Delivering solid user friendly software solutions since the dawn of time.

Multiple objects sets per type are not supported 

Categories: EF

You copy and pasted a DbSet and then you forget to rename the type...

This error occurs if your DbContext class exposes multiple DbSet<T> properties where T occurs more than once. Entitfy framework is not able to figure out which DbSet an instance of type T belongs to.

public DbSet<Course> Courses { get; set; }
public DbSet<Course> Chapters { get; set; }

Database diagram support objects cannot be installed because this database does not have a valid owner 

Categories: SQL Server

Microsoft SQL Server Management Studio
Database diagram support objects cannot be installed because this database does not have a valid owner. To continue, first use the Files page of the Database Properties dialog box or the ALTER AUTHORIZATION statement to set the database owner to a valid login, then add the database diagram support objects.


  1. Right Click on your database, choose properties
  2. Goto the Files
  3. Change the owner textbox to "sa"
  4. Press OK

Git Fundamentals - Notes 

Categories: Tortoise

by James Kovacs


  • Git created by Linus Torvalds, who also created Linux (because Bit-Keeper started asking him money)
  • Written in Perl and C

Advantages of DVCS

  • Different topologies (centralized, hierarchical, distributed)
  • Each clone is a full backup
  • Reliable branching/merging
  • Full local history (statistics, analyze regressions)
  • Deployment



  • brew install git
  • DMG (http://git-scm.com/download/mac)


  • sudo apt-get install git-core (Debian/Ubuntu)
  • yum install git-core


git --version
git config --system (c:\Program Files\Git\etc\gitconfig)
git config --global (c:\Users\user\.gitconfig)
git config (stored in .git/config in each repo)

git config --global --list
git config --global help.autocorrect 1 (corrects your mispelled command)
git config --global color.ui auto
git config --global core.autocrlf true|false|input

git init

git status
git add foo.txt
git commit -m "my text"

git log

git diff dd6819..a15ec6
git diff HEAD~1..HEAD (~1 is one back from head revision)

git add -u (only adds updated files)
git add -A (all even untracked)

git checkout foo.txt (revert changes)
git reset --hard (revert all to head)
git reset --soft HEAD~1 (reorganize version)

git clean -n|-f (remove)


git clone https://foo.repo
git log --oneline | wc=1
git shortlog -sne (short name include number of commits and email)

git remote -v (where does the source come from)

git branch -r (include remote branches)

git remote add origin https://apullrequest
git fetch
git log origin/master
git merge origin/master
git branch -r

git branch --set-upstream master origin/master
git pull (shortcut of fetching and merging from an origin)
git remote add origin git@github.com:JamesKovacs/GitFundamentals.git (uses ssh key)
git push

git tag v1.0
git tag -a v1.0_with_message
git tag -s v1.0_signed
git push --tags


  • https 80/443 https://github.com/jquery/jquery.git
  • git 9418 git://github.com/jquery/jquery.git
  • ssh 22 git@github.com:jquery/jquery.git
  • file n/a filepath

Branching, Merging, and Rebasing with Git

git log --graph --oneline --all --decorate
git config --global alias.lga "log --graph --oneline --all --decorate"
git lga
git reflog (about 30 days to get delete back)
git stash (rollback pending changes)
git stash list
git stash apply
git stash pop (apply and remove)
git stash drop
git stash branch 'feature2_additional'

git mergetool (eg. KDiff3, BeyondCompare)
git checkout bug1234
git rebase master
git rebase --continue

git branch v1.0_fixes v1.0
git checkout v1.0_fixes
git commit -am "Added fix1"
git commit -am "Added fix2"
git checkout master
git cherry-pick 6fa4324

git fetch origin master
git push
git push origin v1.0_fixes


xcopy exit with code 9009 in Visual Studio post-build 

Categories: Visual Studio

Yep, you probably did some windows updates. Things got a bit more strict, when you are not running command windows as administrator some executables are no longer found. And this is also for your visual studio post build events.

I just added C:\Windows\System32\ in front of the xcopy command and it solved things. In mean time also check that you didn't at some additional line breaks on accident. But if you like, you can also add the system directory back to your windows path. You can find this at computer - properties - advanced system settings - environment variables - system variables - path. 

