IIS 7 Application Pool Stops – HipIISEngineStub.dll failed to load.

Happened in conjunction with a McAfee update on a web server.

IIS 7 Application Pool stops for any web application on an IIS 7 web server.

Error 503 Service Unavailable.

Event log error is:

“HipIISEngineStub.dll failed to load. The data is the error.”

Edit the IIS 7.0 applicationHost.config file and remove the following configuration lines:

  1. Edit %windir%\system32\inetsrv\config\applicationHost.config as Administrator.
  2. In the <globalModules> section, remove the following line:
    <add name=”MfeEngine” image=”%windir%\System32\inetsrv\HipIISEngineStub.dll” />
  3. In the <modules> section, remove the following line:
    <add name=”MfeEngine” />
  4. Save the file, then restart IIS.
Advertisements

SharePoint Server 2010 Configure People Picker

When the People Picker control is used, a user’s name is resolved when the Check Name icon is clicked or a list of users is displayed when the Browse icon is clicked.

If the Web application is using Windows authentication and the site user directory path is not set, the People Picker control searches the entire Active Directory to resolve users’ names or find users, instead of searching only users within a particular organizational unit (OU). The setsiteuseraccountdirectorypath operation allows the user’s directory path to be set to a specific OU in the same domain. After the directory path is set to a site collection, the People Picker control will only search under that particular OU.

If a site collection is new and an administrator uses the setsiteuseraccountdirectorypath operation to specify a target OU, only users under the specified path can be added to the site collection and no one else can be added to the site collection.

If users have already been added to a site collection and the setsiteuseraccountdirectorypath operation is run, only users under the specified path will be able to be added going forward.

To set a list of users to a specific OU (for example, Sales) in the Contoso Corp domain, use the following syntax:

stsadm -o setsiteuseraccountdirectorypath -path “CN=Sales,DC=ContosoCorp,DC=local” –url http://server_name

http://technet.microsoft.com/en-us/library/cc263328(office.12).aspx

http://technet.microsoft.com/en-us/library/gg602075(v=office.14).aspx#section5

 

Thrice Nested Repeater for Tests, Questions and Answers

Default.aspx

            <asp:Repeater runat="server" ID="rTests">
                <ItemTemplate>
                    <h3>Test: <%# DataBinder.Eval(Container.DataItem, "Name") %>, Passing Score = <%# DataBinder.Eval(Container.DataItem,"Passing_Score") %></h3>
                    <asp:Repeater ID="rQuestions" runat="server" DataSource='<%# GetChildRelation(Container.DataItem, "Test_Question")%>'>
                        <ItemTemplate>
                            <h4>Question:<%#DataBinder.Eval(Container.DataItem, "Text")%></h4>
                            <asp:Repeater ID="rAnswers" runat="server" DataSource='<%# GetChildRelation(Container.DataItem, "Question_Answer")%>'>
                                <ItemTemplate>
                                   Answer: <b><%# DataBinder.Eval(Container.DataItem, "Text") %></b> <%# DataBinder.Eval(Container.DataItem, "correct") %><br />
                                </ItemTemplate>
                            </asp:Repeater>
                        </ItemTemplate>
                    </asp:Repeater>
                </ItemTemplate>
            </asp:Repeater>

If you are having problems with button events not firing, make sure to EnableViewState.
Default.aspx.cs


    private void BindrTests()
    {
        rTests.DataSource = GetTestQuestionsAndAnswers();
        rTests.DataBind();
    }

    protected DataView GetChildRelation(object dataItem, string relation)
    {
        DataRowView drv = dataItem as DataRowView;
        if (drv != null)
            return drv.CreateChildView(relation);
        else
            return null;
    }

    public static DataSet GetTestQuestionsAndAnswers()
    {
            string strConn = System.Configuration.ConfigurationManager.ConnectionStrings["Training"].ToString();
            string strSql = "SELECT Tests.Ident, Tests.Name, Tests.Passing_Score FROM [Training].[dbo].Tests; " +
	                        "SELECT Test_Questions.Ident, Test_Questions.Test_Ident, Test_Questions.text FROM [Training].[dbo].Test_Questions; " +
                    		"SELECT Test_Answers.Ident, Test_Answers.Question_Ident, Test_Answers.text, Test_Answers.correct FROM [Training].[dbo].Test_Answers";
            SqlConnection conn = new SqlConnection(strConn);
            SqlDataAdapter da = new SqlDataAdapter(strSql, conn);
            da.TableMappings.Add("Tests1", "Test_Questions");
            da.TableMappings.Add("Tests2", "Test_Answers");
            DataSet dsQandA = new DataSet();
            da.Fill(dsQandA, "Tests");
            dsQandA.Relations.Add("Test_Question", dsQandA.Tables["Tests"].Columns["Ident"], dsQandA.Tables["Test_Questions"].Columns["Test_Ident"]);
            dsQandA.Relations[0].Nested = true;
            dsQandA.Relations.Add("Question_Answer", dsQandA.Tables["Test_Questions"].Columns["Ident"], dsQandA.Tables["Test_Answers"].Columns["Question_Ident"]);
            dsQandA.Relations[1].Nested = true;
            return dsQandA;
    }

ASP.Net C# Format Javascript Delete Confirmation Alert Containing Apostrophes

How to format a javascript delete confirmation alert with text containing apostrophes.

