. On the flipside, developers that are able to target a specific browser (typically Intranet apps) or master the cross-browser issues are going to release some pretty sweet applications. Check out http://html5gallery.com/ for a look at some of the more cutting-edge sites out there that use HTML5. Also check out the http://www.beautyoftheweb.com site that Microsoft put together to showcase IE9. Chrome 8 Safari 5 for Windows     Opera 10 Firefox 3.6     Internet Explorer 9 Beta (Note that it’s still beta) Internet Explorer 8

    Read the article

  • When returning from a period of not programming, do you find you've improved?

    - by Jon Purdy
    It seems as though whenever I take an extended break from programming—whether to pursue other interests or simply because I fall out of the habit for a while—I invariably find that when I return to a project and set to coding, I come with an abundance of new ideas, novel approaches, and just plain better code. It may be because I have a lot of other creative interests besides programming, and my mind likes to find correlation and crossover between them, so while I'm doing one thing, in the back of my mind I'm usually also applying it to another. So what's your experience? Do you ever return from a break (whether intentional or not) feeling not only refreshed, but also somehow noticeably improved? Is it actually the norm?

    Read the article

  • How can a code editor effectively hint at code nesting level - without using indentation?

    - by pgfearo
    I'm writing an XML text editor that provides 2 view options for the same XML text, one indented (virtually), the other left-justified. The motivation for the left-justified view is to help users 'see' the whitespace characters they're using for indentation of plain-text or XPath code without interference from indentation that is an automated side-effect of the XML context. I want to provide visual clues (in the non-editable part of the editor) for the left-justified mode that will help the user, but without getting too elaborate. I tried just using connecting lines, but that seemed too busy. The best I've come up with so far is shown in a mocked up screenshot of the editor below, but I'm seeking better/simpler alternatives (that don't require too much code). [Edit] Taking the heatmap idea (from: @jimp) I get something like this: or even these alternates:

    Read the article

  • FluentPath: a fluent wrapper around System.IO

    .NET is now more than eight years old, and some of its APIs got old with more grace than others. System.IO in particular has always been a little awkward. Its mostly static method calls (Path.*, Directory.*, etc.) and some stateful classes (DirectoryInfo, FileInfo). In these APIs, paths are plain strings. Since .NET v1, lots of good things happened to C#: lambda expressions, extension methods, optional parameters to name just a few. Outside of .NET, other interesting things happened as well. For...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • What command do I need to unzip/extract a .tar.gz file?

    - by EmmyS
    I received a huge .tar.gz file from a client that contains about 800 mb of image files (when uncompressed.) Our hosting company's ftp is seriously slow, so extracting all the files locally and sending them up via ftp isn't practical. I was able to ftp the .tar.gz file to our hosting site, but when I ssh into my directory and try using unzip, it gives me this error: [esthers@clients locations]$ unzip community_images.tar.gz Archive: community_images.tar.gz End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a multi-part archive. In the latter case the central directory and zipfile comment will be found on the last disk(s) of this archive. note: community_images.tar.gz may be a plain executable, not an archive unzip: cannot find zipfile directory in one of community_images.tar.gz or community_images.tar.gz.zip, and cannot find community_images.tar.gz.ZIP, period. What command do I need to use to extract all the files in a .tar.gz file?

    Read the article

  • "SASL authentication failed" with mutt and Gmail, why?

    - by hhh
    I am confused by this, I have installed a lot of new pkgs and followed some tutorials after googling but I keep getting this kind of SASL -err. I am not sure whether the mistake is in some Gmail settings or should I check some settings in Ubuntu? I thought this tutorial here would have solved this problem (i am simply trying to set up local mail reading with mutt, using gmail) but I cannot see the instructed things with telnet: "250-STARTTLS 250-AUTH PLAIN LOGIN" so that is why it is not working. $cat .muttrc set imap_user = "[email protected]" set imap_pass = "pass" #set smtp_url = "smtp://[email protected]:465/" set smtp_url = "smtp://[email protected]:587/" set smtp_pass = "pass" set from = "[email protected]" set realname = "name" set folder = "imaps://imap.gmail.com:993" set spoolfile = "+INBOX" set postponed="+[Gmail]/Drafts" set move = no

