Latest Event Updates

ASUS OEM WIM recovery image, Round 2! Installing an SSD

Posted on Updated on

I while back I explained how to create some Win 7 recovery DVDs using the ASUS WIM recovery image, for the people like me that wanted to have that option. Now, it’s time to get the image updated and cleaned up, so the restore process doesn’t smell as bad (and you know what I mean).

The goal here is installing the image into an SSD and having a new recovery image that doesn’t contain any bloatware and it has been updated to SP1 and all the patches applied (for future updates)

There are basically 2 ways to do it:

  1. you install you WIM image in your laptop and continue from there
  2. you use a virtual machine (Virtual Box works quite well and it is free). This option is more flexible and allows you to create snapshots, and in case you do something wrong you can go back to the previous point.

Once you decide which way to go, we can start the process.

You’ve got your system installed (restores) and you start feeling disgusted for all the bloatware and trial crap that you’ve got in your clean image (you had already forgotten it, right?). Windows update is prompting you to install 355543 updates and 4 service packs and maybe later will ask you to apply some extra security updates and more updates afterwards (be aware that updating the system from the image can take a couple of hours, so go and grab a coffee or a tea).


  1. Restore your image.
  2. Uninstall all the trial programs and rubbish that you don’t need.
  3. Install the Win7 service pack 1
  4. Apply all the updates
  5. I would recommend not to install extra programs, because most likely, next time you need to restore, there will be updates and you’ll need to uninstall them and install the new programs. So, let’s keep it clean.

Now that we have a Windows 7 the way we would have loved to have after restoring, we need to create a new image for future use. Here we have 2 options:

  1. Use Windows 7 backup. This option is really easy to use and probably the preferred option for most people
  2. Create a new custom WIM image. This is the more advanced option and probably the only one if you are replacing one of the HDD and installing an SSD. We will choose this option.


To do this we need a bootable DVD/CD with he Windows AIK tools (this can be done using my previous tutorial).

Once we have that, we need to tell Windows that we want to prepare the system to make it look like right after installing it (out of the box experience). The gotcha here is that because we have created a user after restoring the image, we need to clean all the information from that user, so we need to do more step before we prepare Win7.

  • In the Windows Explorer go to C:\Windows\System32\sysprep\ and run sysprep.exe
  • In the first drop down choose “Enter System Audit Mode” and the second “Reboot” and press Ok. This will restart Windows 7 in the Administrator account.


  • After restarting as an Administrator, go to the Control Panel\User Accounts and delete all the users in the system (the user that you created when you restored your image).
  • Now that we don’t have any more users, the system is ready to be prepared. Go the the tool that you run before (sysprep.exe) and choose “Enter System Out-of-the-box Experience (OOBE)”, mark the “Generalize” option and choose “Shutdown” and the option in the second drop down menu, press Ok and the system will shut down.



Now you need to restart using the Windows AIK boot disk. From this point, I’ll assume that you have 2 partitions in your disk, C: contains the Windows 7 install that we want to use as an image, and there is another partition D: that is free or has 10-12GB free to store the new image (my new image after removing all the bloatware and applying all the updates was 6.5GB) (I believe that if you have a USB drive when you restart, it’ll be visible as well).

After booting you need to find the unit that has the file imagex.exe (in my case it was E:). To do that you can do what I did. Try different drives D,E, F… until you find it (when you start, by default you land in X:)



When you you find it, then we can create the new image.

imagex /compress <type> /capture <source> <destination> "description"

ie: imagex /compress maximum /capture c: d:\Win7Clean.wim "Windows 7 SP1 Updated Clean"

This will take windows from C: and create an image in D: called Win7Clean.wim

/compress maximum is optional, it’ll take a bit longer to run, but it’ll create a smaller image.


Once it’s finished, you can reboot the system and you’ll have the new clean image with Out Of The Box Experience in you D: drive


In case you want to want to split it into volumes and create a self installing and bootable image, you can read my other posts in where I explained the process to do so.

We won the WORLD CUP!!!!

Posted on

Somos campeones del mundo!!

We are the champions!!

IMG_0302 (Medium)

Creating Windows OEM recovery DVDs with Windows AIK (part 2)

Posted on Updated on

In this post I’m going to continue creating the scripts (and manual steps) to restore the windows image file and show alternatives to the creation of the DVDs. To fully understand the process I recommend reading the part 1 of this series.


