A few years ago I become aware of the fact that it is truly amazing how long our Creator allows us to live.  So early in life we begin to rebel against Him.  These body's we are encased in wreak with depravity and are so far from their potential.  It is often hard to believe (but I certainly do) that we humans are made in the image and likeness of God.  It is so easy to see our failure, weakness, depression, and sorrow.

Today I want to publicly acknowledge my thankfulness to Jesus Christ for creating, sustaining and preserving my littlest girl Grace.  She turns 1 today.  We had an incident a couple months ago where she got a penny lodged in her throat and she could have easily died.  Her life was spared from that.  What is truly amazing though is not that God spares us from accidents, but that His Grace is sufficient to spare us from the incredible wrath we earned for ourselves by not trusting and following Him.

Thank you Jesus for your great love and the grace which you constantly pour out on us.  We do not deserve it!  I do not deserve it!

Typically Vue offers discount certification exams at TechEd so this year I decided to complete my MCSD.  I had been very lazy putting off the final 70-300 exam on solution architectures.  Now that I have taken it I know I had nothing to worry about.  Someone described it as a reading comprehension test and I concur.  There are a few questions you need to make technology decisions on.  You also need to understand what kinds of things would be on different types of design docs.  I had 3 scenerios and 30 questions.  I am glad to be finished with it.  Perhaps my next certification will be the Architecture route.  They are announcing that certification here at TechEd.

For anyone else considering certification I have great news.  First if you are at TechEd you can probably still take an exam for half price.  Second, if you fail you can retake an exam for free.  That offer comes from Microsoft and has been extended through the summer.  You do not have to be at TechEd for that one.

So, I have a new plan for Tech Ed this year.  I find that attending like 75 different session over the course of a week is more than I can even begin to absorb.  This year I will focus on Smart Client technology since it is not something I have spent much time looking at in the past.  ASP.NET is great, but I am tired of state management issues.  I want to do smart client applications.  I want to fully exploit serialization.  I want to cache a lot of data on the users machine, not the web server.  Expect to find me hanging around sessions with Tim Huckaby and Rocky Lhotka this year.

Oh, so the point of this post.  I was reading up on some blogs to prepare for the week.  I discovered a brilliant plan by the Microsoft RD's.  Instead of full 1 hour plus sessions they are doing something called Grok Talk.  These 10 minutes gigs are more like technology drive bys.  I look forward to catching a few of these between the fights over the good ice cream bars.  Don't worry Rory and Scott, I am saving the baby carrots for you.

You just can't have too many free food and drink events at these conferences.

Expo Hall Reception
Monday, June 6 6:00pm – 9:00pm Hall A/B

Microsoft Tech·Ed 2005 Attendee Party
Thursday, June 9 7:30pm – 11:00pm Universal Studios Orlando

I am sure some more open events will happen to fill in the gaps for Tuesday and Wednesday.  There are several private parties going on.  If you have not been invited to any then you need to become better friends with the people who hold the invitations.  I will let you figure out how it works on your own.

The first Tech Ed Party / Nerd Dinner is tomorrow night:  Join the Party with Palermo at the Pebody.

4PM - Arrival begins.  meet and greet.  Discuss conference sessions, etc.  Networking.
6PM - Geek Dinner.  I have reserved for 20, so I will need actual names for people to expect.
7:30PM - Drinks and conversation at the hotel bar.
Depart whenever.

After a long day on airplanes I have arrived in Orlando.  For those who have not left for Tech Ed yet here are a couple tips:

Pack an extra bag for hauling home all your shirts and other swag. 
Its rainy here.  Pack a rain jacket.
Look for me in then INETA community lounge.  I will be there Monday and Wednesday mornings as well as other times throughout the week.  Say hello!

Today I had a question from one of our developers about bridging ASP and ASP.NET applications and how to handle the security.  What I always recommend for all .NET web applications is that people use what is built-in.  Forms authentication works very well, already has security for things like authentication tickets, and it already handles checking authorization by just adding the <authorization> tag in web.config. 

Many ASP applications already have the concept of a userID and Roles.  In February I presented a session at VS Live that included some sample code that will easily address setting up forms authentication with roles for ASP.NET.  Lets jump right into it in a basic walk-through.

#1 Web.config settings.  These basic settings tell the framework that all unknown users should be redirected to the Logon.aspx page.  If the users are known (authenticated) then they can browse the other pages in the application.

<authentication mode="Forms">
<forms loginUrl="Logon.aspx" name="myAuthCookie" timeout="60" path= "/"></forms>
</authentication>

#2 Logon.aspx.  We could have a username and password input form or any kind of input we want to use to validate the user.  Since I am talking about a solution here that makes it easy to share authentication between classic ASP and ASP.NET we will leave the ASPX page itself blank and handle the check in code.  My recommendation is that the ASP classic application would instead trust the .NET authentication.  For that you might simply set an extra cookie from .NET that the ASP classic could read.  It really depends on how your ASP application validates users.  You would simply want to have the ASP.NET code duplicate the current ASP mechanism so when the user hits ASP pages they do not know any difference.  In other words, the ASP code would still check for a specific cookie or something like that. 

#2a Logon.aspx.cs.  In the code behind the for the authentication page is where all the real work happens.  Lets look at it in detail for the given scenario.

private void Page_Load(object sender, System.EventArgs e)
{
string userID = "";

// Check the ASP classic authentication cookie array or whatever you use in ASP to know the user is logged in
if (!(Request.Cookies("MyApplication") == null))
{
// Assuming here if authenticated then we also have a userID
userID = Request.Cookies("MyApplication").Values.Get("userID")
}

if (userID == "")
{
// unknown user. Send them back to classic ASP login page
Response.Redirect("login.asp");
}
else
{
// We have a userID from the ASP application. Use it to create an authentication ticket
// Get a pipe delimited string of the groups (Roles) that the user belongs to.
// Typical ASP applications store a list of roles in a database table. Hard coded here for sample.
string groups = "Editors|Registered Users|Newsletters";

// Create a forms authentication ticket that we can stuff the userID and Roles into
FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket(1,
userID,
DateTime.Now,
DateTime.Now.AddMinutes(60),
false, groups);
// Encrypt the ticket.
String encryptedTicket = FormsAuthentication.Encrypt(authTicket);

// Stuff the ticket into a cookie
HttpCookie authCookie =
new HttpCookie(FormsAuthentication.FormsCookieName,
encryptedTicket);
Response.Cookies.Add(authCookie);

// Return the user to the requested page now that an authentication ticket is created
Response.Redirect(FormsAuthentication.GetRedirectUrl(userID, false));
}
}

#3 Global.asax.cs.  This is where the magic of .NET forms authentication really happens.  If you are not stuffing the roles into the authentication ticket then much of this whole process can be greatly simplified.  Putting the Roles into the ticket will give us an easy way to apply them to the current user on each request.  Lets take a look.