impersonation Vs delegation

By default, impersonation is turned off, and you can access resources by using the ASP.NET Web application’s process identity. However, you can use impersonation to access local resources and perform operations by using the authenticated user’s identity or by using a specific Windows identity. You can enable impersonation programmatically or by applying appropriate configuration settings in the Web.config file.

Delegation allows you to use an impersonation token to access network resources. Your ability to use delegation depends on your selected authentication mechanism and appropriate account configuration. You should be careful when you use impersonation and delegation because of the additional security and scalability issues it can cause.

The most common situations where you might require impersonation and delegation are:

• Impersonating the original caller. You want to access Windows resources that are protected with ACLs configured for your application’s domain user accounts.
• Impersonating the original caller programmatically. You want to access resources predominantly by using the application’s process identity, but specific methods need to use the original caller’s identity.
• Impersonating a specific Windows identity. You need to use a specific identity or several Windows identities to access particular resources.
• Using delegation to access network resources by using an impersonated identity. You need to use an impersonated identity to access remote resources.

Referecnes:

http://www.guidanceshare.com/wiki/ASP.NET_2.0_Security_Guidelines_-_Impersonation/Delegation

http://msdn.microsoft.com/en-us/library/ms998351.aspx

http://wiki.asp.net/page.aspx/44/impersonation-and-delegation/

http://aspalliance.com/articleViewer.aspx?aId=650&pId=2

http://www.devx.com/codemag/article/16762/0/page/3

http://www.15seconds.com/issue/020312.htm

http://www.code-magazine.com/article.aspx?quickid=0307071&page=1

Softies share their favorite Bill Gates stories

‘Softies share their favorite Bill Gates stories

CSS Control Adapter Toolkit

A control adapter allows you to plug-into any ASP.NET server control and override, modify and/or tweak the rendering output logic of that control.

What is cool about control adapters is that they do not require a page developer to program against a new control, or modify the control programming model semantics (you still use the same control properties, methods, events and templates you did before). Indeed – a page developer can be entirely oblivious that a control adapter is being used (the control adapter model makes it very clean to register and encapsulate this support).

The CSS Control Adapter Toolkit includes a bunch of pre-built control adapter samples that show how you can use the control adapter architecture to emit 100% CSS based rendering output (no tables or inline styles – instead use external CSS stylesheets for everything).

References:

http://weblogs.asp.net/scottgu/archive/2006/05/02/444850.aspx
http://weblogs.asp.net/scottgu/archive/2005/12/21/433692.aspx
http://msdn.microsoft.com/en-us/library/ms228122.aspx
http://msdn.microsoft.com/en-us/library/67276kc5.aspx
http://www.asp.net/CssAdapters/
http://msdn.microsoft.com/en-us/magazine/cc163543.aspx

What is XAML , WPF ,XBAP

What is XAML?

(Extensible Application Markup Language; pronounced “zammel”)

XAML is a declarative XML-based language that defines objects and their properties in XML. XAML syntax focuses upon defining the UI (user interface) for the Windows Presentation Foundation (WPF) and is therefore separate from the application code behind it.

Although XAML is presently for use on the Windows platform, the WPF/E (Windows Presentation Foundation/Everywhere) initiative will eventually bring XAML to other platforms and devices.

XAML syntax describes objects, properties and their relationships to one another. Generic XAML syntax defines the relationship between objects and children. Properties can be set as attributes or by using ‘period notation’ to specify the object as a property of its parent.

For example:

Things You Should Know About XAML

Sometimes, XAML and WPF are used interchangeably … they do go hand-in-hand, but they are not the same. XAML is a type of XML-based markup. WPF is a graphics API.

XAML is different from SVG (Scalable Vector Graphics). According to the W3C’s definition of SVG, it is “a platform for two-dimensional graphics … (with) two parts: an XML-based file format and a programming API for graphical applications.” While XAML is an XML-based file format, it is not an API. XAML also supports things like 3D and controls, which SVG does not.

One great benefit of XAML is that it helps to separate design and development, which actually helps to improve collaboration and efficiency between designers and software developers. As the XAML markup for an application’s UI remains separate from the remainder of application logic, a designer’s exact layout can be saved in XAML and combined with the application without affecting the development process.

XAML documents are saved as .xaml files.

What is WPF?

(Windows Presentation Foundation; formerly Avalon)

WPF is the new presentation API (Application Programming Interface) in .NET Framework 3.0 (formerly WinFX).

