To turn on BitLocker Encryption in Windows 10/11.

  • You must be login using Administrator Account.
  • Click Start button, and then under Windows System, select Control Panel. In Control Panel, select System and Security, and then under BitLocker Drive Encryption, select Manage BitLocker.
  • Select Turn on BitLocker and then follow the instructions.
  • Make Sure you Save the Key.

Cannot load Counter Name data because an invalid index ” was read from the registry

Cannot load Counter Name data because an invalid index ” was read from the registry

When we are trying to read system performance counters, some time we will get this type of error on machines.

“Cannot load Counter Name data because an invalid index ” was read from the registry”

To fix the issue:

Click the START button
Type CMD
Right click CMD PROMPT and select “Run As Administrator”
Type LODCTR /r
Wait a few seconds, you will get “Error: Unable to rebuild performance counter setting from system backup store, error code is 2”

Now again Type LODCTR /r

This time it will run successfully with the message “Info: Successfully rebuilt performance counter setting from system backup store”

Close he CMD.
















ORA-28001: The password has expired

The password life of the applications as well as operating systems are limited. To enabling more security we are getting some alert in daily life that we need to chage our passwords regularly on fixed inerval.

If we don’t change before the applications limitation, it will expired.

The other day when I was opening SQL Developer, I got message popup “ORA-28001: The password has expired”.

To fix this issue we need to connect Oracle with SYSDBA OR SYSTEM user and do the following things.

STEP 1: Check the users status.

SELECT USERNAME,ACCOUNT_STATUS FROM DBA_USERS;

USERNAME             ACCOUNT_STATUS
-----------------------------------------------
ANONYMOUS OPEN
SYSTEM OPEN
SYS OPEN
LMENARIA EXPIRED & LOCKED

STEP 2: Set the password of locked user.

ALTER USER LMENARIA IDENTIFIED BY pa55word;

STEP 3: Unlock the user account.

ALTER USER LMENARIA ACCOUNT UNLOCK;

STEP 4: Check the user status again is not locked anymore.

SELECT USERNAME,ACCOUNT_STATUS FROM DBA_USERS;

USERNAME                         ACCOUNT_STATUS
-----------------------------------------
ANONYMOUS OPEN
SYSTEM OPEN
SYS OPEN
LMENARIA OPEN

How to get list of all always encrypted columns in SQL Server

We do have “Always encrypted” feature in SQL 2016 and later versions, from this feature we can encrypt the column data instead of encrypting whole database.  Sensitive data like credit card numbers, SSN.
We need to prepare a list of encrypted columns at some where to track for future.
Without tracking anywhere in the documents we can run the simple SQL query which returns all the columns in respective tables and encryption type.

SELECT
t.name AS TableName,
c.name AS ColumnName,
k.name AS KeyName,
c.encryption_type_desc,
c.encryption_algorithm_name
FROM sys.columns c
INNER JOIN sys.column_encryption_keys k ON c.column_encryption_key_id = k.column_encryption_key_id
INNER JOIN sys.tables t ON c.object_id = t.object_id
WHERE encryption_type IS NOT NULL

 

 

SQL Server – List all the Constraints by Table or by Column Name

List all Constraints of the Database:

SELECT * FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS
OR
SELECT OBJECT_NAME(object_id) AS ConstraintName,
SCHEMA_NAME(schema_id) AS SchemaName,
type_desc AS ConstraintType
FROM sys.objects
WHERE type_desc LIKE '%CONSTRAINT'

List Constraints  on table column:

 Select SysObjects.[Name] As [Contraint Name] ,Tab.[Name] as [Table Name],Col.[Name] As [Column Name]
From SysObjects Inner Join (Select [Name],[ID] From SysObjects Where XType = 'U') As Tab
On Tab.[ID] = Sysobjects.[Parent_Obj]
Inner Join sysconstraints On sysconstraints.Constid = Sysobjects.[ID]
Inner Join SysColumns Col On Col.[ColID] = sysconstraints.[ColID] And Col.[ID] = Tab.[ID]
WHERE Tab.[Name] ='Employee' AND Col.[Name]='DOB'
order by Col.[Name]

SQL Server 2016 Always Encrypted Timeout at IIS

Always Encrypted is a feature designed by the Microsoft in SQL Server 2016 to protect sensitive data, such as credit card numbers or national identification numbers (SSN). It allows clients to encrypt sensitive data inside client applications.

