To geek, or not to geek...

Like most of the computer-obsessed friends that I hang out with, I am often called a geek by the non-techie types that I have to interact with. (That list of non-techies includes my wife, by the way. ;-])

I wondered if that was a label that I should wear with pride, then I saw a great quote the other day:

"A Geek is someone who is passionate about some particular area or subject, often an obscure or difficult one."

Given my over-interest in computers, maybe the "Geek" title fits.

When discussing several subjects with some other geeks the other day, one of my friends asked, "Is it possible that there is anything that you're not a geek in?"

I had to give that some thought, but then I replied, "Shoes."

To be honest, I wear a set of sneakers just about everywhere. I wouldn't know a good set of dress shoes if they snuck up behind me and kicked me in the rear.

Maybe that's why I have such a hard time understanding why my wife owns 40 pairs of shoes... To me, I figure what's the point?

To be honest, I actually do own a couple of other pairs of shoes, but my wife bought them for me. When all is said and done, all I ever wear is the sneakers. (Even to church... ;-])

I think my wife buys my other shoes for me in the hopes that I will either: 1) empathize with her plight, 2) convert to the dark side, or 3) develop some form of shoe-fetish gland. I think the fact that I work for Microsoft has still escaped her.

I've told my daughters that I'm making them a simple deal: I'll wear a tuxedo for their weddings. If I foot the bill for the wedding, then I'm wearing sneakers with the tux. If they pay for their own wedding, then I'll wear whatever shoes they like.

Seems fair to me.  ;-]

But the question remains, am I a socially hopeless cause? I hope not. (After all, I do get out a lot.)

Am I a geek? Hmm... I guess I should consider the old adage:

"If the shoe fits..."

Well, you know the rest. ;-]

Updating several IP addresses using ADSI

(Note: I had originally posted this information on a blog that I kept on http://weblogs.asp.net, but it makes more sense to post it here. [:)] )

Like many web programmers, I host several hobby web sites for fun. (They make a wonderful test bed for new code. ;-] )

And like many computer enthusiasts, I sometimes change my ISP for one reason or another. If you are hosting web sites in a similar situation, I’m sure that you can identify the pain of trying to manually update each old IP address to your new IP address. This situation can be made even more difficult when any number of your web sites are using several host headers because the user interface for the IIS administration tool only lists the first host header. This means that you have to manually view the properties for every site just to locate the IP addresses that you are required to change.

Well, I'm a big believer in replacing any repetitive task with code when it is possible, and a recent change of ISP provided just the right level of inspiration for me to write a simple Active Directory Service Interfaces (ADSI) script that locates IP addresses that have to be changed and updates them to their new values.

To use the example script, I would first suggest that you make a backup copy of your metabase. (The script works fine, but it is always better to have a backup. ;-] ) As soon as your metabase has been backed up, copy the example script into notepad or some other text editor, update the old and new IP addresses that are defined as constants, and then run the script.

Option Explicit
On Error Resume Next
 
Dim objIIS
Dim objSite
Dim varBindings
Dim intBindings
Dim blnChanged
 
Const strOldIP = "10.0.0.1"
Const strNewIP = "192.168.0.1"
 
Set objIIS = GetObject("IIS://LOCALHOST/W3SVC")
 
If (Err <> 0) Then
  WScript.Echo "Error " & Hex(Err.Number) & "(" & _
    Err.Description & ") occurred."
  WScript.Quit
Else
  For Each objSite In objIIS
    blnChanged = False
    If objSite.class = "IIsWebServer" Then
      varBindings = objSite.ServerBindings
      For intBindings = 0 To UBound(varBindings)
        If InStr(varBindings(intBindings),strOldIP) Then
          blnChanged = True
          varBindings(intBindings) = Replace(varBindings(intBindings),strOldIP,strNewIP)
        End If
      Next
    End If
    If blnChanged = True Then
      objSite.ServerBindings = varBindings      
      objSite.Setinfo
    End If
  Next
End If
MsgBox "Finished!"

That’s all for now. Happy coding!

Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

Merry Christmas 2005!

