Twitter Updates

    follow me on Twitter

    Thursday, November 01, 2007

    Tamper Proof Query String (written in C#)

    Original CP article - http://www.codeproject.com/aspnet/TamperProofQueryString.asp

    This is the few changes that I did to the Helper function to have this working

    static public string encode(string value)
    {
    return System.Web.HttpUtility.UrlEncode(TamperProofStringEncode(value, System.Configuration.ConfigurationManager.AppSettings["TamperProofKey"]).Replace('+', '@'));
    }

    static public string decode(string value)
    {
    return TamperProofStringDecode(System.Web.HttpUtility.UrlDecode(value).Replace('@', '+'), System.Configuration.ConfigurationManager.AppSettings["TamperProofKey"]);
    }


    The URLDecode() problem


    The URLDecode() method of System.Web.HttpUtility does not behave in an intuitive fashion when called repeatedly. For example: calling UrlEncode() with the string "abc+=" results in "abc%2b%3d". The first call to URLDecode() with "abc%2b%3d" correctly results in "abc+=". Calling UrlDecode() again with "abc+=" results in "abc =" - the '+' was replaced with a space. Why is this a problem at all? This is a problem because some .NET Framework methods silently call URLDecode(). My testing shows that the results from Response.QueryString[] is URL-decoded even though nothing is mentioned in the documentation. To avoid this problem, I recommend replacing all the '+' characters with '@' in the Base64 output string. The '@' character is URL safe and does not change when multiple calls are made to UrlDecode().


    using System;

    namespace Common.SharedClass
    {
    public class TamperProofQueryString
    {
    #region TamperProofStringEncode
    static public string TamperProofStringEncode(string value, string key)
    {
    System.Security.Cryptography.MACTripleDES mac3des = new System.Security.Cryptography.MACTripleDES();
    System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
    mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));
    return System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(value)) + System.Convert.ToChar("-") + System.Convert.ToBase64String(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(value)));
    }
    #endregion

    #region TamperProofStringDecode
    //Function to decode the string
    //Throws an exception if the data is corrupt
    static public string TamperProofStringDecode(string value, string key)
    {
    String dataValue = string.Empty;
    String calcHash = string.Empty;
    String storedHash = string.Empty;

    System.Security.Cryptography.MACTripleDES mac3des = new System.Security.Cryptography.MACTripleDES();
    System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
    mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));

    try
    {
    dataValue = System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(value.Split(System.Convert.ToChar("-"))[0]));
    storedHash = System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(value.Split(System.Convert.ToChar("-"))[1]));
    calcHash = System.Text.Encoding.UTF8.GetString(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(dataValue)));

    if (storedHash != calcHash)
    {
    //Data was corrupted
    throw new ArgumentException("Hash value does not match");
    //This error is immediately caught below
    }

    }
    catch (System.Exception)
    {
    throw new ArgumentException("Invalid TamperProofString");
    }
    return dataValue;
    }
    #endregion

    #region encode
    static public string encode(string value)
    {
    return System.Web.HttpUtility.UrlEncode(TamperProofStringEncode(value, System.Configuration.ConfigurationManager.AppSettings["TamperProofKey"]).Replace('+', '@'));
    }
    #endregion

    #region decode
    static public string decode(string value)
    {
    return TamperProofStringDecode(System.Web.HttpUtility.UrlDecode(value).Replace('@', '+'), System.Configuration.ConfigurationManager.AppSettings["TamperProofKey"]);
    }
    #endregion
    }
    }

    Friday, October 05, 2007

    Y!Slow

    Some background -

    http://ajax.phpmagazine.net/2007/07/yslow_helps_you_speed_up_your.html
    http://developer.yahoo.net/blog/archives/2007/07/yslow_release_o.html
    http://www.phpied.com/yslow-performance-extension-for-firebug/
    http://corfield.org/blog/index.cfm/do/blog.entry/entry/Improving_site_performance_with_YSlow

    Firebug -

    http://www.getfirebug.com/

    Firebug integrates with Firefox to put a wealth of web development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.

