Subscribe: ICaramba
Preview: ICaramba


Miguel Castro's blog about .NET and its effect on National Security, the Eco-system, and his daughter's sleeping patterns.

Copyright: Miguel A. Castro

Thank you

Mon, 15 Mar 2010 15:35:10 GMT

Originally posted on:

It’s been a great ride guys.  I joined in order to get my first blog up and running and have been with you guys for some time.   I’m not leaving because of any problem whatsoever, I just wanted to get my blog up on my own domain with more control over the customization of many of its pages. 


My new blog is now at


For those of you out there who just want a good blog service up and running in a few minutes, I can’t recommend anyone better than


Thanks Jeff and John !




New Blog Site

Tue, 09 Mar 2010 22:33:30 GMT

Originally posted on:

Effective immediately, my blog is hosted on">

This blog will no longer be updated so please check out my new one and update your RSS feed with this link.



Watch Russ' Toolshed show

Sun, 19 Jul 2009 20:05:26 GMT

Originally posted on:

I just watched episode 3 of Russ' new show on Channel 9 and I gotta say, it totally rocked.  Russ knows how to work a crowd and knows how to keep things interesting and energized.

Here's the link.  I strongly recommend this show.



Death Penalty for Phishers !!!

Thu, 30 Apr 2009 06:56:00 GMT

Originally posted on:


There, I got that out.

I just received my first Facebook Phishing attempt. This is unbelievable - can we please pass a friggin law that allows the death-penalty for these assholes?!?

I'm sorry folks - I've always watched my language on this blog, but I find no other way of describing these people.

I got this email today:


Ray sent you a message.

Subject: Look at this!


To reply to this message, follow the link below:

This message was intended for Want to control which emails you receive from Facebook? Go to:
Facebook's offices are located at 156 University Ave., Palo Alto, CA 943


And of course, the site is designed to look exactly like the Facebook login screen.

I know this is an old trick and it's still used to obtain banking passwords and such, but social sites ?!?!?

Am I the only one who would get actual pleasure and satisfaction by seeing these people hanged by their testicles (we can be equally creative if they were women), and picked at by 100 people each armed with nothing more than a pair of pliers?!?

Anyway - just be on the lookout for these emails, folks.



Leveraging the FormsAuthenticationModule

Mon, 13 Apr 2009 07:51:19 GMT

Originally posted on:'ve been using and teaching the ASP.NET Provider Model for some time now so I always felt quite well versed on the topic, specially in the context of membership and security.  I thought I understood the "order of operation" in ASP.NET membership pretty well so every time I found the need to write a custom membership provider, I approached the task with confidence. However, I have noticed that everytime I needed to write a custom membership provider, it has been for reasons of extending Microsoft's two-level (users and role) logical model with a more complex physical one.  For example, on several ocassions I've had customers who needed not only users and roles, but also a third level like groups.  Since this particular need came up on more than one ocassion, I actually wrote a complete provider kit with a custom membership, role, and a new group provider; complete with custom controls and everything - quite proud of it actually. Because I needed to store more than just user and roles (groups), I've always resorted to writing a custom principal and identity object that contains the user's credential model.  And since I've needed a custom principal, I've also needed the ability to repopulate it on every request and place it into the HttpContext's User property and the Thread's current principal property. This is something that Microsoft's FormsAuthenticationModule does for you, but it does it from its own store and into its own principal and identity objects.  My needs for a more complex model always prohibited me from using the Microsoft stuff... until now. So believe it or not, after being so close to this topic, I now have need that on the surface appears significantly simpler.  I need a simple user and role model, with no added complexity, but stored in a custom database, not the "aspnet_" tables that Microsoft provides.  So I need to write a custom membership provider again; easy enough. But when I got the part where I thought I would need a custom principal and identity, and thus a custom module used to repopulate the information on each request, I thought there must be an easier way. I'm not extending the logical two-level security model so why can't I use whatever principal and identity Microsoft is using as well as Microsoft's repopulation module (FormsAuthenticationModule).  After searching quite a bit on how to do this, I come across several articles on writing custom membership providers; something I know how to do already.  But none show you how to take it further. That brings us to the present.  The answer on how to do this is quite simple, yet quite undocumented. The answer is not only in a membership provider, but in a role provider as well. When you implement the ValidateUser method of the custom membership provider, you need only return a true or false, end of story.  This will automatically create a principal and identity object (FormsIdentity) and persist the user name there.  It will also place this Principal in HttpContext.Current.User.  The FormsAuthenticationModule is designed to repopulate this bucket from a cookie that is managed for you.  This part I knew, but since I always needed to read in a couple of authorization levels at this point, I've needed my own storage and repopulation mechanism.   public override bool ValidateUser(string username, string password) {     Person person = SecurityEngine.AuthenticateUser(username, password);     return (person != null); } When all you need is roles, you simply create a custom role provider and implement the GetRolesForUser method.  Here you obtain a list of roles based on a user name (passed in for you) and return it as a string array.  It's as simple as that.  The RolePrincipal and FormsIdentity objects are created and populated for you.  This method is hit every time either you or ASP.NET performs a role-check.   public ov[...]

Test for Twitter

Wed, 25 Feb 2009 12:05:38 GMT

Originally posted on:

This blog posting is designed to test TwitterFeed. A twitter entry should have been made automatically on this posting. (image)

Speaking in NJ tomorrow night

Mon, 12 Jan 2009 12:15:41 GMT

Originally posted on:

I'll be ath the Northern New Jersey .NET Users Group, hosted at the offices of SetFocus, tomorrow the 13th.  The topic is "So you finally decided to get into WCF!"



