ASP:Menu control broken in Safari Browser in ASP 2.0

I recently built a shiny new web site using ASP.NET 2.0 and thought it was all finished until I looked at the home page in the Safari browser from an Apple Mac computer. The site uses the new asp:menu control and it looked horrid in Safari. There were actually bare html tags showing up on the top of the page!

At first I thought it had to either be my code or the data populating the menu that wasn’t compatible with Safari, but when I viewed the source of the page from within Safari I noticed that the html was totally different than the code that IE was getting. I knew that it wasn’t my code doing any kind of browser detection, so that meant that ASP.NET was dynamically generating incompatible code at run time. There was a lot more to the asp:menu control than I thought.

It turns out the asp:menu control is designed to be able to gracefully handle older browsers for you and do things like detect if the browser can’t support JavaScript and if so it will only generate html menus. So, that means that ASP.NET incorrectly thinks that Safari can’t handle the dynamic menus and is sending it downgraded code that renders like crap.

To fix this you are going to have to get your admin hat on because you need to edit some files in your %system% directory. Your web.config and machine.config files have sections called “Browser Caps” that define for it what browsers can do what. Starting with ASP.NET 2.0 the settings are also contained within files with the .browser extension that you can find at:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\Browsers

The browser caps sections are still supported for backward compatibility. The sections that affect the display of the asp:menu control for Safari are found in the mozilla.browser file in that directory. When looking through there I was confused at first because everything seemed to have sensible settings, but I finally found the culprit. Underneath this section:

<browser id=”Safari” parentID=”Gecko”>

You will find this little guy:

<controlAdapters>
    <adapter controlType=”System.Web.UI.WebControls.Menu” adapterType=”System.Web.UI.WebControls.Adapters.MenuAdapter” />
</controlAdapters>

Apparently the ASP.NET 2.0 menu control has a system of “adapters” that do the generation of the back-versioned code. I’m sure you can access and modify those adapters or create your own, but I haven’t bothered to research how to do it because I knew that the menu worked fine in Firefox and should be working fine in Safari, so I just removed the controlAdapter section from the Safari browser section of the config file. This will cause the behavior to be inherited from the parent, which in this case is Gecko which happens to be the same parent that Firefox inherits from in that file.

After removing that section there is one last step. Unlike the web.config, ASP.NET will not automatically read the changes to the .browser files and change the behavior of your web site. I tried bouncing IIS, as well as rebooting before doing a bit more research and finding out that there is an ASP utility called Aspnet_regbrowsers.exe that you need to run that will take those .browser files and compile them into a dll called ASP.BrowserCapsFactory.dll that gets placed in the same directory as the .browser files. The information also gets placed in the global assembly cache so you don’t have to bounce IIS in order to get the changes to take affect after running the tool. To compile the files issue the following command from a command prompt:

c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe -i

If you take another look in the Browsers folder you will see the addition of three files. BrowserCapsFactory.cs, ASP.BrowserCapsFactory.dll, and browserCaps.token. If you now try your page again in Safari you should see better results. Or at least I did.

This problem is a classic example of the hidden costs associated with developing with Microsoft software, and also a perfect example of the advantages of an open source community model. This whole system was designed by Microsoft so that developers could keep up with the mobile market that is rapidly changing and becoming increasingly online. At first they were going to keep the .browser files up to date but eventually didn’t want to keep up with all the changes so they just dropped it. The .browser files are sitting dormant, and if you are just now making the switch to ASP 2.0 from 1.1, the settings for Safari (and probably a lot of the other ones) are out of date before you even install the software. If this was an open source project, the community would be keeping them up to date. As soon as a new device or browser hit the market, the developers that had to code for it would be submitting the correct browser definition file for it.

Here is an official Microsoft statement about this:

Q: Why will Microsoft not provide device specific updates?

A: Our original plan was to provide regular updates, however, based on the evolution of the market we needed to change our approach in order to better address the rapid proliferation of different kinds of devices around the world…If customers would like assistance with building support we can put them in touch with 3rd party companies who specialize in mobile development with ASP.NET, or with Microsoft PSS.

Or in other words, do it yourself or pay someone else to do it. I bet your CTO didn’t cover that in his budget proposal!

TFS says I have files checked out, but there is nothing in my Pending Changes screen!

This is a “feature” of TFS that has bugged me a number of times, and it is much easier to avoid when you know you should be looking for it.

