Tuesday, July 31, 2012

ADFS in SQL2012

This blog is probably going to have a number of edits as we trundle forward into glory, but the basic idea is Yes you can use SQL2012 with ADFS2.0 in Server 2008r2 and SharePoint 2010.   BUT....

There are lots of caveats and there are script edits that need to be made due to commands that Microsoft deprecated in SQL2012 that used to work in SQL2008r2.

For more information, contact us at LiquidMercurySolutions.com for updated blogs and additional information.  I assume Microsoft will patch or release an ADFS3.0 for Server 8 and SharePoint 15(2013?) that will be more correctly wired.

STAY TUNED!! ....

Tuesday, June 19, 2012

Crypto Gotcha's in .NET 3.5

Ok, so this is something they don't teach you but will cause you to rip your hair out when you attempt to use the AESManaged or RijndaelManaged objects in C#.  Here are some tips that will save you a lot of headaches both on the encryption side and the decryption side:

1.  SET YOUR PADDING METHOD AND MODE EXPLICITLY
If you just want zero's then fine, but be explicit!  And do the same on the other side!
If you just want to use the Electronic Code Book (ECB) mode then fine, but spell it out!

2.  ALWAYS SET YOUR KEY SIZE AND BLOCK SIZE EXPLICITLY, AND BEFORE SETTING THE ACTUAL KEY OR IV PARAMETERS
This kicked my ass for at least an hour before I tried moving the statements around on in a fit of rage insight, under the heading of "this shouldn't work but crazier things have happened." I didn't change any of the VALUES for the statements, just the order in which they appeared in the code.  And it worked, and I said DAMMIT "Wow I should be more careful!" out loud.

3.  IF YOU USE RANDOM IV'S (and you should), SAVE AND/OR DISPLAY AND/OR EMBED THEM SOMEWHERE SAFE FOR THE DECRYPTION PROCESS
Your data will never come out looking the same again if you don't know what IV was set before you encrypted it.  And I do recommend using an IV (yes an actual, non-null, random or pseudo-random, honest-to-goodness, IV), even ESPECIALLY with ECB mode, just to prevent prying eyes from detecting patterns in your streams!

using System.Security.Cryptography;
...

        private string Decrypt(string B64Key, string B64IV, string B64data)
        {
            byte[] key = Convert.FromBase64String(B64Key);
            byte[] IV = Convert.FromBase64String(B64IV);
            byte[] data = Convert.FromBase64String(B64data);
            //AesManaged can be dropped in here if needs be
            RijndaelManaged myCrypto = new RijndaelManaged(); 
            myCrypto.BlockSize = 128;   // SET FIRST!
            myCrypto.KeySize = 192;   // SET FIRST!

            myCrypto.Key = key;
            myCrypto.IV = IV;
            myCrypto.Mode = CipherMode.CBC;
            myCrypto.Padding = PaddingMode.Zeros;
     
            //change to Create.Encryptor and the function is reusable
            ICryptoTransform ict = myCrypto.CreateDecryptor();

            byte[] output = ict.TransformFinalBlock(data, 0, data.Length);

            Encoding txtEncoder = new UTF8Encoding();
            string result = txtEncoder.GetString(output);
            // do post-processing here
            if (!string.IsNullOrEmpty(result))
            {

            }
            return result;
        }