By now you should have your set of restoring DVDs and the bootable DVD that includes the tools required to continue the process.

I’m going to start explaining the manual steps to restore the image, so you can understand what’s going on, and then I’ll give you the code for the restore.cmd script that can be used to restore the system automatically.



Go and get yourself a coffee while you back-up your data, as the restoring process described here cleans the hard drive.


Create partitions

The first thing the we need to do is to clean the disk and create the partitions. To do that we will use diskpart.

The process involves creating 2 partitions. The first one is for Windows. Here I’ve used a 40GB but you can choose what you want. and the second needs to be al least 15GB to copy all the image parts, as the tool imagex doesn’t prompt for multi-disk image and we need to do this manually. I wouldn’t be too worried by now about the size of the partitions. I my case, once I had the system restored and Windows finished installing, I went to the Windows Disk Management tools and I resized the Windows partition and created some Striped partitions (RAID 0) to improve performance.

In case you need to use Windows HD encryption, you will need to create 3 partitions. 1st for the partition called “system” (this one will be the active one, and it doesn’t need a letter assigned as it’s hidden)

After booting from the boot DVD you will have a command prompt.

Type: diskpart

SELECT DISK 0                              

CREATE PARTITION PRIMARY SIZE=40000       (create a 40GB partition for Windows)
ASSIGN LETTER="C"                  

CREATE PARTITION PRIMARY                (create a second partition in the disk for the remaining)
SELECT PARTITION 2               
ASSIGN LETTER="e"                           



Copy image parts to disk

Now that we have the partitions we need to copy the image parts and the tool to restore the image to e:

In case you had the image parts in an external HD or USB Key or the second HD, you don’t need to copy the files locally. Instead you could connect your USB external HD and go to the next step (restore the image) because the system can detect the external HD when you plug it in and read the image directly from there (you only need to type the right source location)

copy d:\imagex.exe e:\

copy d:\sources\asus.swm e:\

(change to DVD 2 )

copy d:\sources\asus2.swm e:\

(change to DVD 3 )

copy d:\sources\asus3.swm e:\


Restore the image

Once we have the files in the HD e:, we need to go to e: (where we have the imagex.exe file) and apply the image to the HD c: with the next command

imagex /ref e:\asus*.swm /apply e:\asus.swm 1 c:

The command:

  • /ref e:\asus*.swm   => tells the imagex program that the file is in several parts and needs to reference all the files called e:\asus*.swm
  • /apply e:\asus.swm 1 c:  => tells the imagex program that the file to apply is called e:\asus.swm (to create that file uses the /ref files) and it needs to apply from that file the image number 1 (because the tools support several images in a single file) to the HD called C:

This process can take a while, just wait until it’s finished.


Make the HD bootable

Now that the Windows image has been restored we need to make that image bootable. To do that we need to go the the restored Windows system files and run the bcdboot command.

CD c:\Windows\System32
BCDBOOT C:\Windows



At this stage your system has already been restored and you need to reboot. Remove all your DVDs and restart the machine.

You can type wpeutil reboot to do so.

If everything went Ok, your system must be restarting and finishing the installation in the same way it did the first day that you used your computer. So finish the install, fix your partitions and uninstall all the rubbish that thy have installed by default. I also recommend to create a backup of your system once you have it the way you like it, and next time you can restore it to that state directly without having to do all these steps.


The scripts

To finish creating the fully automated restore you can use the following scripts (to continue the process in the part 1).

There are 2 txt files with the commands for diskpart to clean the HD and create partitions. The reason why is that depending on the HD partitions before restoring the system, when the restoring starts, the partitions are mounted in different drive letters. If this happens, the scripts don’t know which drive contains the tools and where to copy the image files. To solve that, what I have implemented is a 2 steps recovery. First, I check if the tools are in the expected location (it happens when the HD is clean). If the script can’t find the tools in the HD d:, then cleans the HD and restarts automatically. Next time the system boots, we know where we are and we can automate the process. There are better ways to do this, but this one works and I didn’t want to spend too long for a process that shouldn’t happen more than once or twice a year.


Diskpart clean HD (clear_partitions.txt)

SELECT DISK 0                               




Diskpart clean HD (create_partitions.txt)

SELECT DISK 0                               

ASSIGN LETTER="C"                  

SELECT PARTITION 2               
ASSIGN LETTER="e"                           





In this script I have added a bit of error checking, some CLS (clear screen) and messages to make it look a bit better and easier to use once it’s been deployed.