So for example:
C:\Windows\System32\xcopy /s /y "$(ProjectDir)bin\ken.MojoPortal.HtmlTools.Web.dll" "$(SolutionDir)Web\bin\"

Introduction to Identity and Access Control 

Categories: .Net Security

by Dominick Baier
@leastprivilege Principals & Identities

interface IIdentity
	bool IsAuthenticated { get; }
	string AuthenticationType { get; }
	string Name { get; } 

interface IPrincipal
	IIdentity Identity { get; }
	bool IsInRole(string roleName);
  • Thread.CurrentPrincipal Every thread can have his own client security context Plumbing sets it, application gets it.
var id = WindowsIdentity.GetCurrent();
var principal = new WindowsPrincipal(id);

principal.IsInRole("Builtin\\Users") //Don't use because they are localized.
var localAdmins = new SecurityIdentifier(WellknownSidType.BuiltinAdministratorSid, null);
var domainAdmins = new SecurityIdentifier(WellknownSidType.AccountDomainAdminsSid, id.User.AccountDomainSid);
var users = new SecurityIdentifier(WellknownSidType.BuiltinUsersSid, null);

var account = new NTAccount(id.name);
var sid = account.Translate(typeof(SecurityIdentifier));

var groups = user.Groups.Translate(typeof(NTAccount));

var roles = new string[] { "Sales", "Marketing" };
var p = new GenericPrincipal(new GenericIdentity("bob"), roles);
Thread.CurrentPrincipal = p;
Role-based access control (RBAC)

if p.IsInRole("Sales") {} //returns true/false
new PrincipalPermission(null, "Development").Demand(); //will throw security exception if fails

[PrincipalPermission(SecurityAction.Demand, Role="Development"] //hard to unit test
private static void DoDevelopment() {}
  • Claims are statements
  • How do we handle things no longer in corporate network like cloud, partners and customers ?
  • Bell-Lapadula Model for goverment and military document security.

2002 Identity
2006 WCF System.IdentityModel with SecurityToken
2009 WIF Microsoft.IdentityModel with IClaimsIdentity & IClaimsPrincipal
2012 .NET 4.5 System.IdentityModel & System.Security.Claims eg. Bob is an administrator, Jim's email address is jim@foo.com, ...

public class Claim
	public virtual string Type { get; }
	public virtual string Value { get; }
	public virtual string Issuer { get; }

class ClaimsIdentity : IIdentity
	IEnumerable<Claim> Claims { get; }

class ClaimsPrincipal : IPrincipal
	ReadOnlyCollection<ClaimsIdentity> Identities { get; }	

var claim = new Claim("name", "dominick");
var claim = new Claim(ClaimTypes.Name, "dominick");

var Claims = new List<Claim>
	new Claim(ClaimTypes.Name, "dominick"),
	new Claim(ClaimTypes.Email, "dominick@foo.com"),
	new Claim(ClaimTypes.Role, "Geek"),
	new Claim("http://myClaims/location", "Heidelberg")

var id = new ClaimsIdentity(claims);
id.IsAuthenticated -> false because you can add claims to anonymous
var id = new ClaimsIdentity(claims, "Console App", ClaimTypes.Name, ClaimTypes.Role); //what do name and isrole map too for legacy
id.IsAuthenticated -> true

var cp = new ClaimsPrincipal(id); //prefered entry point
Thread.CurrentPrincipal = cp;
-> var cp = ClaimsPrincipal.Current;

var email = cp.FindFirst(ClaimTypes.Email).Value;

RolePrincipal, GenericPrincipal, WindowsPrincipal : ClaimsPrincipal : IPrincipal
Generalization & Specialization Interface level: IIdentity : Name, AuthenticationType, IsAuthenticated
Claims identity: ClaimsIdentity : Claims, FindAll(), FindFirst(), HasClaim()
Domain specific: WindowsIdentity : Token, Impersonate(), User/Device

