Gary Sherman
December 11, 2012

We’ve worked with a couple of customers recently who use some other application for authentication. Basically, Single Sign-On. One was using CA SiteMinder, and another had a home grown application. In both instances, we were able to easily allow Dovetail Mobile / AgentLite to work with their existing authentication mechanisms, allowing single sign-on capabilities. This means that if a user has already authenticated in their environment, then they were automatically logged into Dovetail, without having to enter their username and password again. Pretty nice user experience.


In this post, I’ll share some of the details about how this all works.


For this scenario, our customer had a home grown “App Store”. Users logged into this App Store, which authenticates them, and then shows them a list of applications that they are authorized to use. One of them is Dovetail

Gary Sherman
January 20, 2011

A question recently arose about how to set a cookie to be HttpOnly. An HttpOnly cookie is one that cannot be accessed through client-side script. Any information contained in an HTTP-only cookie is less likely to be disclosed to a hacker or a malicious Web site. The use of HTTP-only cookies is one of several techniques that, when used together, can mitigate the risk of cross-site scripting.

Setting a cookie to be HttpOnly

One way to set a cookie to be HttpOnly is to change how you define it.

Rather than something like this:

Response.Cookies("mycookie") = “foo”;

We can do this:

Response.AddHeader "Set-Cookie", "mycookie=foo; HttpOnly"

Pretty simple.

What about cookies you don’t create yourself?

This works great for cookies that you create yourself. But what about those that are created by IIS and ASP, such as the ASPSESSION cookie?

Gary Sherman
October 5, 2010

I had recently blogged about a security vulnerability in ASP.NET.

Microsoft has released a security fix for this issue that is available through Windows Update.

Details and frequently asked questions are available. Please make sure to install these updates as soon as possible on your servers.

Gary Sherman
September 21, 2010

Microsoft recently released a Security Advisory in regards to a vulnerability in ASP.NET.

We take security seriously here at Dovetail Software and wanted to let you know how this affects your Dovetail Software products.

Scott Guthrie, Corporate VP at Microsoft in charge of ASP.NET, has posted information regarding this issue, and some Frequently Asked Questions about it. He has recommended that customers immediately apply a workaround (described below) to prevent attackers from using this vulnerability against your ASP.NET applications.

Dovetail Applications Affected:

Dovetail Mobile Agent Dovetail Seeker

This can also affect any custom ASP.NET applications that you’ve created, including those that use the Dovetail SDK.

We are working on updated releases to these products and will notify our customers via our normal product release update channels when these releases are available.

We are also emailing all of

Kevin Miller
July 29, 2010

We ran into trouble with a web applications deployment of our only .Net product without a windows installer. Little did we know when you zip up a web application, have your on-site expert consultant download said zip file and extract it with Windows Explorer (Note: it does not happen with WinRar or 7zip) You will run into this exception trying spin up that web application.

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type ‘System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089′ failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the

Kevin Miller
February 24, 2010

We had a Ajax-ified page break on us today and eventually figured out that the cause was related to an upgrade of jQuery and in particular a change in how jQuery 1.4 does serialization of array parameters for Ajax operations. From the jQuery 1.4 Release Notes.

jQuery 1.4 adds support for nested param serialization in jQuery.param, using the approach popularized by PHP, and supported by Ruby on Rails. For instance, {foo: ["bar", "baz"]} will be serialized as “foo[]=bar&foo[]=baz”.

In jQuery 1.3, {foo: ["bar", "baz"]} was serialized as “foo=bar&foo=baz”. However, there was no way to encode a single-element Array using this approach. If you need the old behavior, you can turn it back on by setting the traditional Ajax setting (globally via jQuery.ajaxSettings.traditional or on a case-by-case basis via the traditional flag).

Our page was using getJSON to get data

Kevin Miller
October 23, 2009

Apache JMeter Logo
I needed to load test one of our web applications today. Load testing is not something I am too familiar with. A search turned up a list of open source load testing tools. At the top of the list wasApache JMeter which I decided to gave a shot based on the awesomeness of the Apache project. I am not quite blown away but I was able to get a load test up and going in about 15 minutes which makes me very very happy. Here is what I did to create a load tester for our Dovetail Seeker web search service.

Get It


Download JMeter Extract it to a directory and run the .\bin\jmeter.bat batch file. You’ll likely need Java installed for this to work. Now

Kevin Miller
February 10, 2009

While reviewing what I did to Create an RSS Feed Using ASP.Net. We got worried that overzealous customers or feed readers might hit this feed kind of often, and since the data served up by the feed does not change too a lot we could easily do some caching. Luckily this is easy to do using ASP.Net’s built in caching support. Unfortunately the code to, programmatically, setup the caching is a little ugly. To make things easier to read I added a couple extension methods to create a very poor man’s DSL.

Following the Microsoft code example is ugly


Seeing the code below in my HttpHandler made me cringe. Hopefully it makes you cringe too.



The essence of what I want to do is to have ASP.Net cache the content of the feed for a few

Kevin Miller
October 7, 2008

The next installment in my exciting series where I capture what I know about deploying Dovetail Mobile Agent which could be boiled down to How To Be a Web Server Administrator in the year 2008. Moving from IIS6 this time we take a look at getting an ASP.Net MVC application deployed to IIS7. Thankfully this is pretty easy.


To try out this experience I created a Vista SP1 Enterprise virtual machine and added the IIS 7 windows feature. I know. I know. Most enterprise customers will want to use Windows 2008 as their favorite IIS7 platform, I had to use Vista because I use VMWare Server v1.x which supports Vista not Windows 2008.

Revenge of the Basics


Install the .Net 3.5 Framework.


Add the Internet Information Services Windows Feature To Vista. In Windows 2008 this process is very similar in

Kevin Miller
October 6, 2008

Getting ready to release Dovetail Agent Mobile I am working on what our installation story will look like. I want to keep things simple (for me) right now because it is currently tricky to support IIS6 and IIS7 using a Wix based windows installer. For the documentation I am compiling a list of operations to get what is essentially a ASP.Net MVC web application up and going on different web servers.


Later we may later add an installer that encapsulates this pain but right now it is just too darn hard to do this well usingWix. Do you hear me Microsoft?

Getting Down With The Basics


Install the .Net 3.5 Framework.


Copy web application files to a directory our your web server.


Create a Virtual Directory using Internet Information Services Manager that points to this

International: +1 (512) 610-5400
Toll Free: 1 (800) 684-2055