You can modify the script to adapt it you your convenience in case you have a different number of DVDs or you are creating images for other machines.

  1. The first section I check if the tools are where I expect. If they aren’t I clean the HD and I restart (I have explained this above).
  2. In the second section I check if the *.swm files are where I expect. If they aren’t I prompt to change the disk and try again. When you change the disk, some times it takes a couple of seconds for the system to pick it up, so be patient.
  3. After the files are copied I copy imagex to e: and start restoring
  4. Then I create the boot for the new Windows
  5. And I restart. I used the command ping to wait for 5 seconds and let the user see that it’s all good, but you can remove this step (ping -n 6 > nul  each ping take 1 second)
  6. If there was any error I jump to the end and I finish the process

@echo off
@echo. ———————————————–
@echo.            Initializing Hard Drive
@echo. ———————————————–


IF NOT EXIST d:\create_partitions.txt (
    @echo. Cleaning the HD and rebooting afterwards
    diskpart /s clear_partitions.txt

    wpeutil Reboot

@echo. Initialising the HD
diskpart /s d:\create_partitions.txt

if errorlevel 1 goto :errorPartitions

copy d:\imagex.exe e:\

@echo. ———————————————–
@echo.         Copying the images from DVD
@echo. ———————————————–


IF NOT EXIST d:\sources\asus.swm (
    @echo. File not found d:\sources\asus.swm
    @echo. Insert the DVD 1 and wait 5 secs. until DVD is loaded
    goto :retryFile1
@echo. Copying DVD 1 (d:\sources\asus.swm)
copy d:\sources\asus.swm e:\
if errorlevel 1 goto :retryFile1

@echo. Insert the DVD 2 and wait 5 secs. until DVD is loaded
IF NOT EXIST d:\sources\asus2.swm (
    @echo. File not found d:\sources\asus2.swm in DVD 2
    goto :retryFile2
@echo. Copying DVD 2 (d:\sources\asus2.swm)
copy d:\sources\asus2.swm e:\
if errorlevel 1 goto :retryFile2

@echo. Insert the DVD 3 and wait 5 secs. until DVD is loaded
IF NOT EXIST d:\sources\asus3.swm (
    @echo. File not found d:\sources\asus3.swm in DVD 3
    goto :retryFile3
@echo. Copying DVD 3 (d:\sources\asus3.swm)
copy d:\sources\asus3.swm e:\
if errorlevel 1 goto :retryFile3

@echo. ———————————————–
@echo.          Restoring image to drive C:
@echo. ———————————————–


imagex /ref e:\asus*.swm /apply e:\asus.swm 1 c:

if errorlevel 1 goto :errorRestore

@echo. ———————————————–
@echo.          Setting up boot partition
@echo. ———————————————–


CD c:\Windows\System32
BCDBOOT C:\Windows

if errorlevel 1 goto :errorBoot

@echo. ———————————————–
@echo.              Process Finished!
@echo.      The system will reboot in 5 seconds
@echo. ———————————————–

ping -n 6 > nul

wpeutil reboot

@echo. There was an error cleaning the hard disk and creating the partitions.
goto :end

@echo. There was an error restoring the image.
goto :end

@echo. There was an error creating the boot.
goto :end




At this stage you are smarter than the guys that developed the restoring system for ASUS because:

  • you understand all the recovery process (the tech support has no idea and they will tell you that you can’t be happy and that you need to take the computer for them to restore it and waste your time for few hours)
  • you are able to create a more flexible set of recovering disks (ASUS want you to be unhappy trying to restrict you how to use the computer that you have bought)
  • You no longer have a 20GB partition in your HD.

If ASUS was smarter, they would give you the original install install disk (I would have paid a bit extra to avoid all the crap that they have put in my computer and that I have uninstalled anyways). They may probably get some extra cash from the companies of the preinstalled rubbishware they put in your machine, but in a long term, they end up paying back all that money because of they need a larger number of people in support to attend complains and answering users and they have to spend extra resources as electricity to keep your computer plugged-in while restoring.

Enjoy your coffee!!

Update: I have added a new post in where I explain how to fully customise the WIM image, update it with service packs and updates and remove bundled crap to create an updated and clean image that can be safely used to bring your computer to a clean state without the pain of running all the Windows updates again. Please check my post.

