How to Request a Certificate With a Custom Subject Alternative Name (a post for Ross of the future)

SAN wasn’t really an option until IIS 8.5 and IE10+, but now it’s yet another way to make dealing with SSL Certificates even more fun.

I’m leaving this here as a post for the me of the future, as no doubt this is something that I’m going to have to deal with again:

Removing the www from a URL but preserving HTTP/HTTPS


The easiest way to do this (I think) is to have two rules, and specify an input condition. I’m sure there is a way to do it by using HTTP/HTTPS as a variable, but in my experience simpler is better.

So something like this:

<rule name="Remove www http" stopProcessing="true">

<match url="(.*)" ignoreCase="true" />

<conditions logicalGrouping="MatchAny" trackAllCaptures="true">

<add input="{HTTP_HOST}" pattern="^www\.(.+)$" />

<add input="{HTTP}" pattern="^http\:\/\/$" />


<action type="Redirect" url="http://{C:1}/{R:0}" appendQueryString="true" redirectType="Permanent" />


<rule name="Remove www https" stopProcessing="true">

<match url="(.*)" />

<conditions logicalGrouping="MatchAny" trackAllCaptures="true">

<add input="{HTTP_HOST}" pattern="^www\.(.+)$" />

<add input="{HTTPS}" pattern="^https\:|/\/$" />


<action type="Redirect" url="https://{C:1}{R:0}" />



Note that this is untested, but is based from pasting fragments of rules that work, so it should be fine but the syntax/order for the <conditions> might need a bit of tweaking.

Edited: Updated the rule that this discussion was about with a working tested version thanks to @rinidpp.

Outlook 2016 issues with “laggy typing” and “my reply font isn’t blue”

A month or so ago I started noticing a horrible lag when writing emails in Outlook 2016. The lag was really horrible and distracting which given the amount of email I write, this is a serious problem.

On top of this, the image in my signature wasn’t loading when I composed a new email (instead a placeholder “image goes here” type thing appeared, although the image would show up fine for the message recipient) and my reply font didn’t appear right – it wasn’t blue! It actually felt like there was something else wrong with it other than the colour, but I couldn’t put my finger on what, so it’s probably just that I’m insanely pre-programmed to expect my reply font to be blue.

I’ve been putting up with it for a few weeks as I figured it was so bad that Microsoft must be issuing a fix soon, however time’s been a ticking and it still seems rather broken.

So as a workaround I’ve followed the info found at and have reverted to a specific version:

  • Run an Administrator level command prompt
  • cd %programfiles%\Common Files\Microsoft Shared\ClickToRun\
  • officec2rclient.exe /update user updatetoversion=<build number>

You can find a list of build numbers here. I picked 16.0.6366.2062, but I *think* that there might be a version (either the March 24 or the April 4 versions) which are also fixed, but I just wanted it fixed so I jumped back to the Jan 25 build.

It’s really scary how a minor issue in something like this can really ruin your productivity/sanity.

“No transport” or “Access is denied” errors in a Microsoft Project Add-in

It’s a new year and apparently that means it’s time to get back and spend some more time working on MS Project Add-ins. The previous one was incredibly useful and I needed to make a couple of modifications so I could re-use the same approach for a new project. The new version needed to hit a different endpoint (no VersionOne this time, yay!), but otherwise needed to get similar data and do similar stuff.

I thought it was going to be incredibly simple (and it was in the end), but I ended up getting caught by an odd piece of stupidity.

Whenever I tried to apply a simple piece of JavaScript that I’d prototyped in a local HTML file to my Add-in, I received a errors with my jQuery $.ajax call – specifically "No transport" and "Access is denied". I had a local file with JavaScript that worked properly, so it had to be something specific to my MS Project Add-in – in the end the answer was right in front of me.

