Android – Galaxy S7 Edge – SMS Hyperlink Bug (URL’s with # hash or hashtag)

I’m currently working on an application that sends text messages to some of its users.  In that text message we send a URL for the end user to click.  iOS, Windows Phone, and Android will all show their end users a link for the URL so they can easily click it right from their messaging app!  Great!  Except one thing…

Android does not support hash/hashtag/number sign/hashbang/whatever you call it URL’s!

So if you send a URL like,, the Android user will be sent to while iOS and Windows Phone will direct their users correctly.

I tried searching around to see if I can find a reason for it, but alas to no avail.

My workaround was to create a page, which took in the same query string variables, and just used raw JavaScript to send the user to the correct URL (window.location).  SMS message URL link was tested on iOS, Windows Phone, and Android and all three worked!

*Side note:  I believe the “perfect” long term solution would be to use a “URL Shortening Service”.*

.NET Authentication In WebAPI 2 With Cross Domain Support

Recently I had a project requirement to create a .NET WebAPI 2 project that supported authentication as well as cross domain support (CORS / Cross-Origin Resource Sharing).  This will allow external domains to POST requests to the authentication API, and we will return an OAuth token that can be used in later WebAPI requests.

All .NET code examples below are in C#.

First start a new “ASP.NET Web Application” project.  Select the “WebAPI” template, and make sure “Individual User Accounts” is selected.

Second, use NuGet to install the following packages:

  • Microsoft.AspNet.Cors
  • Microsoft.AspNet.WebApi.Cors
  • Microsoft.Owin.Cors

These packages will enable you to configure CORS for API and Owin calls.

Under “App_Start/Startup.Auth.cs” inside the function “ConfigureAuth” add this line of code to the top of the function (yes, having it be the first line is very important).

public void ConfigureAuth(IAppBuilder app)
    // Allow cross domain authentication requests

    // ..... The rest of the code for the function goes below here

Please note, this line will allow requests from ANY external domain. If you want to lock down which domains have rights to post to the authentication API you’ll need more configuration at this point. Typically you will NOT want requests from any domain, and will have a list of accepted domains.

Your login URL will be “/Token”. This can be adjusted in “App_Start/Startup.Auth.cs” where “OAuthOptions” is defined. Specifically the “TokenEndpointPath” is the parameter that controls the route.

When POST’ing to “/Token” you’ll send three parameters.  The “grant_type” is a static string which will be set to “password”.  The “username” and “password” parameters will be the username and password you are attempting to authenticate with.

var loginData = {
    grant_type: 'password',
    username: 'yourusername',
    password: 'yourpassword'

If your POST is successful, the response will contain an “access_token”. For all future WebAPI calls you’ll want to set an “Authorization” header to “Bearer ” followed by your access_token you received from your initial login.

Here are some resources that helped me with my project!

Sample .NET C# WebAPI project with local individual accounts.

Explanation of posting form data in AngularJS

Tagged , , , ,

AngularJS and MomentJS – Formatting UTC to local time using a custom filter

Frequently in our app, we need to show date/time’s which are stored in our database as UTC time.  From a users perspective however, it is best to view datetime’s in their local timezones.

MomentJS is a great library that is used pretty heavily to display date/time’s in JavaScript in a friendly manner.  Combining MomentJS with AngularJS (and with a small custom filter).

We use “angular-moment” which provides Moment.JS directives for Angular.JS (timeago and more).

We also like to have some conformity for formatting date/times throughout our app. Centralizing the formatting allows use to easily change the style/layout/format of our date/time’s and have that change occur throughout our entire app!

Once you have “angular-moment” running in your AngularJS app, add the custom filter to your AngularJS app.

Our custom filter: (where “angularJSApp” is the name of your AngularJS app)

var angularJSApp = angular.module('angularJSApp', ['angularMoment']);

angularJSApp.filter('UTCToNow', ['moment', function (moment) {
     return function (input, format) {
                return moment.utc(input).local().format('dddd, MMMM Do YYYY, h:mm:ss a');
                return moment.utc(input).local();

How to use the custom filter in our HTML:

{{dateCreated | UTCToNow: true }}
<br />
<span am-time-ago="dateCreated | UTCToNow"></span>

You should now see your date/time in your local timezone

AngularJS UI Bootstrap – Typeahead – Filtering by multiple properties with custom template

I’ve been working on an AngularJS v1.4.7 application that uses “angular-ui-bootstrap” v 1.1 to incorporate Bootstrap components in our AngularJS app.

UI Bootstrap Bootstrap components written in pure AngularJS by the AngularUI Team

We have been using the “Typeahead” component pretty heavily and I just wanted to make a quick post about how we are using the component, specifically with regards to the custom template, and the ability to filter by multiple items.

We use the Typeahead component to list objects and allow user selection. Below is a code snippet which shows an AngularJS Bootstrap UI Typeahead component which is filtering on a persons first name, or last name and is using a custom HTML template to display results.

<input type="text" ng-model="cctrl.Person" typeahead-template-url="personTemplate" typeahead-min-length="0" uib-typeahead="person as (person.first_name + ' ' +person.last_name) for person in | filter:{name:$viewValue}" class="form-control" placeholder="Select person" />
<script type="text/ng-template" id="personTemplate">
     <div class="row small-text">
          <div class="col-sm-4">
               {{}},{{match.model.state}} {{match.model.zipCode}}
          <div class="col-sm-4">
          <div class="col-sm-4">
     <hr />

The “uib-typeahead” attribute is where you put what fields you would like to filter by.

uib-typeahead="person as (person.first_name + ' ' +person.last_name) for person in | filter:{name:$viewValue}" class="form-control"

If you want to add email and phone filtering to the Typeahead you would just add a space behind your last filter, and then add the new filter you want.

uib-typeahead="person as (person.first_name + ' ' +person.last_name + ' ' + + ' ' + for person in | filter:{name:$viewValue}" class="form-control"

The template is just controlled by the “typeahead-template-url” attribute on the Typeahead element and the HTML contained within the “” element. Whatever ID you give your script element will be the value for your “typeahead-template-url” attribute.