Creating Windows OEM recovery DVDs with Windows AIK (part 1)

Posted on Updated on

This post follows the previous post in were I explained how I bought a new ASUS laptop with preinstalled Windows 7 PRO x64 OEM and they didn’t give me the restore DVDs. Instead they had a retarded restoring system that relied on a 20GB partition in the HD that got useless when I changed my Partitions to use the Striped and Mirror features that come with the OS.

In this post I’ll explain how to manually create a set of DVDs from the original ASUS system image files named asus.swm, asus2.swm and asus3.swm. This method can be used for other brands that have the same type of lame restoring system or if you want to split an image bigger than the size of a DVD (usually the split is named install.swm install2.swm install3.swm).

After you finish reading your post you’ll be able to create a set of DVDs/CDs of the size you want and have a bootable DVD/CD that will automate the restoring and prompting to introduce the next disk. I’m going to add as many details and explanations as I can to allow non developers to be able to understand the process and create their set of DVDs. So if you find it too easy, skim through. If you find it still complicated, add a comment and I’ll try to give more samples (you can read the MS documentation as well).

To create the recovery DVDs we are going to need “Windows Automated Installation Kit for Windows 7” (Windows 7 AIK) installed (you can download it and install it for free). This is the set of tools that the laptop manufacturers use create the images that are installed in your system. This post can also be used as a tutorial to understand the process of deployment using Windows 7 AIK (the steps used here are taken out from Microsoft documentation and they are using the tools that MS has made freely available to users to deploy Windows in an alternative way to standard setup). I take no responsibility of any errors in the scripts that I’ll be providing in the next post and I take no responsibility of the information that could be lost by using these steps. Please take your time to read the official Microsoft documentation about the tools and the risks of using them ( and remember that restoring the image will wipe out all the data in your HD so you need to run a backup of your data before you restore your system. And remember that these instructions should never be used to install Windows in a computer other to the one that you have paid the license for (no license no install). Please read read your Windows license agreement before following the steps to install your Windows image.

Lets get started!

Before we start with the process ne need to have the full image file (install.wim or asus.wim or image.wim) or the image already split in parts (asus.swm, asus2.swm and asus3.swm or install.swm install2.swm install3.swm). If you want to change the size to use double layer DVDs or CDs or a Blu-Ray or any other thing, you can join your image and then split it back in the size that you want. To do that you can use imagex command to:

Split an image file:

  • imagex /split C:\imaging\asus.wim D:\imaging\asus.swm 4000
  • imagex /split C:\imaging\install.wim D:\imaging\install.swm 4000

Join an image file:

  • imagex /ref asus*.swm /check /export asus.swm 1 asus.wim
  • imagex /ref install*.swm /check /export install.swm 1 install.wim

Now that we have our images with the size that we want, we are going to start.

Create a bootable DVD to start the process

To restore the system we need to create a bootable DVD with all the tools required to boot, configuration files to create partitions and scripts to restore the image.

In this process I will assume that we have installed Win AIK in the standard path (c:) and that we want to do the work in the d: drive.

    1. Start Windows AIK command line as an administrator


  1. Get the required files for the boot DVD (boot image with standard MS tools)
    • copype.cmd x86 d:\winpe_x86
  2. Mount the image to add custom restore scripts (this is similar to mounting an ISO but here we use a folder for you to modify the files)
    • imagex.exe /mountrw d:\winpe_x86\winpe.wim 1 d:\winpe_x86\mount
    • mount winpe.wim (MS boot image) in the folder that we specify)
  3. In this step we will copy the restore script and the commands to re create the disk partitions (I’ll explain this later in the next post). However, with the DVDs you can already manually restore your system once you boot with the first restoring disk (the process requires to create 2 partitions, 1 for Windows and 1 to copy the *swm files)
        • restore.cmd: script to restore the system automatically
        • clear_partitions.txt: Cleans the Hard drive
        • create_partitions.txt: Creates the partitions before restoring the image

    copy restore.cmd d:\winpe_x86\mount\Windows\System32\
    copy clear_partitions.txt d:\winpe_x86\mount\Windows\System32\
    copy create_partitions.txt d:\winpe_x86\mount\Windows\System32\