Back when I did my other Add-in I’d grabbed a quick downloadable sample from Microsoft and used that as my starting point, and I’d used that Add-in as the starting point for this new one. Both of the HTML files contained the following tag:

<meta http-equiv="X-UA-Compatible" content="IE=9" />

For some reason this hadn’t been a problem with any of the $.ajax calls in the previous Add in, but here, it was killing $.ajax’s attempt to use CORS. My guess is that the slightly different approach I had to take for authing to the new endpoint was pushing things over the edge, as otherwise the $.ajax requests between the two Add-ins were pretty identical. IE10+ got better/proper support for CORS which jQuery is well aware of and checks for before performing any $.ajax requests, and so the instance of IE11 running inside MS Project pretending to be IE9 was probably confusing the hell out of jQuery.

All I had to do was update my tag to get things working:

<meta http-equiv="X-UA-Compatible" content="IE=Edge" >

A really obvious fix, but when you’re doing web development inside MS Project with limited debugging (*cough* NO ALERT *cough*) it’s amazing how easy it is to overlook the simplest fixes.

The sad state of web development

The Sad State of Web Development is an interesting if slightly ranty read about the current state of web technologies. Some interesting points worthy of consideration, even if you decide you disagree with them.  If you read it, you should probably take one of the final sentences into consideration before getting angry if you happen to think his opinions are wrong:

I originally wrote this anonymously. Yea I was pretty frustrated. It’s all good. Let’s ship some awesome stuff for people!

One of my favourite (and most quotable) bits is the portion on SPAs:

Don’t fucking build a SPA

Really all I’m saying is don’t build a SPA. A SPA will lock you into a framework that has the shelf life of a hamster dump. When you think you need a SPA, just stop thinking. Just don’t. Your users just don’t fucking care.

If I see a section on my app that is really hard to with Pjax/Turbolinks and jQuery, I’ll bring in a library/framework like Vue.js, *cough* React, Angular. All good choices for doing really complex forms(although I find Angular to be the best at this), with a ton of conditional validation. You know what though, these are the outliers in my experience, not the norm.

Maybe 1 or 2 pages on your app will have really complex UI, but the other 95% of the app does not. So you pay a huge penalty doing a SPA. You’re typically writing all the basic CRUD stuff in a SPA from scratch. The backend framework you’re using can’t help you in any way. So my advice is to use Rails, Django, Play Framework, Laravel, or Phoenix to develop most of the app, because they help you with most of the boilerplate stuff, and bring in the flavor of the month on a page that needs it. So when the next flavor of the month comes out you’re entire app is not knee deep in the last flavor of the month. You can just re write that one page.

Windows XP, the sky is actually falling.

Ever since support ended for Windows XP I’ve developed something of an involuntary habit of spotting XP systems in the wild while going about everyday life. Hospitals and medical facilities (optometrists and so on) always seem to have a high hit rate. Sometimes I say something, and sometimes I don’t. When I say something it’s usually in a lighthearted manner, and it’s almost always met with a “So?” attitude.

What’s the worst that could happen, right?

Well, things like this are what can happen: Royal Melbourne Hospital attacked by damaging computer virus.

The more that time progresses the more attacks of this nature are going to be available to attackers, with little or no defense available due to XP being out of support. This is just one example (but it’s a good one), there’s been more in the past, and there’s going to be many more to come, and as someone who’s been accused of being a bit of a doom merchant about things like this, it’s handy to have a few citable examples handy.

If you want to know more, then check out episode #395 of Risky Business which has more coverage on the story, as well as being the best security related podcast out there (unless you happen to enjoy someone named Steve reading blog posts verbatim at you slowly over a period of 2-3 hours, in which case there’s another podcast you’d probably like more).

If you’re currently running Windows XP, then please, upgrade.

OneDrive user? Get your bonus space back.

Microsoft is reacting to angry OneDrive users and allowing people to keep their 15 + 15 GB of free storage. However, it’s not done automatically – you need to visit this website in order to claim your storage:


Open Live Writer

As I’ve written a lot in the past about Windows Live Writer, it’d be remiss of me to not mention that an open source fork is now available. I blogged briefly about this back in June of this year, and it’s great to see that it has finally happened.