<script type="text/ng-template" id="personTemplate">

Knightmare: A DevOps Cautionary Tale

Incredible. DevOps always watch, document, and review your deployments!

Doug Seven

I was speaking at a conference last year on the topics of DevOps, Configuration as Code, and Continuous Delivery and used the following story to demonstrate the importance making deployments fully automated and repeatable as part of a DevOps/Continuous Delivery initiative. Since that conference I have been asked by several people to share the story through my blog. This story is true – this really happened. This is my telling of the story based on what I have read (I was not involved in this).

This is the story of how a company with nearly $400 million in assets went bankrupt in 45-minutes because of a failed deployment.


Knight Capital Group is an American global financial services firm engaging in market making, electronic execution, and institutional sales and trading. In 2012 Knight was the largest trader in US equities with market share of around 17% on each the…

View original post 1,369 more words

Azure Releases ExpressRoute

Microsoft has recently announced “ExpressRoute” for their Azure stack!  This is great news for security centric partners needed to ensure private access to the service hosted on Azure.

If you utilize a network service provider that supports ExpressRoute connections, your connection can even bypass the public internet entirely!

I am personally excited to see where this technology goes, and how many providers start to pick it up.

Please note, even if your carrier does not support ExpressRoute directly, you can still utilize the ExpressRoute service!

Tagged , ,

A U.S. State paid over $1,000,000 USD (million) for “fake” security in their web application!

I have the “pleasure” of interacting with a software for a US state that was contracted out to a third party.  The third party vendor is not known for high caliber software, but what found recently while digging around their web application really made me cringe.

When you first login to the application, a little modal pops up and alerts you to the fact that it is connecting to secure servers.

I noticed after the redirect, I ended up in a non-ssl web application.  I mean, literally, no SSL ANYWHERE.  Every piece of information posted back and forth to the web application is done in PLAIN TEXT across the magical internet pipes.

This piqued my interest, and led me to dig around the HTML/JS that was loading during that modal.

To my surprise, NOTHING was being done at all!  This piece of code literally LIES to its users, suggesting that it is going into secure channels.

Knowing the state paid over $1,000,000 for this web application makes me sick to my stomach.  The system has been plagues with issues since launch, (as most web applications do), but this really is going above and beyond.  Seeing the commented “alert” let’s me know someone was debugging this thing at some point.  What was the time spent to write this code (essentially misleading users about security) vs the time it would have taken to install an actual SSL certificate?!


Tagged ,

How To: Server 2012 R2 Change Default RemoteApp Port for Web Deployments

Working on a RemoteApp configuration and I needed to change the default port (3389) that the RDWeb deployment file uses.  In Server 2008 there was an easy to use GUI that let you configure the name, port, and icon of RemoteApps.  That GUI is no longer available in Server 2012!  Not to fear, I found this nifty little PowerShell that allows you to set the port used on files that are downloaded by users at the “/RDWeb” RemoteApp web portal.

You will need to know the Collection Name for the RemoteApp session collection you are trying to edit.  Use the PowerShell command below and just replace “[[Your Collection Name]]” with your collection name, (QuickSessionCollection is the default name created by the “Quick” option during RemoteApp configuration).  Replace the “[[Your Port Here]]” with the port number you would like the RDWeb to use when giving users the .RDP file for their RemoteApp connection.

Set-RDSessionCollectionConfiguration –CollectionName [[Your Collection Name Here]] –CustomRdpProperty “server port:i:[[Your Port Here]]”


Tagged , ,

Server 2012 R2 : Change Remote Desktop SSL Certificate in 3 Easy Steps

Working on a Server 2012 Standard R2 today that had an initial SSL self signed certificate.  I needed to replace that certificate, so IIS and Remote Desktop would stop warning users about the security issue.  In Server 2008, you could select which certificate you wanted Remote Desktop connections to use.  In Server 2012 that GUI has been removed.  It took me a little while to get everything down for Server 2012, but these are the steps I took.  Hope this helps out someone else later on!

  1. Get the Thumbprint of the SSL certificate you want Remote Desktop to use
    1. Windows + R
    2. Type in mmc and hit enter
    3. Control + M (or File -> Add/Remove Snap In)
    4. Click on “Certificates” in the “Available snap-ins:” section
    5. Click the “Add >” button
    6. Select “Computer account”
    7. Click Next
    8. Select “Local Computer:”
    9. Click the “Finish” button
    10. Click “OK” button
    11. Open the “Certificates (Local Computer)” then, “Personal” and then “Certificates” sub folder.
    12. Double click the certificate you want Remote Desktop to use
    13. Click the “Details” tab
    14. Select “All” under “Show:” and scroll down to the “Thumbprint” field and select the “Thumprint” field.
    15. Copy the text of the hash.
    16. Remove all spaces from your copied hash
  2. Open “Power Shell” as an Administrator
  3. Run these power-shell commands (replace YOUR HASH HERE with your thumbprint you copied from step 1 above).  You can run each line one after the other.
    1. $TSGeneralSetting = Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -Filter “TerminalName=’RDP-tcp'”)
    2. $Hash = “YOUR HASH HERE”
    3. $TSGeneralSetting.SSLCertificateSHA1Hash = $Hash
    4. $TSGeneralSetting.put()

PowerShell should prompt you that everything went over successfully.  Connect to the server again with Remote Desktop or RemoteApp, and it should be using the new SSL configuration!


Tagged , , ,