Nationwide, the world’s largest building society realised the benefits of Faster Payments with the help of Microsoft Services and interestingly enough a team of BizTalk experts from Solidsoft.
For a number of years Solidsoft has provided senior software consultants expert in Microsoft BizTalk server and many other Microsoft products support of Microsoft Service led developments. The Nationwide project has proved no different with Solidsoft providing a team of 6 to support the successful development of the Faster Payments system.
The case study can be viewed here: http://www.onwindows.com/Articles/Nationwide-runs-highperforming-FPS/5236/Default.aspx
Extensions are a great way for you to add new features to Safari 5.0.1. Built by developers, Safari Extensions use the latest HTML5, CSS3, and JavaScript web technologies. And they’re digitally signed and sandboxed for improved security. You can install extensions with one click — no need to restart Safari.
http://extensions.apple.com/#productivity
Sir David Varney headed a review into Transformational Government in 2006 . Among its recommendations was one particular one that had been driven by the amount of contact points a citizen had to make with government for a Change of Life event such as birth and death.
It gave one example of where a citizen had to make 44 separate contacts to government departments following the premature death of her husband. At this emotional time, this kind of experience adds an unnecessary burden on the customer which is rightly seen as unacceptable. The report's recommendations included developing a change of circumstances service starting with bereavement, birth and change of address by 2010, so that citizens didn't have to notify multiple public services. The Tell Us Once programme was setup shortly afterwards to investigate how to progress this recommendation.
‘Tell us Once’ is a major programme, being led by DWP on behalf Government as a whole, to transform the way in which people can tell Government (central and local) about changes to their circumstances. At its heart –as it says on the tin –is the proposition that people should only have to tell us things –like a birth or death –once and we will make sure that information reaches all the Government Departments and Agencies that need to know. That sounds an utterly obvious thing to do –and it is –but making it a reality is very challenging.”
Sir Leigh Lewis, Permanent Secretary Department for Work and Pensions
Solidsoft have been involved with this project almost since the start so much so the work delivered in support of the Tell Us Once pilot has been recognised by Microsoft. On the 23rd June it was announced Solidsoft had been selected as a finalist for the Microsoft Partner Awards in the Custom Development Solutions, Application Infrastructure Development Partner of the Year award category.
“It’s a pleasure and a privilege to receive this nomination, particularly in such a highly competitive field. The Solidsoft Tell Us Once Team has created a great Pathfinder Application for the United Kingdom, which both saves the taxpayer money and makes it easier for citizens to interact with their Government. Not only is the application a success in the eyes of Microsoft, the customer feedback on their experience has been outstanding. We look forward to continuing to deliver innovative solutions on the Microsoft Application Platform to both public and private sector customers.”
Solidsoft – www.solidsoft.com
Moving forward the Solidsoft Tell Us Once development team is delivering the full national solution to meet the Varney desire of having Tell Us Once in place for 2010.
This blog will track the progress of a Government IT project that delivers tangible results for the citizen.
An interesting ‘rant’ by my fellow Solidsoft buddy Russell Smith:
Thought you chaps would be interested in this after hearing my rantings yesterday about the WCF-SQL adapter and notification issues.
I got to the bottom of the issue, it wasn’t the adapter in the end it was the database and not the adapter at all. This was a database supplied by PICT that was restored onto my image. Apparently in order for the notification mechanism to work there are some strict requirements on the database SET options and in the select queries that can be used. I finally found a decent article at: http://msdn.microsoft.com/en-us/library/ms181122.aspx
A quick summary is that the DB must have the following options set:
- ANSI_NULLS ON
- ANSI_PADDING ON
- ANSI_WARNINGS ON
- CONCAT_NULL_YIELDS_NULL ON
- QUOTED_IDENTIFIER ON
- NUMERIC_ROUNDABORT OFF
- ARITHABORT ON
And the select statement must conform to:
- The projected columns in the SELECT statement must be explicitly stated, and table names must be qualified with two-part names. Notice that this means that all tables referenced in the statement must be in the same database.
- The statement may not use the asterisk (*) or table_name.* syntax to specify columns.
- The statement may not use unnamed columns or duplicate column names.
- The statement must reference a base table.
- The statement must not reference tables with computed columns.
- The projected columns in the SELECT statement may not contain aggregate expressions unless the statement uses a GROUP BY expression. When a GROUP BY expression is provided, the select list may contain the aggregate functions COUNT_BIG() or SUM(). However, SUM() may not be specified for a nullable column. The statement may not specify HAVING, CUBE, or ROLLUP.