VSLive San Francisco discount

Thu, 08 Jan 2009 14:48:47 GMT

Originally posted on:

I've been chosen to speak at VSLive again next month in the first of the 2009 conferences.  VSLive is limiting to 3 conferences this year, held in San Francisco, Las Vegas, and Orlando.

If you are interested in attending VSLive, you cna register at and use the promo code: NS9F04

This promo code will get you $500 off the regular price of $1895, making the registration price $1395.

This is like my 12th or 13th VSLive, hope to see you there.


Vista and multimonitors - revisited

Sat, 23 Aug 2008 14:02:52 GMT

Originally posted on:

Regarding the Feb 2007 posting I made ( and the responses I've had, I feel I need to revisit that opinion (even though it was over a year and a half ago).

I run two powerful rigs at home, Superrig runs Vista 64 (8gig RAM) and contains two NVidia 8600GTS cards (640meg each).  This rig is powering four monitors effortlessly (and how sweet it is).  Son of Superrig runs one NVidia 8800GT card powering two large monitors, also without effort.  I was doing this well before Service Pack 1 so I have to say that the multiple monitor situation has been solid.

thanks for feedback


Alert for another phishing site

Wed, 20 Aug 2008 11:30:12 GMT

Originally posted on:

I received an MSN instant message from a friend today who I know well but only ocassionally chat with.  His status showed as offline and for someone I talk to only once in a while, it was weird getting an IM from him with just a link.  The link was to  His first name is John so this at first seemed legit, but then the page came up.  It offers picture galleries but asks you to log in with your MSN credentials.  Now, we've all seen sites that use "Live Passport" login, and most of us know what the login dialog looks like.  This was nothing like that so I immediately did a search for it on the web and found this:

I immediately called my buddy John, only to discover that his IM was comprimised and everyone on his IM list received the same message.  Be alert about this one because we don't see too many phishes that come from IM.

Whoever starts these things needs to have their ass removed !


DevExpress Case Study & Interview Video

Tue, 10 Jun 2008 12:20:00 GMT

Originally posted on:

I while ago I did a case study with DevExpress.  My product, CodeBreeze, was developed using the DevExpress DXPerience suite so they did a nice case study with me and here's the link:

Also, this year at TechEd I did an interview with Ray Navasarkian, the CEO of Developer Express, where I got talk about my product, CodeBreeze.  Here's the link for that:



Popped my TechEd cherry !

Tue, 10 Jun 2008 12:16:24 GMT

Originally posted on:

Well, TechEd 2008 is over and so is my first speaking slot in this extremely large conference.  My talk was "Sexy Extensibility Patterns" and I was properly inaugurized with an 8:30am slot on the second to the last day.  However, to my amazement, 296 people showed up to watch my deflowering.  The final averages were 8.13 which I'm told me puts me in the "above average" category so I can't complain about this first TechEd speaking experience.  As usual, there were a few idiotic comments from people who were oblivious to the point of the talk, but you can't please everyone.

The code for this talk can be found on my web site:



What a pain in the A$$

Sun, 06 Jan 2008 15:22:29 GMT

Originally posted on:

I'm in the middle of writing an extender provider for something I need and I came across a pain-in-the-ass scenario.  Extender providers, like controls, run at design time as well as run time.  I needed to debug something in one of my set-accessor methods so I put in something like this:

if ctl.Name = "controlName" then stop

Man, all hell broke lose.  VS2008 does not like this one bit - it IMMEDIATELY gives you a window telling you that it found a user break point and needs to close.  From this point forward you cannot re-open that project.  I tried opening that file in notepad and removing that code since obviously VS was trying to compile it but that did not help.  I ended up renaming the file then opening my project.  Then I clicked on the "Show all files" button in the property browser, brought up the culprit file, comfirmed the code was fine, right-clicked and selected "include in project".  Then I was OK.

I can see why VS doesn't like this, but why the hell can't it give us a recovery option !



CodeBreeze update

Sun, 06 Jan 2008 08:53:46 GMT

Originally posted on:

Well, it's been about 10 weeks since I launched the SteelBlue Site's store-front and the official release of CodeBreeze.  Sales have been decent considering I haven't had time to do any marketing.  If you're reading this and you're one of my customers, thank you for your business.  All the comments I've received from my customers have exceeded any of my expectations on what people would think of the product. 

On the 12th of January, I'm sponsoring a code-camp in Philly where I plan to give away a couple of licenses as well as discount coupons to all attendees.  CodeBreeze is on release 1.0.0086 currently and contains several enhancements specifically requested by my users.  CodeBreeze 1.1 is under final development stages and will include some amazing new features.

For those of you who have not seen it yet, I recorded a DNR-TV show demoing the product in its entirety.  The product was in release 1.0.0079 when I recorded the show so there have been several new features put in since then; but the release notes describe all.

CodeBreeze can be obtained at, or you can contact me directly if you are looking for enterprise-level licensing.

Thanks again to all and a happy new year to everyone.


SteelBlue Solutions store-front is up and running !

Thu, 01 Nov 2007 16:07:23 GMT

Originally posted on:

Since the release of CodeBreeze about 2 months ago, I've made quite a few sales but all through personal contact using a PayPal account.  I'm glad to say that's no longer necessary.

You can purchase CodeBreeze at now !

Until November 30th, there is an online coupon (you'll see it in the checkout process) offering a 15% discount off the total purchase.  This means above and beyond already existing quantity discounts.

A fully functional trial is available for download and for purchasing you can use all the major credit cards.  The PayPal option will be up in a couple of weeks.

Don't forget, you can watch a one-hour full demo on episode 77 of !

Thank you to all my existing users - the response has been beyond anything I ever expected.