  4. Modify startup to call our restore script (This step required opening notepad as administrator. You can launch it from an Administrator command line)
    • notepad.exe d:\winpe_x86\mount\Windows\System32\System32\startnet.cmd
    • startnet.cmd is the script the is executed when booting the DVD. We need to add an extra line at the end of the file to call our restore.cmd script
    • What we have done here is to call our script to start the restoring process. This allows us to create an automated restoring process for simplicity.
  5. Save the changes in the customized image (commit the changes to the mounted boot image)
    imagex.exe /unmount /commit d:\winpe_x86\mount
    imagex.exe /unmount d:\winpe_x86\mount
    imagex.exe /unmount /cleanup

    Note: For some reason, sometimes the first command sometimes doesn’t do all the work and there are files still hanging around. Most likely the command has successfully updated the image but it can’t unmount and release the files. If this happens, you need to close all the Windows Explorer windows and run the second and third commands (some times even several times) until “imagex.exe /unmount /cleanup” tells you that nothing is mounted.
  6. Create the DVD folders (each folder will be one DVD)Create folders:
    d:\ASUS\DVD1\sources (this will be the bootable DVD)
    d:\ASUS\DVD3\sourcescopy asus.swm d:\ASUS\DVD1\sources
    copy asus2.swm d:\ASUS\DVD2\sources
    copy asus3.swm d:\ASUS\DVD3\sources
  7. Add extra required tools to DVD1 to make the DVD bootable and copy the program used to restore the system
    xcopy /y /e d:\winpe_x86\ISO\*.* e:\ASUS\DVD1\
    copy “C:\Program Files\Windows AIK\Tools\x86\imagex.exe” d:\ASUS\DVD1\
  8. Copy customized boot to DVD1 (created in step 6)
    • copy d:\winpe_x86\winpe.wim d:\ASUS\DVD1\sources\boot.wim
    • Notice the change of name. The destination name must be boot.wim
  9. Create the disk images (notice that the first one is bootable)
    oscdimg -m -n -b”d:\winpe_x86\” D:\ASUS\DVD1 D:\ASUS\DVD1.iso
    oscdimg -m -n D:\ASUS\DVD2 D:\ASUS\DVD2.iso
    oscdimg -m -n D:\ASUS\DVD3 D:\ASUS\DVD3.iso
  10. Burn images to DVDs (with Windows 7 right click on the ISO and choose burn)
  11. Congratulations! You have created your set of restoring DVDs.

In the next post I’ll explain how to fully automate the process creating the scripts from the step 4.

Update: I have added a new post in where I explain how to fully customise the WIM image, update it with service packs and updates and remove bundled crap to create an updated and clean image that can be safely used to bring your computer to a clean state without the pain of running all the Windows updates again. Please check my post.

I learnt Windows AIK because of my new ASUS Laptop

Posted on Updated on

I’ve recently bought a new ASUS G73jh Laptop. It’s a wonderful piece of HW with a Intel i7 720QM, 8GB RAM, 2x500GB HD, ATI HD5870 and Windows 7 PRO x64.

The only problem is that ASUS (same as other laptop assemblers) has gone into the path of installing the operating system with a bunch of applications that are totally irrelevant to the work that I want to do (some people call it crapware or more politely pre-installed sw).

This common practice would be ok if I was able to reinstall my computer in a clean way, however ASUS doesn’t provide a clean way to install the copy of Windows 7 that I have paid for. Instead, they have created a 20GB partition in the first HD that contains the recovery files. But guess what happens if you want to install your own SSD or you enable stripped volumes in Windows?

They allow you to create a set of DVDs with a tool in a very easy way (6 DVDs said in my case). But, before creating them, I went to play with the Disk Management and changed the partitions to look the way I wanted with stripped and mirror volumes. When I went to create the recovery DVDs… the tool failed even when the RECOVERY partition was still there because the type of disk had changed from Basic to Dynamic (in the documentation they don’t explain all this).

I wrote to get technical support and after 3 days they answered with this:

Dear Valued Customer,
Thank you for contacting ASUS Customer Service.
Good morning, unfortunately, all our notebooks are preinstalled with OEM version of OS and don’t equip with the install DVD. If you want to do a clean install, I am afraid you have to purchase the installation disc from Microsoft separately.

So basically, get lost.