    YSlow -

    http://developer.yahoo.com/yslow/

    YSlow analyzes web pages and tells you why they're slow based on the rules for high performance web sites. YSlow is a Firefox add-on integrated with the popular Firebug web development tool. YSlow gives you:

    Performance report card
    HTTP/HTML summary
    List of components in the page
    Tools including JSLint

    Thursday, October 04, 2007

    An ASP.NET Spell Checker for a Textbox

    http://www.codeproject.com/useritems/checkspelling.asp CP article is the .net version of my 2004 asp artcile; the author has converted my asp code to asp.net and also have given due credits ;)

    Background


    Here is what he has to say,

    I did quite a bit of searching on the web and found many controls that would do this but unfortunately, these were quite expensive (especially for a South African). Still others used Google API's that seem to have been removed or Microsoft Word API's that are more suited for windows applications and not web applications.

    I then found a gem here on the Code Project by Vasantha Mohan (http://www.codeproject.com/asp/spell_check.asp) that described how to use a dictionary file to check spelling in asp. This was able to provide a good base for me to convert to ASP.NET and make some changes more suited for my project. I did not use his method to insert hard-returns as I am simply checking the text, not the formatting. In addition, I added an enhancement whereby the user can manually type an alternative word if no suitable suggestion was found by the spell checker and modified the code so that the function only searches for alternatives beginning with the same letter as the word being checked - speeding things up significantly.

    BEA to deliver business Web 2.0 apps

    http://www.zdnet.co.uk/misc/print/0,1000000169,39287639-39001068c,00.htm

    Wikis, RSS and mashups are the focus of software tools about to be released by the software company


    BEA Systems will ship in July a series of corporate search and collaboration products designed around web technologies.

    The three products — Aqualogic Pages, Aqualogic Pathways and Aqualogic Ensemble — will be aimed primarily at customers of BEA's portal products, but the company expects them to have broader appeal.

    Each will be sold individually, said Ajay Gandhi, director of emerging products for BEA's Business Interaction Division.

    The software company showed off early versions of the products at its customer conference last year and originally divulged plans for the product line back in 2005. The common theme of the three products is the application of web-based technologies, such as RSS feeds and bookmarking, for business collaboration.

    Aqualogic Pages is an enterprise wiki application that's designed to let business users combine different sources of structured information, such as RSS feeds, and share those web pages with others. The application lets people drop widgets onto web pages that collect information from the web and corporate data sources.

    Another product aimed at end users, rather than developers, is Aqualogic Pathways which is a tool for improving enterprise search using tags and bookmarking, Gandhi said. People can create automated feeds that combine corporate and internet information.

    Aqualogic Ensemble, which will be sold to web-application developers and IT professionals, is a platform for building mashups.

    Each of the products is designed so people can get to back-end business databases and applications using lightweight technologies. They also tie into corporate security systems and directories so IT people can control access to data, Gandhi said.

    "HTTP Error 404 - File or Directory not found" error message when you request dynamic content with IIS 6.0

    http://support.microsoft.com/kb/315122/en-us?spid=3198&sid=205

    SYMPTOMS


    When you request dynamic content such as an Active Server Pages (ASP) page, an ASP.NET page, an Internet Services API (ISAPI) application, or a Common Gateway Interface (CGI) application on a Microsoft Windows Server 2003 server that is running Internet Information Services (IIS) 6.0, you may receive one of the following error messages:

    Error message 1

    HTTP Error 404 - File Not Found

    Error message 2

    HTTP Error 404- File or Directory not found




    CAUSE


    By default, when IIS is installed on any version of the Windows Server 2003 family, IIS only serves static content (HTML).
    Back to the top


    RESOLUTION


    Warning Enable dynamic content when you really want to use it. By default, IIS disables dynamic content for security reasons.


    To permit IIS to serve dynamic content, the administrator must unlock this content in the Web service extensions node in IIS Manager. To do this, the administrator must either enable a pre-existing Web service extension or add a new Web service extension.


