Gilad Lavian's Blog

In Development

May 2008 - Posts

OWASP Israel 2008 Conference
owasp_logo

" The OWASP Israel 2008 conference will be help on September 14th at the Interdisciplinary Center Herzliya. This time we are raising the bar and will be holding a full day two tracks event. The tracks would be split according by level: a beginners track and an experts track. "

 

If you are a security expert or just interest in learning security issues, this is the place!

 

https://www.owasp.org/index.php/OWASP_Israel_2008_Conference

Posted: May 06 2008, 07:40 PM by Gilad Lavian | with 1 comment(s)
תגים:
Pinpoint Impersonate

In common web developing, I use impersonation to identify against some services, and some other applications like SQL server with my windows credentials.

 

The usual way is to add to the web.config this line: <identity impersonate="true"/>

This is best practice for most cases in web developing, but the problem here is, it will effect on all identification procedures we have in the application.

 

Pinpoint Impersonation

Suppose I don't want it to effect all my identification procedures, and I want to impersonate just for the specific procedure in my code and then undo the impersonation action, here is a nice way for pinpoint impersonation:

public static void Impersonate()
{
    IPrincipal principal = HttpContext.Current.User; 
    WindowsIdentity identity = (WindowsIdentity)principal.Identity; 
    identity.Impersonate(); 
    string userName = identity.Name;
}

public static void UndoImpersonate()
{
    IPrincipal principal = HttpContext.Current.User;
    WindowsIdentity identity = (WindowsIdentity)principal.Identity;
    identity.Impersonate().Undo();
    string userName = identity.Name;
}
Posted: May 05 2008, 07:26 PM by Gilad Lavian | with 3 comment(s)
תגים:,
Code Snippet RW (Response.Write)

Code Snippet For Response.Write

 

Ok, this code snippet must be the oldest trick in the book, but still I think it will help to developers how doesn't know about it.

 

1. Create a file name rw.snippet

2. Copy this XML code and save it.

3. From the tools menu in VS, select "Code Snippets manager".

4. Select import, and point it to the saved file.

5. To use the snippet write rw in the code editor.

6. Enjoy!

 

<?xml version="1.0" encoding="utf-8" ?>
<CodeSnippets  xmlns="http://schemas.microsoft.com/VisualStudio/2005/CodeSnippet">
    <CodeSnippet Format="1.0.0">
        <Header>
            <Title>rw</Title>
            <Shortcut>rw</Shortcut>
            <Description>Code snippet for Response.Write</Description>
            <Author>Gilad Lavian</Author>
            <SnippetTypes>
                <SnippetType>Expansion</SnippetType>
            </SnippetTypes>
        </Header>
        <Snippet>
            <Code Language="csharp"><![CDATA[Response.Write($end$);]]>
            </Code>
        </Snippet>
    </CodeSnippet>
</CodeSnippets>

Posted: May 04 2008, 07:20 PM by Gilad Lavian | with 2 comment(s)
תגים:, ,