Okay, it's a couple of days late because I took the past few days off to celebrate Christmas with my family, but I wanted to make sure that I wished everyone a Merry Christmas...! [:)]

Веселое Рождество!

Christmas Alegre!

¡Feliz Navidad!

Frohe Weihnachten!

Joyeux Noël!

Καλά Χριστούγεννα!

Natale allegro!

Vrolijke Kerstmis!

Converting NCSA log files to W3C format

One of the great utilities that ships with IIS is the CONVLOG.EXE application, which converts W3C or MS Internet Standard log files to NCSA format, where they can be processed by any of the applications that only parse NCSA log file information. The trouble is, what happens when you already have NCSA log files and you want W3C log files? You can't use the CONVLOG.EXE application, it only works in the opposite direction.

With that in mind, I wrote the following Windows Script Host (WSH) script that will read the current directory and convert all NCSA-formatted log files to W3C format. To use this code, just copy the code into notepad, and save it with a ".vbs" file extension on your system. To run it, copy the script to a folder that contains NCSA log files, (named "nc*.log"), then double-click it.

Option Explicit

Dim objIISLog
Dim objFSO
Dim objFolder
Dim objFile
Dim objOutputFile
Dim strInputPath
Dim strOutputPath
Dim strLogRecord

Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")

Set objFolder = objFSO.GetFolder(".")

For Each objFile In objFolder.Files

 strInputPath = LCase(objFile.Name)

 If Left(strInputPath,2) = "nc" And Right(strInputPath,4) = ".log" Then

  strOutputPath = objFolder.Path & "\" & "ex" & Mid(strInputPath,3)
  strInputPath = objFolder.Path & "\" & strInputPath

  Set objIISLog = CreateObject("MSWC.IISLog")
  objIISLog.OpenLogFile strInputPath, 1, "", 0, ""
  Set objOutputFile = objFSO.CreateTextFile(strOutputPath)

  objIISLog.ReadLogRecord

  objOutputFile.WriteLine "#Software: Microsoft Internet Information Services 5.0"
  objOutputFile.WriteLine "#Version: 1.0"
  objOutputFile.WriteLine "#Date: " & BuildDateTime(objIISLog.DateTime)
  objOutputFile.WriteLine "#Fields: date time c-ip cs-username s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status cs(User-Agent)"

  Do While Not objIISLog.AtEndOfLog

   strLogRecord = BuildDateTime(objIISLog.DateTime)
   strLogRecord = strLogRecord & " " & FormatField(objIISLog.ClientIP)
   strLogRecord = strLogRecord & " " & FormatField(objIISLog.UserName)
   strLogRecord = strLogRecord & " " & FormatField(objIISLog.ServerIP)
   strLogRecord = strLogRecord & " " & FormatField(objIISLog.ServerPort)
   strLogRecord = strLogRecord & " " & FormatField(objIISLog.Method)
   strLogRecord = strLogRecord & " " & FormatField(objIISLog.URIStem)
   strLogRecord = strLogRecord & " " & FormatField(objIISLog.URIQuery)
   strLogRecord = strLogRecord & " " & FormatField(objIISLog.ProtocolStatus)
   strLogRecord = strLogRecord & " " & FormatField(objIISLog.UserAgent)
   objOutputFile.WriteLine strLogRecord

   objIISLog.ReadLogRecord

  Loop

  objIISLog.CloseLogFiles 1
  objIISLog = Null
 
 End If

Next

Function FormatField(tmpField)
 On Error Resume Next
 FormatField = "-"
 If Len(tmpField) > 0 Then FormatField = Trim(tmpField)
End Function

Function BuildDateTime(tmpDateTime)
 On Error Resume Next
 tmpDateTime = CDate(tmpDateTime)
 BuildDateTime = Year(tmpDateTime) & "-" & _
  Right("0" & Month(tmpDateTime),2) & "-" & _
  Right("0" & Day(tmpDateTime),2) & " " & _
  Right("0" & Hour(tmpDateTime),2) & ":" & _
  Right("0" & Minute(tmpDateTime),2) & ":" & _
  Right("0" & Second(tmpDateTime),2)
End Function

I hope this helps!

