Category Archives: Uncategorized

Minimise Attacks on Your Microsoft Account

Posted on by
Reply

One of the common issues faced by users on the internet is exposure of your email address following a data breach from a website. Although companies and website owners are becoming better at defending their websites from attacks by nefarious actors, even the largest companies are not immune.

Probably the most commonly hacked piece of information is your email address since this is not generally stored in an encrypted format. This email address you used as a username for that breached website is probably also the same email address you use to sign into your account provided by the company who manage your emails, e.g. Microsoft, Google, Apple. Once the hackers have your email address they can then try and access your account by cross-referencing other data breaches using the same email addresses and hoping you use the same email/password combination for more than one account.

For those major account providers like Microsoft, Google and Apple access to your account doesn’t just mean access to your emails (which itself is bad enough) but access to a whole range of other services linked to your account. Obviously, one of the ways you can minimise any attacks on your account is to turn on 2-step verification, preferably using an authentication app. Another way that I have found that works with your personal Microsoft accounts is to use Account Aliases.

Account Aliases are unique email addresses that are linked to your main account and can be used as alternative email addresses for you to send/receive email. The other more useful purpose of Account Aliases is to create an email address that is ONLY used to sign into your Microsoft account. By keeping one email address that you NEVER use as a login for another website you reduce the likelihood of your account being attacked.

To set up and Account Alias for your personal Microsoft account follow these steps:

  1. Navigate to https://account.microsoft.com/profile and go to the Account Info section.
  2. Click on the Sign-in preferences link at the bottom of that section which will take you to a page to manage how you sign into Microsoft.
  3. Under the list of existing Account Aliases click on the link to Add email address.
  4. Select a unique email address for your account. The system will only allow you to add an alias once it is unique to the chosen domain e.g. outlook.com. Remember, this email address is ONLY going to be used to login to your Microsoft account.
  5. Once Account Alias has been added successfully you will be returned to the page to manage your sign-in preferences. The next step is to change your Primary Alias as this will be the alias you will use as your username. To do this, select the Make primary link next to your newly created alias.
  6. From here, click on the link at the bottom of the page to Change sign-in preference. This page allows you to define which aliases can be used to sign into your account.
  7. Your new alias should be checked by default. Make sure any other aliases, including your original account alias, is not checked and click the Save button.
  8. Your account is now accessible using this new alias as the username. Just remember NOT to use this email address for any other websites.
  9. If you want to know whether someone has been trying to access your personal Microsoft account, you can go to the Activity page (https://account.live.com/Activity) and see when/where access to your account was recently attempted. This will show the successful attempts (hopefully by you) and unsuccessful attempts (possibly by bad people). If you monitor this page after you set up an alias, you should see the number of unsuccessful attempts go to zero.
  10. Finally, if you try logging into your Microsoft account with your original email address, you should see an error message telling you that the account is not valid. Only your new unique alias will get you into your account.

D365 – System Views – Does Not Contain Data

Posted on by
Reply

The Advanced Find functionality within D365 v9 allows us to search for records that have no data in a related entity – a NOT IN query. For example, provide a list of Contacts that are not the Primary Contact for an Account.

advanced-find-NOT-IN

However, if we try to create the same using a System View there is currently no option to do a NOT IN query.

system-view-filter

To create a System View which contains a NOT IN query I had to complete the following steps.

  1. Create a basic System View with the required column layout and Publish the View.
  2. Using XrmToolBox and the View Designer Plugin I opened the System View and edited the query (using FetchXML Builder)
  3. Finally, save and publish the changes to the System View.

NOT-IN-FetchXML

A few things I have found when creating NOT IN System Views.

    1. The System View does get created in the list of System Views for the entity and displays the correct content.

system-view-1

    1. When you open the Advanced Find from the System View, the filters for the System View are displayed correctly but the name of the System View we created is not listed.

system-view-2

    1. When you re-open the System View in the D365 solution after you have made the NOT IN modification, the option to Edit the filter criteria is no longer available. Any additional changes to the System View would need to be made using the XrmToolBox View Designer Plugin.

system-view-3

Visual Studio & Node JS

Posted on by
Reply

When you install Visual Studio 2017 it very kindly gives you the option to install Node.js

The only problem with this is that if you are not using v15.3 (or greater) of VS2017 then working with Azure Functions can present a couple of unusal issues.

  • Not being able to install the Azure Client Tools.
  • My application not being able to read from the local.settings.json file using the WebConfigurationManager.

The problem turned out to be the version of Node.js that was installed with Visual Studio and that I needed to update it to a more recent version. After completing the updated installation I was able to install the Azure tools and successfully read values from my local.settings.json file in my local development environment.

Google Recaptcha verification

Posted on by
Reply

Using the Google Recaptcha verification API should be fairly straight forward. The one thing the documentation does not make clear is how to POST to the SiteVerify endpoint. So after playing around with the various options in Postman, I have found the following code works from the server side using C#.

                HttpClient httpClient = new HttpClient();

                KeyValuePair<string, string> secret = new KeyValuePair<string, string>("secret", recaptcha.Secret);
                KeyValuePair<string, string> response = new KeyValuePair<string, string>("response", recaptcha.Response);

                List<KeyValuePair<string, string>> postData = new List<KeyValuePair<string, string>>();
                postData.Add(secret);
                postData.Add(response);

                using (var content = new FormUrlEncodedContent(postData))
                {
                    content.Headers.Clear();
                    content.Headers.Add("Content-Type", "application/x-www-form-urlencoded");

                    var recaptchaResponse = await httpClient.PostAsync(RecaptchaAPIUrl, content);

                    var returnValue = recaptchaResponse.Content.ReadAsStringAsync().Result;

                    var vr = JsonConvert.DeserializeObject<VerifiedResponse>(returnValue);

                    return this.Ok(vr);
                }