Here is an interesting review on my book by Travis Illig that I was referred to by Jim Minatel

Book Review: Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB

Here is an excerpt of Travis review:

"Chapter 18, though, is where you'll want to flip right to. This is where it all comes together - all the stuff you'll have learned from the previous chapters, put together in a near-checklist form, so you can take a step back from the application you're working on, look through this, and ask yourself, "Am I doing this in a secure fashion?" Common gotchas and attacks are discussed here as well as ways to protect yourself.

It's definitely not for folks new to ASP.NET - if you haven't written an ASP.NET app before or you're just starting out, this isn't for you. This book gives you in-depth information that, in some cases, you'd only otherwise get by using .NET Reflector to delve into the actual .NET assemblies and follow the code. It's heavy, detailed information. For mid-level to experienced ASP.NET developers, you definitely need to pick this up.

In all, this is one of those books I'm really glad to have on my shelf, right alongside Professional ASP.NET 3.5 in C# and VB."

Hope you enjoy reading this review and reading the book :)

Regards

Tags: ASP.NET 3.5, ASP.NET 3.5 Sevurity, C#, Membership, Role Management, VB

I came across the URL Rewrite Module for IIS 7.0. That was released by the IIS Team on November 10th 2008. Check out the release page here:
URL Rewrite Module  - Release to Web

The module has so many important features that any ASP.NET developer should have a look at.

 

Hope this helps,
Regards

Tags: ASP.NET 3.5, IIS 7.0

Now you can check my book on www.amazon.com by visiting the following link:

Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB

See larger image

List Price: $59.99 Price: $37.79 & this item ships for FREE with Super Saver Shipping. Details You Save: $22.20 (37%) Special Offers Available Pre-order Price Guarantee. Details

This title has not yet been released. You may pre-order it now and we will deliver it to you when it arrives. Ships from and sold by Amazon.com. Gift-wrap available.

 

 

Isn't this cool? I am extremely happy!!

Regards 

 

Tags: ASP.NET 2.0, ASP.NET 3.5, ASP.NET Security

Here is a snippet code that helps you bind the items contained in an enumeration into a DropDownList in ASP.NET.

To start with, let us define an enumeration as follows:

    public enum Directions
    {
        North = 1,
        East,
        South,
        West
    }

The above is a C# definition for an enumeration called Directions that has 4 main values.

Now, to bind the above enumeration values to a DropDownList we need the following:

        if (!Page.IsPostBack)
        {
            // Loop through the Directions' items
            // and add them item by item into the DropDownList
            ListItem item = null;
            string[] directionNames = Enum.GetNames(typeof(Directions));

            for (int x = 0; x < directionNames.Length - 1; x++)
            {
                // Create the item
                item = new ListItem(
                    directionNames[x],
                    ((Int32)Enum.Parse(typeof(Directions), directionNames[x])).ToString());

                // Add the item to the list of items
                // inside the DropDownList
                this.ddlDirections.Items.Add(item);
            }
        }

You notice in the code above, to retrieve the names of all the items in the enumeration, you make use of the Enum.GetNames() method. Once you have all the items in the enumeration as String values, you loop through the list of values of the enumeration.

For each value, you create a new ListItem class passing to it the:

1. Text to be displayed which is in this case the name of an item inside the enumeration
2. Value to be stored in the value of the ListItem in this case the Integer value of an item in the enumeration which is retrieved by parsing the item name into a valid Directions enumeration, then casting to the type of the Enumeration, which is by default int.
   

 Once the ListItem is created, simply add it to the collection of Items of the DropDownList placed in the HTML markup.

The DropDownList is defined as follows:

    <asp:DropDownList ID="ddlDirections" runat="server" AppendDataBoundItems="true" >
        <asp:ListItem Text=" .. Choose a Direction .." Value="-1" Selected="True"/>
    </asp:DropDownList>

This is all what you need to do to bind a DropDownList to an enumeration!

Hope it helps,
Regards

Tags: ASP.NET 2.0, ASP.NET 3.5

The ASP.NET AJAX Roadmap is published and can be reached here (http://www.codeplex.com/aspnet/Release/ProjectReleases.aspx?ReleaseId=14924)

Enjoy it!

 

Regards     

 

Tags: AJAX-ATLAS, ASP.NET 2.0 - Master Pages, ASP.NET 3.5, ASP.NET Extensions 3.5

In ASP.NET 2.0 and ASP.NET 3.5 applications hosted under IIS 7.0 and are running with the Integrated Mode, ASP.NET Session State does not get initialized when a native or non-managed request enters the Integrated HTTP Request pipeline.