Domestic Terrorists Come in Many Forms

As an honorably-discharged veteran, it should come as no surprise that an opinion piece with a title of "Why America needs to be Defeated in Iraq" would catch my attention. When I first read this ludicrous pile of drivel from a gentleman whom I shall henceforth refer to as "Mr. Whit," I was merely offended. His errant ramblings seemed to be another entry in a long line of deranged brain dumps from scores of deranged imbeciles that I seemed to discover whenever I ventured into another dark corner within the vast wastelands of west coast propaganda. I lived in Seattle for a decade or so, and I've seen this type of close-minded lunacy before. To paraphrase the Bard, the author of that particular op-ed, Mr. Whit, has no more intelligence in him than in a stewed prune. (Methinks he doth possess a great deal less.)

After a bit of time had passed, I pondered more about the context of Mr. Whit's article, and I was appalled by the abhorrent vulgarity of what his brief manifesto actually represents: Mr. Whit is a US Citizen who is outspoken and unapologetic about his desire that some form of harm should come to other US citizens. That admission makes him, using today's parlance, a domestic terrorist. Plain and simple. When one American's wish is that other Americans must suffer in order to make a political point, then that American is no better than the abomination that was Timothy McVeigh. After all, the late Mr. McVeigh only wanted to make a political statement when he and his accomplice bombed the Federal Building in Oklahoma City, right?

Mr. McVeigh's vicious manifestation of domestic terrorism was responsible for the deaths of 168 innocent men, women, and children. However, for Mr. McVeigh, those people's fates were secondary to his cause. He believed that his principles were more important than his victims' lives. In the same way, Mr. Whit regards his self-appointed role as an oracle of truth as more beneficial to society than the meager value of average peasants, and therefore he believes that he has the right to condemn other lives to death in order to satisfy his misguided philosophies. The fates of those whom Mr. Whit would send to their graves are secondary to his gargantuan ego, and their lives are worth less than his sanctimonious convictions.

On the one hand, Mr. Whit accuses the US government of believing that "might is right" when it decides who gets to live or die, while on the other hand he freely chooses (from the sanctity of his word-processor) who else gets to live or die. Like Mr. McVeigh before him, Mr. Whit's deplorable appetite for others to suffer for his wretched aberration of morality is fully-vindicated within the boundaries of his twisted, little worldview. I am sure that somewhere inside his hollow, rat-infested cranium, Mr. Whit believes that the "ends justify the means." However, Mr. Whit doesn't have to face the consequences of his brain-dead decrees, whereas the innocent lives that he has condemned to death and their unfortunate families are left to suffer.

History has had more than its fair share of sociopaths who fail to take responsibility for their murderous actions, and Mr. Whit follows their example to the letter when he wishes death upon US troops while skirting away from any personal culpability by laying the blame for their deaths on the government. What Mr. Whit does not realize is that he doesn't get to have it both ways; he cannot pronounce a death sentence on others without being found guilty for his own crimes. He cannot claim that our government is guilty of terrorism, then advocate for the deaths of other US citizens and not be found guilty of his own brand of repugnant and unctuous terrorism. His self-righteous delusions do not grant him the title of judge, jury, or executioner.

It is ironic that short-sighted morons like Mr. Whit are quick to exercise their first amendment right to freedom of speech, while overlooking the sacrifices that were made on his behalf in order to guarantee his right to speak his mind without fear of reprisal. Long before Mr. Whit's feckless mortal coil ventured forth upon the country that he despises and condemns, the same sort of men and women on whom he passes his misguided judgment fought and died so that he might one day have the freedom to spit on their collective memories. Liberals like Mr. Whit never seem to realize that no one can have freedom in this world unless someone is willing to fight for it. It is clear that Mr. Whit will never personally fight for his freedom; he will continue to sit in the shadows and dispatch his putrid, little missives whenever a contrary wind ruffles his delicate feathers.

To be clear, I do not mind when someone exercises their freedom of speech. I do not mind when someone protests the war. (I have my own misgivings about the directions we are taking - or not taking.) I do not mind when someone calls the President a "war-monger." I do not mind when someone wants our troops out of the Middle East, and organizes a "million-man-march" on the capitol to demand that Congress should bring our brave men and women home. When you get right down to it, I do not mind when someone informs me that something I believe to be right or wrong might be true or false.