TFS uses a combination of your user name AND your computer name to track the status of files (pending changes, check-outs, etc). So here’s how this bit me. One day my development box died. Some kind of gnome ate my hard drive. Not a big deal right? That’s why the network has roaming profiles, and all of our current development work is stored in SQL thanks to TFS. I got a new box and eventually got logged back into TFS to continue working.

When I looked at my “Pending Changes” screen there was nothing listed. I thought that was odd because I knew I had some files checked out. I took a look in the source control explorer and saw that the files that I had been working on were STILL checked out by me, but they didn’t show in the pending changes screen. Odd. So I tried to check them out to work on them, and it wouldn’t let me! On my old box I had checked them out exclusively, and even though it showed my user name as having them checked out, it still didn’t let me get them. Grrr.

The only way I have found to solve this issue is to either log back in to the box that you had checked them out originally (obviously not an option in my case), or have the TFS admin delete the files. The admin tried to undo the checkout but it wouldn’t let them to that either. Deleting them worked however. Sigh. Fortunately TFS keeps the change history for deleted files too, so the code wasn’t lost.

TFS says the paths are “more than the allowed 260 characters”

For the unaware, TFS (Team Foundation Server) is Microsoft’s latest enterprise source control software. I’ve been on it since beta, and it’s still got some bugs and quirks, but it’s shaping up to be a great solution. It is build on a SQL server backend instead of access files, and will eventually replace Source Safe.

Shortly after I started using it I had this annoying little problem when trying to get latest on a folder full of code (Ironicly it was code provided to us by Microsoft, an SDK for software we were testing). It said to me that the paths are “more than the allowed 260 characters”. This can happen if your workspace is set up deep within a file structure which makes for a long path. The limitation is actually one with Windows, not with TFS, and there isn’t much you can do other than shortening up your path. Try changing your workspace to a simpler path.

In the Source Control Explorer, click on the “Workspace” dropdown and choose “Workspaces…”. In the “Manage Workspaces” window highlight the proper workspace and click “Edit”. In the “Edit Workspace ” window, in the “Working folders” panel, if the “Local Folder” looks something like this:C:\Documents and Settings\username\My Documents\Visual Studio 2005\Projects, Change it to be something like C:\code.

If that doesn’t fix the problem then you will need to edit the files in source control in order to shorten file names or simplify the file hierarchy. Perhaps this hard limit will be improved with Windows Vista.

Using SelfSSL to create your own SSL certificates for IIS 6

If you are developing a web site using ASP.NET or any other language being served by IIS, you will not be able to serve HTTPS pages unless you have an SSL certificate installed. Most companies pay good money to get certificates from places like Verisign or Thawte for their live production boxes, but for your development boxes which are safely tucked behind the corporate firewall it would be silly to pay the money for a full blown certificate. If you are a developer living under the tyranny that is Sarbanes-Oxley then you probably don’t have the option of just exporting the cert from your production box and importing a copy of it on your dev box, and if there are portions of your site such as the “my account” page that require a secure connection then you might find yourself unable to do your work without a certificate.

Some certificate vendors try to meet this need by selling “development” certificates for a lower price but if you are using IIS 6 you can generate your own certificates for this kind of situation using a little tool called SelfSSL from Microsoft.

SelfSSL is part of the Microsoft Internet Information Services (IIS) 6.0 Resource Kit which can be downloaded here.

To create a certificate, download and install the resource kit, making sure that SelfSSL was included in the list of items being installed. Once the installation is complete you can access SelfSSL by clicking on Start > Programs > IIS Resources > SelfSSL, and then click SelfSSL.

This will open a command prompt window. To see a list of command line options type SelfSSL /? and to install a certificate in the default web site type “Selfssl /T /V:365″, and then press ENTER. The /T option will add the certificate to your machine’s trusted certificates pool (which is a good idea), and the /V:365 is what specifies the length of time that the certificate will be valid. I don’t know if there is an upper limit to how long the cert can be valid, but I’ve tried it as high as 700 days and it still worked fine.

I said above that this method will install the cert in the default web site. It is more accurate to say that this will install the cert in the web site that has a Site ID number of 1. Before dealing with this utility I had never heard of any kind of Site ID before, and this gave me a lot of trouble. It turns out that this is a unique number that IIS uses behind the scenes to tell the different web sites apart. The number is assigned when you create the site and does not change. The default web site that comes pre-made with IIS has a Site ID of 1, but if you have deleted it, even if you create another one with the same name, it will not have the same ID.

