Filtered by Tag (microsoft)
Yesterday, I received an awesome e-mail telling me that I have been given the Microsoft MVP award on ASP.NET/IIS for 2012.
@ 10-02-2012
by Tugberk Ugurlu


Yesterday, I received an awesome e-mail telling me that I have been given the Microsoft MVP award on ASP.NET/IIS. :) This was obviously a great news for me because this is my first time being an MVP. If you wonder what the heck is Microsoft MVP Award program is, here is the quote from the official MVP Overview page:

"The Microsoft Most Valuable Professional (MVP) Award is our way of saying thank you to exceptional, independent community leaders who share their passion, technical expertise, and real-world knowledge of Microsoft products with others.

Nearly two decades ago, we awarded 37 technical community leaders as MVPs. Today, there are more than 4,000 MVPs worldwide. They represent more than 90 countries, speak over 40 languages, answer more than 10 million questions a year, and are awarded in almost 90 Microsoft technologies—reflecting the breadth of our products and our global communities."

Microsoft developer community is beyond huge. So many brilliant developers share their knowledge through blogs, webcasts, podcasts, conference talks, user group meetings. Being part of this community has been always a fun but with this award, this fun is now doubled. However, I have never seen the MVP award as a target. I didn’t do anything special to get this award (well, except for filling the evaluation form). I just did what I love and that was enough. I love spending time on Stackoverflow, I love writing blog posts and I love helping others if I can.

Nearly for four years now, I have been trying to find my way with ASP.NET and its sub components, such as ASP.NET MVC, ASP.NET Web API, SignalR and I can see that the product has been evolved so much in a positive direction. Not to mention some huge steps that have been taken such as making nearly the 90% of the ASP.NET stack open source on Codeplex. Being able to see how the product grows commit by commit is simply awesome. This improvements made it possible for me to create better software solutions for the company I work for. Besides that, other Microsoft products such as Window Azure took me and my company to the next level.

I would like to especially thank all the developers at Microsoft, especially the ASP.NET, IIS and Windows Azure team members for the great products they build and the continuous support whenever we need it. I also want to thank all of the developers in this community for sharing their valuable knowledge, answering questions on forums and Q&A sites. I should admit that I am learning a lot by looking at other people’s code and if they weren’t sharing those, I wouldn’t be the developer as I am today.

Lastly, I would like to thank my lovely fiancé Nihan for her support in my life; especially for listening to me talking about tech stuff even if she has no idea about what I say 99% of the time. :)

I am hoping that I will never lose this award and I want to keep getting it every year :)

Couple of days ago I took the Exam 70-515, TS: Web Applications Development with Microsoft .NET Framework 4 and I am gonna walk you through it in this post
@ 05-14-2011
by Tugberk Ugurlu


Couple of days ago (actually a week ago on the 7th of May), I took the Exam 70-515, TS: Web Applications Development with Microsoft .NET Framework 4 to be qualified as MCTS guy but it didn’t go smoothly as I assumed and I failed Confused smile It was ok though. The experience it has given me was enough to encourage me to go and discover all the other goodness of ASP.NET and it’s children (AJAX and all that stuff). 700 points should be taken to pass the exam but mine was 546.

Actually, my exam number was 72-515. If you have taken the 072 exams before, you’d know that they are Microsoft Academic exams for students and a small discount is applicable with those exams. In terms of questions and qualification which will you get, there is no difference between 070 and 072 exams.

For those who don’t know what MCTS is, here is a quick overview;

MCTS Overview

The Microsoft Certified Technology Specialist (MCTS) certifications provide the foundation for Microsoft Certification. These certifications are designed to validate your skills on the features and functionality of key technologies. You can show your depth of knowledge in one specific technology, earn multiple MCTS certifications to show breadth across different products, or build on the MCTS to earn a Microsoft Certified IT Professional (MCITP) certification.

MCTS candidate profile

MCTS candidates are capable of implementing, building, troubleshooting, and debugging a particular Microsoft technology.

More information about MCTS can be found here :

When I found about these exams, I haven’t had a single hard time to figure out which direction should I go or what is the best suitable exam for me. Microsoft exams are well documented on their website and also there is a ‘Training and Learning’ section up on social Microsoft.

When you pass an MCTS exam, you will be qualified to get a certificate on the topic that you have taken the exam of. But also, MCTS exams for .Net developers are also the steps which will lead us to MCPD.

Quick Overview of MCPD

The Microsoft Certified Professional Developer (MCPD) certification validates a comprehensive set of skills that are necessary to deploy, build, optimize, and operate applications successfully by using Microsoft Visual Studio and the Microsoft .NET Framework. The MCPD certification is designed to provide hiring managers with a strong indicator of your potential job success. It requires two to three years of relevant experience and a commitment to remaining current in best practices and technologies.

