The August 1st, 2005 edition of InfoWorld has an interesting article about a new technology that looks like it will kill NAS (Network attached storage) as we know it today.  Currently NAS devices have drive controllers embedded in them and function like mini file servers on the network.  Zetera has created a solution that lets you put drives on the network that act like a SAN (Storage Attached Network).  The IP network becomes the pipeline directly to the disk.  This provides 2 awesome features.

#1 No controller needed in the drive enclosure significantly reducing cost and improving performance.
#2 The drives are seen to the local PC just like any physically attached hard disk, but without special, expensive hardware.

Additionally these drives can be mirrored and support other RAID configurations.

Netgear has a box coming any day that will host 2 IDE drives on the network using this technology.  It is slated at $129 retail and I can't wait to get one.  I look forward to seeing how it performs with applications an other things like that loaded onto it.  It may be the ideal data drive in the sky.  It would be interesting is the drive could be mounted before the OS loads, but I don't see how that would possible without a special NIC that could tell your BIOS it was a drive controller.  They are probably working on that if they don't have it already.

 

I am often asked why I have switched from using Rainbow Portal to DotNetNuke.  I promised I would answer that. 

 

Both products have matured and maintain some distinctions.  Rainbow (RB) is written in C# and DotNetNuke (DNN) is in VB.NET.  That no longer matters to me because I am not working on the core of either product.  Also, I recommend that unless you can get your code added to the core product or you are planning to support your own branch then you should avoid touching the product source code as well.  If you change a copy of the product you set yourself up for challenges with future upgrades.  Extensibility projects or modules can be written in the .NET language of your choice so I do not consider the language argument to be valid anymore.

 

The other major distinction that might be worth mentioning is localization.  From the beginning RB has supported localization and it is the only 1 of the 2 products that currently allows for easy content localization.  Both products now support localization of menus and commands fairly well.  DNN is aware of their deficiency here and they plan to address it as some point.

 

Usability is the biggest reason I now use DNN.  When I first tried version 3 I was amazed at how quickly I could add a page (tab) and fill it with modules.  I was further impressed by the content editor’s experience.  In many places where you are creating a link you get a common control that easily lets you choose between linking to a page in your site,  a file on you site or a URI offsite,.  The file dialog really won me over.  It is very common for users to want to upload a PDF or Word document and then create a link to it.  In DNN you never have to leave the link edit page to accomplish all of that.  With RB it takes several clicks and some intermediate end user training to handle the simple document upload and link creation process.  It is so painful in RB that my team typically does it for the content managers.

 

The other major reason for my switch was the community.  I was fine with RB because I know the people who created and maintain it.  However, those I work with and who manage the many websites at Idaho Commerce and Labor have no relationship with RB’s creators.  If I were to take a new job or simply wanted to find some training resources for them it begins to get ugly fast.  The DNN community is so large now that you can find just about any help you need without calling up one of the core team. 

 

Largely due to the size of the DNN community I also found a rich and active market for extensibility of the product.  Mostly I am referring to the huge number of 3^rd party modules that are available at very low prices.  Often I have requests for new features on our websites and with RB I always had to replay with a number of hours it would take to custom build that functionality.  With DNN I now replay typically with a list of 3^rd party modules and their purchase price.  The prices are very palatable to almost any DNN user and often you can find working solutions for free.

 

I should also mention that I have found DNN skinning to be reasonably easy and far more desirable than classic RB skinning.  I know that RB now has the ZEN skinning engine, but I am very happy with the DNN solution and skinning must remain reasonable simple for any solution to work well.  I know that RB ZEN took some magic in the page lifecycle to make it work.  DNN is much simpler in its implementation with standard .NET user controls as Skin Objects.

 

A brief note also needs to be included here about the roadmap in DNN.  Namely, they have one and they try to stick to it.

 

Personally I can see no reason to go back to RB and every reason to believe that DNN will be a great solution for some time.  It already is an amazing content management tool and application development platform.  I view DNN less as an option and more as the default foundation for nearly all sites and applications.  The best way to decide between RB and DNN is to spend a few minutes with each.  I think you will be surprised to find how much better DNN really is.

