Stuart McLean's tech: 2009

Sunday 22 November 2009

XPath Checker should have been blogged

Some of my colleagues are working “offsite” at the moment which gives us an excuse to have a working lunch in town. We have found a particularly good burger joint.

Having finished our lunch, the discussion turned to parsing html files to get betting odds – as it does. My colleague mentioned he had spent a few hours working out some complex XPath expressions.

Whilst creating Selenium test suites one of our testers came across XPath Checker for Firefox. This tool will adds an option on the context (right mouse button) menu of Firefox to display the XPath of the element.

Why isn’t that on your blog – he asked. Would have saved me hours!

Tuesday 28 July 2009

Report viewer over Https

This morning we had a long time customer ring to say they could not export reports to excel. We are using the .net report viewer. We tested the report ourselves and found no issues.

The customer was getting “cannot download reportviewer.axd from …”

A quick google found this - http://forums.asp.net/p/1415187/3316287.aspx#3316287

I’ll repeat the instructions here – which worked a treat:

1. In Internet Explorer, select "Internet Options..." from the "Tools" menu.
2. Click on the "Advanced" tab.
3. Scroll down to the "Security" section.
4. Un-tick the "Do not save encrypted pages to disk" check box.
5. Click the "OK" button.

I simply read these over the phone and the problem went away.

One to watch out for.

She had recently received a new computer.

Tuesday 14 July 2009

Where Microsoft succeed.

I always try and remain technology neutral. When asked what technologies I would use I always say there are 2 choices:

a J2EE with Linux or major vendor Unix on SQL Server, DB2 or Oracle.
.Net stack on windows with SQL Server

and which to use depends largely on what skills you have.

OK – I know that there are many technologies around that in individual cases are probably a lot more suitable to address a particular problem – but I am involved in Enterprise development which means the technologies used need to be

Well supported both today and in the future
Have a large pool of developers available
Are highly saleable

Recently I lend a hand to a team developing some reports using a product called JasperReports. I found the product itself to be great and in many ways more feature rich than Reporting Services that I normally use.

But then I started to look for help. It’s not that the help wasn’t there – it was – I just had to look much harder than on a Microsoft product. And it just isn’t so easy to use.

And that is where Microsoft do well. Often there products are not technically as good or they lag behind their competitors – but the tools and the documentation are usually better.

Compare Oracle to SQL Server. It’s been a long time since I used Oracle – version 8 I think it was, but I remember how hard it was to even connect to a database. The documentation was terrible. The tools were limited. From what I remember, the ESQL samples did not even compile properly – they had lots of typos in them!

Now, at the time, Oracle was probably a technically superior product, but it was much harder to use. SQL server has probably now caught up on the technology but, IMO, it was its use ability that made it a success.

I spent 10 years developing c++ and java on various UNIX systems, and yes, the tools are very good, but they are initially no where near as easy to use a Visual Studio and required the developer to have a “bag of tricks” up their sleeves.

Thursday 19 February 2009

Securing Reporting Services Web Services.

Many web based applications use reporting services to facilitate report production. We have used them extensively in many of our internal and external applications. The main drivers for deployment have been:

to produce PDF and other format documents
they are part of SQL Server
they have a very simple and effective deployment model

Although placing reporting services behind a second level of firewalls will secure it from external attack a mechanism is required to authenticate the client – otherwise internal users will be able to run any reports. To this end we would normally create a domain or local NT account and grant that account read access to the applications. These credentials can then be used to authenticate when using web services to execute reports.

However, when using the Microsoft ReportViewer web control it is not at first clear how to set the network credentials to call reporting services.

In order to set the credentials you must first create a class that implements the IReportServerCredentials interface as follows –

[Serializable]

public class RsCredentials : IReportServerCredentials

{

#region IReportServerCredentials Members

public bool GetFormsCredentials(out Cookie authCookie, out string userName, out string password, out string authority)

{

authCookie = new Cookie();

userName = password = authority = null;

return false;

}

public System.Security.Principal.WindowsIdentity ImpersonationUser

{

get { return null; }

}

public ICredentials NetworkCredentials

{

get

{

if (ConfigurationManager.AppSettings["rptUser"] != null)

{

return new NetworkCredential(

ConfigurationManager.AppSettings["rptUser"],

ConfigurationManager.AppSettings["rptPassword"]);

}

else

{

return CredentialCache.DefaultNetworkCredentials;

}

#endregion

}

And set the report viewer report server to use these credentials.

m_rptViewer.ServerReport.ReportServerCredentials = new RsCredentials();

In this particular implementation we look for a username and password in the web.config or we use the current Network Credentials of the process.

The current network credentials can be used if you are running if your asp.net worker process is running with account credentials that have access to the reports. Most internet setups do not usually use or allow domain authentication in the web servers so in practice this mechanism is rarely used.