Wednesday, April 16, 2014

Misc : Zooming the ZoomIt window

ZoomIt is a fantastic tool for presentations. You'll find it at:


But I've always battled to get it to display exactly where I want and tracking around the zoomed screen is a nightmare.

Then I figured out that before you hit "Ctrl / 1" to zoom, put the cursor at the middle of the section you want to zoom.

Then zoom.

You can make minor adjustments by moving the mouse, use the trackwheel to zoom in / out, click the left mouse button to "stabilise" and then you are in the "Ctrl / 2" window by default so "Ctrl / Shift" will draw an arrow etc.


ADFS : Getting certificate data from metadata

A number of times I've needed to get information about the certificate e.g. to update the WIF thumbprint in the web.config and I've battled to extract this out of the metadata.

For ADFS, you'll find it at:


For Azure Active Directory, you'll find it at:

  • Click on "Active Directory" in the menu on the LHS of the Azure Portal.
  • Click on your tenant name.
  • Click on the "Applications" tab at the top.
  • Click on "View Endpoints" at the bottom.
  • Then navigate to the "Federation Metadata Document" link.

Then I found an easy way to do this based on a post I read.

Open the metadata file in Notepad++ or whatever your particular flavour is and then search for the "X509Certificate" tag.

Copy all the information between that and the closing tag. It's base64 encoded so it will normally end with an "=" sign.

Copy / paste this into a new Notepad++ window. Remove all trailing spaces.

Save the file somewhere with a ".cer" suffix.

Then double-click on the file.

Viola - it opens up the certificate window and you can grab whatever you want.

The thumbprint is found under the "Details" tab - scroll down to the bottom.


Tuesday, April 01, 2014

Visual Studio : Unable to locate NuGet.exe

Actual message is:

Error - Unable to locate 'C:\.....\.nuget\NuGet.exe'   

You sometimes get this when building a project that you cloned from GitHub.

Under .nuget/nuget.Targets in your project, change:

<DownloadNuGetExe Condition=" '$(DownloadNuGetExe)' == '' ">false ...
<DownloadNuGetExe Condition=" '$(DownloadNuGetExe)' == '' ">true ...


Monday, March 24, 2014

Windows : Ctrl - Alt - Del on a VM

If you use Remote Desktop a lot and you get a message about your password needing to change, you can't use:

Ctrl - Alt - Del

because that will change the password on your actual PC - not the box you are RDC'ing to.

All the documentation states:

Ctrl - Alt - End

but sometimes that simply doesn't work.

In such cases, in the RDC window, try Start - Run - OSK.

This pops up the On Screen Keyboard.

Than hold down Ctrl and Alt on your actual keyboard and then click Delete on the OSK.

Job done!


Friday, March 07, 2014

ADFS : Non domain-joined proxy

All our proxies are domain-joined albeit in a different zone.

Recently, I was involved with a client whose proxy was non-domain joined i.e. a workgroup.

When installing the proxy, you need to enter the credentials of the ADFS service account.

Battled to get this to work and then I remembered that this was not domain-joined and consequently, you needed to enter the sAMAccountName in the form:

where the domain is the one that ADFS is installed in.

That did the trick.


Monday, March 03, 2014

OWIN : WS Federation support

Vittorio blogged on this:

Using Claims in your Web App is Easier with the new OWIN Security Components

There's a good reference to OWIN in the above.

WS-Federation in Microsoft OWIN Components–a quick start

But what the article doesn't show is how to display the claims.

Dominick blogged on this:

Test driving the WS-Federation Authentication Middleware for Katana

Horrible hack below - yeah I know! - I put it in the About page in the HomeController ...

public ActionResult About()
     ViewBag.Message = "Your application description page.";

     var ctx = Request.GetOwinContext();

     var user = ctx.Authentication.User;
     var response = ctx.Response;

     response.ContentType = "text/html";

     if (user.Identity.IsAuthenticated)
         ... code as above


Wednesday, February 26, 2014

WCF : The page you are requesting cannot be served because of the extension configuration

This is for WCF on Windows Server 2012.

Trying to access a svc URL and get:

"The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map."

The solution is:

Server Manager --> Add roles and features --> Features --> .NET Framework 4.5 Features --> WCF Services --> enable HTTP Activation.