However, I damn sure mind when some hypocritical, warthog-faced buffoon signs a death warrant for members of our country's armed forces from the safe haven of his computer keyboard, tucked safely away in an office where no harm will come to him. And yet, despite my personal loathing for Mr. Whit, and in deference to my belief that simpletons like Mr. Whit are utterly useless to society, I do not wish that any harm should come to him. I served in our nation's armed forces so that even a miserable, vomitus mass like Mr. Whit has the right to share his pathetic sentiments in a public forum. And to be honest, if push came to shove, I would do so again. And this is the paradox that makes our country great: the strong and the brave will thanklessly sacrifice their personal safety to fight and defend the rights of the weak and ungrateful cowards who condemn them.

I'll get off my soapbox now.


UPDATE: This post is one of several that I had written, which I later discovered had never been set to "public."

IIS 6: Listing the Host Headers of all Web Sites using ADSI

Note: I originally wrote the following script for a friend, but as every good programmer often does, I kept the script around because I realized that it could come in handy. I've found myself using the script quite often with several of the servers that I manage, so I thought that I'd share it here.

When managing a large web server with dozens of web sites, it's hard to keep track of all the host headers that you have configured in your settings. With that in mind, I wrote the following script that lists the host headers that are assigned on an IIS web server. To use the example script, copy the script into notepad or some other text editor, save it to your server as "HostHeaders.vbs", and then double-click the script to run it. The script will create a text file named "HostHeaders.txt" that contains all the host headers listed by site for your server.

Option Explicit
On Error Resume Next

Dim objBaseNode, objChildNode
Dim objBindings, intBindings
Dim objFSO, objFile, strOutput

' get a base object
Set objBaseNode = GetObject("IIS://LOCALHOST/W3SVC")
Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile("HostHeaders.txt")

' check if we have an error ...
If (Err.Number <> 0) Then

' ... and output the error.
strOutput = "Error " & Hex(Err.Number) & "("
strOutput = strOutput & Err.Description & ") occurred."

' ... otherwise, continue processing.
Else

' loop through the child nodes
For Each objChildNode In objBaseNode

' is this node for a web site?
If objChildNode.class = "IIsWebServer" Then

' get the name of the node
strOutput = strOutput & "LM/W3SVC/" & _
objChildNode.Name

' get the server comment
strOutput = strOutput & " (" & _
objChildNode.ServerComment & ")" & vbCrLf
' get the bindings
objBindings = objChildNode.ServerBindings
' loop through the bindings
For intBindings = 0 To UBound(objBindings)
strOutput = strOutput & vbTab & _
Chr(34) & objBindings(intBindings) & _
Chr(34) & vbCrLf
Next
End If
' try not to be a CPU hog
Wscript.Sleep 10
Next
End If
objFile.Write strOutput
objFile.Close
Set objBaseNode = Nothing
Set objFSO = Nothing

If you feel adventurous, you could easily modify the script to return the text in a tab-separated or comma-separated format.

Enjoy!

Listing the Host Headers of all Web Sites using ADSI

Note: I originally wrote the following script for a friend, but as every good programmer often does, I kept the script around because I realized that it could come in handy. I've found myself using the script quite often with several of the servers that I manage, so I thought that I'd share it here.

When managing a large web server with dozens of web sites, it's hard to keep track of all the host headers that you have configured in your settings. With that in mind, I wrote the following script that lists the host headers that are assigned on an IIS 6.0 web server. To use the example script, copy the script into notepad or some other text editor, save it to your server as "HostHeaders.vbs", and then double-click the script to run it. The script will create a text file named "HostHeaders.txt" that contains all the host headers listed by site for your server.