  • Claims Always try to use ClaimsIdentity for your custom principal implementation.
class CorpIdentity : ClaimsIdentity
	public CorpIdentity(string name, string reportsTo, string office)
		AddClaim(new Claim(ClaimTypes.Name, name));	
		AddClaim(new Claim("reportsto", reportsTo));	
		AddClaim(new Claim("office", office));	
	public string office
		get { return FindFirst("reportsto").Value; }	
  • Services Unification of various credential formats to common ClaimsPrincipal representation Windows/Kerberos, Forms Authentication, HTTP basic authentication, SSL client certificates, WS-Security tokens, SAML, extensible, ...
  • Processing Pipeline Request (xml/binary/text) -> Security token handler (seserialization/validation) -> Claims transformation (skipped when session available) -> Security Session Management -> Session Security Token -> Authorization
public class ClaimsTransformer : ClaimsAuthenticationManager
	public overrride ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
		var name = incomingPrincipal.Identity.Name;
		if (string.IsNUllOrWhiteSpace(name)) throw new SecurityException("Name claim is missing");
		if (incomingPrincipal.Identity.IsAuthenticated)
			return TransformClaims(incomingPrincipal);
		return incomingPrincipal;
	<claimsAuthenticationManger type="assembly/class" />
var p = new WindowsPrincipal(WindowsIdentity.GetCurrent());
Thread.CurrentPrincipal = FederationAuthentication.FederationConfiguration.identityConfiguration.ClaimsAuthenticationManager.Authenticate("none", p) as IPrincipal;
  •  Session management Preserve a ClaimsPrincipal across round trips (cookies, ws-secureconversation) 
var sessionToken = new SessionSecurityToken(principal, TimeSpan.FromHours(8));
  • Data protection api, zero configuration but only for single server.
  • For webfarms use machinekey or ssl-certificate to protect your cookie.
  • Roundtrip the identity and cache the claims principal.
  • Claims authorization manager Extensibility point for loading/parsing authorization policy
  • Extensibility point for mapping operations/resources to required claims
  • Auto-invoked during request processing
  • Application code should not check for claims directly 
public class AuthorizationContext
	public AuthorizationContext();
	public Collection<Claim> Action { get; }
	public ClaimsPrincipal Principal { get; }
	public Collection<Claim> Resource { get; }

<claimsAuthorizationManager type="ClaimsAuthorizationManagerClass, theAssembly" >
	<policy file="foo.xml" /> 
public class ClaimAuthZManager : ClaimsAuthorizationManager
	public override bool CheckAccess(AuthorizationContext context)
		//inspect context and make authorization decision
		var resource = context.Resource.First().Value;
		var action = context.Action.First().Value;
		if (action == "Show" && resource == "Castle")
			var hasCastle = context.Principal.HasClaim("http://myclaims/hasCastle", "true");
			return hasCastle;
		return false;
	override void LoadCustomConfiguration(XmlNodeList nodelist)
[ClaimsPrincipalPermission(SecurityAction.Demand, Operation = "Add", Resource = "Customer")]
public void AddCustomer(Customer customer) { ... }
void Print(Document document)
	if (ClaimsPrincipalPermission.CheckAccess(document.Printer, "Print")) { ... }
var authZ = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.Claims.ClaimsAuthZManager;


Protocol support

  • Web Application : WS-Federation
  • SOAP : WS-Trust & WS-Security
  • WebApi : OAuth2 Client -> STS -> Token -> Client -> Token -> Relying Party/Application (no authentication on RP) <saml:Assertion ... Signature ...> tokens for seamless third party authentication

Security Token Services

  • Microsoft Active Directory
  • Federation Service 2
  • IBM Tivoli Federation Manager
  • Oracle Identity Manager
  • Ping Federate
  • Thinktecture .NET 4.5 (http://identityserver.codeplex.com/) ASP.Net
<authentication mode="windows">
	<forms loginUrl="~/Account/Login" timeout="2880" />

<system.identityModel configSource="identity.config" />
		<audienceUris />>
		<claimsAuthenticationManager type="Security.ClaimsTransformer, Web" />
		<issuerNameRegistry />

private void EstablishSession(ClaimsPrincipal principal)
	if (HttpContext.Current != null)
		var sessionToken = new SessionSecurityToken(principal);
	<add name="ClaimsTransformationModule" type="Security.ClaimsTransformationHttpModule" />
	<add name="SessionAuthenticationModule" type="Security.IdentityModel.Services.SessionAuthenticationModule, ..." />

<system.identityModel.services configSource="identity.Services.config" />
		<wsFederation passiveRedirectionEnable="true" issuer="remote login page location"
		realm="" requireHttps="true" />
		<cookieHandler requireSsl="true" />

for wcf: <bindings> <ws2007FederationHttpBinding>


public class IdentityController : ApiController
	public Identity Get()
		return new Identity(User.Identity);
Page 20 of 40 << < 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 > >>