6 years of blogging – time for a change!

Oct 252011
 

Six years ago, I was still a student at the University of Geneva, I decided to host myself a blog in order to be able to share my ideas and views with other people. It was also a convenient way for me to be able to remember some random ideas I would have read or learnt.  

I quickly realized that nobody was reading my blog :)! So I changed the switched the main language to English instead of French, this helped quite a bit to increase the number of visitors. I remember that I was really proud when around 30 people per day would visit my blog.

With time my focus and the focus of this blog sharpened on web design and web development (mostly Macromedia/Adobe Flash). Being actively focused drive this blog high in page rank and I had a decent amount of daily visitors (for a personal blog, that said).

Since my professional focus shifted from web design and development to software engineering and testing, the focus on this blog has been lost. Frankly, I am writing about too much random stuff to be able to capture someone attention.

In computer science there is a known paradigm, called divide and conquer, that state that to fix a complex problem a solution is to divide it in simpler problems. Starting today I will apply this paradigm to my online presence.

I am a software tester by profession and I am passionate about software testing knowledge and theories. I have opened a blog dedicated to software testing: testingpatterns.info where I will be blogging about software testing whenever I have something to write. Join me there if you are interested by software testing :).

I work at Microsoft, on Lync server and I own the testing for Response Group Service and Call Park Service. I have opened a while ago a blog on MSDN dedicated to this topic. Join me there if you are interested by Lync server response group service and call park service :).

What about metah.ch / ahmetgyger.com blog? Well I am going to use this blog only for more personal related blogging, giving my point of view on technologies and sharing some information about my life in the US.

Thanks for reading!
A.

First week in Seattle: ✔

Jun 292011
 

Last Sunday, my family and I landed in Seattle airport after more than ten hours traveling.  We then settled in a temporary housing in Kirkland, with a breathtaking view on Washington Lake. So far, we are all excited and happy to be here!

On Monday morning, I was at Microsoft for the New Employee Orientation (employee that relocate have to attend the NEO). It was a pretty good way to adjust my jet lag and understand what I needed to do in order to get my administrative work done. Main blocker for us is still the social security number. In the US without a SSN you cannot get credit. Without credit you cannot get a phone, a car or a house. So our temporary situation is going to last for a few more weeks, not bad considering the current view on the LakeJ.

Being at Microsoft mothership is quite impressive, around 60’000 employees dispatched in numerous building all around the area. This is a radical change from my experience in Zurich (Switzerland) where we were “only” 30 employees.  When I learned that the Dev Center in Zurich was about to close, I decided to stay in the same group (Lync) while extending my responsibilities. This means that I am now testing Lync Response Group and Xmpp Gateway.

The Seattle area is very promising, close to mountains, forest and the Pacific Ocean. I am really looking forward to discovering this area.

 

Spec Explorer – Model Based Testing for all

Jun 112011
 

Some interesting Spec Explorer videos from Channel9. It is all you need to get started with Model Based Testing.
The idea behind spec explorer is to make a model of the requirements of your products and let Spec Explorer generate millions of interesting test cases. You just need to find enough CPU power to run all the generated test cases :-)!

Continue reading »

Impersonation with C#

Oct 152010
 

.Net offers multiple ways to manage impersonation and its level. The important point to understand is what is being impersonated: the thread or the process also is the impersonation happening on the process or is it happening only on the network. Below classes will show you how to impersonate in all this cases.

First class: ImpersonateManager – allows starting impersonation and will apply to the thread scope. You will need to allow unsafe code in your project build properties.  Below program is an example of using the ImpersonateManager.

class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Before impersonation: " + WindowsIdentity.GetCurrent().Name);

            try
            {
                ImpersonateManager.ImpersonateUser("domainName", "userName", "password");
                Console.WriteLine("Impersonated User: " + WindowsIdentity.GetCurrent().Name);
            }
            catch (System.ComponentModel.Win32Exception e)
            {
                Console.WriteLine("Exception while trying to impersonate: " + e);
            }

            ImpersonateManager.StopImpersonation();
            Console.WriteLine("After impersonation: " + WindowsIdentity.GetCurrent().Name);

            Console.ReadKey();
        }
    }

The ImpersonateManager.cs is like this:

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;

[assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, UnmanagedCode = true)]
[assembly: PermissionSetAttribute(SecurityAction.RequestMinimum, Name = "FullTrust")]
namespace ImpersonateThread
{
    public class ImpersonateManager
    {
        [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
        public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword,
            int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

        [DllImport("kernel32.dll", CharSet = System.Runtime.InteropServices.CharSet.Auto)]
        private unsafe static extern int FormatMessage(int dwFlags, ref IntPtr lpSource,
            int dwMessageId, int dwLanguageId, ref String lpBuffer, int nSize, IntPtr* Arguments);