Thursday, February 13, 2014

Visual Basic : A VB claims-enabled application

There was a question over at the MSDN forum that intrigued me so I thought I would take a crack at it.

The question was: "Looking at the ADFS sdk I found ClaimsAwareWebsite in C#. Is there an example in as well?".

Disclaimer - the last time I used VB was many, many moons ago.

Ok - so ADFS is the same, WIF is the same, the .NET Framework is the same so it shouldn't be that difficult - right?

I used VS 2012 with "Identity and Access Tool" added.

Take a look here: How To: Build Claims-Aware ASP.NET Application Using Forms-Based Authentication.

OK so we create a new project but select "Other languages / Visual Basic / Web. Then select "ASP.NET Web Forms Application". You could go MVC - I'm more at home with Forms (Yeah - I know :-) ).

OK, that gives us the base project. Now use the "Identity and Access Tool" to "bind" your application to ADFS or wherever. Many references of the web to do this - it's language agnostic. And remember to add your new application as a RP in ADFS.

When you run up your application, you should be prompted for the logon screen.


Now in Step 2 in the above link, add the html exactly as described to Default.aspx.

Remember F7 / Shift F7 swops between code and designer.

You can convert the C# code-behind in Step 2 to VB using e.g. Convert C# to VB.NET .

My page (for reference) was:


Imports System.Web.UI
Imports System.Security.Claims

Public Class _Default
    Inherits Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load

        Dim claimsPrincipal As ClaimsPrincipal = TryCast(Page.User, ClaimsPrincipal)

        If claimsPrincipal IsNot Nothing Then
            Me.ClaimsGridView.DataSource = claimsPrincipal.Claims
        End If

    End Sub
End Class


After you have been redirected to the home page after logging in, you should see a table that includes the Issuer, OriginalIssuer, Type, Value, and ValueType claims information about your account.


Friday, January 31, 2014

LINQPad : debugging with Visual Studio

I've been a fan of LINQPad for a while and I use it a lot for writing code snippets and testing them.

Note: If you pay for it, you get Intellisense as well.

Came across a situation where I had a bug and couldn't put my finger on it. Would be ideal to debug / step-through it but you can't ...

Well, actually you can - learn something new every day.

Add these lines to your snippet:


So obviously LINQPad is running
Start up Visual Studio - the normal Start screen is fine
Debug - Attach to Process
Select LINQPad.exe from the list and Attach
Run your snippet

BINGO - jumps into VS - debug away.

How have I not known about this?


Wednesday, January 29, 2014

AD : PrincipalOperationException A device attached to the system is not functioning

Best error message ever.

Got this on a web site - WTF - what device?

Card reader, CD drive ... not on a web site, mate!

Turns out this is during a create on a user or a group in AD where the name is greater than the allowed field length.

So for Create User - the SAMAccountName can't be greater than 20 characters,

There's probably a similar restriction for  group since I got the same error.

Good interview question :-)


Friday, January 17, 2014

Misc : How much is my blog worth?

Came across this site:

Worth of Web Calculator

According to this, my blog is worth the princely sum of $69.00 !

Any offers :-)


ADFS : Multi-valued attributes from AD

There are two kinds of attributes in AD viz. single valued and multi-valued. The latter obviously can have more than one value.

You can see the difference when you try and edit them. Single-valued has a single textbook while multi-valued has a textbox to enter a new value and a multi-line textbox to show all the current values.

If you look at a multi-valued attribute in AD using ADUC, you'll see it displayed as:


Note: This is different to a single value attribute that contains the string:

value1 value2 value3

That's a string of ONE value which is"value1 value2 value3".

How do you find them.

Use ldp, click on the Base DN of "CN=Schema ..." and then run:


I couldn't find any under the "objectClass=user" category but there are some if you have added the AD extension attributes to the schema i.e. the ones that start with "msExch ...".

All of which is a segue into how ADFS handles this. It produces a new claim (of the same type) for each value.

So if you took the above and mapped them to a claim of type Values, you'll get:

.../claim/Value =  value3
.../claim/Value =  value2
.../claim/Value =  value1

Interestingly, it seems to display the values in reverse order but I wouldn't make any assumptions about the order the claims are presented.