Users can program directly against the API with .NET, instantiate (render) WPF objects by expressing them in XAML, or employ a mixture of XAML with .NET code behind.

The WPF API has a wide range of functionality, from Windows controls like buttons to 3D graphics, special effects and multimedia. WPF enables the creation of items that presently require different file formats – for example, the equivalent of PDF, HTML, WinForms and Flash can be developed with WPF.

For more details on WPF, check out msdn’s Windows Presentation Foundation section.

What is a XBAP?

(XAML Browser Application; formerly WBA or Web Browser Application)

A XBAP, or XAML Browser Application allows a WPF/XAML-based application to run in an Internet browser without installing on the user’s computer.

Microsoft Corporation states:

[a]pplications can be deployed from a server to a system with a single click. The application then runs in the browser without any interruptions beyond the time needed to download the application. However, unlike … HTML-based applications, XAML Browser Applications have access to the rich features of the Windows Presentation Foundation (formerly code-named “Avalon”) runtime.

References:
http://en.wikipedia.org/wiki/Extensible_Application_Markup_Language
http://en.wikipedia.org/wiki/Windows_Presentation_Foundation
http://msdn.microsoft.com/en-us/library/ms752059.aspx#xaml_files
http://www.xaml.net/
http://xamldev.com/
http://xamlshare.com/
http://forums.microsoft.com/MSDN/ShowForum.aspx?ForumID=119&SiteID=1
http://www.myxaml.com/

Obama says New Yorker insulted Muslim Americans

here it go :
http://news.yahoo.com/s/ap/20080716/ap_on_el_pr/obama_new_yorker

Barack Obama’s cartoon

Here it go

http://news.yahoo.com/s/ap/20080714/ap_on_el_pr/obama_new_yorker

What is Open social?

1. Purpose
OpenSocial is a set of APIs for building social applications across the web — for developers of social applications and for websites that want to add social features.

2. Framework Coverage
There are two ways to access the OpenSocial API: client-side using the JavaScript API and server-side using RESTful data APIs.
2.1 JavaScript API
The JavaScript API lives under the opensocial.* namespace and provides access to three primary areas of functionality:
• People — information about individual people and their relationships to each other
• Activities — ability to post and view updates on what people are doing
• Persistence — a simple key-value data store to allow server-free stateful applications
Here are some of the things you can do with the JavaScript API:
• Build applications without maintaining your own server
• Build applications that include a server-side component (for offline processing and/or access from other websites)
• Create brand-new applications
• Expose existing web applications in the context of existing social websites
• Add social features to existing Google Gadgets
• Write one application that can run in the context of many different social websites
The JavaScript API is designed to use standard web technologies:
• It’s packaged as a set of methods in the opensocial.* namespace.
• It allows you to use any standard JavaScript programming techniques and third-party libraries.
• It includes a full asynchronous callback system to support rich AJAX interactivity.
2.2 RESTful Data APIs
The RESTful Data APIs will provide complementary functionality to the JavaScript API, so you can access people, activities, and data from your server.
The RESTful data APIs are also designed to use standard web technologies:
• Server interactions are based on the RESTful AtomPub protocol.
• Authentication is handled by OAuth.

A social application is simply a application that runs on a container that supports the OpenSocial JavaScript API.
To write a social application, you need the following:
• Access to a container that supports the OpenSocial APIs, such as orkut.com.
• A basic working knowledge of how to build gadgets. See the Gadgets API Developer Guide.
The OpenSocial API focuses on people. It lets users share their activities with each other and access information about their friends. There are three primary areas of functionality in the OpenSocial API:
• People and relationships
• Persistence
• Activities
Many API calls are asynchronous as they may require a server request to retrieve or update information. Because of this, you need to pass in a callback function that will be executed once the data is returned from the server.

3. Underline Technology
 HTML
 JavaScript
 Google Gadgets framework [http://code.google.com/apis/gadgets/].

4. Facts Sheet
 Shindig is an open source implementation of the OpenSocial specification and gadgets specification by Apache Software Foundation.
[http://incubator.apache.org/shindig/]

5. Industry support
Partners committed to supporting the OpenSocial APIs included the social network companies Bebo, Engage.com, Friendster, hi5, Hyves, imeem, NetModular, mixi, MySpace, Ning, orkut, Plaxo, Six Apart; as well as business-oriented networking companies LinkedIn, Tianji, Salesforce.com, Viadeo, Oracle, and XING.

