IT Nota

How to Remove .NET Runtime and SDK on Mac

Check Installation

Determine which version is installed with the command line.

According to Microsoft documentation, we need to remove the SDKs and runtimes separately:

Pay attention to the difference in installed locations between the Intel Mac vs. Silicon M series chip.

Arm-based mac: /usr/local/share/dotnet/
Intel-based mac: /usr/local/share/dotnet/x64/dotnet/

In this example, I want to remove the .NET 6 RC on an M1 silicon Mac from previous test.

% dotnet --list-runtimes
Microsoft.AspNetCore.App 6.0.0-rc.1.21452.15 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 6.0.0-rc.1.21451.13 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]

% dotnet --list-sdks
6.0.100-rc.1.21463.6 [/usr/local/share/dotnet/sdk]

Uninstall .NET

From the example above, we’ll remove all instances. All these commands can be entered all at once in the Terminal, it will ask you to enter sudo password just once.

sudo rm -rf /usr/local/share/dotnet/sdk/$version
sudo rm -rf /usr/local/share/dotnet/shared/Microsoft.NETCore.App/$version
sudo rm -rf /usr/local/dotnet/shared/Microsoft.AspNetCore.All/$version
sudo rm -rf /usr/local/share/dotnet/shared/Microsoft.AspNetCore.App/$version
sudo rm -rf /usr/local/share/dotnet/host/fxr/$version

That’s it.

You can re-run the dotnet –list-runtimes and dotnet –list-sdks to verify that there’s no longer any .NET installed. You should see something similar to this:

% dotnet --list-runtimes                          
A fatal error occurred. The folder [/usr/local/share/dotnet/host/fxr] does not exist

% dotnet --list-sdks
A fatal error occurred. The folder [/usr/local/share/dotnet/host/fxr] does not exist

Now you can install the new version for your .NET development.

Further Reading

How to remove the .NET Runtime and SDK
How to Check Installed .NET Core Version
Trying .NET 6 Preview on macOS Silicon M1

How to Solve Intermittent 403 Error in IIS

Symptoms

You can load the page just fine, but after going through the pages quickly or by opening several tabs at once, you see a 403 error:

IIS 403 Error Forbidden Access is denied

403 - Forbidden: Access is denied.

You do not have permission to view this directory or page using the credentials that you supplied.

This is a bit misleading since you might right away think that the you do not have permission to access the web page or the folder. But you know you’re authenticated because you could see the page a few seconds ago and the problem is intermittent. So why do you get 403 Forbidden: Access is denied?

What to Check

The first thing you want to check is the IIS log and look for the specific error code (403) with the timestamp when you see the 403 error. You might see something similar to the following:

2022-02-02 22:33:58 10.20.128.70 POST /ResultPage.asp - 80 - 192.168.1.25 Mozilla/4.0... https://www.itnota.com/CheckPage.asp 403 501 0 0

Open up the IIS log in a text editor and search for ” 403″ (without quotes). A leading whitespace is added to narrow down the search. You can also use regular expression to be precise but for this exercise, I think it’s an overkill.

IIS Log Search for 403 501 error in a text editor

One key thing we need to pay attention to is to check the whole error code by looking the one next to the 403 → 501. So to be exact, the error code is actually 403.501.

If you check the definition of this error here, you’ll soon find out this error has nothing to do with permission in the traditional sense of how we understand it:

403.501 - Forbidden: Too many requests from the same client IP; Dynamic IP Restriction Concurrent request rate limit reached.

This is the real issue and it’s easier to fix once we’ve figured out that we need to look at the Dynamic IP Restriction.

So now we have three options:

  1. Disable Dynamic IP Restriction.
  2. Increase the Maximum number of concurrent requests.
  3. If your connection comes from the same IP address (i.e. F5), then you can create a whitelist based on its IP address.
  4. Maybe four, as you can combine option 2 and 3 if needed.

Whether you choose option 1, 2, or 3, all the settings are in the same location in IIS.

Steps

  1. Launch IIS Manager and on the left pane window, select the site that you want to modify.

  2. In the middle window, double-click on the IP Address and Domain Restrictions.

    IIS Settings IP Address and Domain Restrictions

  3. If you want to do either option 1 or 2, click on Edit Dynamic Restriction Settings… on the right window pane.

    IIS Edit Dynamic Restriction Settings Maximum Concurrent Requests

  4. Option 1: To disable the Dynamic IP Restrction, uncheck all the checkboxes and click OK.

  5. Option 2: Modify the number in the Maximum number of concurrent requests: and still leave the Deny IP Address based on the number of concurrent requests checked. Then click OK.