Option Explicit
On Error Resume Next
Dim objBaseNode, objChildNode
Dim objBindings, intBindings
Dim objFSO, objFile, strOutput
' get a base object
Set objBaseNode = GetObject("IIS://LOCALHOST/W3SVC")
Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile("HostHeaders.txt")
' check if we have an error ...
If (Err.Number <> 0) Then
' ... and output the error.
strOutput = "Error " & Hex(Err.Number) & "("
strOutput = strOutput & Err.Description & ") occurred."
' ... otherwise, continue processing.
Else
' loop through the child nodes
For Each objChildNode In objBaseNode
' is this node for a web site?
If objChildNode.class = "IIsWebServer" Then
' get the name of the node
strOutput = strOutput & "LM/W3SVC/" & _
objChildNode.Name
' get the server comment
strOutput = strOutput & " (" & _
objChildNode.ServerComment & ")" & vbCrLf
' get the bindings
objBindings = objChildNode.ServerBindings
' loop through the bindings
For intBindings = 0 To UBound(objBindings)
strOutput = strOutput & vbTab & _
Chr(34) & objBindings(intBindings) & _
Chr(34) & vbCrLf
Next
End If
' try not to be a CPU hog
Wscript.Sleep 10
Next
End If
objFile.Write strOutput
objFile.Close
Set objBaseNode = Nothing
Set objFSO = Nothing

If you feel adventurous, you could easily modify the script to return the text in a tab-separated or comma-separated format.

Enjoy!

Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

Updating several IP addresses using ADSI

Like many web programmers, I host several hobby web sites for fun. (They make a wonderful test bed for new code. ;-] )

And like many computer enthusiasts, I sometimes change my ISP for one reason or another. If you are hosting web sites in a similar situation, I'm sure that you can identify the pain of trying to manually update each old IP address to your new IP address. This situation can be made even more difficult when any number of your web sites are using several host headers because the user interface for the IIS 6.0 administration tool only lists the first host header. This means that you have to manually view the properties for every site just to locate the IP addresses that you are required to change.

Well, I'm a big believer in replacing any repetitive task with code when it is possible, and a recent change of ISP provided just the right level of inspiration for me to write a simple Active Directory Service Interfaces (ADSI) script that locates IP addresses that have to be changed and updates them to their new values.

To use the example script, I would fist suggest that you make a backup copy of your metabase. (The script works fine, but it is always better to have a backup. ;-] ) As soon as your metabase has been backed up, copy the example script into notepad or some other text editor, update the old and new IP addresses that are defined as constants, and then run the script.

Option Explicit
On Error Resume Next
Dim objIIS
Dim objSite
Dim varBindings
Dim intBindings
Dim blnChanged
Const strOldIP = "10.0.0.1"
Const strNewIP = "192.168.0.1"
Set objIIS = GetObject("IIS://LOCALHOST/W3SVC")
If (Err <> 0) Then
WScript.Echo "Error " & Hex(Err.Number) & "(" & _
Err.Description & ") occurred."
WScript.Quit
Else
For Each objSite In objIIS
blnChanged = False
If objSite.class = "IIsWebServer" Then
varBindings = objSite.ServerBindings
For intBindings = 0 To UBound(varBindings)
If InStr(varBindings(intBindings),strOldIP) Then
blnChanged = True
varBindings(intBindings) = Replace(varBindings(intBindings),strOldIP,strNewIP)
End If
Next
End If
If blnChanged = True Then
objSite.ServerBindings = varBindings
objSite.Setinfo
End If
Next
End If
MsgBox "Finished!"

That's all for now. Happy coding!

Note: This blog was originally posted at http://blogs.msdn.com/robert_mcmurray/

FrontPage and Text File Databases

Summary

This article discusses how to use a SCHEMA.INI file to access information that is stored in various text file databases.