I answered to their email, really pissed off, saying that that didn’t help me at all and they answered back:

Dear Valued Customer,
Thank you for contacting ASUS Customer Service.
Sorry, the notebook product package will not come with the RCD(Recovery CD) and ASUS DVD 6 in 1 from 2/4, please refer to the following page:
If you need a recovery DVD, please contact ASUS on 1300 278 788 from Monday to Friday between 9 am and 6 pm AEST.
As for the AI Recovery, we are aware of an issue with the AI Recovery Burner not functioning correctly and are currently investigating the matter. This issue does not affect the normal operatin of the notebook in anyway.
We apologise for any inconvenience caused as a result of this issue.

That’s even better!!! They have a tool to create recovery DVDs and it doesn’t work. I called the service and they actually were quite nice and they told me that I could go any time and they would restore the system to the original state without any problem. However, that would not help me much if I couldn’t set up the system the way I wanted.

I am EXTREMELY disappointed in ASUS and I feel that for them it is more important to make money than keeping the clients happy. I will never consider buying any more laptops from ASUS unless they change their strategy of control over the clients, even if I think that their HW is good.

To solve all these problems and to get rid of the RECOVERY (also called 20GB wasted space in my disk) I started investigating to see what these asus.swm, asus2.swm and asus3.swm files were. And after some reading I ended up installing “Windows Automated Installation Kit for Windows 7” or (Windows 7 AIK).

With that set of tools, Microsoft allows OEM installers to POLLUTE the brand new computers (of FREE users that have paid for the Windows license) with an incredible amount of useless applications and not allowing the right to decide what applications we want to have in our clean system. So you are forced to waste 2 hours in front of the computer uninstalling unwanted pollution.

Note: After all the hard work, I recommend to uninstall all the applications that you don’t want and use. Do all the work in the partitions that you need and run Windows 7 Back up tools to create an image into either an external HD, DVDs or the network. Then you can create a system repair disk and every time you need to restore Windows to a clean state you can go directly to this image backup and get everything up and running in few minutes and without all the “pre-installed” trial applications.

Anyways, to solve this issue I’ve been working in a solution to make users a bit more free and I will be posting it soon.

1. The first solution I’ve been working on is for people that:

  • They still have the RECOVERY partition but it’s not bootable anymore and they can’t create a set of recovery DVDs
  • They want to delete the 20GB RECOVERY partition
  • They want to use Dynamic disks in Windows (stripped and mirrored)
  • They want to install an SSD as a primary disk
  • It uses 3 DVDs

2. I’ll be working in creating an image of Windows with the Out Of The Box experience but that doesn’t contain any pre-installed applications (or forced to have applications)

  • The steps will be very similar to the first solution but you’ll get a smaller version (maybe 1 or 2 DVDs)
  • I haven’t tried this but I hope it can be done.

All this is only to allow the owner of the computer that has paid for the Windows 7 License to create a more free way of installing it’s own computer or a way to create a system backup in case of system failure.

These instructions should never be used to install Windows in a computer other to the one that you have paid the license for (no license no install). Please read read your Windows license before following the steps.

It can be used as a tutorial to understand the process of deployment using Windows 7 AIK (the steps used here are taken out from Microsoft documentation and they are using the tools that MS has made freely available to users to deploy Windows in an alternative way to standard setup).

I take no responsibility of any errors in the scripts that I’ll be providing in the next post and I take no responsibility of the information that could be lost by using these steps. Please take your time to read the official Microsoft documentation about the tools and the risks of using them (

Use the next post at your own risk.

Federated SignIn Requires Federated SignOut

Posted on Updated on

Using WIF and a Passive STS is cool, but it’s even cooler when your Passive STS is in a different machine.

Now that we have Federation SignIn and a Passive STS that lives in a Different box and all out web apps rely on that external STS… How can I sign out?

In my case I tried everything and of course, it worked in my machine. Then it got deployed and the user didn’t get signed out because the browser didn’t expire the WIF token.

I executed all this and custom code to make the cookies expire but there was one left, the one created by the STS.


Bloody cookie, die!!! But nothing. The browser wouldn’t expire it and then it all made sense, I can’t make expire cookies that I haven’t created myself. So I thought that there would be a solution to this and I run all this without any luck. I checked the WIF doco, I Goggled it with Bing and nothing.

Finally I found a reference to something and of course NO SAMPLES (Isn’t WIF wonderfull!!!)

The solution is using the FederatedSignOut method that redirects to the STS, this one signs you out and redirects the browser to the page that you wanted to go to let the user know that he’s out.