- A projected column in the SELECT statement that is used as a simple expression must not appear more than once.
- The statement must not include PIVOT or UNPIVOT operators.
- The statement must not include the UNION, INTERSECT, or EXCEPT operators.
- The statement must not reference a view.
- The statement must not contain any of the following: DISTINCT, COMPUTE or COMPUTE BY, or INTO.
- The statement must not reference server global variables (@@variable_name).
- The statement must not reference derived tables, temporary tables, or table variables.
- The statement must not reference tables or views from other databases or servers.
- The statement must not contain subqueries, outer joins, or self-joins.
- The statement must not reference the large object types: text, ntext, and image.
- The statement must not use the CONTAINS or FREETEXT full-text predicates.
- The statement must not use rowset functions, including OPENROWSET and OPENQUERY.
- The statement must not use any of the following aggregate functions: AVG, COUNT(*), MAX, MIN, STDEV, STDEVP, VAR, or VARP.
- The statement must not use any nondeterministic functions, including ranking and windowing functions.
- The statement must not contain user-defined aggregates.
- The statement must not reference system tables or views, including catalog views and dynamic management views.
- The statement must not include FOR BROWSE information.
- The statement must not reference a queue.
- The statement must not contain conditional statements that cannot change and cannot return results (for example, WHERE 1=0).
- The statement can not specify READPAST locking hint.
- The statement must not reference any Service Broker QUEUE.
- The statement must not reference synonyms.
- The statement must not have comparison or expression based on double/real data types.
- The statement must not use the TOP expression.
I think however the main reason this is likely to be a no go in a production environment is the following permissions and alter statements also have to be run:
ALTER DATABASE [Biztalk_saafmdb] SET NEW_BROKER with rollback immediate
ALTER DATABASE [Biztalk_saafmdb] SET ENABLE_BROKER
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password1#'
select is_broker_enabled from sys.databases where name = 'Biztalk_saafmdb'
use Biztalk_saafmdb
GRANT CREATE PROCEDURE TO [BTS2009-RUSSELL\BizTalk Application Users]
GRANT CREATE QUEUE TO [BTS2009-RUSSELL\BizTalk Application Users]
GRANT CREATE SERVICE TO [BTS2009-RUSSELL\BizTalk Application Users]
GRANT SUBSCRIBE QUERY NOTIFICATIONS TO [BTS2009-RUSSELL\BizTalk Application Users]
GRANT SELECT ON OBJECT::Biztalk_saafmdb.dbo.bts_MembersRetired TO [BTS2009-RUSSELL\BizTalk Application Users]
GRANT RECEIVE ON QueryNotificationErrorsQueue TO [BTS2009-RUSSELL\BizTalk Application Users]
And yes these permissions do need to be maintained at run time, there is a generated stored procedure that gets created on various events, not got to the bottom of this completely but it appears to be when the receive location is started and stopped.
If when developing BizTalk 2009 solutions (Orchestrations) and have split the schemas out into alternative assemblies (projects) – sometimes you’ll get odd not found issues with some (if not all) of the types in those referenced assemblies.
Solution is this hot fix -
http://support.microsoft.com/kb/977428/en-us
Sourced from: CWE
This is a brief listing of the Top 25 items, using the general ranking.
NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile.
[1] CWE-79
Failure to Preserve Web Page Structure ('Cross-site Scripting')
[2] CWE-89
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
[3] CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
[4] CWE-352
Cross-Site Request Forgery (CSRF)
[5] CWE-285
Improper Access Control (Authorization)
CWE-807
Reliance on Untrusted Inputs in a Security Decision
[7] CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-434
Unrestricted Upload of File with Dangerous Type
[9] CWE-78
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
[10] CWE-311
Missing Encryption of Sensitive Data
[11] CWE-798
Use of Hard-coded Credentials
[12] CWE-805
Buffer Access with Incorrect Length Value
[13] CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
[14] CWE-129
Improper Validation of Array Index
[15] CWE-754
Improper Check for Unusual or Exceptional Conditions
[16] CWE-209
Information Exposure Through an Error Message
[17] CWE-190
Integer Overflow or Wraparound
[18] CWE-131
Incorrect Calculation of Buffer Size
[19] CWE-306
Missing Authentication for Critical Function
[20] CWE-494
Download of Code Without Integrity Check
[21] CWE-732
Incorrect Permission Assignment for Critical Resource
[22] CWE-770
Allocation of Resources Without Limits or Throttling
[23] CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
[24] CWE-327
Use of a Broken or Risky Cryptographic Algorithm
[25] CWE-362
Race Condition
Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.
