How to resolve “Virtual PC has detected an invalid or missing Product ID”

12/032010

I’ve just installed Virtual PC 2007 on my work laptop (which runs Windows XP), and when I tried to start it, I got the following error:

---------------------------
Virtual PC
---------------------------
Virtual PC has detected an invalid or missing Product ID.

A valid Product ID is required to operate Virtual PC. Please
re-run the Virtual PC installer and enter a valid Product ID when
requested.
---------------------------
OK
---------------------------

The solution is basically as described here, except I had to create the registry keys and values as they were missing on my machine.

How to disable proxy server via web.config file

09/032010

I’m developing a simple ASP.NET page to consume an RSS feed, format and output the content. My default proxy requires authentication, so unless I supply proxy credentials or bypass the proxy altogether, I get a “407 Proxy Authentication Required” error.

Fortunately I can access the RSS feed URL directly without going through the proxy, so the solution is simple – I just need to instruct my application to ignore the default proxy settings by adding the following lines in my web.config file, within the <configuration> element:

  <system.net>
    <defaultProxy>
      <proxy usesystemdefault="False"/>
    </defaultProxy>
  </system.net>

Troubleshooting IDENT_CURRENT() returning null in SQL Server

09/032010

Recently I was mystified by an issue with one of my Web applications in which the IDENT_CURRENT() function was returning null. I was under the impression that this function (which returns the last identity value generated for a specific table or view) would always return a value. In fact, as pointed out in this post, SQL Server 2005 (and presumably also later versions) requires the database user to have ALTER, CONTROL, DELETE, INSERT, REFERENCES, SELECT, TAKE OWNERSHOP, UPDATE or VIEW DEFINITION permissions on the underlying table, otherwise IDENT_CURRENT() will return null.

I can’t recall exactly how the permissions were set up in my case, but I know that the database user had SELECT permission on the entire database, and therefore was able to SELECT from the table in question – let’s call it ‘articles’. However, IDENT_CURRENT(articles) only started returning values other than null when I explicitly granted SELECT permission to the user for the specific ‘articles’ table.

Using ISAPI Rewrite to redirect domain.com to www.domain.com

08/032010

My employer’s SharePoint-powered external website – which I look after – uses ISAPI Rewrite to provide “friendly” URLs for certain pages, and also to redirect old URLs to their new locations. Coming from a LAMP background, this is great for me as it basically works the same as Apache’s mod_rewrite.

Previously the website responded to requests for both domain.com and www.domain.com, which is not ideal. SEO best practice is to either redirect the non-WWW version to the WWW version, or vice-versa. In my case, www.domain.com is the preferred format, so I’m using the following rule:

### Redirect domain.com to www.domain.com
RewriteCond Host: ^domain\.com
RewriteRule (.*) http\://www\.domain\.com$1 [I,RP]

If you want to do the opposite, you’ll need this one:

### Redirect www.domain.com to domain.com
RewriteCond Host: ^www\.domain\.com
RewriteRule (.*) http\://domain\.com$1 [I,RP]

In detail: Argos credit card security breach

05/032010

When I saw today’s The Register article, “Argos buries unencrypted credit card data in email receipts“, I immediately logged into my Gmail account to see if I had been affected.

It didn’t take me long to find an email receipt from an order placed in April 2009, and was able to see the problem first-hand.

Near the bottom of the email is the wording “We take security of your details seriously. We may send you emails from time to time, but we would never send an email asking for your log on or card details. See online security for further information.” The underlined words point to a page on argos.co.uk via an URL of some 1600 characters – ironically, this is where the problem lies:

http://www.argos.co.uk/webapp/wcs/stores/servlet/ArgosStatic
PageSecondLevel?includeName=Security.htm&langId=-1&storeId=1
0001&catalogId=1500001501&returnToURL=PlaceOrderProgressView
?storeId=10001&cardnumber=****************&houseNumber=*&val
idationno=***&readtsandcs=on&availableDeliveryOrder=********
**&LockDelAddressAsBillAddress=false&startmonth=&paymentAddr
essId=*********&javascriptEnabled=true&contactAddressId=****
*****&orderId=**********&creditPlanId=&unavailableDeliveryOr
der=**********&delcity=RUGBY&SCSNum=03&com.ibm.commerce.cont
ext.experiment.ExperimentContext=com.ibm.commerce.context.ex
perimentimpl.ExperimentContextImpl@63656e2a&switchno=&emailT
ype=HTML&vatReq=N&voucherCode=&catalogId=1500001501&creditPl
anShortText=&address2=&address1=**********&delpostcode=*****
**&cardtype=VISAD&FFM2011461168=5&POnumber=&deliveryAddressI
d=*********&langId=-1&startyear=&eccvValidated=Y&paymentName
=MR C BARNES&delHouseNo=&addressId=*********&delcounty=Warwi
ckshire&fromView=DeliveryOnlyPaymentInfo&SECURE_ACTION_RESUL
T=7&postcode=*******&SECURE_ACCEPT_CARD=Y&country=United Kin
gdom&town=RUGBY&endyear=****&isInstantCredit=false&endmonth=
**&issueNo=&nor=0&foundValidBinCardType=valid&address=******
********************&instantCreditOtherCard=true&instantCred
itOrder=N&county=Warwickshire&jspStoreDir=argos&delPostcode=
&continue.y=15&continue.x=108&cardholder=***********&argosIm
pl=1&deladdress2=****************