This morning I noticed that our local independent ad paper (more ads than news) the Boise Weekly has an article on Google.  The nugget of relevance I got from the article was that there is a way to search books with Google.  After a little Googling to find the search I landed on print.google.com.  There are many books not yet indexed, but also many that are.  Next time you are looking for something you read in a book give it a try.  It is certainly faster than flipping through the pages manually.

I was unable to make the first Code Camp for Portland.  My supervisor however decided at the last minute that it was worth checking out.  He reports that it was great.  When I asked him if it was as good as a commercial conference he said that he thought so.  Perhaps even better.  And that comes from a guy who was just at TechEd 6 weeks ago.

Congratulations to Jason Mauer, the Portland area .NET user groups, speakers and everyone who put in the effort to make it happen!

Yesterday News.com gave the DotNetNuke (DNN) community a boost when it headlined an article about Microsoft and Open Source.  Congratulations Shaun and DNN for creating a product that is getting this kind of attention.  You deserve it.

If you have not yet given DNN a run then what in the world are you thinking?  DNN is no longer a hobbyists web management toy.  It has matured to a point where it can rightly be called an Enterprise Application management and hosting framework.  If you are still doing custom web sites without a tool like DNN you have more to worry about than being outsourced to India.

The Portland .NET community is hosting their first Code Camp!  Anyone from Boise thinking about going?  It looks like it will be a fantastic weekend over there.

A friend of mine, Max Karpov, is partnering with Microsoft to host a Portals code camp.  The material looks fantastic and I know the speaker is excellent!  I met him at VS Live! back in February and have considered him a friend ever since.  If you can make it to Charlotte, North Carolina on August 20th then you will not want to miss the event.

FREE Portal Development mini-Code Camp covering SharePoint, DotNetNuke and Portal Framework ASP.NET 2.0

Overview of the event

Theme: Web Portal Application development with Microsoft technologies.  Sponsorship by Microsoft and my company, Faith Interactive.

Web Portals are not new to the scene, but enterprise adoptions to our technologies on a larger scale are just now beginning to take place. Microsoft has a number of products and technologies on the market to empower users to build web portals. SharePoint (SharePoint Portal Server and Windows SharePoint Services) technologies are one of these products. The SharePoint community has grown and embraced the open-source nature of developing these products. One product that will be demonstrated was developed by Jan Tielen. His product is called SmartPart Web Part. Microsoft doesn’t provide official support but thousands of developers have embraced the development of SharePoint portals through the use of it.

In areas where SharePoint products fall short, for example ease of UI customization through skins and custom login mechanize, open-source DotNetNuke portal is a great solution. I will be sharing from my production experience (1) why I choose this product for large portal implementation in big corporations and (2) the lessons learned from my experiences. 

Technology will never become stagnant and we can predict that the next version of ASP.NET 2.0 is just around the corner. It will include Portal Framework out-of-the box. The ability to code today in such a way that allows a smooth migration path is very important, so we will be examining the newer features of Web Parts framework and the best choices of technologies available today in order to escape the headache of a complete rewrite of portals.

Yes, the cost of the event is completely free and the quality can be likened to that of TechEd or VSLive.

Agenda Details (Subject to Change)

Imagine a day jam-packed with fun that has the potential to fill you to the brim with web application portal technologies. We will be starting at 9:00 am and wrapping up by 7:00pm. Below are the titles of each track and a detailed explanation of what each will cover.

Portal Design Patterns

This initial session will set the tone for the rest of the day. I will uncover common design patterns using and building web portal applications. We will look at the problem from the perspective of a generic viewpoint in which we will isolate ourselves from the nitty-gritty implementation specifics of coding. Don’t fret.  There will be more than enough code in the sessions following. You will leave not only with source-code good enough for production applications but also with the Design Pattern knowledge that transcends throughout technologies today.  This session will also prove why technologies capable of managing information, such as SharePoint, will continue to be around for many years to come. It will lay the foundation for the rest of our sessions.

SharePoint (Web Parts, SmartPart, Document Libraries)

SharePoint Technologies consist of many parts and implement solutions for a wide variety of problems.  How can we grasp such diverse technologies? This question will be answered as we walk through some of the topics listed below:

• Code Access Security Configuration
• SmartPart Web Part and User Controls
• SharePoint Recycle Bin for document libraries
• WPPackager to deploy Web Parts
• Migration strategies between Development/Staging/Production
• Tips and Tricks for Web Part Development/Deployment

At the end of the day you will not only be able to develop/deploy custom Web Part but you will also become familiarized with the use of SmartPart development framework. All of our tips and tricks for customizing SharePoint are from on-the-scene production implementations.