To find the hidden wallpaper:
- Type globalization in a search of your C: drive.
- The only result should be a folder located in the main Windows directory, and you should only be able to see ELS and Sorting folders nested here.
- Now search for MCT in the top-right search bar.
- This will display five new unindexed folders, each corresponding to a different global region. Browse these folders for some extra themes and wallpapers specific to Australia, USA, South Africa, and Canada.
From here you can select a new wallpaper.
BizTalk Best Practice Analyser is released and available for download.
Download: BizTalkBPA V1.2
As always another very handy tool is the Message Box Viewer (Currently V10) which provides some very detailed information as well.
Download: Message Box Viewer (MBV)
Enjoy your day,
Mick.
Read the complete post at http://blogs.breezetraining.com.au/mickb/2010/03/31/BizTalkBestPracticeAnalyzerV12BTS0606R209.aspx
Today took the plunge and installed visual studio 2010 RC.
Working through the various samples and ‘walk thro’s’
All looking rather good.
Thought it might be fun to try the new Live Writer plug-in Polaroid Picture find at http://bit.ly/1mrYyW
Sorry, not cracked the problems listed at the end of my last 64 bit dev blog. But added a new one.
My BizTalk project required the reading of data from an Excel spreadsheet – don’t ask….
Now previously I have used: the Microsoft.ACE.OLEDB.12.0 provider. This allows you to treat the spread sheet as any normal data source. See sample below
1: string strConn = "Provider=Microsoft.ACE.OLEDB.12.0;" + "Data Source=E:\\DEMO\\FileLocs\\Excel\\Data.xls;" + "Extended Properties=Excel 12.0;";
2: DataSet ds = new DataSet();
3: //You must use the $ after the object
4: //you reference in the spreadsheet
5: OleDbDataAdapter da = new OleDbDataAdapter("SELECT * FROM [Sheet1$]", strConn);
Of course this time I get an error telling me that :
The problem, of course, is that the provider comes from Access install and as Office is 32 bit the driver just isn’t being recognised.
So to get this to work the solution is to target the project to run on x86 cpu’s.
To do this means changing the properties of the project:
So change from Any CPU to x86 and all is sweetness and light!
Not really 64 bit deving though…..
Now shall I install Office 2010 tech preview 64 bit and try again…mmmm..maybe…
Over the last few months I have made the move to 64 bit – Windows 7 RTM on my laptop and Windows 2008 standard server with hyper-v on my dev box.
I’m also running 64 bit Office 2010 and a number of other 64 bit goodies. But it is in the area of development I’m really having ‘fun’.
So first off it was time to setup a 64 bit dev image:
- Windows Server 2008 R2 Std (64 bit)
- SQL Server 2008 (64 bit)
- Visual Studio 2008 (32 bit only)
- BizTalk 2009 Developer Edition (64 bit)
- Windows SharePoint Server 3.0 (64 bit)
- Office 2007 (32 bit only)
So the ‘fun’ is that not is all as it seems!!! Initial problems occurred during following the BizTalk install. In fact during the BizTalk configuration and in particularly configuring the BizTalk BAM Portal.
The process completed with a number of failures: of most interest here was the BAM Portal.
What I discovered is provided the understanding of my issues:
- The configuration wizard is a 32-bit process; therefore it requires certain components which allow it to communicate with 64-bit SQL Server.
- Business Activity Monitoring (BAM) portal components must run in IIS using 32-bit ASP.NET 3.5. BAM Portal will run on 64-bit hardware in WOW mode.
Now the first challenge was what the hell is WOW mode. Turns out it is WOW64 and this stands for Windows(32) on Windows64 (note it should be W32OW64 but not quite as catchy).
So for BAM we must be running Internet Information Services (IIS) 6 in a 64-bit environment and therefore set IIS to 32-bit mode to run the BAM portal.
This means when we installed IIS we also needed to install the IIS6 Compatibility pack.
To check:
- Run Server Manager
- Select Roles
- Select Web Server (IIS)
- Scroll right panel until the configuration display is shown (see diagram below)
- Check for IIS 6 Management Compatibility and see if it says it is installed.
- If not installed, click Add Role Services on right of screen. Select the IIS 6 Management Compatibility and install.
Having completed that bit we now need to get it into WOW64 mode!!