If you look at the IIS 7.0's applicationHost.config configuration file located at: %windir%/System32/inetsrv/config you will notice that the SessionStateModule is defined to handle only managed requests as follows:

<add name="Session" type="System.Web.SessionState.SessionStateModule" preCondition="managedHandler" /> 

You notice that the preCondition attribute has the value of managedHandler which means that this module would be initialized only for managed requests, i.e. .aspx, .asmx, etc ...

First of all to be able to make this module get initialized for non-managed resources, you need to remove this entry and then add the same entry but this time having the preCondition attribute set to empty string.

<remove name="Session" />
<add name="Session" type="System.Web.SessionState.SessionStateModule" preCondition="" />

With the above configuration added to the application's web.config configuration file under the <modules /> configuration section located in <system.webServer /> configuration section group.

Now, the Session State is still not initialized for non-managed resources, why?

The SessionStateModule is usually initialized in the AcquireRequestState HttpApplication's event. This event usually gets called after the MapRequestHandler and PostMapRequestHandler events. This means, the AcquireRequestState event fires after the ASP.NET Runtime has decided on the HttpHandler for the current HTTP Request.

The SessionStateModule does a check if the current HTTP Request's Handler implements the IRequiresSessionState marker interface. If not, the SessionStateModule stops execution and no ASP.NET Session State gets initialized. Why? There is no native or non-managed Handler that can implement the managed IRequiresSessionState marker interface and hence if the SessionStateModule finds out that the Handler created for the current request does not implement the IRequiresSessionState, no Session State gets initialized.

Now, when a non-managed or native request enters the Integrated or Unified HTTP Request Pipeline, ASP.NET Runtime does not create an instance of a managed Handler, the HttpHandler for the current HttpContext is null and not initialized. This means that the SessionStateModule, that has already been mapped for native and managed requests, checks that the current HttpContext's Handler is null and hence there is already no Handler instance created to check if it implements the IRequiresSessionState marker interface.

The trick to solve this problem is provided by Mike Volodarsky (Program Manager in the IIS team) that can be read in this www.iis.net forum post (https://forums.iis.net/p/1094546/1648944.aspx#1648944)

What should be done is fake the SessionStateModule with an instance of a managed HttpHandler that implements IRequiresSessionState marker interface that gets created for native requests.

What are you talking about Bilal?

Well yes. The idea is to develop a custom HttpHandler that implements the IRequiresSessionState marker interface with empty implementation, this handler will be used as a temporary handler only as you will see later in the code.

Next, what we need to do is the following:

In the MapRequestHandler event, a managed handler is created when the HTTP request is for a managed resource. This means, in the PostMapRequestHandler event you can check to see if ASP.NET runtime has created an HttpHandler for the current request, if not, then this means the HTTP request is for a native resource and not a managed one. At this moment, you can initialize a new instance of the custom dummy handler that was introduced above, set it to the Handler of the current HTTP request.

After the PostMapRequestHandler executes, the AcquireRequestState event fires. At this moment, the SessionStateModule starts executing. Now, the SessionStateModule will find out that the current HTTP request has a valid HttpHandler that implements the IRequiresSessionState marker interface, this means now the ASP.NET Session State will get initialized successfully!!

In the PostAcquireRequestState event the current HTTP request's Handler should be reverted back to its original Handler (i.e. Handler created by ASP.NET runtime which is in this case NULL because the request originally is for a native and non-managed request). This is very important because if the custom dummy  HttpHandler was kept as the Handler for the current request, the ASP.NET Runtime would execute that Handler when it is time during the Integrated HTTP Request Pipeline to execute the Handler for the current request.

Therefore, you should check if the current request's Handler is of type the custom dummy HttpHandler then you should set it back to NULL, where NULL represents the Handler's instance that was originally created by the ASP.NET runtime.

The code below shows both the custom dummy HttpHandler and the custom module used to configure the PostAcquireRequestState and PostMapRequestHandler events.