ASP.NET 1.x DotNetNuke Portal (Modules)

Today, if you’re faced with the decision to implement web portal and you cringe at the idea or are unfamiliar with the process of how to implement SharePoint technologies you can use Open-Source product DotNetNuke Portal. (For more information, read DotNetNuke book).  I will dismiss the myth that Visual Basic.NET code of DotNetNuke , isn’t too dangerous and can in fact be used by C#  and even COBOL developers.

I will even go so far as to make a strong point to not modify the core portal code but rather use it as SharePoint and customize the UI and modules. The issues we will uncover are listed below:

• DotNetNuke Architecture in plain English
• How to extending DotNetNuke core engine at your own risk.
• Build and Deploying core DotNetNuke portal engine without a source-code
• Power of DotNetNuke Skin engine revealed User Interface Customization.
• DotNetNuke Modules to customize functionality of the portal

ASP.NET 2.0 Portal Frameworks (Web Parts)

What will the technologies of tomorrow bring?  How can we be prepared? The main purpose of this session is to prepare you to write code that can easily be modified to work under the newer ASP.NET 2.0.

• Master Page and Web Part Page Framework
• Cons and Pros for Web Part Development
• Web Part Properties for Customization and Personalization
• Web Part Communication
• Providers explained

We hope this wets your appetite.  See you there!

Remember to fill in your evaluation forms at the end of the day for our drawing!!

A few years ago I become aware of the fact that it is truly amazing how long our Creator allows us to live.  So early in life we begin to rebel against Him.  These body's we are encased in wreak with depravity and are so far from their potential.  It is often hard to believe (but I certainly do) that we humans are made in the image and likeness of God.  It is so easy to see our failure, weakness, depression, and sorrow.

Today I want to publicly acknowledge my thankfulness to Jesus Christ for creating, sustaining and preserving my littlest girl Grace.  She turns 1 today.  We had an incident a couple months ago where she got a penny lodged in her throat and she could have easily died.  Her life was spared from that.  What is truly amazing though is not that God spares us from accidents, but that His Grace is sufficient to spare us from the incredible wrath we earned for ourselves by not trusting and following Him.

Thank you Jesus for your great love and the grace which you constantly pour out on us.  We do not deserve it!  I do not deserve it!

Typically Vue offers discount certification exams at TechEd so this year I decided to complete my MCSD.  I had been very lazy putting off the final 70-300 exam on solution architectures.  Now that I have taken it I know I had nothing to worry about.  Someone described it as a reading comprehension test and I concur.  There are a few questions you need to make technology decisions on.  You also need to understand what kinds of things would be on different types of design docs.  I had 3 scenerios and 30 questions.  I am glad to be finished with it.  Perhaps my next certification will be the Architecture route.  They are announcing that certification here at TechEd.

For anyone else considering certification I have great news.  First if you are at TechEd you can probably still take an exam for half price.  Second, if you fail you can retake an exam for free.  That offer comes from Microsoft and has been extended through the summer.  You do not have to be at TechEd for that one.

So, I have a new plan for Tech Ed this year.  I find that attending like 75 different session over the course of a week is more than I can even begin to absorb.  This year I will focus on Smart Client technology since it is not something I have spent much time looking at in the past.  ASP.NET is great, but I am tired of state management issues.  I want to do smart client applications.  I want to fully exploit serialization.  I want to cache a lot of data on the users machine, not the web server.  Expect to find me hanging around sessions with Tim Huckaby and Rocky Lhotka this year.

Oh, so the point of this post.  I was reading up on some blogs to prepare for the week.  I discovered a brilliant plan by the Microsoft RD's.  Instead of full 1 hour plus sessions they are doing something called Grok Talk.  These 10 minutes gigs are more like technology drive bys.  I look forward to catching a few of these between the fights over the good ice cream bars.  Don't worry Rory and Scott, I am saving the baby carrots for you.

You just can't have too many free food and drink events at these conferences.