When you work with Always Encrypted in development environment, it will be works fine because it requires certificate keys, which will be already installed on Dev machine. But when you moved to production environment it will not work. The Certificate needs to install on that server to run the web application. Without it encryption will not work. You will get database timed out error or encryption error while run the application.

For example:
Execution Timeout Expired.  The timeout period elapsed prior to completion of the operation or the server is not responding.

To resolve this error, you need to install the certificate on the server for specific user. After that you have to defined, selected user in application pool advanced properties. Which user you need to enabled the “Load user profile” property too under “Process Model”.

iis-load-user-profile

Basic Authentication in ASP.Net MVC Web API

ASP.NET Web API is a great tool to create lightweight, HTTP services that reach a broad range of clients, including all browsers and mobile platforms.

In most of scenarios we need authentication to restrict services . There are two ways to restrict it

– Forms authentication
– Windows authentication

Forms authentication is a mechanism that works well in interactive web applications, but Windows authentication is not widely used. Now days services are invoked from the browser using jquery or javascripts for mobile platforms because application are widely used on mobile devices.

HTTP authentication is part of the standard protocol and can be easily handled by client and mobile platforms. To implement Basic authentication in ASP.NET Web API by extending AuthorizeAttribute. But its sometimes not working well, Another a custom message handler by deriving from DelegateHandler class.

Below is the code sample which is deriving from DelegateHandler class and working well.

Code Block:

public class BasicAuthMessageHandler : DelegatingHandler
{
private const string BasicAuthResponseHeader = "WWW-Authenticate";
private const string BasicAuthResponseHeaderValue = "Basic";

public IProvidePrincipal PrincipalProvider = new DummyPrincipalProvider();

public BasicAuthMessageHandler(HttpConfiguration httpConfiguration)
{
InnerHandler = new HttpControllerDispatcher(httpConfiguration);
}

protected override System.Threading.Tasks.Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
AuthenticationHeaderValue authValue = request.Headers.Authorization;
if (authValue != null && !String.IsNullOrWhiteSpace(authValue.Parameter))
{
Credentials parsedCredentials = ParseAuthorizationHeader(authValue.Parameter);
if (parsedCredentials != null)
{
IPrincipal myPrincipal = PrincipalProvider.CreatePrincipal(parsedCredentials.Username, parsedCredentials.Password);
Thread.CurrentPrincipal = myPrincipal;
HttpContext.Current.User = myPrincipal;
}
}
return base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
var response = task.Result;
if (response.StatusCode == HttpStatusCode.Unauthorized
&& !response.Headers.Contains(BasicAuthResponseHeader))
{
response.Headers.Add(BasicAuthResponseHeader
, BasicAuthResponseHeaderValue);
}

if (response.StatusCode == HttpStatusCode.Unauthorized)
{
var content = new StringContent("Invalid Credentials");
response.Content = content;
response.StatusCode = System.Net.HttpStatusCode.Unauthorized;
}
return response;
});
}

private Credentials ParseAuthorizationHeader(string authHeader)
{
string[] credentials = Encoding.ASCII.GetString(Convert
.FromBase64String(authHeader))
.Split(
new[] { ':' });
if (credentials.Length != 2 || string.IsNullOrEmpty(credentials[0])
|| string.IsNullOrEmpty(credentials[1])) return null;
return new Credentials()
{
Username = credentials[0],
Password = credentials[1],
};
}
}

public interface IProvidePrincipal
{
IPrincipal CreatePrincipal(string username, string password);
}

public class Credentials
{
public string Username { get; set; }
public string Password { get; set; }
}

public class DummyPrincipalProvider : IProvidePrincipal
{
public IPrincipal CreatePrincipal(string username, string password)
{
//check user using any membership provider Websecurity/Membership
if (!WebSecurity.Login(username, password, persistCookie: false))
{
return null;
}
var identity = new GenericIdentity(username);
IPrincipal principal = new GenericPrincipal(identity, Roles.GetRolesForUser(username));
return principal;
}
}

WebApiConfig:

config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional },
constraints: null,
handler: new BasicAuthMessageHandler(GlobalConfiguration.Configuration)

Controller:

[Authorize]
public class ValuesController : ApiController
{
// GET api/values
public IEnumerable<string> Get()
{
return new string[] { "first", "second" };
}
}

Client:

using (HttpClient client = new HttpClient())
{
client.BaseAddress = new Uri("http://example.com");
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Authorization", Convert.ToBase64String(Encoding.ASCII.GetBytes(String.Format("{0}:{1}", userName, password))));
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var Response =await client.GetAsync("api/accounts/validateuser");
}