WSFederationAuthenticationModule authModule = FederatedAuthentication.WSFederationAuthenticationModule;
string signoutUrl = (WSFederationAuthenticationModule.GetFederationPassiveSignOutUrl(authModule.Issuer, authModule.Realm, null));
WSFederationAuthenticationModule.FederatedSignOut(new Uri(authModule.Issuer), new Uri(authModule.Realm + "LoggedOut.html"));

It’s up to you to find out how to solve the new issue, the redirection to LoggedOut.html sends you back to the Login page in the STS because you where logged out (this is good fun if you use Windows Authentication because you get logged in again without knowing it.

The second catch is… once you are in the LoggedOut.html page, press the back button in the browser 🙂

Have fun

Serializing/Deserializing the bootstrap token

Posted on Updated on

I’ve been doing some work with WCF and WIF. Yes this new foundation thing called Windows Identity Foundation.

If you have seen the PDC09 demos than you probably thought that it’s so easy to add security to an application… well yes and no. It’s easy if you only want the standard functionality out of the box, but if you need to do something different… it’s quite complicated to get everything working. However, once you understand what’s going on then it is a lot smoother and you don’t need to worry anymore about how it works, it just works.

The last tornado I had to deal with was the serialization of security tokens. You may want to know why you would want to serialize tokens if WIF does it for you adding them to cookies or WCF heathers. Well that’s like asking why you would generate plain HTML to add custom CSS when you can use ASP.Net controls that spit out heaps of formatted html with colors. In this case, my reason is that I wanted to be able to open a windows application from the web browser and keeping the credentials I had in the browser.

To do that, you need to serialize the token into a file and your browser opens the application associated to that extension. It’s like when you download an excel sheet and instead of saving the file you open it directly in Excel or the same with a PDF. But in our scenario, we send the information that WIF had put in a cookie to the windows app so that we can call some WCF services. Easy. Serialize that monster and you deserialize it in the client to create the Channel. Go for it. If you are reading this is because it wasn’t that easy, isn’t it? Then, try to deserialize it now that you managed to serialize it. Ha!!.

The Idea is that you serialise your bootstrap token into an XML string

var bootstrapToken = ((IClaimsPrincipal)Thread.CurrentPrincipal).Identities[0].BootstrapToken; 

// Serialize
var req = new SamlSecurityTokenRequirement();
var handler = new Saml11SecurityTokenHandler(req);
var sb = new StringBuilder();
using (var writer = XmlWriter.Create(sb))
   handler.WriteToken(writer, bootstrapToken);                   

string serializedToken = sb.ToString();

Serializarion is quite simple, but to deserialize the token we need to have the public key of the signing certificate because the classes that do the deserialization want to validate that moster. This sample shows how to read the certificate from a file, but the constructors allow reading from a stream (or you may want to serialize the x509 certificate together with the token in the file that you send to your win app).

// Deserialize
string path = @"c:\temp\STSPublic.cer";
// It can be deserialised from a byte[]
var cert = new X509Certificate2(path);
var token = new X509SecurityToken(cert);
var tokens = new List<SecurityToken>() {token}; 

var resolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(tokens.AsReadOnly(), false);
var conf = new SecurityTokenHandlerConfiguration();
conf.IssuerTokenResolver = resolver;
handler.Configuration = conf; 

using (var reader = XmlReader.Create(new StringReader(sb.ToString())))
   bootstrapToken2 = handler.ReadToken(reader);

Instead of reading the certificate from a file you can read the certificate from the list of installed certificated from the local machine you can also use the following code.

var token = new X509SecurityToken(CertificateUtil.GetCertificate(StoreName.My, StoreLocation.LocalMachine, "CN=STSCertificateName"));

Now it’s up to you to do whatever you want with the token in the windows app.

I hope this helps.


Source control error in VS2008 and Windows 7 x64

Posted on Updated on

I have installed Windows 7 x64 RTM in my work machine and… Surprise! Team Explorer wouldn’t work.

The settings were disabled and when I tried to connect to a server BOOOOOM!

Microsoft Visual Studio
Unexpected error encountered. It is recommended that you restart the application as soon as possible.

Error: Access is denied.

File: vsee\pkgs\vssproviderstub\cvssproviderstubpackage.cpp

Line number: 528


This is the kind of errors that I love.

After uninstalling and installing and reinstalling and again installing VS2008 and Team Client and… nothing worked.