Expo Hall Reception
Monday, June 6 6:00pm – 9:00pm Hall A/B

Microsoft Tech·Ed 2005 Attendee Party
Thursday, June 9 7:30pm – 11:00pm Universal Studios Orlando

I am sure some more open events will happen to fill in the gaps for Tuesday and Wednesday.  There are several private parties going on.  If you have not been invited to any then you need to become better friends with the people who hold the invitations.  I will let you figure out how it works on your own.

The first Tech Ed Party / Nerd Dinner is tomorrow night:  Join the Party with Palermo at the Pebody.

4PM - Arrival begins.  meet and greet.  Discuss conference sessions, etc.  Networking.
6PM - Geek Dinner.  I have reserved for 20, so I will need actual names for people to expect.
7:30PM - Drinks and conversation at the hotel bar.
Depart whenever.

After a long day on airplanes I have arrived in Orlando.  For those who have not left for Tech Ed yet here are a couple tips:

Pack an extra bag for hauling home all your shirts and other swag. 
Its rainy here.  Pack a rain jacket.
Look for me in then INETA community lounge.  I will be there Monday and Wednesday mornings as well as other times throughout the week.  Say hello!

Today I had a question from one of our developers about bridging ASP and ASP.NET applications and how to handle the security.  What I always recommend for all .NET web applications is that people use what is built-in.  Forms authentication works very well, already has security for things like authentication tickets, and it already handles checking authorization by just adding the <authorization> tag in web.config. 

Many ASP applications already have the concept of a userID and Roles.  In February I presented a session at VS Live that included some sample code that will easily address setting up forms authentication with roles for ASP.NET.  Lets jump right into it in a basic walk-through.

#1 Web.config settings.  These basic settings tell the framework that all unknown users should be redirected to the Logon.aspx page.  If the users are known (authenticated) then they can browse the other pages in the application.

<authentication mode="Forms">
<forms loginUrl="Logon.aspx" name="myAuthCookie" timeout="60" path= "/"></forms>
</authentication>

<authorization>
<deny users="?" />
<allow users="*" /> <!-- Allow all users -->
</authorization>

#2 Logon.aspx.  We could have a username and password input form or any kind of input we want to use to validate the user.  Since I am talking about a solution here that makes it easy to share authentication between classic ASP and ASP.NET we will leave the ASPX page itself blank and handle the check in code.  My recommendation is that the ASP classic application would instead trust the .NET authentication.  For that you might simply set an extra cookie from .NET that the ASP classic could read.  It really depends on how your ASP application validates users.  You would simply want to have the ASP.NET code duplicate the current ASP mechanism so when the user hits ASP pages they do not know any difference.  In other words, the ASP code would still check for a specific cookie or something like that. 

#2a Logon.aspx.cs.  In the code behind the for the authentication page is where all the real work happens.  Lets look at it in detail for the given scenario.

private void Page_Load(object sender, System.EventArgs e)
{
string userID = "";

// Check the ASP classic authentication cookie array or whatever you use in ASP to know the user is logged in
if (!(Request.Cookies("MyApplication") == null))
{
// Assuming here if authenticated then we also have a userID
userID = Request.Cookies("MyApplication").Values.Get("userID")
}

if (userID == "")
{
// unknown user. Send them back to classic ASP login page
Response.Redirect("login.asp");
}
else
{
// We have a userID from the ASP application. Use it to create an authentication ticket
// Get a pipe delimited string of the groups (Roles) that the user belongs to.
// Typical ASP applications store a list of roles in a database table. Hard coded here for sample.
string groups = "Editors|Registered Users|Newsletters";

// Create a forms authentication ticket that we can stuff the userID and Roles into
FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket(1,
userID,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false, groups);
// Encrypt the ticket.
String encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Stuff the ticket into a cookie
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie);

// Return the user to the requested page now that an authentication ticket is created
Response.Redirect(FormsAuthentication.GetRedirectUrl(userID, false));
}
}

#3 Global.asax.cs.  This is where the magic of .NET forms authentication really happens.  If you are not stuffing the roles into the authentication ticket then much of this whole process can be greatly simplified.  Putting the Roles into the ticket will give us an easy way to apply them to the current user on each request.  Lets take a look.

protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
// Extract the forms authentication cookie
string cookieName = FormsAuthentication.FormsCookieName;
HttpCookie authCookie = Context.Request.Cookies[cookieName];

if(null == authCookie)
{
// There is no authentication cookie.
return;
}

FormsAuthenticationTicket authTicket = null;
try
{
authTicket = FormsAuthentication.Decrypt(authCookie.Value);
}
catch(Exception ex)
{
// Log exception details (omitted for simplicity)
return;
}

if (null == authTicket)
{
// Cookie failed to decrypt.
return;
}

// When the ticket was created, the UserData property was assigned a
// pipe delimited string of group names.
String[] groups = authTicket.UserData.Split(new char[]{'|'});

// Create an Identity object
GenericIdentity id = new GenericIdentity(authTicket.Name, "TrustedASPAuthentication");

// This principal will flow throughout the request.
GenericPrincipal principal = new GenericPrincipal(id, groups);

// Attach the new principal object to the current HttpContext object
Context.User = principal;
}

---

That is really about all there is to it.  By using the built-in authentication and authorization tools in ASP.NET and stuffing the roles into the ticket and then the current principal your code can leverage the built-in methods for checking Role membership. 

User.IsInRole("Editors") would return true for us since "Editors" is one of the roles I hard coded the user to be in.

I hope that someone finds this brief article helpful as an introduction into using Forms authentication and Role authorization in ASP.NET.

I stumbled on Rick Laplante's blog entry today where he gives some details on how Microsoft is responding to customer feedback about Team System.  He links to a couple of important charts that will help us all make decisions about which versions to buy.  The other exciting piece of news is that each of the Team System role sku's will include a 5 developer license of Team Foundation Server.  That should help the small shops find it easy to get started with.

Compare Visual Studio 2005 Team System Software Editions

MSDN Subscriptions for Visual Studio 2005

This information simply must be propagated on the net.  I have been going back on forth with Creative support via Email and they have suggested the standard stuff, all of which I tried.  After I upgraded my Zen Micro to support subscription media via their latest firmware I ran into a serious problem.  My laptop would no longer recognize the device.  It showed up in device manager, but no software would acknowledge it.  I am so glad to have this solved.  I really did not want to play for format c: game on my machine to get this working.

So here is the fix that I finally discovered at: http://hardware.mcse.ms/message94329.html

1. Log in as an administrator (if you are not already logged in that way).

2. Go to Start, Run and type "regedit" (without the quotes).

3. When the registry editor starts, navigate to the following location in
the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum

4. Right-click the Enum hive and select Permissions.

5. In the permissions dialog, add the Everyone group.

6. Give the Everyone group Read access.

Close the registry editor and connect the Personal Media Center device.

Last Friday I decided to see how well the 30 day return policy at Best Buy would work.  I returned my Samsung MP3 player and they gladly exchanged it for whatever I wanted.  As previously mentioned I decided to go for the Creative Zen Micro since it supports subscription DRM services.  BestBuy.com has the player $10 cheaper than the store and they had no problem taking the extra $10 off during the trade in.  Best Buy gets a +1 for this!

Of course I could not wait to rip into my new device and give it a spin.  All was well until I did the latest flash upgrade.  This was required for it to support subscription music.  After the upgrade my laptop refused to see the device.  I assumed it was defective and returned it to Best Buy and got it replaced, again with no problems.  You can imagine how bummed I was when the 2nd Zen had the same problem as the first.  After searching the net for others with the same problem I found that I was not alone.  Since Creative Tech support is closed on weekends I decided to wait until today to call them.  I brought the device to the office to see if my work PC liked it.  Guess what, no problems.  Now I have an interesting dilemma.  My cool MP3 player will not work with my home PC.  Next thing is to rebuild the home PC and see if that takes care of the problem.  Forget calling Tech Support, at least for now.

Microsoft, Creative and other players in the subscription audio world are going to have to make this stuff work flawlessly or they may find MP3 players thrown through the Windows.  I don't mind being on the bleeding edge of technology, but when my very recent hardware and completely up to date software do not work together I am not a happy boy!

About 3 weeks ago I decided it was time to join the MP3 revolution.  I did some research and decided that I wanted to go with portability over extreme storage size.  Initially I thought I would go for a 60 Gig Zen Xtra.  iPod is absolutely not a consideration for me because I prefer WMA format and I don't want to load iTunes just so I can use it.  I ended up walking out of Best Buy with the Samsung YP-MT6Z (1 Gig).  I went to the store thinking that I would prefer the Creative Zen Micro because I wanted to store several albums at a time.  When I saw the size of the flash based devices I changed my mind.  The in stock Zen only came in black did not look appealing to me either.