    Read the article

  • Generate HTML pages from some template

    - by Appu
    I have an open-source project for which I have to generate HTML pages to put on the web. I wanted to keep everything as simple HTML pages. The problem with this approach is if I need to change the design, I have to goto all the pages and change it. This will be tough as I have lot of pages. Is there some kind of HTML generators which can process simple annotated text files? This way, I can maintain the documentation and website contents as plain text files and run it through this program to generate static HTML pages. This also helps in keeping the design consistent. Any help would be great!

    Read the article

  • How to use Xvfb in Ubuntu 14.04 with/without RandR?

    - by Itchy
    I try to run Unit-Tests with Selenium running Firefox on my Ubuntu 14.04 Server. And I'm using Xvfb as described in this blog to simulate a virtual display to show Firefox in. But Xvfg somehow doesn't load/work with RandR. Because whenever I try this: sudo Xvfb :10 -ac & export DISPLAY=:10 firefox I get an Xlib: extension "RandR" missing on display ":10"-Error. I've also tried sudo Xvfb :10 -ac +extension RANDR, sudo Xvfb :10 -ac -extension RANDR and beacuse it supplies with "xrandr" also apt-get install x11-xserver-utils. And my setup is a plain empty Ubuntu 14.04 Server with apt-get install xvfb firefox. Can anyone please help me run Xvfb with or without RandR?

    Read the article

  • How to tweet automatically when you push a new package to nuget.org

    - by Daniel Cazzulino
    Wouldn’t it be nice if your followers could be notified whenever you publish a new version of a NuGet package? Currently, nuget.org offers no support for this, but with the following tricks, you can get it working without programming. The essential idea is to use the OData feed that nuget.org exposes to build an RSS feed with new items as you publish them, and have IFTTT do the tweeting from it. The tools we’ll use to get this working are: LinqPad: to examine the nuget.org OData feed at https://nuget.org/api/v2  Yahoo Pipes: to tweak the OData feed output so that it looks like a “plain” feed IFTTT: to consume the pipe output and auto-tweet on new items   Exploring NuGet OData Feed with LinqPad In order to build the query that will become your tweets’ source, we will add a new connection in LinqPad by clicking on the “Add Connection” link:...Read full article