To set a 64-bit mode IIS installation to 32-bit mode:
-
Open a command prompt and run the adsutil command. To do this, click Start, click Run, and then type cmd.
-
Type the following at the command prompt: cscript c:\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1.
-
Close the command prompt.
After all that you’ll find that the BAM portal will now configure. This of course has left me with a new problem typified by the following screen:
![[biztalkconfig.jpg]](http://4.bp.blogspot.com/_TRDeiMVJzrs/SecI4GTOkxI/AAAAAAAAAAw/j6X7afxKDTU/s1600/biztalkconfig.jpg)
It seems that the EDI/AS2 install also has various 32 bit dependencies but more of that another day!!
The other thing misconception that this 64 bit exercise has now dispelled is that the BAM Portal does not use WSS 3.0 (Windows SharePoint Services 3.0) as I had thought before!! It is just a pure ASP.net portal.
Other issues I now have are centred around WSS 3.0 64 bit – haven’t managed to get it to run yet, and of course the BizTalk SharePoint Adapter.
Finally some more factoids around this 64 bit adventure:
Adapter support figure
By default, all adapters can run in 32-bit mode on 32-bit Windows and on WOW64 on 64-bit Windows. The following adapters can run in native 64-bit mode (in either IIS or BTSNTSVC as the host process):
- HTTP
- SOAP
- File
- SMTP
- MSMQ
- MQSeries
- WCF
For lots more factoids go to :
BizTalk Server 64-Bit Support
Before we had Azure and the various bits and pieces that became Azure at PDC 2008 Microsoft had a number of disparate groups working on various ‘cloudy’ projects. these included BizTalk Services, Red dog, Mesh and the Live framework to name a few. Then at PDC 2008 with the wave of a marketing teams wand they all be became Azure or Azure Services or Azure platform or …well anyway the over-arching message was that they were all part of Azure!! Furthermore we were presented with the vision below…
Now I had been in on the game some months earlier as I was attending various ‘Azure’ design reviews. Even then I felt this didn’t sit well. In particular ‘Live services’ seemed to be cobbled onto what, in the main, is a great cloud vision. Live services and the Live framework are from the ‘fun’ side of Microsoft where X-Box and hotmail and consumer driven software lives so this seemed so out of place with the ‘serious’ business and enterprise focus of the Azure Platform.
So it has come as no surprise that Microsoft is announcing they will shutting down the Live Framework Community Technology Preview (CTP). The Live Framework is moving to reside under Windows Live and although it was running under the Azure umbrella moving to Windows Live does not mean that it won’t be available to the Azure Platform, according to information in an email from Angus Logan, Senior Technical Product Manager for the Windows Live Platform:
We launched a CTP of the Windows Azure platform at PDC in October 2008 to collect feedback and input from the community. One of the strongest and most consistent pieces of feedback we’ve received from the community has been around the scope of the Windows Azure platform. Customers and Partners have indicated that they would like clarity around the composition of the platform, and that it should offer operating system, database and connectivity capabilities. We’re acting on this feedback: At this time, the Windows Azure platform comprises Windows Azure, SQL Azure and .NET Services.
Live Services are an integral part of Microsoft’s Software + Services story. While Live Services are not a part of the Windows Azure platform, developers can continue to use Live Services in building rich and compelling solutions on the Windows Azure platform. The same also holds true for SharePoint Services and CRM Services. Customers and partners will continue to have the opportunity to utilize these services, plus the Windows Azure Platform, to meet their business objectives.
So get ready for PDC 2009 in November, Microsoft will begin to talk about how the Live Framework and how it will be integrated into the next release of Windows Live.
It has taken its time but I think we are there now! A clear Azure message – for now!!
IDG News Service —
Microsoft on Tuesday released technology previews of SQL Azure, the database for its Azure cloud infrastructure platform, and SQL Server
StreamInsight, its entry in the CEP (complex event processing) arena.
Microsoft issues SQL Azure, CEP platform previews | ITworld
As previously mentioned I have lived with Beta and RC before arriving at Release. Downside has been the re-builds. The upside and this is Goodie #2 is the ability to use VHD’s mounted as ‘real’ hard drives has been a saviour!
I have setup a number of Virtual drives and when I boot in I re-mount them. I have a Data drive (docs and outlook achieve), Software Installs drive (my downloads drive really), Code drive and finally and iTunes drive.
Once a week I copy off each VHD to my NAS at home.
So when re-building my machine I simply copied them off. Re-built, installed the basics, re-copied them back and re-mounted.
As the say where I’m from: job’s a goodun!