  6. Option 3: You can either leave the Dynamic Restriction Settings alone, or you may combine that setting with the whitelist as well.

  7. In IP Address and Domain Restrictions window, click on Add Allow Entry… on the right window pane.

    IIS Add Allow Entry window on IP Address and Domain Restrictions settings

    Note: All your modification is saved in applicationHost.config file in the server as indicated on the bottom of the IP Address and Domain Restrictions window.

  8. Add the IP Address you want to allow entry that’s not limited by the Dynamic Restriction Settings in the Specific IP address: textbox. Or you can enter a range of IP addresses under the IP address range: textbox. Then click OK.

    IIS IP Address and Domain Restrictions - Add Allow Entry

Additional Note

As mentioned earlier, all the settings we did above is saved applicationHost.config file. The file can be found in the following directory:

%windir%\system32\inetsrv\config

And all the steps above can be skipped if you edit the file using a text editor. I personally like to use GUI to prevent typos so just be aware of the risk of editing this file by hand.

  <location path="##Your-website-name-in-IIS##">
    <system.webServer>
      <asp appAllowClientDebug="true" appAllowDebugging="true" />
      <security>
        <ipSecurity>
          <add ipAddress="192.168.1.25" allowed="true" />
        </ipSecurity>
        <dynamicIpSecurity>
          <denyByConcurrentRequests maxConcurrentRequests="1" />
          <denyByRequestRate maxRequests="20" />
        </dynamicIpSecurity>
      </security>
    </system.webServer>
  </location>

That’s it.

Once you saved all the settings, the new change should take effect immediately.

Further Reading

The HTTP status code in IIS 7.0 and later versions
IIS 8.0 Dynamic IP Address Restrictions
Using Dynamic IP Restrictions
IIS Dynamic IP Restrictions whitelist

How to Solve MS Office VBA Compile Error UserAuthentication

This is such a persistent issue that hopefully will die down soon. In a corporate world where there are so many legacy systems though, and this comes up more than we want to admit.

This happened in one corporation that has one department relies on various macro-enabled Microsoft Word documents to process requests. One morning, one processor encountered a Visual Basic for Applications error in one of their Microsoft Word forms.

MS Word VBA Compile error UserAuthentication

Microsoft Visual Basic for Applications

Compile error in hidden module: UserAuthentication.
This error commonly occurs when code is incompatible with
the version, platform, or architecture of this application. Click
"Help" for information on how to correct this error.

When you encounter this, right away check both the MS Word doc (or docx) file and what version of MS Words is used to open the file.

As the error indicates, the keyword here is code incompatible with the version… of this application.

In our case, we did not have to check their document library since we know their forms were really old. So we just needed to check their MS Office version.

If you use MS Word 2016 or later, just go to File, Account and click on About Word and check on the header. In this very specific case, the end user used a 64-bit version of MS Word to open the old document and that was the cause of error.

Microsoft Word 64-bit Version

Once we have this information, there were two options that the client could take. Either, the forms need to be rewritten or the user’s MS Word need to be downgraded to a 32-bit version. The latter option of course is easier and faster.

The client opted for a downgrade to resolve the issue.

How to Enable Font Ligatures in Visual Studio Code

Ligatures are special characters in a font that combine two or more characters into one.

For example, if you use a ligatured font, whenever you type != it will become .

Aside from the arguments whether using a ligatured font is a good or bad thing in your code, here’s what you need to do if you want to enable it in Visual Studio Code.

For this example, we’ll use Cascadia Code (NOT Cascade as shown in the screenshots) and Fira Code. If you want to follow along, you can download the fonts by using the download link below.

On macOS, instead of downloading and installing the fonts manually, you can use Homebrew instead, which is way easier and quicker.

  1. Launch Visual Studio Code.
  2. Press CTRL+, (or Cmd ⌘+, on macOS) to open Settings.

  3. Under Settings, you can see and edit what font you want to use. The way it’s setup now, Cascadia Code is prioritized and Fira Code is used only if Cascadia Code is not available.

    Visual Studio Code Font Family in Settings

  4. To enable the ligatures though, we need to edit the settings.json file. We can type in the word “ligatures” in the Search settings box. Then click on the link Edit in settings.json to open the json file.