That is exactly what happened to me. I had deleted the default site, and when I ran the SelfSSL tool using the command I gave above, it failed and said “Error opening site metabase key: 0×80070003″. After a while of pulling my hair out and finding nothing useful on Google, I figured out that the default site number of 1 didn’t exist anymore. I had five sites installed, so I tried using the /S switch to specify the site number and didn’t have any luck at all. I tried /S:2, /S:3, all the way up to twenty something and still couldn’t get it to work. I hunted all over the IIS manager tool and could not find anywhere that showed what the ID numbers were.

The answer, ironically, came from a utility contained within that same IIS resource kit that you have just installed! One of the other utilities is one called the IIS Metabase Explorer, and all the info is contained in there. Open it up and expand the LM node, then expand the W3SVC node, and you will see a list of the site IDs. In my case the ID was 1,169,018,952. It would have taken me quite a while to guess that one, huh? Once you know the ID you can go back to SelfSSL and use the /S switch to generate the cert for the correct site.

The IIS Metabase Explorer is actually a nifty little utility that I might eventually cover in another post.

Move an IIS 5 or 6 SSL certificate from one server to another

I’ve been continuously frustrated when working with the IIS tools for managing SSL certificates. There are issues when the two servers you are using are on different versions of Windows, or are on different Active Directory Domains. The best way that I have found to get around all of this is to export the certificate as a .pfx file and copy the file over to the other machine. This option can be hard to find because depending on how the cert was created and your version of Windows you may or may not have the option to export a .pfx from within the IIS admin tool.

There is a little known alternative method for exporting the SSL certificate that can help you get around these problems, so I’m going to give you a quick walkthrough tutorial about how to do this:

First, you will need to open the Certificates MMC snap-in. Click Start > Run and then type MMC and click Ok. Then click on File > Add/Remove Snap-in. In the window that pops up click on Add, and scroll down until you see the Certificates snap-in (not the Certificate Templates, or Certification Authority ones), then highlight it and click Add. A new window will ask you if you want to manage certificates for your user account, a service account, or the computer account. Choose Computer account and click Finish. Then click Close and Ok, etc. until you are back to the MMC main screen.

You will now see a tree menu that has Console Root at the top and “Certificates - Current User” beneath that. Beneath here you will see a number of folders. The certificate you are hoping to export could be in a number of places depending on your situation. The certs that I wanted to move were created by the Microsoft SelfSSL tool (which I will be covering in a later post) and they appeared under Trusted Root Certification Authorities > Certificates. Find the certificate you are looking for, right click and go to All Tasks > Export. You will be asked if you want to export the Private key, and you need to say yes in order to have a fully functioning cert on your new server that you want to serve web pages with. If the Yes option is ghosted out then that means that the MMC can’t find the private key. This happens with certs that you have installed from visiting web pages with Internet Explorer, and similar things. If the cert was one that you purchased from someone like Thawte or Verisign, or one that you created with SelfSSL it should be fine. After you click next it will ask you about the format you want to export. You want to choose .pfx, and make sure that Enable Strong Protection is checked and the other two are not. Click next, and it will ask you to choose a password. This is used to encrypt the cert, and you will be asked for this when you import the cert on the new machine. Enter a password and click next. Choose a file name and location and click next, then click Finish. If all goes well then you should see a pop up that says the export was successful.

Now use your favorite method to move the .pfx file over to the other server and use the IIS admin tool to import the key. Open the IIS manager, navigate to the web site that you want to import the cert into, right click and choose Properties, click on the Directory Security tab, click “Server Certificate…”, click next, choose Import a certificate from a .pfx file and click next, chose the path of the .pfx file that you copied over and click next, enter the password you choose when you exported it and click next, choose the port that IIS should use to serve SSL (this will almost always be 443) and click next, click next, click finished.

If this worked then when you go back to the “Directory Security” tab the “View Certificate” button will no longer be ghosted out. You can test to see of IIS is serving pages securely by opening up any web page in your site and add an “s” in front of the http. For example http://www.mysite.com/default.aspx would become https://www.mysite.com/default.aspx. If your browser shows the little lock icon (or whatever your particular browser shows for secure pages) then you are good to go. In Internet Explorer this will be near the bottom right of the browser window. If you mouse over the lock it should say “SSL Secured (128 bit)”, and if you double click on it, it should show you the details of the certificate that you installed on your server.