ASP.Net Button with OnClientClick

<asp:Button ID="Delete" runat="server" Text="Delete" OnClick="Delete_Function" OnClientClick='<%# FormatDeleteAlert() %>' CssClass="buttonText" />

Javascript Alert Function

protected string FormatDeleteAlert()
{
  string lineitem = "";
  lineitem = Eval("ItemName").ToString().Replace("'", "\\'");
  StringBuilder sConfirm = new StringBuilder();
  sConfirm.Append("return confirm('Are you sure you want to delete " + lineitem + "?');");
  return sConfirm.ToString();
}

CA2100: Review SQL queries for security vulnerabilities

Found here: http://msdn.microsoft.com/en-us/library/ms182310.aspx

This rule assumes that the string argument contains user input. A SQL command string that is built from user input is vulnerable to SQL injection attacks. In a SQL injection attack, a malicious user supplies input that alters the design of a query in an attempt to damage or gain unauthorized access to the underlying database. Typical techniques include injection of a single quotation mark or apostrophe, which is the SQL literal string delimiter; two dashes, which signifies a SQL comment; and a semicolon, which indicates that a new command follows. If user input must be part of the query, use one of the following, listed in order of effectiveness, to reduce the risk of attack.

•Use a stored procedure.

•Use a parameterized command string.

•Validate the user input for both type and content before you build the command string.

The following example shows a method, UnsafeQuery, that violates the rule and a method, SaferQuery, that satisfies the rule by using a parameterized command string.

using System;
using System.Data;
using System.Data.SqlClient;

namespace SecurityLibrary
{
   public class SqlQueries
   {
      public object UnsafeQuery(
         string connection, string name, string password)
      {
         SqlConnection someConnection = new SqlConnection(connection);
         SqlCommand someCommand = new SqlCommand();
         someCommand.Connection = someConnection;

         someCommand.CommandText = "SELECT AccountNumber FROM Users " +
            "WHERE Username='" + name + 
            "' AND Password='" + password + "'";

         someConnection.Open();
         object accountNumber = someCommand.ExecuteScalar();
         someConnection.Close();
         return accountNumber;
      }

      public object SaferQuery(
         string connection, string name, string password)
      {
         SqlConnection someConnection = new SqlConnection(connection);
         SqlCommand someCommand = new SqlCommand();
         someCommand.Connection = someConnection;

         someCommand.Parameters.Add(
            "@username", SqlDbType.NChar).Value = name;
         someCommand.Parameters.Add(
            "@password", SqlDbType.NChar).Value = password;
         someCommand.CommandText = "SELECT AccountNumber FROM Users " + 
            "WHERE Username=@username AND Password=@password";

         someConnection.Open();
         object accountNumber = someCommand.ExecuteScalar();
         someConnection.Close();
         return accountNumber;
      }
   }

   class MalaciousCode
   {
      static void Main(string[] args)
      {
         SqlQueries queries = new SqlQueries();
         queries.UnsafeQuery(args[0], "' OR 1=1 --", "anything");
         // Resultant query (which is always true):  
         // SELECT AccountNumber FROM Users WHERE Username='' OR 1=1

         queries.SaferQuery(args[0], "' OR 1 = 1 --", "anything");
         // Resultant query (notice the additional single quote character): 
         // SELECT AccountNumber FROM Users WHERE Username=''' OR 1=1 --' 
         //                                   AND Password='anything'
      }
   }
}

Adding JavaScript to Execute on SharePoint Page’s Body Onload Event

The SharePoint master page contains the <body> element.

SharePoint provides the “_spBodyOnLoadFunctionNames” array.

When the SharePoint page’s body is loaded, the onload event handler executes each function whose name is contained in this array.

You can add “ MyFunctionName” to the array and it will run when the body’s onload event fires.

<script language="javascript">
_spBodyOnLoadFunctionNames.push("MyFunctionName");
function MyFunctionName()
 {
 // Code
 }
 </script>

http://blogs.msdn.com/b/sharepointdesigner/archive/2007/06/13/using-javascript-to-manipulate-a-list-form-field.aspx