    Enable a Pre-existing Web Service Extension in IIS 6.0


    To permit IIS to serve content that requires a specific ISAPI or CGI extension that is already listed in the Web service extensions list, follow these steps:

    1. Open IIS Manager, expand the master server node (that is, the Servername node), and then select the Web service extensions node.

    2. In the right pane of IIS Manager, right-click the extension that you want to enable. In this example, this is Active Server Pages.

    3. Click to select the Allow check box.
    Add a New Web Service Extension to IIS 6.0


    To permit IIS to serve content that requires a specific ISAPI or CGI extension that is not already listed in the Web service extensions list, follow these steps:

    1. Open IIS Manager, expand the master server node, and then select the Web service extensions node.

    2. In the right pane of the IIS Manager, click Add a new Web service extension under Tasks.

    3. In the Extension name box, type a friendly name for the extension that you want to add (for example, FrontPage Server Extensions).

    4. In the Required files box, click Add, and then select the path and the name of the file that will handle requests for the specific extension. After you select the path and the file name, click OK.

    5. If the extension must be enabled immediately, click to select the Set extension status to allowed check box.

    6. Click OK to save your changes.
    Additional steps for Common Gateway Interface (CGI) applications


    For CGI applications, you must also follow these steps:

    1. Right-click Default Web Site or the Web site that you want, and then click Properties.

    2. On the Home Directory tab, click Scripts and Executables in the Execute Permissions list.

    3. Make sure that the Everyone group has the following NTFS file system permissions on the C:\InetPub\wwwroot folder or on the folder that has the Web content for the site that you want:
    • Read & Execute
    • List Folder Contents
    • Read


    4. Right-click Default Web Site or the Web site that you want, and then click Properties.

    5. On the Home Directory tab, make sure that DefaultAppPool is selecting in the Application pool box. If another application pool is selected, follow these steps in IIS Manager:

    a. Expand Application Pools, right-click the application pool that you want, and then click Properties.

    b. On the Identity tab, make sure that one of the following conditions is true:
    • The Network Service account is selected.
    • The account that is selected is a member of the IIS_WPG group.


    STATUS


    This behavior is by design.


    REFERENCES


    For more information about Web service extensions, search for "Enabling and Disabling Dynamic Content" in the IIS 6.0 Help documentation.


    For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    332124 (http://support.microsoft.com/kb/332124/) ASP.NET is not automatically installed on Windows Server 2003

    DiffMerge

    I found this merge utility; it is useful, cross platform, free and worth trying it out

    http://sourcegear.com/diffmerge/index.html

    DiffMerge is an application to visually compare and merge files for Windows, Mac OS X and Unix.

    RIM to offer plug-in for Visual Studio

    http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/07/05/07/RIM-to-offer-plug-in-for-Visual-Studio_1.html

    RIM to offer plug-in for Visual Studio


    In an effort to broaden both the capabilities and the customer base of its BlackBerry mobile devices, RIM is allowing developers to create .Net-based apps


    By Nancy Gohring, IDG News ServiceMay 07, 2007


    Research In Motion (RIM) will let developers create applications for BlackBerry phones using Microsoft's .Net programming environment, continuing its efforts to broaden the capabilities of the devices.

    The BlackBerry plug-in for Microsoft Visual Studio lets developers write applications that integrate with existing back-end servers through .Net Web Services, RIM said Monday. The plug-in works with the BlackBerry Mobile Data System.
    The new support will open up the BlackBerry developer community to include .Net developers and could make it easier for enterprise developers to build new mobile applications for workers.

    While the BlackBerry for many years was mainly a mobile e-mail device, RIM has increasingly enabled more capabilities for developing other wireless applications as it faces growing competition from companies such as Microsoft and its Windows Mobile operating system.

    For example, RIM offers the Mobile Data System, an application development framework for enterprise BlackBerry users. Customers use the MDS to build applications that allow mobile workers to access standard enterprise applications from companies such as SAP.