More information can be found on

In order to be qualified as an MCPD on Microsoft Visual Studio 2010, three MCTS exams for Windows Developer 4 and Web Developer 4; two MCTS exams for windows azure developer are needed to be passed. In addition to those, there is going to be a MCPD requirement exam in order to complete to road which will lead you to MCPD.


Registration for those exams are not made on Microsoft websites, it can be done on Prometric Testing Services.

If you are a student and have an e-mail address through your high school or university, I encourage you to go and take a look at DreamSpark program. There is a campaign running now for Certification Exams which will give you a promotion code for one free exam.

I hope that this blog post helped you to have a better idea on Microsoft exams. Please share your thoughts or experiences by writing a comment to this post so that others can take advantage of them Smile

Useful Links

Scott Hanselman is one of the coolest tech guys in Microsoft and in this post I am trying to find the facts about him. Ready? Then let's rumble !
@ 05-10-2011
by Tugberk Ugurlu

imageJust a few minutes ago, the meanest thing happened. I opened a question called I'm looking for other's opinion on Scott Hanselman Facts on and it took seconds to be closed and minutes to be deleted Sad smile what a mean thing! So thank you guys.

Well, I figured nobody could close this topic here so let’s ask the question again here Smile

Everybody knows that Jon Skeet Facts has been discused long time ago and there were Chuck Norris Facts style answers.

I'm looking for the same thing for Scott Hanselman

Here are some of them that I can think of;

  1. He hates Northwind.
  2. He dies for a diet soda.
  3. He is a diabetic.
  4. He watches Undercovers regularlly (as far as I know from his twitter posts)
  5. He got lost in Munich ones when he was headed to a keynote.
  6. He created most of the parts of Nerddinner.Com
  7. He likes to tweet.
  8. He has a podtcsat called hanselminutes
  9. He has another podcast with Rob Conory called
  10. He pops up before ScottGu on Google by googling 'scott'.
  11. He likes to google with bing.
  12. CRUD is one of his favourite words.
  13. He used to work for an online bankking company.
  14. He is working for Microsoft in the meantime.
  15. He talks to himself while writing class properties (the freaking part here is that he enjoys it a lot)
  16. If he ever gets the yellow screen of death, he gets it because he means it.
  17. Once, he gets his wife's ring out of the pipeline like a plumber.
  18. His family has a thing called 'Mummy & Daddy Day' which I will certainly imitate the idea in the future.
  19. He could make an entire e-commerce web application for Tacos.
  20. He is the only guy who could make Ninja moves with Windows 7
  21. He can speak German better than Germans.

That’s what I can think of for now Smile I’ll add them as comments if new things pops up in my head. So fire your thoughts guys. Let’s have fun.

Microsoft MIX11 : Students & Academic Staff Discount is Available For the Conference / The chance that every geek student wants to catch!
@ 02-16-2011
by Tugberk Ugurlu

default_center_keynoteNearly all of .Net developers are aware of MIX Talks (my guess, only developers who has no internet access are not aware of MIX. If you are one of those, stop writing code and go write child novels) and they are thrown every year by Microsoft. MIX11 is just a few months ahead of us and this year, it will take place in Mandalay Bay, Las Vegas between 12th of April and 14th of April. For those who has no idea what I am talking about, here is a brief overview of MIX which was quoted from

MIX is a unique opportunity to engage with Microsoft and industry professionals in a two-way conversation about the future of web - from the diversity of devices and interaction models on the front-end, to the tools and technologies that power the user experience, to the services that make it all possible.

MIX is for professionals who design and build cutting-edge websites.


Learn about the future of web, from the diversity of devices and interaction models on the front-end, to the tools and technologies that power the user experience, to the services that make it all possible. There’s no better place to hear about the future of Silverlight, Internet Explorer, Windows Phone, ASP.NET, and technologies like HTML5 and CSS3.


MIX isn’t just about getting a first look at the latest technologies and trends – it’s an opportunity for you to have your questions answered by industry and Microsoft experts.

I thought that there could be an easy way for students to live those sessions where they happen. So I have searched (this is a Microsoft event so I thought that would be only legitimate if I Google it with Bing Smile) and nothing has come up and decided to try to get information by e-mail.

MIX registration team replied me at the same they with tons of information and I didn’t know that MIX has this kind of great deals for students.

Before diving deep, I would like to indicate that I have asked MIX registration team for the permission to publish the content of e-mail they have sent me on my blog so that the others can be aware of this opportunity and they kindly accept my request.

My question was so straight and their answer was so informative;

Q : I am a student on Travel Management, in Turkey and I would like to know if you have any discounts for students on MIX11 or not.