CustomNativeHandler

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.SessionState;
using System.Web.Security;

public class CustomNativeHandler : IHttpHandler, IRequiresSessionState
{
    public bool IsReusable
    {
        get { return false; }
    }

    public void ProcessRequest(HttpContext context)
    {
        throw new NotImplementedException();
    }

   public CustomNativeHandler()
    { }
}

 

SessionStateForNativeRequestsModule

using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;

public class SessionStateForNativeRequestsModule : IHttpModule
{
    public void Dispose()
    {
        throw new NotImplementedException();
    }

    public void Init(HttpApplication context)
    {
        // Subscribe to the PostMapRequestHandler
        context.PostMapRequestHandler += new EventHandler(context_PostMapRequestHandler);

        // Subscribe to the PostAcquireRequestState
        context.PostAcquireRequestState += new EventHandler(context_PostAcquireRequestState);
    }

    void context_PostAcquireRequestState(object sender, EventArgs e)
    {
        // Get an instance of the current Context
        HttpContext context = ((HttpApplication)sender).Context;

        // Use "as" so that if the current handler
        // is not a CustomNativeHandler, then no exception
        // will be thrown, like in the case of casting.
        CustomNativeHandler customHandler =
            context.Handler as CustomNativeHandler;

        // If the current handler is our custom dummy handler
        // then revert back to the managed handler that was
        // originally created by the .NET Framework for the
        // current request, which is null in this case
        // since .NET Framework does not create a managed Handler
        // for a native request
        if (customHandler != null)
            context.Handler = null;
    }

    void context_PostMapRequestHandler(object sender, EventArgs e)
    {
        // Get an instance of the current Context
        HttpContext context = ((HttpApplication)sender).Context;

        // If the current HttpHandler is null, then this must be
        // a native request being processed.
        // Create a new instance of the CustomNativeHandler
        // and set it to the current request Handler.
        if (context.Handler == null)
            context.Handler = new CustomNativeHandler();
    }
}

 

To configure the above custom module in an application's web.config configuration file, you add the following section:

    <system.webServer>
        <validation validateIntegratedModeConfiguration="false"/>
        <modules>
            <add name="SessionStateForNativeRequestsModule" type="SessionStateForNativeRequestsModule"/>

            <remove name="Session" />
            <add
                name="Session"
                type="System.Web.SessionState.SessionStateModule"
                preCondition="" />

        </modules>
    </system.webServer>
 

Hope this helps,
Regards

Tags: ASP.NET 3.5, ASP.NET Session State, IIS 7.0, SessionStateModule

*** Updated - April 7 2008  ***

I played a little bit with the command line I am using to install the SQL Server Session State database and it seems to work fine: To register the database for the SQL Server Session State on ASP.NET 2.0 or ASP.NET 3.5:

aspnet_regsql -C "Data Source=.;Integrated Security=True" -ssadd -sstype c -d SessionStateDB

In addition to this, you might need to grant access to: 'NT AUTHORITY\NETWORK SERVICE' on your database

Hope this solves your problem as it solved mine!!
Regards 

*** Updated - April 7 2008  ***

 

I enabled a database with the schema tables used for SQL Server Session State as follows:

 

Then in the web.config file, I enabled SessionState as follows:

 

When I run my page, I recieve the following exception:

Unable to use SQL Server because ASP.NET version 2.0 Session State is not installed on the SQL server. Please install ASP.NET Session State SQL Server version 2.0 or above.

 

It sounds strange, I am using the 2.0 version of the script!! Any ideas?

Thanks

Tags: ASP.NET 2.0 - General, ASP.NET 3.5, Databases &amp;amp, SQL, SQL Server Session State

My third article in the series of articles on Client Application Services is now published on www.aspalliance.com. This is the last article in the aforementioned series! Hope you enjoy it! You can check it at: Client Application Services Part 3 (http://aspalliance.com/1597_Client_Application_Services__Part_3).

Make sure to read the previous two parts before going on with this new part! Here are the links for Parts 1 and 2.

 

1. Client Application Services Part 1 (http://aspalliance.com/1595_Client_Application_Services__Part_1)
2. Client Application Services Part 2 (http://aspalliance.com/1596_Client_Application_Services__Part_2)

 

Hope this helps,
Regards

Tags: ASP.NET 3.5, Windows Forms

I faced a situation today where I am trying to attach to the page_load event of a child nested master page to load some data on the master page itself. The event was not firing at all. Later on I figured out that the AutoEventWireup property on the Page directive is false!!!

Seems by default when you create a nested master page, its AutoEventWireup property is set to false! What you need to do is just make it true!

 

Hope this helps!

Regards

Tags: ASP.NET 2.0 - General, ASP.NET 3.5