The Samsung player has been fantastic.  I am still running on the battery that came with it in the box.  They claim 42 hours on a single AA battery and I am convinced that must be accurate.  My player still shows no sign of battery weakness.  I have loaded about 10 albums on it in addition to several hours of spoken audio.  I give a solid A-.  Read on to learn why I cannot rate it higher.

Yesterday I read that Yahoo had a new subscription music service.  I decided to give it a run because the price point was only $4.99 /mo.  I was excited to start downloading anything I wanted to listen to.  With a click I get almost any album I can imagine.  I am now convinced that CD based music as we currently know it is going to disappear in the near future.  I will go so far as to predict that even MP3 players as we know them today will change.  What I believe will happen is that we will end up with devices like car stereos and cell phones that have some flash memory for caching a short playlist.  That playlist will sync with a subscription service whenever the device can get connectivity to the Internet.  Wireless broadband technologies will enable this.  Devices will even allow you to request songs on demand, probably through a speech interface.

Now that I have tasted the beauty of subscription music on demand at an affordable price point I have a huge complaint about my WMA/MP3 Player.  It does not support DRM10 or whatever the standard is for enabling subscription content on portable devices.  The current list of devices supporting subscriptions is very short.  There are only 13 devices in the list.  None of them are high capacity flash devices.  Matter of fact none of them are flash devices at all except a cell phone.  My plan now is to see how far I can get with the 30 day return policy at Best Buy.  If they will take back the Samsung I am going to get the Zen Micro.  In my opinion the Micro is the best option for a portable device that supports subscription music and everything else I want in a player.  I hope that we don't have to wait long for the industry to catch up with DRM standards and devices.  At $5/mo. I will probably become a subscriber for life and never buy another CD again.  Instead I will outfit my home, vehicles, and my pocket for the Any Music, Any Time future!

I have been having a discussion with one of our developers about SSL.  He is updating some code and wanted to make sure that anyone who used the application would be doing so via SSL.  I believe the discussion will be valuable to many so I wanted to share some tips.

 

There are a couple of simple ways to guarantee that users are using SSL.

 

#1 In IIS you can set the application to require SSL so anyone trying to access it over HTTP will get an error.  I do not like this option for 2 reasons.  It requires extra IIS configuration to implement and I like to avoid throwing errors if possible.

#2 Applications can check for the use of SSL and force a redirect if it is not being used.  This is my preferred and recommended approach for all applications that involve sensitive data. 

 

Here is some simple VB.NET ASP.NET code that does the trick for option #2.

 

‘ Force users of this application to come in using SSL

If Not Request.IsSecureConnection Then Response.Redirect(Request.Url.ToString.Replace("http:", "https:"))

 

The biggest question this creates is how to handle the development and testing environments where SSL certificates may not be installed.  I have good news for you there.  Microsoft has a couple of tools for creating self-signed certificates that are prefect for development environments.  You can easily install a test certificate on your own development machines.

 

The IIS 6.0 Resource Kit includes a tool called SelfSSL that you can use to make certificates.  I prefer to use MakeCert.  I use it enough that I put together a simple Create_Cert.BAT file to make it even easier to use.  The file takes in the machine name as a parameter (%1%).  You can find documentation on the various options in MSDN.

 

makecert -r -pe -n "CN=%1%" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -nscp

• Copy the MakeCert.exe tool and create the Create_Cert.bat file on your machine.
• Open a Command Prompt window and change to the directory where you put the makecert.exe and the create_cert.bat files.
• Execute the create_cert.bat using the machine name of your PC as a parameter.  Typically we use LOCALHOST on our local machines. (ex. C:\tools\create_cert.bat localhost)
• In IIS you can now set the Default Web Site to use your test SSL certificate. 
  My Computer -> (right-click) Manage -> Services and Applications -> Internet Information Server -> (right-click)Default Web Site -> Properties -> Directory Security -> Server Certificate – Assign Existing.

I hope you agree with me that it is easy to develop and securely interact with customers over with SSL.  If you are looking for affordable SSL certificates for production servers you can now get them for as little as $29.95 at www.GoDaddy.com.