Obviously I’ve redacted my personal details, but the actual text contains my full unencrypted card number, CVV code, expiry date, name as printed on the card and address – basically all the information needed for an identity theft attack. Not only was the information transmitted in clear-text when the email was sent, but the link provided is a standard insecure HTTP link which, if I were to click it, would once again transmit the information in the clear.

A PC Pro story on the same subject credits the find to reader Tony Graham, whose credit card details had been used fraudulently. While there’s no evidence to link this incident to the Argos breach, my card details were also misused by fraudsters around the time of my Argos order, so this could be more than a coincidence.

My email receipt from a subsequent order made in July last year didn’t seem to expose these details, so presumably the problem had been resolved by then. Nevertheless, I would hope Argos have the decency to contact all customers that may have been affected, making them aware of what has happened and urging them to check their statements carefully.

Stop Ctrl+Enter from sending emails in Outlook 2003

04/032010

I use Microsoft Outlook at work and have never purposely used the Ctrl+Enter keyboard to send an email. However, I am a fairly fast typist, and sometimes don’t let go of the Ctrl key quick enough after pasting something into an email before pressing Enter for a new line, the result being a half-finished email getting sent prematurely.

Fortunately there’s a registry hack to disable this annoyance once and for all:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\
Office\11.0\Outlook\DisabledShortcutKeysCheckBoxes]
"CtrlEnter"="13,8"

If you’re using Word as your email editor, add this too:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\
Office\11.0\Word\DisabledShortcutKeysCheckBoxes]
"CtrlEnter"="13,8"

Presumably, if you’re using a different version of Office, you will need to replace 11.0 with the correct version (10.0 for Office XP, 12.0 for Office 2003, etc.)

SharePoint and getElementById()

25/022010

I’ve just found out that using JavaScript’s getElementById() function doesn’t quite work as expected when dealing with controls on SharePoint pages. This is because SharePoint uses its own identifiers, so TextBox1 becomes something like ctl00$ctl00$g_3f6d90e4_335b_467c_a53f_6ae00bca6b63$ctl00$TextBox1.

Fortunately there’s a simple solution – instead of the following (which will cause an “Object required” JavaScript error):

document.getElementById("TextBox1");

you need to use this, which will insert the correct full ID for the element and thus work correctly:

document.getElementById("< %=TextBox1.ClientID%>");

It gets a bit more complicated when using nested controls, which is explained in this post by Eric Shupps.

FreeTextBox: How to fix “The type or namespace name ‘Toolbar’ could not be found”

24/022010

I’m working on a Visual Studio 2005 ASP.NET project which makes use of FreeTextBox to provide rich text editing capability. My code sets up the toolbar programmatically but, despite following the installation instructions to the letter (including setting up the FTB TagPrefix), my code was failing to compile with The type or namespace name ‘Toolbar’ could not be found on the following line of code:

Toolbar ftbTools = new Toolbar();

I initially fixed this by adding the FreeTextBoxControls prefix:

FreeTextBoxControls.Toolbar ftbTools =
                             new FreeTextBoxControls.Toolbar();

But then my code fell over with a similar error on the very next line:

ftbTools.Items.Add(new ParagraphMenu());

Not wanting to have to add the FreeTextBoxControls prefix to this and my other 18 Add statements, I instead added the following using statement to my code file:

using FreeTextBoxControls;

Job done!

How to check whether a SharePoint user is in a particular group

22/022010

Here’s a quick function I wrote to check whether a user is a member of a particular SharePoint group:

private bool IsMemberOf(string groupName)
{
    SPUser user = SPContext.Current.Web.CurrentUser;

    try
    {
        if (user.Groups[groupName] != null)
            return true;
        else
            return false;
    }
    catch
    {
        return false;
    }
}

The try-catch is required as – somewhat counter-intuitively – SharePoint seems to throw a “Group not found” error if the user is not a member of the group.