Office SharePoint Server 2007 up on MSDN downloads

Office SharePoint Server 2007 Enterprise/Standard [617 MB] and Office SharePoint Server 2007 [485 MB] for Search (Enterprise/Standard) are now available on MSDN Downloads

Sending html+text emails with System.Net.Mail

There's something about the new System.Net.Mail classes that has been annoying the hell out of me. I appreciate that the API is more complete and that I can finally send emails with embedded images, but there's something that it does less well.

What annoys me is that System.Web.Mail (or more specifically, the COM objects it was using) automatically generated me a text version of my HTML email. Granted the text version was terrible, but it was a text version nonetheless.

I know I can add alternate views to my email for HTML/text, but I use Serialization/Xslt to manage my emails and I don't want to maintain two separate Xslt's just so I can have a text version of an email.

The result? I've had to integrate support to my TranformMailer<> generic class to create a text version of an HTML email. I'll post TransformMailer<> once I've cleaned it up a bit.

XPath Test Utility

I'm working on a project that requires large XML documents and complex XPath queries. When I looked around online, I couldn't find any decent .NET oriented XPath test utilities. And so, I wrote this.

XPathTest.exe is a command line utility lets you do the following:

• Load XML Documents
• Move the 'current' node to the first match of an XPath query
• Display the results of an XPath query
• Add custom XML namespace prefixes (although the namespaces from the document are extracted automatically)

It's not perfect and it's only a few hours work, but I find it useful. I'll try to put the source code up as soon as I can.

Download XPathTest.exe (v0.1)

Windows Vista RTM available on MSDN

Windows Vista (x86 and x64) is finally available on MSDN downloads. Go get it!

No HTTPS = No CardSpaces

It was like I was back in my first days of programming more than 10 years ago; I tried to implement CardSpaces on a sample page and nothing would work like it should. I click a button and the form submits without loading the CardSpaces selector. I even copied the HTML from a working sample into my own, and STILL no CardSpaces love.

HTTPS...

Yeah, without HTTPS the CardSpaces UI will not show at all. Honestly guys, would adding a "The CardSpaces internet explorer plugin could not initialize because the connection was not secured" message have been that hard?

Even worse, my dodgy OpenSSL-generated certificate does not appear to be good enough:

Now, I know there is a debug mode for developing a relying party without having to buy an IIS cert for my development machine. There IS a debug mode, right Microsoft? RIGHT!?

Looking at CardSpaces

I've started looking at CardSpaces. It's pretty cool; it enables us to get rid of usernames/passwords without Microsoft owning your data (like passport). It's a completely open standard that anyone can implement, and there are already examples in PHP and other non-Microsoft languages/platforms.

Basically an Identity Provider (eg. Google, Live ID, Commonwealth Bank, Government) can issue you a Card which claims a certain aspect of your identity. When a Relying Party (read: your website) needs to be sure of an aspect of the user's identity, they ask for a card. Specifically, a list of required and optional "claims" (firstname/lastname/date of birth/favourite colour) is supplied, as well as the "token format" (the format in which the claims should be serialised). The information card selector (CardSpaces on Windows) then filters valid cards and allows the user to select one.

If the information is as simple as the user's surname, the site will accept a self-issued (user created) card with that information. If self-issued is not good enough, say for proving the user's age, the site may require a Managed Key. For example, a movie trailer rated MA or R can force you to supply a card that proves that you are over 15/18, which your government might supply to you when you reach that age.

The claims are specified using fully qualified names (ie. with namespaces). Microsoft have a created a few already for the obvious items (like the ones above), but you DONT have to use them. If you create your own firstname claim, like http://schemas.richardszalay.com/identity/2006/firstname, any identity providers would need to know about it. This is really only recommended if your company/website is the identity provider as well as the relying party.

Another case is a site can ask for your firstname/lastname/email address so that you can access the forums. If the card is self-issued, you are sent a confirmation email with a link to activate your email address. If the card is managed (like a Hotmail card), then this step is skipped because Hotmail is vouching for the valid email address. Cards re-validate with their Identity Provider when used, which means you can cancel a card and it will be unusable, just like a credit card.

I have mucked around with the implementation side of a relying party a little and I'll post about it a bit later.