6. Limitations
 Security
 Limited functionality
 Inflexibility
 Limited support of containers like Oukut.com

7. Current status
OpenSocial is currently in alpha development. The initial version of the API that was made public was 0.5, followed by version 0.6 released on December 21, 2007. Version 0.7 was released on February 4, 2008.
Container OpenSocial API Status
Hi5 V0.7 White-listed apps available for users, and open sandbox access
iGoogle V0.7 Open sandbox access
MySpace V0.7 White-listed developer accounts
orkut.com V0.7 Upcoming pre-launch testing, and sandbox access

Shindig sample
V0.7 Best effort availability and bleeding-edge functionality, including Caja

Ning V0.5 Opt-in, per network, user availability
Plaxo Pulse V0.5 White-listed apps available for users

8. Conclusion
There are two levels of OpenSocial development:
 Implementing the container
 Developing applications for a specific container
First, task is real challenge and is time consuming development activity, however developing applications for specific container like orkut.com is not very difficult job. It requires skills HTML, JavaScript and Gadgets framework.

9. References
[General]:
http://code.google.com/apis/opensocial/
www.opensocialdirectory.org
[Blogs]:
www.opensocialblog.com
http://opensocialstuff.com
http://opensocialapis.blogspot.com

Pakistan Management

Pakistan Management

Nice article

difference between HttpModule and HttpHandler

HTTP handlers are the end point objects in ASP.NET pipeline and an HTTP Handler essentially processes the request and produces the response. For example an ASP.NET Page is an HTTP Handler.

HTTP Modules are objects which also participate the pipeline but they work before and after the HTTP Handler does its job, and produce additional services within the pipeline (for example associating session within a request before HTTP handler executes, and saving the session state after HTTP handler has done its job, is basically done by an HTTP module, SessionStateModule)

HTTP handlers

HTTP handlers are the .NET components that implement the System.Web.IHttpHandler interface. Any class that implements the IHttpHandler interface can act as a target for the incoming HTTP requests. HTTP handlers are somewhat similar to ISAPI extensions. One difference between HTTP handlers and ISAPI extensions is that HTTP handlers can be called directly by using their file name in the URL, similar to ISAPI extensions.

HTTP Modules

HTTP modules are .NET components that implement the System.Web.IHttpModule interface. These components plug themselves into the ASP.NET request processing pipeline by registering themselves for certain events. Whenever those events occur, ASP.NET invokes the interested HTTP modules so that the modules can play with the request.

————————————

 

Here, I want to go into details about those two nice and essential models.

HttpHandler – Every typical page (that derives from System.Web.UI.Page) implements the IHttpHandler interface. Writing an IHttpHandler is no different that writing typical page or control. It includes server application objects like: Session, Request and Response. An HttpHandler is created for each request to the server and its lifetime exists on the request ProcessRequest step. (It important to mention that this action happens before the page events are raised (like Page_Init, Page_Load etc…)

Another thing to know about HttpHandler behavior is the IsReusable property that defined in the interface. If this retured as true, the HttpHandler won’t be destroyed when a control exits ProcessRequest – it will be released to the pool for future requestor. This means that request specific data must be de-initialized at the end of the request, or re-initialized at the begining of a request.

Nice example of use is Url Rewriting. We used a handler in previous a web application development that handles multi-lingual states (supports English and Hebrew languages). We wrote an HttpHandler that in every request to the server, checks the browser url, and by a specific address symbols “guides” the page what language adn direction to display.

HttpModule - The HttpModule is the filter for all requests. It receives notification at various processing points during the lifespan of the request. We can map HttpModule to all application requets.

The main difference between HttpModule to HttpHandler is that HttpModule provides class intance for all application’s requests and HttpHandler provides single instance for each request. Also, HttpModule doesn’t store any data about any request because it handles all the application requests, opposite to HttpHandler that can store data about a specific request (IsReuseable property, remember…?)

An important adventage of HttpModule over HttpHandler is by the initializing and maintain an application state option, since there is alive class intance all along the application lifespan. For example, you can load a data structure (like XML string for example) in the Init method and use it safely accross the apllication lifespan.

—————————————————————-

References:

http://www.dotnetspider.com/forum/158666-What-difference-between-HttpModule-HttpHandler.aspx

http://www.15seconds.com/issue/020417.htm

http://www.devx.com/vb2themax/Article/19901

http://dotnetslackers.com/Regex/re-23733_IHTTPModule_vs_IHTTPHandler.aspx

http://support.microsoft.com/kb/307996