Finally, after searching everywhere, I found in the msdn forums someone that had a similar problem. What a relieve, I wasn’t the only one (it seems a smaller problem when you aren’t the only one with it).

As a solution, K. Renno indicated to run a command to skip loading some packages:

devenv.exe /resetskippkgs

Or to generate a report:
devenv.exe /resetskippkgs  /log C:\devenv-log.txt

After that, Visual Studio could start normally without using the /resetskippkgs setting.


Good Luck!


How to create a complete AJAX Server Control. Part 6.

Posted on Updated on

This is the last (planned) post for the series is related to using the control inside an update panel.

You can access the previous ones here:

When you put a control inside an UpdatePannel (with UpdateMode = “Conditional” ) what it happens is that the de AJAX Framework will call the implementation of the methods in the interface Sys.IDisposable to release the resources before destroying everything inside it using the dispose() method. And once the result is returned from the server, the control gets constructed and initialised again with the initialize() method.

It’s important to do that to avoid side effects and help the system with the garbage collection and avoid memory leaks.


// As the control implements Sys.IDisposable, the MS Ajax Framework requires of this method.
$ShoppingCart.prototype.initialize = function()
	$ShoppingCart.callBaseMethod(this, "initialize");
// As the control implements Sys.IDisposable, the MS Ajax Framework requires of this method.
// This method will be use release used resources (specially required to work with Update Panels)
$ShoppingCart.prototype.dispose = function()
	$ShoppingCart.callBaseMethod(this, 'dispose');
$ShoppingCart.prototype._addHandlers = function()
	$addHandlers(this._cartImage, {
		dblclick: Function.createDelegate(this, this._cartDoubleClick)
	$addHandlers(this._infoImage, {
		click: Function.createDelegate(this, this._infoImageClick)
	$addHandlers(this._closeItemsImage, {
		click: Function.createDelegate(this, this._closeItemsImageClick)
$ShoppingCart.prototype._clearHandlers = function()
	// remove event handlers to avoid memory leaks

Once these methods are correctly called, we can put our control inside the UpdatePanel (UpdateMode=”Conditional”). But before doing that, let’s check what’s going behind the scenes with the full postback.

To do that enable the Web Development Helper bar (it’s included in IE8 and you can download it for IE7).


Then enable logging and click on the Add item button.


Well, these are the calls to the server and the size of the downloaded elements (you can double click in each of them to see what’s what).

Now let’s put the control in the UpdatePanel, restart the page and enable logging one more time.



It seems that nothing happened because only the shopping cart control was updated. Check how the amount of data received has been reduces dramatically, 3 connections instead of 7 and the page connection reduced from 10Kb to 6Kb. If we open the received data we can see how the creation of the control was sent from the server along with the html representation as I had explained before.

If you have any problems with JS running inside Update Panels and Postbacks, this is the tool you can use to check what was sent and returned.


Well, I hope that you learnt few things about AJAX Server controls and the MS AJAX Framework. A good way to keep learning about it is downloading the source code for the AjaxControlToolkit and have a look at the samples and controls, believe me, there’s plenty there.

You can download the code here.
Important: I couldn’t upload the file as it was a zip file, so I added the extension jpg. After saving the file, remove the extension and unzip it normally.

How to create a complete AJAX Server Control. Part 5.

Posted on Updated on

In the previous post we saw that the Items were disappeared like cowards once we executed a postback. That’s the standard behaviour of the GridView control as well, so don’t worry.

To maintain the Items we have several choices:

  1. The basic implementation is to keep the list in the view state (that’s the implementation in the samples). This will work with no issues but it’s not very configurable
  2. 		List items
    			get { return GetPropertyValue("items", (List)null); }
    			set { SetPropertyValue("items", value); }
  3. A bit more sofisticated solution, and the way GridView works, would be taking into consideration the EnableViewState property and depending on the value, then saving it in the View State or in a member
  4. 		List _items = new List();
    		List items
    				if (EnableViewState)
    					return GetPropertyValue("items", (List)null);
    					return _items;
    				if( value == null)
    					value = new List();
    				if (EnableViewState)
    					SetPropertyValue("items", value);
    					_items = value;

If we run the example now, we can see how all the items are there after the postback and the new ones are added to the list, just as expected. Just remember that the more you add to the ViewState, de bigger the page.

You can download the code here.
Important: I couldn’t upload the file as it was a zip file, so I added the extension jpg. After saving the file, remove the extension and unzip it normally.