Thursday, June 17, 2010

Hierarchyid data type on Sql 2008

The new data type introduced on SQL 2008 Hierarchy ID is very useful when working with tree based structures. Check out this link

Monday, June 14, 2010

OpenID integration to website

I started using my openid for different websites a while ago. Recently, I was curious to check how that can be integrated with any of the websites. In this post I will just put some of the points which would give a basic understanding of what is openID is all about.


As a common internet user, many times we walk away form the website just because we have to register. Registering in all the sites and remembreing login info is major tasks especially who already have many accounts. Another problem is that we many not be able to use unique username and password in all the websites and it may not be a good idea as well. When we share our password with some website how do we trust the party that our password is secure and noone can misuse it? these are all the problems can be avoided when we use openId.

What is OpenID?

OpenID is an open, decentralized standard for authenticating users

Allows users to log on to different services with the same digital identity where these services trust the authentication body.

OpenID replaces the common log on process that uses a login-name and a password, by allowing a user to log in once and gain access to the resources of multiple software systems.

You may choose to associate information with your OpenID that can be shared with the websites you visit, such as a name or email address.

With OpenID, your password is only given to your identity provider, and that provider then confirms your identity to the websites you visit.

Other than your provider, no website ever sees your password, so you don’t need to worry about an unscrupulous or insecure website compromising your identity.

OpenID is rapidly gaining adoption on the web, with over one billion OpenID enabled user accounts and over 50,000 websites accepting OpenID for logins. Several large organizations either issue or accept OpenIDs, including Google, Yahoo!, Microsoft, AOL and many more

OpenID protocol overview:
The end user initiates authentication (Initiation) by presenting a User-Supplied Identifier to the Relying Party via their User-Agent.

After normalizing (Normalization) the User-Supplied Identifier, the Relying Party performs discovery (Discovery) on it and establishes the OP Endpoint URL that the end user uses for authentication

The Relying Party and the OP establish an association (Establishing Associations) -- a shared secret established using Diffie-Hellman Key .The OP uses an association to sign subsequent messages and the Relying Party to verify those messages; this removes the need for subsequent direct requests to verify the signature after each authentication request/response.

The Relying Party redirects the end user's User-Agent to the OP with an OpenID Authentication request (Requesting Authentication).

The OP establishes whether the end user is authorized to perform OpenID Authentication and wishes to do so.

The OP redirects the end user's User-Agent back to the Relying Party with either an assertion that authentication is approved (Positive Assertions) or a message that authentication failed (Negative Assertions).

The Relying Party verifies (Verifying Assertions) the information received from the OP including checking the Return URL, verifying the discovered information, checking the nonce, and verifying the signature by using either the shared key established during the association or by sending a direct request to the OP

Users can use single identity among different trusted sites

Provides a single sign on, in particularly for people who are having many accounts

The openId server provides basic info about the user, saving the need to write down the usual basic info every time (depends on user’s settings with their providers)

Moves trust of honesty from multiple parties to only one

Minimize in re-registration and forgot password situations

For the user who keep the same password among all the sites, they don’t need to share password with many people. They can choose their trusted provider and use their identity.

We still have to provide normal registration for those who are not willing to go with openID

If the people register in our site is more than the size of people who use openID, this idea would just go away

The OpenID provider can track user’s habits as they receive all auth requests.

I have created a sample application to try this and it works fine even when I run an application with localhost. I have tried with Google, Yahoo and myopenid accounts. Will post my sample application and also compare openID with SAML in coming posts.

Wednesday, June 9, 2010

System.Web.AspNetHostingPermission on IIS7 Win 7

I had downloaded one of the open source and trying out something. When I started application, it was throwing a security error. Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

I checked folder permission and allowed fulltrust permission etc. Even then I was keep getting the same error. After a while found that IIS application pool “Load User Profile” was set to false. After setting that value to true, the problem got fixed.

Details on "load user profile" can be found at

Wednesday, June 2, 2010

Modify your XML document using SQL

Many of the situations, we will have to modify the xml that is passed on to the sql server.
Some of the common operations you might need to handle in SQL are

  • adding an element
  • adding an attribute
  • updating an attribute
  • delete an element
  • delete an attribute

 Let us try this with a sample document.

Declare @myXML xml

<CUSTOMER FName="Raja" LName="Rao" City="Bangalore" State="KA" />

Add an Element

SET @myXML.modify('insert <CUSTOMER FName="Ravi" LName="Krishna" City="Chicago" State="IL" />
into (/CUSTOMERSDATA)[1]') ;

select @myXML


<CUSTOMER FName="Raja" LName="Rao" City="Bangalore" State="KA" />
<CUSTOMER FName="Ravi" LName="Krishna" City="Chicago" State="IL" />

Add an attribute

SET @myXML.modify('insert attribute Phone {"333-333-3333" }
into (/CUSTOMERSDATA/CUSTOMER[@FName="Ravi"])[1]') ;

select @myXML

<CUSTOMER FName="Raja" LName="Rao" City="Bangalore" State="KA" />
<CUSTOMER FName="Ravi" Phone="333-333-3333" LName="Krishna" City="Chicago" State="IL" />

Updating an attribue

SET @myXML.modify('replace value of (/CUSTOMERSDATA/CUSTOMER[@FName="Ravi"]/@Phone)[1] with "444-444-4444"') ;

select @myXML

<CUSTOMER FName="Raja" LName="Rao" City="Bangalore" State="KA" />
<CUSTOMER FName="Ravi" Phone="444-444-4444" LName="Krishna" City="Chicago" State="IL" />

Delete attribue

SET @myXML.modify('delete (/CUSTOMERSDATA/CUSTOMER[@FName="Ravi"]/@Phone)[1]') ;

select @myXML

<CUSTOMER FName="Raja" LName="Rao" City="Bangalore" State="KA" />
<CUSTOMER FName="Ravi" LName="Krishna" City="Chicago" State="IL" />

Delete Element

SET @myXML.modify('delete (/CUSTOMERSDATA/CUSTOMER[@FName="Ravi"])[1]') ;

select @myXML


<CUSTOMER FName="Raja" LName="Rao" City="Bangalore" State="KA" />