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public extern static bool CloseHandle(IntPtr handle);

        [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public extern static bool DuplicateToken(IntPtr ExistingTokenHandle,
            int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

        // OurIdentity
        private static WindowsImpersonationContext _impersonatedUser;

        // Tokens
        private static IntPtr tokenHandle = new IntPtr(0);
        private static IntPtr dupeTokenHandle = new IntPtr(0);

        // If you incorporate this code into a DLL, be sure to demand FullTrust.
        [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")]
        public static void ImpersonateUser(string domainName, string userName, string password)
        {
            const int LOGON32_PROVIDER_DEFAULT = 0;
            const int LOGON32_LOGON_INTERACTIVE = 2;

            tokenHandle = IntPtr.Zero;

            // Call LogonUser to obtain a handle to an access token.
            bool returnValue = LogonUser(userName, domainName, password,
                LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT,
                ref tokenHandle);

            if (false == returnValue)
            {
                // Logon failure
                int ret = Marshal.GetLastWin32Error();
                throw new System.ComponentModel.Win32Exception(ret);
            }

            // Use the token handle returned by LogonUser.
            WindowsIdentity newId = new WindowsIdentity(tokenHandle);

            // Now the thread is impersonated.
            _impersonatedUser = newId.Impersonate();
        }

        public static void StopImpersonation()
        {
            // Stop impersonating the thread.
            _impersonatedUser.Undo();

            // Free the tokens.
            if (tokenHandle != IntPtr.Zero)
            {
                CloseHandle(tokenHandle);
            }
        }
    }
}



Now this might not be enough for your need, you might need more than thread impersonation.

There are basically two main logon scenarios in this case:

1)      The user you want to impersonate is on the same domain as the current process

  • Load the profile in the registry (like runas /profile)
  • Sample with: ProcessImpersonator.ImpersonateProcess_WithProfile()

2)      The user you want to impersonate is on a domain without trust relationship

  • Use the specified credentials on the network only (like runas /netuse)
  • Sample with : ProcessImpersonator.ImpersonateProcess_NetCredentials()

Below program do exactly this, it will start another executable (located in the same folder and having a name of test.exe).

class Program
    {
        static void Main(string[] args)
        {
            // Will impersonate the process based on a user existing on the same domain
            ProcessImpersonator.ImpersonateProcess_WithProfile(@"C:\test.exe",
                "domain", "user", "password");

            // Will impersonate the call from the process based on a user on a domain
            // with no trust relationship.
            ProcessImpersonator.ImpersonateProcess_NetCredentials(@"C:\test.exe",
                "Otherdomain", "user", "password");
            Console.ReadKey();
        }
    }

ProcessImpersonator.cs looks like this:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.IO;
using System.Runtime.InteropServices;
using System.Security.Principal;
using System.Security.Permissions;
using System.Text;

namespace ImpersonateThread
{
    public class ProcessImpersonator
    {
        [Flags]
        enum LogonFlags
        {
            LOGON_WITH_PROFILE = 0x00000001,
            LOGON_NETCREDENTIALS_ONLY = 0x00000002
        }

        [Flags]
        enum CreationFlags
        {
            CREATE_SUSPENDED = 0x00000004,
            CREATE_NEW_CONSOLE = 0x00000010,
            CREATE_NEW_PROCESS_GROUP = 0x00000200,
            CREATE_UNICODE_ENVIRONMENT = 0x00000400,
            CREATE_SEPARATE_WOW_VDM = 0x00000800,
            CREATE_DEFAULT_ERROR_MODE = 0x04000000,
        }

        [StructLayout(LayoutKind.Sequential)]
        struct ProcessInfo
        {
            public IntPtr hProcess;
            public IntPtr hThread;
            public uint dwProcessId;
            public uint dwThreadId;
        }

        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
        struct StartupInfo
        {
            public int cb;
            public string reserved1;
            public string desktop;
            public string title;
            public uint dwX;
            public uint dwY;
            public uint dwXSize;
            public uint dwYSize;
            public uint dwXCountChars;
            public uint dwYCountChars;
            public uint dwFillAttribute;
            public uint dwFlags;
            public ushort wShowWindow;
            public short reserved2;
            public int reserved3;
            public IntPtr hStdInput;
            public IntPtr hStdOutput;
            public IntPtr hStdError;
        }