    In late 2005, RIM added support for Web services, but that didn't include the .Net framework.

    RIM also enables a Java development environment that allows developers to use Java to build applications for the BlackBerry.

    The application development support from RIM may help it hang on to existing customers and attract new ones in the face of Windows Mobile competition. Windows Mobile devices can receive push e-mail from Microsoft Exchange, which many companies already use for PC-based e-mail. By contrast, enterprise customers must buy and support a separate server from RIM in order to push e-mail out to BlackBerry users. Support for more applications than just e-mail may make the extra server more attractive to enterprise customers.

    RIM will make the plug-in for Visual Studio available for free later this year.

    BEA Portal .NET Application Accelerator

    This was one of the questions that I had asked and has featured in the Q&A of .NET Application Accelerator webminar that happened on Oct-10, 2006.

    Question: How about the ALUI customers? How would they accelerate the .NET applications?

    Answer: With the new .NET Portlet API and the new version of the Web Control Consumer, ALUI customers will be able to easily consumer ASP.NET 2.0 applications via HTTP/CSP.

    Wednesday, October 03, 2007

    Strange - page cannot be displayed

    Page#1.htm and Page_1.htm are the same pages with just the change in the file name. When ever I try poiniting the Page#1.htm by a href tag something like http://webserver/virtual_directory/Page#1.htm it throws an error:

    The page cannot be found


    The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
    Please try the following:
    Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.
    If you reached this page by clicking a link, contact the Web site administrator to alert them that the link is incorrectly formatted.
    Click the Back button to try another link.

    HTTP Error 404 - File or directory not found.Internet Information Services (IIS)


    Technical Information (for support personnel)
    Go to Microsoft Product Support Services and perform a title search for the words HTTP and 404.
    Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled Web Site Setup, Common Administrative Tasks, and About Custom Error Messages.

    Solution - refer the file by Page%231.htm

    Tuesday, September 11, 2007

    "The timeout period elapsed prior to completion.."

    "The timeout period elapsed prior to completion of the operation or the server is not responding."

    If this sounds familiar using the SqlClient Class or the Data Access Application Blocks "SqlHelper", and you have increased the Connection Timeout and the Connect Lifetime (for pooling) in your connection string(s), its probably because you forgot to set the COMMAND timeout!

    A command can be timed out after a certain number of seconds. You might want to set this limit if you foresee to run across particularly lengthy operations. As in ADO, the property to check is CommandTimeout. Its default value is 30 seconds.
    You can set this once the command instance has been created. A value of "0" (zero) means the command will wait for completion indefinitely, but this is not recommended by Microsoft. Better to set a large value in seconds.

    Unlike ADO, ADO.NET lets you specify the expected behavior of the command through the CommandBehavior enum. Such values specify a description of the results and how the query should affect the data source. In Beta 1, you had a CommandBehavior property to set for each command. Starting with Beta 2, you use values from the CommandBehavior enum only as an argument for ExecuteReader.

    Among the other options, you can ask a query command to limit to obtain key and schema information. In this case, the command will be executed without any locking on the selected rows. This behavior is given by the KeyInfo flag. If you have long running queries or multiple threads accessing Sql Server simultaneously,
    this can be very helpful.

    As an alternative, you might want to obtain column information only, without affecting the database state with locks. This option is SchemaOnly. Another option, SingleResult, lets you specify that you want back only one resultset, no matter how many would originate from the command. In this case, the command returns only the first resultset found. A fourth option is CloseConnection that forces the SqlDataReader object associated with a query command to automatically close the connection as the final step of its Close method.

    If you use the SqlHelper "Best practices" class as I do, it might be a good idea to recompile it, setting "cmd.CommandTimeout=howmanyseconds. There are a number of instances of this in the class.

    And, as a final caveat, don't call Dispose() on a SqlConnection unless you want to have it removed from the connection pool, because that's what Dispose() does! In almost all cases, you would simple call the Close() method and let ADO.NET take care of returning the connection to the pool.

    reference:
    Egg head cafe
    Issociate