I hope that helps! In another article I’ll be explaining how you can create and install your own certificates for IIS using a tool called SelfSSL.

Happy Holidays!

Merry Christmas and happy holidays everyone!

I hope all your tech dreams have come true

iTunes 7 annoyance

The more I use iTunes, the more it bugs me. I’ve been in love with the program for some time now, and it’s just now starting to wane and I see more and more little quirks that really should have been ironed out by now.

The one that I’m ranting about today has to do with iTunes’ abilities as a podcatcher. It puts me in the situation of having to constantly babysit my feeds. This happens for a number of reasons, but the most common thing that I run into is the “feature” where it automatically stops downloading episodes of a podcast if you haven’t listened to them in a while.

This really sucks because I subscribe to about 50 podcasts and I go through periods where I get pretty backed up on my listening. But this isn’t always a bad thing, especially in the context of podiobooks because when I come back to it I can have 4 or 5 episodes to listen to right in a row. But when that happens, iTunes has decided to stop downloading them so instead of having them right there waiting for me on my iPod, I have to be constantly checking the feeds in iTunes to make sure that they haven’t been stopped. If I don’t then it takes me three times as long to download the episodes because I have to grab them all at once.

Knowing my luck there is a preference to turn this off and I just haven’t noticed it, but even if that’s the case, I still find this a dumb default behavior.

Windows Registry Description Missing

This is a little registry and event log issue that had me scratching my head before I finally figured it out.

I kept seeing messages like this one in my event log:

“The description for Event ID ( some number ) in Source ( some program ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: blah..blah…”

After that it would give a short line with a little bit of the kind of information that I would expect in an event log error.

What is happening here is that the sometimes the details of the errors that you see in an event log are actually stored in application’s dll on the system somewhere. You can see the message above if the event log viewer doesn’t have read access to that dll, or if the dlls don’t exist on the machine you are on.

For example, let’s say you have a server running MS SQL server and there are some event log errors you want someone to take a look at. You export the event log and send it to your co-worker to look at. The co-worker opens up the event viewer on their machine to take a look at the errors, but since they don’t have SQL Server installed locally, instead of the detailed error they just see “the description cannot be found”. The co-worker remembers he has access to a development SQL box so he copies the event log file over there and tries it again. Like magic, he can now see the full description of the errors!

There are other situations that can make this happen, but as far as I know this is the most common.

Caching and Performance With Commerce Server 2007

The starter site that Microsoft provides with the Commerce Server product is a pretty good model to follow, so the basic site functionality was not extremely difficult to produce. However, performance tuning was a very long and painful process.

To begin with we used normal Commerce Server objects to populate an ASP.NET menu control, without any caching at all. Predictably this approach brought the server to its knees as soon as even a light load was placed on it.

Next we tried using the Commerce Server caching objects. When a user visits the page the code would check to see if there was an object for the menu in the chache, and if not then it would hit the Commerce Server objects to pull the information and place it in the cache.

This method looked great at first, and we thought we had the problem solved. The performance was fantastic. But then we started noticing that the menu was dissapearing! It would be fine for a while but would start acting up when the load increased. Performing an IISreset would solve the problem, at least temporarily.

We tried a number of code driven approaches to solve the problem, including adding checks to examine the cache to make sure there were values there. Nothing seemed to work.

Finally someone had a bright idea after reviewing the code again. The cache code we had in place was reading the data, then creating the menu, and then storing the whole menu object in the cache. Instead, we started chaching only the raw data and then building the menu fresh on the page.

Performance was not quite as good as the previous solution, but has almost completely solved the dissapearing menu problem. I have seen the menu dissapear a couple of times since then, but it is very rare.

The only thing I can guess is that someone the cache was getting corrupted and not acting like it should after that. Our servers are in a web farm, so perhaps something gets borked when a user gets switched from one server to the next in the middle of a shopping session.

Microsoft Commerce Server 2007

I’m going to be posting about Microsoft’s Commerce Server 2007. The company that I work for was part of the Microsoft TAP program to beta test the product and we were one of the first companies to launch a production web site on the product.

There are good and bad things about the product so I plan on sharing my rants about things that bug me with it, as well as tips about what I’ve done to get past common problems that I’ve encountered.

If you have questions for me about Commerce Server 2007, or have your own experiences to share, use the contact page to email me.