        [DllImport("advapi32.dll", CharSet = CharSet.Unicode, ExactSpelling = true,
         SetLastError = true)]
        static extern bool CreateProcessWithLogonW(
            string principal,
            string authority,
            string password,
            LogonFlags logonFlags,
            string appName,
            string cmdLine,
            CreationFlags creationFlags,
            IntPtr environmentBlock,
            string currentDirectory,
            ref StartupInfo startupInfo,
            out ProcessInfo processInfo);

        [DllImport("kernel32.dll")]
        static extern bool CloseHandle(IntPtr h);

        ///
        /// This will use the Logon_NetCredentials_only value.
        /// Usefull for inter-domain scenario without trust relationship
        /// but the system does not validate the credentials.
        ///
        public static void ImpersonateProcess_NetCredentials(string appPath, string domain,
            string user, string password)
        {
            ImpersonateProcess(appPath, domain, user, password,
             LogonFlags.LOGON_NETCREDENTIALS_ONLY);
        }

        ///
        /// This will use the Logon_With_Profile value.
        /// Useful to get the identity of an user in the same domain.
        ///
        public static void ImpersonateProcess_WithProfile(string appPath, string domain,
            string user, string password)
        {
            ImpersonateProcess(appPath, domain, user, password, LogonFlags.LOGON_WITH_PROFILE);
        }

        ///
        /// Call CreateProcessWithLogonW
        ///
        private static void ImpersonateProcess(string appPath, string domain, string user,
            string password, LogonFlags lf)
        {
            StartupInfo si = new StartupInfo();
            si.cb = Marshal.SizeOf(typeof(StartupInfo));
            ProcessInfo pi = new ProcessInfo();

            //
            if (CreateProcessWithLogonW(user, domain, password,
            lf,
            appPath, null,
            0, IntPtr.Zero, null,
            ref si, out pi))
            {
                CloseHandle(pi.hProcess);
                CloseHandle(pi.hThread);
            }
            else
            {
                throw new System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error());
            }
        }
    }
}

For more information on the topic:

MSDN – CreateProcessWithLogonW.
MSDN – WindowsIdentity.
Geeks with blogs – Managed CreateProcessWithLogonW.

What am I doing? Software testing :-)

Jun 022010
 

Since I moved to Zurich, two years ago, I sadly did not have the time to see most of my friends I have in Geneva. This post will hopefully explain you what I am doing in Zurich as an Engineer in Test at Microsoft. I know that even the people who know me well do not really understand what my role is and what testing is about.  Defining testing is not quite easy so let me start by quoting Wikipedia’s definition of software testing:

Software testing is an investigation conducted to provide stakeholders with information about the quality of the product or service under test. Software testing also provides an objective, independent view of the software to allow the business to appreciate and understand the risks at implementation of the software. Test techniques include, but are not limited to, the process of executing a program or application with the intent of finding software bugs.

To resume, I bring information about quality and objective view of the software I work on (the next generation of Office Communication ServerResponse Group Service). I own the testing of some feature of RGS for this feature I should always be able to answer the question: ‘Can we ship it?’.
To answer this question I have two main approaches:

  1. Develop automated test that will run scenario at a code level, this test being automated I can make sure that no regression would be added these feature and related area.
  2. Do some manual testing on complex scenarios representing the customers most important scenarios.

 

Finding ‘bugs’ effort is only the half of my work. The other half is dedicated at understanding the defects and drive to their resolution. To do so I am helped by developers (fixing the bug) and project managers (to give clear vision on how a feature should work in every details).

As the goal of this post is to be as clear as possible in won’t go further in my explanation :-)

I hope you know understand better what software testing is how I spent my time at work.

Windows Phone 7: Hands on Demo.

Feb 162010
 

Interesting video (from Channel 9) showing a preview of the winPhone 7 OS.

Get Microsoft Silverlight

I am just a bit worried about the localized version of Bing. So far I have seen it working in the US. Does that mean that Bing will be updated for a worldwide support or that the winPhone7 will be available only in the US until it is done?

Microsoft Pivot – an innovative way of browsing information

Feb 122010
 

After playing with Pivot, I have been really existed by the possibilities that Pivot offers.

Pivot makes it easier to interact with massive amounts of data in ways that are powerful, informative, and fun.

Simply speaking, Pivot is a tool that helps us visually browse collections of information.

Pivot screenshot 1

Figure 1: Item view in Pivot while browsing the mathematics section of Wikipedia

What really excite me is that Pivot is based on the concept of collections (group of objects that have common attributes). For website with huge amount of information, as Wikipedia, it is really a great way of browsing because you can apply filter information and have a visual result. These collection can also be assembled manually (it is a simple XML file) so it could be a great way to share an important amount of information easily.

Pivot screenshot 2

Figure 2 – National parks, filtered by type

Get more information and download pivot from Pivot’s website.

 Older Entries