    Read the article

  • Improve the Quality of ePub eBooks with Sigil

    - by Matthew Guay
    Would you like to correct errors in your ePub formatted eBooks, or even split them into chapters and create a Table of Contents?  Here’s how you can with the free program Sigil. eBooks are increasingly popular with the rise of eBook readers and reading apps on mobile devices.  We recently showed you how to convert a PDF eBook to ePub format, but as you may have noticed, sometimes the converted file had some glitches or odd formatting.  Additionally, many of the many free ePub books available online from sources like the Project Guttenberg do not include a table of contents.  Sigil is a free application for Windows, OS X, and Linux that lets you edit ePub files, so let’s look at how you can use it to improve your eBooks. Note: Sigil took several moments to open files in our tests, and froze momentarily when we maximized the window.  Sigil is currently pre-release software in active development, so we would expect the bugs to be worked out in future versions.  As usual, only install if you’re comfortable testing pre-release software. Getting Started Download Sigil (link below), making sure to select the correct version for your computer.  Run the installer, and select your preferred setup language when prompted. After a moment the installer will appear; setup as normal. Launch Sigil when it’s finished installing.  It opens with a default blank ePub file, so you could actually start writing an eBook from scratch right here. Edit Your ePub eBooks Now you’re ready to edit your ePub books.  Click Open and browse to the file you want to edit. Now you can double-click any of the HTML or XHTML files on the left sidebar and edit them just like you would in Word. Or you can choose to view it in Code View and edit the actual HTML directly. The sidebar also gives you access to the other parts of the ePub file, such as Images and CSS styles. If your ePub file has a Table of Contents, you can edit it with Sigil as well.  Click Tools in the menu bar, and then select TOC Editor.  Strangely there is no way to create a new table of contents, but you can remove entries from existing one.   Convert TXT Files to ePub Many free eBooks online, especially older, out of copyright titles, are available in plain text format.  One problem with these files is that they usually use hard returns at the end of lines, so they don’t reflow to fill your screen efficiently. Sigil can easily convert these files to the more useful ePub format.  Open the text file in Sigil, and it will automatically reflow the text and convert it ePub.  As you can see in the screenshot below, the text in the eBook does not have hard line-breaks at the end of each line, and will be much more readable on mobile devices. Note that Sigil may take several moments opening the book, and may even become unresponsive while analyzing it.   Now you can edit your eBook, split it into chapters, or just save it as is.  Either way, make sure to select Save as to save your book as ePub format. Conclusion As mentioned before, Sigil seems to run slow at times, especially when editing large eBooks.  But it’s still a nice solution to edit and extend your ePub eBooks, and even convert plain text eBooks to the nicer ePub format.  Now you can make your eBooks work just like you want, and read them on your favorite device! If you feel comfortable editing HTML files, check out our article on how to edit ePub eBooks with your favorite HTML editor. Link Download Sigil from Google Code Download free ePub eBooks from Project Guttenberg Similar Articles Productive Geek Tips Edit ePub eBooks with Your Favorite HTML EditorConvert a PDF eBook to ePub Format for Your iPad, iPhone, or eReaderRead Mobi eBooks on Kindle for PCFriday Fun: Watch HD Video Content with MeevidPreview and Purchase Ebooks with Kindle for PC TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips HippoRemote Pro 2.2 Xobni Plus for Outlook All My Movies 5.9 CloudBerry Online Backup 1.5 for Windows Home Server Get Your Team’s World Cup Schedule In Google Calendar Backup Drivers With Driver Magician TubeSort: YouTube Playlist Organizer XPS file format & XPS Viewer Explained Microsoft Office Web Apps Guide Know if Someone Accessed Your Facebook Account

    Read the article

  • What does (Lua) game scripting mean?

    - by Gerenuk
    I've read that Lua is often used for embedded scripting and in particular game for scripting. I find it hard to picture how it is used exactly. Can you describe why and for which features and for which audience it is used? This questions isn't specifically addressing Lua, but rather any embedded scripting that serves a purpose similar to Lua scripting. Is it used for end-users to make custom adjustments? Is it used for game developers to speed up creation of game logic (levels, AI, ...)? Is it used to script game framework code since scripting can be faster? Basically I'm wondering how deep between plain configuration and framework logic such scripting usage goes. And how much scripting is done. A few configuration lines or a considerable amount?

    Read the article

  • How to enable compression in WAMP installed on Windows Server?

    - by Mehdi Jalal
    How to enable compression in WAMP running on Windows Server 2008? I searched the net and I followed these steps given here: http://www.zigpress.com/2009/04/09/enabling-gzip-on-wamp/. But after restarting my WAMP the icon got yellow not green. Than followed this post: http://forum.wampserver.com/read.php?2,93406. Again the same problem my WAMP icon after restarting gets yellow. This is the code I put in Apache httpd.conf: <ifmodule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript </ifmodule>

    Read the article

  • Properly Label Your Dangerous Projects

    - by Jason Fitzpatrick
    In the pursuit of science, fun, and laser-fueled hijinks, we often undertake projects that really should be labeled more properly. Download this effective label to visually warn “No really, you’ll burn the house down”. Courtesy of Flattr at Thingiverse, you can grab a copy of the “Warning: Will Burn Your House Down” graphic in high resolution image formats suitable for silk screening, laser engraving, or plain old fashioned sign printing. Warning: Will Burn Your House Down [Thingiverse via Make] How To Encrypt Your Cloud-Based Drive with BoxcryptorHTG Explains: Photography with Film-Based CamerasHow to Clean Your Dirty Smartphone (Without Breaking Something)

    Read the article

  • Configure PHP and Apache in Windows 7

    - by manxing
    I installed apache server successfully in Window 7, 32bit system. It showed "It works" in the webpage. I also configured <?php phpinfo(); ?>file as info.php. But when I tried to open http://localhost/info.php in the browser, all I can get is exactly: <?php phpinfo(); ?>in plain text. I restarted Apache server everytime I made changes. Anyone can help with this? Many tnanks in advance!