More Information

Start a blank SCHEMA.INI file
  1. Open a Web in FrontPage 2003 using HTTP
  2. Start a new text file
    1. Click File -> New
    2. Click "Text file" on the Task Pane
    3. Save the file as "_private/schema.ini"
  3. Close the text file
Add a database connection for text file databases
  1. Click Tools -> Site Settings
  2. Click the "Database" tab
  3. Click the "Add" button
  4. Name the connection "TEXTFILES"
  5. Choose "File or folder in current web site"
  6. Click the "Browse" button
    1. Double-click the "_private" folder
    2. Choose "Microsoft Text Driver (*.txt; &.csv)" as the file type
    3. Click "OK" to close the dialog
  7. Click "OK" to close the database connection dialog
  8. Click "OK" to close the site settings dialog
Using a Comma-Separated Value file
  1. If not already open, open the Web form earlier in FrontPage 2003 using HTTP
  2. Start a new page
  3. Save the page as "CSVTEST.htm" in the root of your web site
  4. Insert a form on the page:
    1. Click Insert -> Form -> Textbox
    2. Right-click the form and select "Form Field Properties"
    3. Name the field "Name"
    4. Click "OK" to close the text box properties dialog
    5. Right-click the form and select "Form Properties"
    6. Click the "Options" button
    7. Specify "_private/CSVTEST.csv" as the output path
    8. Choose "Text database usign comma as a separator"
    9. Make sure that the "Include field names" box is checked
    10. Click the "Save Fields" tab
    11. Check the boxes for "Remote computer name", "Browser type", and "Username"
    12. Specify a format for both the date and time
    13. Click "OK" to close the options dialog
    14. Click "OK" to close the form properties
  5. Save and close the page
  6. Preview the page in your browser and submit several data items
  7. Open the "_private/schema.ini" file from earlier
  8. Enter the following information:
    [CSVTEST.csv]
    ColNameHeader=True
    MaxScanRows=25
    Format=CSVDelimited
    CharacterSet=ANSI
  9. Save and close the "_private/schema.ini" file
  10. Start a new page
  11. Insert a database results region on the page:
    1. Click Insert -> Database -> Results
    2. Choose "TEXTFILES" for the connection and click "Next"
    3. Choose "CSVTEST.csv" for the record source and click "Next"
    4. Click "Next"
    5. Choose "Table - one record for row" and click "Next"
    6. Click "Finish"
  12. Save the page as "CSVTEST.asp" in the root of your web site
Using a Tab-Separated Value file
  1. If not already open, open the Web form earlier in FrontPage 2003 using HTTP
  2. Start a new page
  3. Save the page as "TABTEST.htm" in the root of your web site
  4. Insert a form on the page:
    1. Click Insert -> Form -> Textbox
    2. Right-click the form and select "Form Field Properties"
    3. Name the field "Name"
    4. Click "OK" to close the text box properties dialog
    5. Right-click the form and select "Form Properties"
    6. Click the "Options" button
    7. Specify "_private/TABTEST.txt" as the output path
    8. Choose "Text database usign tab as a separator"
    9. Make sure that the "Include field names" box is checked
    10. Click the "Save Fields" tab
    11. Check the boxes for "Remote computer name", "Browser type", and "Username"
    12. Specify a format for both the date and time
    13. Click "OK" to close the options dialog
    14. Click "OK" to close the form properties
  5. Save and close the page
  6. Preview the page in your browser and submit several data items
  7. Open the "_private/schema.ini" file from earlier
  8. Enter the following information:
    [TABTEST.txt]
    ColNameHeader=True
    MaxScanRows=25
    Format=TabDelimited
    CharacterSet=ANSI
  9. Save and close the "_private/schema.ini" file
  10. Start a new page
  11. Insert a database results region on the page:
    1. Click Insert -> Database -> Results
    2. Choose "TEXTFILES" for the connection and click "Next"
    3. Choose "TABTEST.txt" for the record source and click "Next"
    4. Click "Next"
    5. Choose "Table - one record for row" and click "Next"
    6. Click "Finish"
  12. Save the page as "TABTEST.asp" in the root of your web site

References

The following articles discuss the SCHEMA.INI format and related concepts in detail; MSDN keeps rearranging their hyperlinks, so hopefully they are still live:

How to enable or change multiple FrontPage/ASP.NET database editor users

Behavior/Symptoms

When you create a database editor using the FrontPage 2003 ASP.NET Database Interface Wizard (DIW), you are prompted to create a user account for editing the database. After running the wizard, there is no interface for changing the user or password, and there is no provision for adding more than one user account as an editor.


Cause

This behavior is by design. The user account specified when created the DIW pages is hard-coded into the "web.config" files used by the database editor.