    Visual Studio Code Font Ligatures in settings.json

  5. You can add editor.fontLigatures and set it to true under the editor.fontFamily.

    Visual Studio Code font in settings.json

    {
  "editor.fontFamily": "'Cascadia Code', 'Fira Code'",
  "editor.fontLigatures": true,

[deleted for brevity]

}
  6. Close the settings.json tab and you should be able to see the ligatures.

Now, we can test if we can see the font ligatures work.

Testing font ligatures in Visual Studio Code

If you did not see any change, make sure you restart Visual Studio Code before trying it again.

This setting also works for Visual Studio Codium.

Download

Fira Code: free monospaced font with programming ligatures
Microsoft Cascadia Code Font

Further Reading

Ligatures in Programming Fonts are a Terrible Idea
How to Install Fonts on macOS using Homebrew

Connect New SSRS Server to Old SQL Server with TLS

This was posted just to share an experience of tackling a problem we encountered when we needed to connect an SSRS Server 2016 to an older SQL Server database (Windows Server 2008 R2) and what steps we took to troubleshoot the issue.

After all the reports were migrated to the new SSRS server, upon creating a new Data Source, I got an error message something along the line to enter the user id and password correctly.

A simple way to check the connection to the SQL Server database is by setting up an ODBC connection to test.

Sure enough, even the ODBC Data Source Test failed with this message:

ODBC Data Source Administrator Test Failed

Microsoft SQL Server Login

Connection failed:
SQL State: '01000'
SQL Server Error: 1
[Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen
(SECCreateCredentials()).
Connection failed:
SQLState: '08001'
SQL Server Error: 18
[Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error

For the first issue, the resolution was because of the difference of TLS version enabled by default for each server. We know that TLS 1.2 is enabled by default on Windows Server 2016 or later. However, for the Windows 2008 R2 was not set up correctly.

Windows Server 2008 registry with no TLS enabled

No TLS enabled at all!

After following the steps to enable TLS 1.2 on Windows Server 2008, we retried the ODBC connection from the new SSRS server (Windows Server 2016) and it was successful.

ODBC Data Source Administrator Test Successful

With the ODBC connection working, we went back to check the connection from the SSRS itself (the same Windows 2016 Server). But when we clicked on Test connection, we still encountered the following error:

SSRS Data Source Connection SSL/Algorithm/TLS Error

Couldn't connect

The report server couldn't connect to the data source using the information you entered. Make sure you've entered the connection string and any credentials correctly.

Hide error details ^

  A connection was successfully established with the server, but then an error occured during the login process. (provider: SSL Provider, error: 0 - The client and server cannot communicate, because they do not possess a common algorithm.)

Logically, both servers should be able to communicate with each other using TLS 1.2 since both were enabled, but this could be caused by the weak cipher on the old Windows 2008. Since we were pressed on time and the client agreed with the temporary risk, the solution that we opted was to enable both TLS 1.0 and TLS 1.1 on both servers in addition to TLS 1.2.

Windows registry enable TLS 1.0, TLS 1.1 and TLS 1.2

Had these servers reside on the DMZ, we won’t recommend this solution at all. Even for internal servers such as our clients, we don’t recommend this solution as a long-term fix. But in this case, it was good enough.

This was remediated soon after when the client upgraded the database server to a Windows Server 2019, where TLS 1.2 is also enabled by default with strong ciphers being available.

Hopefully, it will help others who are also in the intermediary state of upgrading and trying to troubleshoot a similar issue.

With that, I welcome any input for a better solution (i.e., you have time to test that it only requires TLS 1.1 but not 1.0, or something more secure for that matter).

Further Reading

How to Enable TLS 1.2 as the Default Security Protocol on Windows Servers

Recent Posts

Tags

.NET .NET Core AdSense ASP.NET Cdonts Dll Classic ASP Code Editor ETL FSharp Genesis Framework Git Google HP Asset Manager HTML5 Hugo IIS Information Security Internet Internet Information Services iOS JAMStack Linux macOS Microsoft Microsoft SQL Server MVC PHP PowerShell Python Simple Mail Transfer Protocol Smtp Server SQL SQL Server SSIS SSMS SSRS Sublime Text Visual Studio Visual Studio Code VPN Windows Windows 8 Windows 10 Windows 2012 Windows Server