How can I use WPL 1.0?

Jan 21, 2011 at 10:01 AM
Edited Jan 21, 2011 at 1:18 PM

Could anyone tell me how can I use WPL 1.0? Especially I'm interested in how to configure new version of SRE and AntiXSS 4.0.
I've watched good demo video "How to Implement Web Protection Library" by Anil Revuru and tried to download WPL 1.0 from http://connect.microsoft.com/.  But it has been written that "WPL has been moved to clear up some confusion. If you want access to the code and binaries follow this link:  http://wpl.codeplex.com/". Ok, let it be. I decided to download source code here and use it.  So, I also read  the article "Inrtoducing SRE Inspectors".

I saw helpfull program in the video like SRE Configuration Editor, which helps to manage existing web.config files. As I understand I don't need to use antixssmodule.config file in the new version. But what shall I do to configure SRE and AntiXSS 4.0?

Coordinator
Jan 21, 2011 at 3:59 PM

For 1.0, simply download the 3.1 installer package and use it as the video suggests. The latest source is still, for the SRE, in a CTP/Beta stage (I know, it's been a while, scheduling and finding time has been fun) and you will have to compile up and install yourself using the two SRE specific documents.

May 24, 2011 at 1:26 PM

Hello bdorrans,

I download the 3.1 installer package as you already noted but couldn't find the SRE Configuration Editor, what is in the Security Runtime Engine installation folder is ConfigGen.exe which is totally different than the video demo. can you please help me find the installation package that the video was pointing to (WPL 1.0 CTP?)

 

Thanks in Advance

Coordinator
May 24, 2011 at 1:52 PM

So you only need to use the config generator if you have custom controls that derive from the standard ASP.NET controls, and you're using the SRE. If you're not using custom controls then the standard config file included in the installer should work fine. In 4.0 the config file goes away and is built in.

May 25, 2011 at 12:28 PM

Version 3.1 and version 4.0 doesn't protect SQL Injection attacks, what is the version that protect SQL Injection attacks -the one used in the video demo-

 

Thanks in Advance

Coordinator
May 25, 2011 at 12:35 PM

Ah no, both 3.1 and 4.0 of the SRE have the SQL Injection module.

May 25, 2011 at 12:39 PM

How can I enable the SQL Injection Module -in either versions-? How can I test if it's working?

please check this video

http://channel9.msdn.com/Blogs/Jossie/Using-the-Web-Protection-Library-WPL-CTP-Version

 

The video shows certain configurations and tools to manage SQL Injection runtime detection, were they using a non existing version?

 

Regards,

Mostafa