The current version is dubbed “0.5”, so may not be stable for use by everyone, but it seems fine to me so far. This release seems to be mostly about tidying things up by removing outdated functionality, and simply getting a release out (version 0.5 sucks, ship it anyway), but there’s some exciting stuff in the roadmap.

As a long time Windows Live Writer user, this makes me very happy! Thanks to everyone who worked on this, as it clearly took a lot of organising and collaboration.

Link: Open Live Writer

Link: Announcing Open Live Writer - An Open Source Fork of Windows Live Writer

A small collection of randomly useful .NET related links

This is a weird collection of useful links that I’ve had sitting in open tabs for a couple of weeks. I’ve been trying to turn any of them into their own posts, but it just hasn’t happened – however, they are useful, so I’m posting them here for my own reference and in the hope that someone else gets value out of them.

Posting raw JSON to Web API – when I needed to do this I found it quite strange that I hadn’t needed to do so sooner. In a world where it’s pretty easy to cast your JSON to an object and work with it that way it’s understandably uncommon to need to do this, however if you end up needing it you’ll probably find the link useful.

<%$, <%@, <%=, <%# … what's the deal? The more I work on MVC applications the more I find my brain trying to drop WebForms Eval syntaxes from my brain. If you’re in the same boat, then this is a helpful cheat sheet.

How to clear HSTS Settings in Major Browsers – if you’re working with an app which sets HSTS settings then you may find it useful to know how to clear them. They can be somewhat persistent.

Why is the IIS default app pool recycle set to 1740 minutes? An interesting piece of IIS related history, for those drawn to such things.


Windows 10 Build 1511

Over the weekend I was “lucky enough” to need to build a couple of new Windows boxes, and the timing coincided nicely with the release of Windows 10 build 1511. For those who didn’t pick up on it and who also happen to care, the 1511 is a combination of “2015” and “11 – November”.

The first thing I noticed during the installs is that you’re now prompted during install to select your options for some of the more contentious privacy related options in the OS. By these I mean the sharing of typing and writing data with Microsoft, the open sharing/joining of wireless networks, and the torrent-like sharing/seeding of Windows updates with other Windows users. Being prompted for these during installation felt appropriate, and should reduce the amount of privacy rage that these options were generating previously – however I should note that I was installing the Enterprise edition of Windows 10, so it’s possible that other editions don’t have these prompts during installation (I really hope they do).

Once installed it didn’t take long to notice the new window snapping options! As someone with large monitors, I use the window snapping a lot, and the improvements here are very welcome. The main one is being able to resize 2 snapped windows at once by dragging the joined border. This is a neat little feature which is really going to save me a lot of time. I also ended up in the Multitasking options and disabled “When I snap a window, show what I can snap next to it” which probably existed before now, but I’d never found it. The combination of the new resizing feature plus disabling the suggestion option makes snapping feel much more productive.

In the “features I’m never going to use” category, nested virtualization was added in this update. This means you can run Hyper-V servers inside virtual machines that are running under Hyper-V, which should be great for anyone looking to simulate Inception using virtual machines.

In the same category, you can now show more tiles on the start menu. Personally, this isn’t something I’d ever want to use, but it’s optional so maybe it’ll make someone happy. Go to “Settings > Personalization > Start > Show more tiles” if you’re that someone! On top of this there’s a few subtle visual changes to the taskbar/toolbars which seem to work nicely.

A word of warning is that upgrading apparently resets/changes the file associations for some people. As I was performing completely new installs, this wasn’t something I ran into, but others have reported it, so be prepared to re-associate all the things.

Overall the new release feels stable so far, and although there’s nothing major that’s been added, the small refinements feel good and there’s apparently a bunch of bug fixes that have been done under the hood. ARS Technica sums it up by saying “If you were holding back waiting to take the plunge and make the upgrade, now is probably a good time to do it”, which seems like a good summary to me.