Workaround

To resolve this issue, you can modify the necessary "web.config" files to modify or add users.

When creating the database editor, FrontPage 2003 creates two "web.config" files, one will be in the root of the site, and the other will be in the folder containing the database editor. Currently, ASP.NET Security supports the MD5 and SHA-1 hash algorithms when configuring any user accounts in your "web.config" files for use with forms-based authentication. FrontPage 2003 creates user account information using the SHA-1 hash algorithm, but this article will explain how to customize that.

To modify or add users, use the following steps:

  1. Open the web site where you have used FrontPage 2003's Database Interface Wizard (DIW) to create an ASP.NET Database Editor.
  2. Open the "web.config" file in the root folder of your web site.
  3. Locate the section that resembles the following:
    <authentication mode="Forms">
      <forms loginUrl="login.aspx">
        <credentials passwordFormat="SHA1">
           <user name="msbob" password="21BD12DC183F740EE76F27B78EB39C8AD972A757"/>
        </credentials>
      </forms>
    </authentication>
  4. As previously mentioned, ASP.NET Security supports clear text and the MD5 and SHA-1 hash algorithms when configuring user accounts. To change the security method to clear text, change the passwordFormat to "clear". For example:
    <credentials passwordFormat="Clear">
    NOTE - You could just as easily configure "MD5" for the passwordFormat.
  5. If you are configuring the passwordFormat as "SHA1" or "MD5", you can use the following sample code to create the password hashes:
    <html>
    <head>
    <title>MD5/SHA-1 Hash Generator</title>
    </head>
    <body>
    <h2>MD5/SHA-1 Hash Generator</h2>
    <%
    Dim strPassword As String = Request.Form("txtPassword")
    
    If Len(strPassword)>0 Then
    Dim objFormAuth As New System.Web.Security.FormsAuthentication()
    
    Dim strHashSHA1 As String = 
    objFormAuth.HashPasswordForStoringInConfigFile(strPassword, "SHA1")
    Dim strHashMD5 As String = 
    objFormAuth.HashPasswordForStoringInConfigFile(strPassword, "MD5")
    
    Response.Write("<p>Clear: " & strPassword & "</p>")
    Response.Write("<p>SHA-1: " & strHashSHA1 & "</p>")
    Response.Write("<p>MD5: " & strHashMD5 & "</p>")
    End If
    %>
    <form method="post">
    <input type="text" name="txtPassword">
    <input type="submit" value="Create Hashes">
    </form>
    </body>
    </html>
  6. Modify or remove the existing user account, which may resemble the following:
    <user name="msbob" password="21BD12DC183F740EE76F27B78EB39C8AD972A757"/>
  7. Add any aditional users as desired.
  8. The resulting credentials section of the "web.config" in the root of the web site may now resemble something like the following:
    <credentials passwordFormat="Clear">
      <user name="user1" password="Password1"/>
      <user name="user2" password="Password2"/>
      <user name="user3" password="Password3"/>
    </credentials>
  9. Save and close the "web.config" for the root folder of your web site.
  10. Open the "web.config" file in the "editor" folder of the ASP.NET database editor that you created in your web site. (For example, if you created a database editor for one of the tables in the built-in sample "Northwind" database, the default folder path from the root of your web site might resemble one of the following paths:
    • /Sample_interface/Categories/editor
    • /Sample_interface/Employees/editor
    • /Sample_interface/Products/editor
  11. Locate the section that resembles the following:
    <authorization>
      <allow users="msbob"/>
      <deny users="*"/>
    </authorization>
  12. Remove or add any users as desired, separating individual users with a comma for the delimiter.
  13. The resulting authorization section of the "web.config" in the "editor" folder for your database editor may now resemble something like the following:
    <authorization>
      <allow users="user1,user2,user3"/>
      <deny users="*"/>
    </authorization>
  14. Save and close the "web.config" in the "editor" folder for your database editor.

When you browse your database editor, you should now be able to enter the credentials for any user accounts that you created.


Additional Information

For additional information on ASP.NET Security and forms-based authentication, please see the following Microsoft Knowledge Base articles: