Monday, September 12, 2011

Encryption/Decryption is now working

Encryption/Decryption is now working! You can see how it works here:

public static string Encrypt( string target )
byte[] ptextBytes = Encoding.ASCII.GetBytes( target);
byte[] ctextBytes = ProtectedData.Protect( ptextBytes, entropy,
char[] chars = new char[1024];
Convert.ToBase64CharArray( ctextBytes, 0,
ctextBytes.GetLength(0), chars, 0 );
return ToString( chars );

public static string Decrypt( string target )
byte[] ctextBytes = Convert.FromBase64String( target );
byte[] ptextBytes = ProtectedData.Unprotect( ctextBytes, entropy,
return Encoding.ASCII.GetString( ptextBytes );

private static string ToString( char[] chars )
StringBuilder sb = new StringBuilder();
foreach ( char c in chars )
if( c != (char) 0 )
sb.Append( c );

return sb.ToString();

entropy is defined as:

private static byte[] entropy = new byte[] { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; // not the real values used for obvious reasons!

SCOPE is defined as:

private const DataProtectionScope SCOPE = DataProtectionScope.LocalMachine; // this will be using the web servers encryption key.

The 'trick' to getting this code working was to only copy the non-zero characters from the chars array.

Saturday, September 10, 2011

Working on Encryption/Decryption for the site

I already have a better hash working for passwords on the site that use a unique salt value and repeat the hash 10,000 times:

public static byte[] Encode( string password, out byte[] salt )
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes( password,
32, 10000 );
salt = rdb.Salt;
return rdb.GetBytes( 256 );

public static bool ValidatePassword( string password,
byte[] storedSalt,
byte[] encPassword )
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes( password,
10000 );
byte[] passwordEnc = rdb.GetBytes( 256 );
return Equals( encPassword, passwordEnc );

At the moment, I'm having some difficulty getting a Base64 string in the correct format, but once I get that issue solved (over the next two or three days), I'll post those two methods here just like I did for the two that are working as designed.

Saturday, August 27, 2011

Okay, the Password generator is done.

This is how it works:

Step 1) You enter a master password (with this password you will always get the same 26x26 matrix.
Step 2) Follow the directions on the Cypher page.

The master password: mycustompassword will always result in this matrix and
the master password: MYCUSTOMPASSWORD will always result in this matrix too.

This is because the letters are reduced to their index from 'A', 'a' or ' '.

x p m w c b f j k g l r z e u n a s i y o q v d h t
e v b d q r l h w y t j o a n i m c s k u p f g z x
q l z g m f c x i j w v t s a d r k h y b p n o e u
l u t b m w p f q v g a c y o d i r n x z e s h j k
y m t j p e o q g b a c h s u x l f z v n k d w r i
w e n f g y u v a m x k j l p i q c o z s d r b t h
h l g i m c e o f w k a j d z v p s b q t y n u x r
f h j r i t p x l u c d z n s o m b a e y w v q k g
m l q e b v h y o f w s j k c z u t a g p n r i x d
z i o v q p h r n x y c b a w d f j k t g u s e m l
l v i r c m u n x k b y q j p e a d z h t g f s o w
v m s d q y n a p b f j g h u w k e z i l c o t x r
d v f r m n t b g o c y l e j q i k x h u w z s p a
e p d y l f o s g u n q t a z k h v b j m r x c w i
r x m c l t e f k n i q j y a w p z s o v u b d h g
t o g z l q h d b w n v m p y e a x k j f c u i r s
u t h r x b q e y a j l z c s m n d v g w k p i o f
m t v f w u r g h b j l q d p y c o a s x k n i z e
y u z v b d f r k o t c l i a w p m q e x s n j g h
t u o f w p m s v b q i n r a l y d k h z c e x j g
y m o s f r h b u x d n c i e g t j z a q l w p v k
j s u o h w v d l b p f r t e n k y x z g m a c i q
v n l e x h p r o j y m s b z g w t k f q d c u a i
d k h y f e l u c m x t z j q i r p g a v s o b n w
u p t h m a d o q b w r j c n z y v s e i k x g f l
z l j r q d t v c u k h f o x b n e s p m a i g w y

The first step in using this: is to find the first letter in your domain name (like: scanning from left to right (just omit the non-letters).

Keep doing this from the spot you left off on for each successive letter of the domain name.

Rember the spot you ended up at: This is your starting place for the encryption process.

Now the encryption can begin:

To encrypt we will once again find the first letter in the domain name (like:, but this time we will right down the next two letters.

Then we will find the next letter in the domain name, but this time we will write down the next two letters above that point.

Then we will find the next letter in the domain name, but this time we will write down the next two letters to the left of that point.

Then we will find the next letter in the domain name, but this time we well write down the next two letters below that point.

Repeat, rotating the direction you take the next two letters from going counter-clockwise.

And that's it. Print this page and you'll have an off-line encryption method that is unique to you. Because nobody will have the same 26x26 matrix without your Master Password.

Friday, August 26, 2011

A HttpModule wasn't required after all...

A HttpModule wasn't required after all...

All that was needed was one fuction (method) and a simple if statement:

    private bool CheckHeaders( string forThis )
      bool found = false;
      foreach ( string s in Request.Headers )
        if ( s.Contains( forThis ) )
          found = true;
      return found;
    public ActionResult Index( string memberName )
      if ( Request.Browser.IsMobileDevice || CheckHeaders( "iPhone" ) )
        return Redirect( string.Format( "~/Mobile/Index/{1}", memberName ) );
      // rest of this mehtod isn't being shown.

And that's all for now. I did see a new way to generate site passwords with tons of entripy today and I'll be working on a more automated implementation of that next.

Thursday, August 25, 2011

The site is almost ready for mobile devices

The site is almost ready for mobile devices. At least the pages and controller are done for mobile devices. All that needs to be added is an HttpModule class to detect a mobile device and redirect to the mobile version of the site.

One thing I like about MVC 3 is that this time the site isn't using any cookies at all (unless asked to on the yet to be completed login page),

Monday, August 22, 2011

Over the past two days some things got done...

Over the past two days two things got done...

Finally got that important Remove/Me page working.

Why do I call that Remove/Me page important? Have you ever read the CanSpam act that was signed into law a few years back? I'm paraphrasing here,  but the key to sending legal 'spam' is to have a working removal link in the email. Our members can purchase lists of people interested in looking at business opportunities and using one of our applictions easily send personalized emails to all of them with just one mouse click. Every email sent out out must by law have a working removal link and that link for this site is:{email later this Fall when we get the web server up and running again.

What was the second thing?

In our Contact Management System there is a process where key phrases are replaced, mostly with text the user has entered, but for the RemovalLink there is a url that needed to be updated and that got done today.

We're at a standstill until we get our database issue resolved hopefully sometime later this week.

Wednesday, August 17, 2011

We're moving ahead now!

Yep, we're moving ahead now. Got the site working. The member details now appear below the image, and if the image is clicked you get to see the full size image that was stored in the database.

The following pages are finished:


Next up: Getting SQL Server 2005 re-installed (in progress as I'm writing this). Should be finished in another hour or so. Then I'll have to find the local database files or figure out were I stored the production database files (think they are in one of my email clients).

And then finally, starting on the Matrix page.

Other pages to be completed this week:
Testimonials - somewhere between simple and the most complex.
AboutUs - simple
Join -which is the most complex page to do, but you wouldn't know it by going through the multi-step join process.

Then it's on to the really huge task of developing the BackOffice pages again.

Then I can finally start working on the Web Services and once they are done....

I can finally start working on the current crop of applications, updating them to support the new encrypted login process.

Tuesday, August 16, 2011

Half way there

Got the thumbnail image to display today but for some reason the full image wants to download instead of displaying when the thumbnail image is clicked.

Also got the ContactUs page working and the first (and hardest) step working on the Products page.working.

Hopefully I'll have the final part of the image display working tomorrow as well as finishing the Products page and at least starting on the Matrix page.

Monday, August 15, 2011

My goal for this week...

My goal for this week is to get the members photo to appare on the site again.

One I figure out the correct way to use the WebImage helper that is.

The Pro ASP.NET MVC 4 book doesn't explain how to use this or even how to do the same thing from the controller (the C in MVC).

Thursday, August 11, 2011

Back to work on the new site... well sort of anyway

That's right. I'm back to work on the new web site... well sort of anyway.

ASP.NET MVC 3 uses LINQ with the EntityFramework and right now I'm trying to figure out how to make the .Last() extension method work the way I kind of need it to work.

Here is the class:

  public class Home
    private Identity MemberId      { getset; }
    private Details  MemberDetails { getset; }
    private BankData BankData      { getset; }
    public Home( DbSet<Identity> mi, DbSet<Details> md, DbSet<BankData> bd, long id )
      MemberId = mi.First( m => m.Id == id );
      MemberDetails = md.First( m => m.Id == id );
      BankData = bd.Last();
This class holds the database records for the master page and the opening page of the site.

It may look like we are passing all the records for three tables into the constructor method, but the way the LINQ works is noting is actually retrieved from the database until the first query which is in this constructor method, and even then only the single record we are looking for is returned. So while it looks very inefficient, at runtime it is very efficient!

At runtime the bd.Last() method is throwing an exception that I hope to have resolved sometime tomorrow.

Sunday, July 31, 2011

One third through the ASP.NET MVC 3 book

One third through the ASP.NET MVC 3 book I've been reading since my last update.

Why am I reading through this book before restarting the development of the My-MSI.Net web site?

Well, one reason is that the MVC framework changed a heck of a lot between version 1 and version 3!

Actually, the site development will go a bit faster with MVC 3 than it was going with MVC 1.

Using MVC makes the signup process more seamless than the ASP.Net version was. What whould you prefer: (where n = 1 .. 4) or the more secure Now there is only one url change and that happens when you get redirected to Amazon, our payment processor. Amazon will be redirecting to a private payment confirmation page on the site which will collect the payment particualars and redirect to the next page in the Join sequence.

I know that people have been trying to 'skip ahead' in the Join process on the old site, and that is one thing the new MVC site will be addressing.

I may be spending the next two weeks finishing this Pro ASP.NET MVC 3 book, so don't be surpised if we go three weeks without a new post. I will be back, but likely not before I finish this book and start making progress on the actual site again.

Friday, July 22, 2011

We're back on track now...

Yep, we're almost back on track.

The Pro MVC 3.0 book arrived yesterday and as I suspected, to use MVC 3.0, I would have to upgrade the compiler to Visual Studio 2010. This installation finished while I was writing this post.

So I expect to get the project at least back to a running state today in preperation to getting started on porting the Back Office to MVC 3.0 next week.

Saturday, July 16, 2011

Something went very wrong yesterday, but don't worrry, a solution is on order...

Something went very wrong yesterday after I installed MVC 3 on my computer.

All of the sudden all of my typed views were getting only Object data which isn't all that useful if you know anything at all about .Net.

Don't worrry though, before I left the computer yesterday, I did manage to order Pro MVC 3 from Amazon and it should be here sometime next week. I will be reading the book when it arrives at least until I see how to solve the current issue with the site, then I get back to working on the site again.

The Admin for

Wednesday, July 13, 2011

Progress made Today!

Progress was made today!

The MemberInfo.ascx is now appearing on the Master page for the site as intended and the member photos are working as well.

Something change the Menu though and I'll be looking into that tomorrow. When I first started working on this MVC site, the menu was [Home] [Matrix] [Products] [Testimonials] [About] [Join]. Somehow that changed to:

I have no idea of what changed, but will be looking into that tomorrow.

Tuesday, July 12, 2011

Not so much progress over the weekend but things are progressing now...

I tried a few things that didn't work at all over the weekend. And it wasn't until this morning that I got the new site mostly back to where it was on Friday! At least I now understand what went wrong.

Adding a data type to your MVC Maser Page tends to break all of your menu links!

On Monday, I decided that the most complicated page Join.aspx would be better off on it's own controller, and I think that the Testimonials page will need it's own controller as well, but that won't happen until tomorrow.

For now, I'm posting to the MVC forum on the subject of How to get data on a MVC Master Page.
One suggestion looked promissing, but now I need to find a way to get a valid Request or Response object insde a Controller constructor, and until this can be resolved it's going to be a while before I can get the site working again.

Friday, July 8, 2011

What happened to My-MSI.Net

Well, with the slow economy even the benefactor of this site has fallen on hard times.

In the meantime, I've been working to address some of the techical issues we've become aware of with the current site's design.

By moving the site to ASP.Net MVC, we've been able to make the Join step much cleaner: is the only thing people will see for all the steps in the Join process, which is much better than:

We will also start salting the passwords (and possibly encrypting other info) when the site relaunches, hopefully sometime in the late Fall to early Winter timeframe.

By moving from VS 2005 to VS 2010 for the site, we should be able to integrate Twitter into the site at some point.

The products will likely be upgraded to VS 2010. Each application will be updated to salted-hash the password before it is sent to the server. This will also require a change to the Web Service that each application communicates with.

The Web Service will also need to be updated to use the same salts when hashing the pasword to compare with the version stored in the database.

Where are we today? Well I have the public side of the site working well. I am in the process of converting some ancillary pages.

What's up for next week? The private side of the site, otherwise known as the: Back Office which only members have access to.

I plan to update this blog at least twice per week, tenitively on Monday and again on Friday, but this is definately not cast in stone.

Until next time....

Eric, the Administrator for My-MSI.Net