Mario Saccoia Blog

Vulnerability in ASP.NET Could Allow Information Disclosure in veste SharePoint 2010

In questi giorni è stato rilevato un problema di sicurezza in ASP.NET che come ben sapete è la base costitutiva della interfaccia utente Web di tutte le versioni SharePoint.

In attesa di una fix strutturale Microsoft ha rilasciato dei workaround per tamponare il problema documentandoli in questa nota tecnica Microsoft Security Advisory (2416728) - Vulnerability in ASP.NET Could Allow Information Disclosure.

Tuttavia in SharePoint 2010 la procedura è lievemente diversa ed occorre seguire questi passi

1. Browse to the SharePoint installation directory at %CommonProgramFiles%\Microsoft Shared\Web Server Extensions\14\template\layouts.
2. Create a new file called error2.aspx in this directory with the following content:

   <%@ Page Language="C#" AutoEventWireup="true" %>
   <%@ Import Namespace="System.Security.Cryptography" %>
   <%@ Import Namespace="System.Threading" %>
   <script runat="server">
      void Page_Load() {
         byte[] delay = new byte[1];
         RandomNumberGenerator prng = new RNGCryptoServiceProvider();
         prng.GetBytes(delay);
         Thread.Sleep((int)delay[0]);
           
         IDisposable disposable = prng as IDisposable;
         if (disposable != null) { disposable.Dispose(); }
       }
   </script>
   <html>
   <head runat="server">
       <title>Error</title>
   </head>
   <body>
       <div>
           An error occurred while processing your request.
       </div>
   </body>
   </html>

3. Navigate to %SystemDrive%\inetpub\wwwroot\wss\virtualdirectories.
4. For each subfolder in this directory, do the following:
   1. Edit web.config
   2. Find the customErrors node and change it to; 

      <customErrors mode="On" redirectMode="ResponseRewrite" 
      defaultRedirect="/_layouts/error2.aspx" /> 

   3. Save your changes
   4. Run iisreset /noforce

Altre informazioni a questi link:

Microsoft Security Advisory (2416728) - Vulnerability in ASP.NET Could Allow Information Disclosure

Security Advisory 2416728 Released – Microsoft Security Response Center Blog

Understanding the ASP.NET Vulnerability – Microsoft Security Research & Defense Blog

Important: ASP.NET Security Vulnerability – Scott Guthrie’s Blog

Frequently Asked Questions about the ASP.NET Security Vulnerability – Scott Guthrie’s Blog

Saluti

Mario Saccoia

Share this post :

Content CHM per professionisti IT su SharePoint Fonudation 2010 e SharePoint Server 2010

Dal download center di Microsoft, sono stati resi disponibili due CHM per professionisti IT su SharePoint Foundation 2010 e SharePoint Server 2010.
Ecco i links per il download:

 
- Microsoft SharePoint Foundation 2010 Technical Library in Compiled Help format
- Microsoft SharePoint Server 2010 Technical Library in Compiled Help format

Saluti

Mario Saccoia

Share this post :

TTS in Windows Phone 7

Windows Phone 7 presenta tre features per la gestione del supporto vocale:

• voice search
• voice activated
• start application by command

Potete trovare un pò di documentazione e qual news ai link di cui sotto:

video gallery

press pass

wp7 and excel

Saluti

Mario Saccoia

Share this post :

---

Creare una AppBar per Windows Phone con Blend

Creare visualmente una Application Bar, associargli Buttons e MenuItems con Expression Blend: (link)

Saluti

Mario Saccoia

Share this post :

Windows Intune

Ecco una novità dai servizi on cloud di Microsoft: Windows Intune

Una console web-based con cui manutenere client attraverso la nuvola.

E’ ancora tutto in beta… e per poter partecipare al programma di testing… bisogna mettere su un’infrastruttura con 5 client almeno

Saluti

Mario Saccoia

Share this post :

VSALM Library Updates 2010

Il blog MSDN segnala una serie di updates di agosto riguardanti Visual Studio Application Lifecycle Management.

Link utili:

• Planning and Tracking Projects
• Modeling the Application
• Testing the Application
• Using a Virtual Lab in Your Application Lifecycle
• Installing and Administering Team Foundation Server

Per maggiori dettagli e per effettuare il download cliccare qui.

Saluti

Mario Saccoia

Share this post :

Enterprise Library: nuova guida gratuita

Microsoft ha rilasciato una guida riguardante la sua Enterprise Library, che mostrerà come gli sviluppatori possono utilizzare i componenti EntLib.

La si può visionare su MSDN Library . Gli esempi di codice sono disponibili su CodePlex.

Saluti

Mario Saccoia

Share this post :

Windows Phone 7-related guide

Il team pattern & practices ha pubblicato una nuova Windows Phone 7-related guide. La guida dovrebbe fornire un aiuto nella creazione di applicazioni Windows 7.

Download su: http://wp7guide.codeplex.com/

Saluti

Mario Saccoia

Share this post :

Resources for Visual Studio Tools for SharePoint Developers

Direttamente dal blog in inglese:

Learning

• For learning about the Visual Studio 2010 tools for SharePoint Development, check out the new Help topics. The portal page for these is: SharePoint Development in Visual Studio.

• Visual Studio provides tools for developing SharePoint sites. To find out more about how SharePoint itself works, start at the portal page: SharePoint 2010.  For those who don’t know, there are two versions of SharePoint: SharePoint Foundation 2010 (formerly known as Windows SharePoint Services, or WSS) and SharePoint Server 2010 (formerly known as Microsoft Office SharePoint Server, or MOSS).

• To learn about extending the Visual Studio SharePoint tools, including how to create your own SharePoint project and project item templates, see Extending the SharePoint Tools in Visual Studio.

• For details about the Visual Studio SharePoint project system API, see Reference (SharePoint Tools Extensibility).

• Channel 9 features videos relating to SharePoint and SharePoint tools, including a great comprehensive (and free!) SharePoint 2010 Developer Training Course.

• Because SharePoint sites are built on ASP.NET and IIS, having a deeper understanding of those technologies is useful.

Blogs

• In addition to this blog (Visual Studio SharePoint Development Blog), there is a blog for SharePoint called the Microsoft SharePoint Team Blog that focuses on SharePoint development-related questions and issues.

• Although though the list is dated, many of the blogs in SharePoint Joel’s Top 100 SharePoint Blogs of Spring 2008 are still active and involved in SharePoint 2010 development.

Forums and Newsgroups

• The official forum for Visual Studio SharePoint is located at SharePoint Development with Visual Studio,

• The official forum for SharePoint 2010 is located at SharePoint 2010 Forum.

• The SharePoint Usenet groups are located at Microsoft.Public.SharePoint.

Other Resources

• The SharePoint 2010 Developer Resource Centers page has a centralized list of resources for common tasks such as upgrading, best practices, and security.

• For code samples relating to SharePoint and SharePoint tools, see the MSDN Code Gallery.

• Information about upgrading and migrating to SharePoint 2010 can be found at: Upgrade Resource Center | SharePoint 2010.

• For a large list of resources relating to earlier versions of SharePoint, see Heather Solomon’s SharePoint Resources page.

• To query the Microsoft Knowledge Base about SharePoint and Visual Studio issues, see MSDN Troubleshooting and Support.

Saluti

Mario Saccoia

Share this post :