A : The academic rate is for full-time students and full-time staff of the academic community at the time of MIX11 with proof of enrollment or employment from an accredited educational institution. The cost to attend with a code is $595 and covers the regular conference fee only; Pre-Conference Boot Camps and hotel accommodations are additional.

Given the original cost which is $1395, this deal is pretty perfect. Of course you need to prove that you are eligible for the discount. How so? They informed me before I asked! Pretty gorgeous. The process is as indicated below;


College, university, and career state-accredited school students qualify to register for MIX11 using the academic discounted rate with an acceptable form of academic ID.  Please provide one of the following to prove that you are a current, full-time student:

  • Official dated, current class schedule indicating name of school and student
  • Official dated, current school tuition bill indicating name of school and student (please black-out tuition cost and any other personal information)
  • Official dated, current report card indicating name of school and student
  • Other official dated, current proof of enrollment indicating name of school and student

Faculty / Staff

College, university, and career state-accredited faculty and staff members qualify to register for MIX11 using the academic discounted rate with an acceptable form of academic ID.  Please provide one of the following:

  • Official, current faculty/staff paycheck stub indicating full-time employment (please black-out salary information and any other personal information)
  • Official, current letter on school letterhead verifying person’s full-time employment

If you are an eligible academic and would like to attend MIX11, you need to submit your form of academic ID in one of the following ways:

  • Fax a photocopy of academic ID to 1-206-783-5594
  • Email a scanned image of academic ID to in JPG, PDF or GIF format

After you complete those above steps, the process is going to be like below according to MIX Registration team;

Once we receive your valid proof of academic ID, we will provide you with an RSVP code to register.  Please note you will need to bring the original form of academic ID in addition to a current valid photo ID with you to the event and show it at the time of registration.  Failure to provide valid proof of eligibility is the responsibility of the registrant, and the registrant is responsible for their hotel and travel plans.

MIX11_BB_SeeYouAt_1Personally, I am not going to make it for this year due to the academic calendar but maybe you are. I would say that is a perfect deal to catch for students and this kind of events are the best way to integrate with Microsoft developers.

Pack your stuff, and get ready for those geek sessions Smile

Owww, I almost forgot. If you’ll be there for MIX, don’t forget to put the picture (just on the left side) on your blog to inform others that you will be there Smile

This is cool way to say “Hey, I am a geek and I am proud of it…”

On the 17th of Sepetember in 2010, Microsoft released a advisory for a very serious ASP.NET vulnerability which will cause to view data, such as the View State
@ 09-22-2010
by Tugberk Ugurlu

Microsoft has been detected a vulnerability inside the which lead to attackers to view data, such as the View State, which was encrypted by the target server, or read data from files on the target server, such as web.config. 

This vulnerability is detected in all versions and a patch has not been released fo this yet. Instead, microfoft decided to cover this security vulnerability with a precaution (workaround).

You could reach official Microsoft advisory for this issues from below link;

Also, Scott Guthrie has release 2 posts concerning this issue;

Here is also some of the FAQs concering this issue;

Quoted from Microsoft Website

What is the scope of the vulnerability? 

  • This is an information disclosure vulnerability. An attacker who successfully exploited this vulnerability could read data, such as the View State, which was encrypted by the server. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.

    This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server.

Is this a security vulnerability that requires Microsoft to issue a security update? 

  • Microsoft is currently working to develop a security update to address this vulnerability. Microsoft will release the security update once it has reached an appropriate level of quality for broad distribution.

What causes this threat? 

  • The ASP.NET use of encryption padding provides information in error responses that can be used by an attacker to read and tamper with the encrypted data.

What might an attacker use this vulnerability to do?

  • An attacker who successfully exploited this vulnerability would be able to read data, such as the View State, which was encrypted by the server. This data may also be tampered with by the attacker. If tampered with, the attacker could send this data back to the server and observe the error codes returned by the server. By observing these error codes, an attacker could gain enough information to decrypt and tamper with the encrypted data.

    An attacker who successfully exploited this vulnerability could also read data from files on the target server, such as web.config, which the worker process identity already has access to.

Can I create a custom 404 page and a default redirect for all other errors to help protect against this issue?

  • No. An attacker could still draw a distinction between a 404 error and other errors. Homogenizing errors is a crucial component to help protect against this attack.

Wish to be in a safe world, haa :)

Hi 🙋🏻‍♂️ I'm Tugberk Ugurlu.
Coder 👨🏻‍💻, Speaker 🗣, Author 📚, Microsoft MVP 🕸, Blogger 💻, Software Engineering at Deliveroo 🍕🍜🌯, F1 fan 🏎🚀, Loves travelling 🛫🛬
Lives in Cambridge, UK 🏡