    Read the article

  • Rendering CV template with XeLaTex

    - by jacob
    Installed kubuntu on thursday Installed LaTeX on my kubuntu machine, using full Compiled an old document and it worked fine Downloaded a CV template from http://www.latextemplates.com/template/two-column-one-page-cv Compiled it, got error Fatal fontspec error: "cannot-use-pdftex" The fontspec package requires either XeTeX or LuaTeX to function. You must change your typesetting engine to, e.g., "xelatex" or "lualatex" instead of plain "latex" or "pdflatex". See the fontspec documentation for further information. For immediate help type H . Installed XeLaTex using this guide http://ledgersmb.org/faq/xelatex i.e. 7 Installed texlive-xetex that includes xelatex apt-get install texlive-xetex apt-get install liblatex-{driver,encode,table}-perl apt-get install libtemplate-plugin-latex-per 8) Compiled CV template again, did not work. Related: No Xelatex in texlive 2012 Excuse me if my question is not clear enough, I'm new to linux.

    Read the article

  • How to use TCP/IP Nagle algorithm at Apple Push Notification

    - by Mahbubur R Aaman
    From Apple's Developer Library The binary interface employs a plain TCP socket for binary content that is streaming in nature. For optimum performance, you should batch multiple notifications in a single transmission over the interface, either explicitly or using a TCP/IP Nagle algorithm. How to use TCP/IP Nagle algorithm in case Apple's Push Notification? How to batch multiple notification in a single transmission over the interface? Additional # In Apple's Push Notification Urban Airship is a familiar name to send large amount of push notification within several minutes. Does they use TCP/IP Nagle algorithm?

    Read the article

  • DIY Glowing Easter Eggs Ripe for After Hours Easter Egg Hunt

    - by Jason Fitzpatrick
    This DIY project mixes up LEDS, plastic Easter Eggs, and candy, for delicious and glow-in-the-dark fun. How do you get from a plain plastic egg to a glowing one? All you need to do is craft some simple LED “throwies” and tuck them inside the eggs. Check out the video above to see the entire process from start to finish. [via Make] How to Own Your Own Website (Even If You Can’t Build One) Pt 3 How to Sync Your Media Across Your Entire House with XBMC How to Own Your Own Website (Even If You Can’t Build One) Pt 2

    Read the article

  • What is the best Programming Language for Kiosk Application? [closed]

    - by Jen Lin
    I need your suggestions guys regarding the project I'm planning to create. I want to create a kiosk software/application that is capable to access database in a server. (So, there's a networking here..)Because the information that will be displayed in a Kiosk screen will be coming from a database in other computer. So my problem here is, I don't know which programming language is the best for this kind of application. I'm thinking about using Visual Basic 6.0 since my group is comfortable using this programming language, but I also want to consider the design. I don't like a plain button. Hope to hear from you guys, thanks much :)

    Read the article

  • Why do browsers leak memory?

    - by Dane Balia
    A colleague and I were speaking about browsers (using a browser control object in a project), and it appears as plain as day that all browsers (Firefox, Chrome, IE, Opera) display the same characteristic or side-effect from their usage and that being 'Leaking Memory'. Can someone explain why that is the case? Surely as with any form of code, there should be proper garbage collection? PS. I've read about some defensive patterns on why this can happen from a developer's perspective. I am aware of an article Crockford wrote on IE; but why is the problem symptomatic of every browser? Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >