Anas Ghanem : ASP.NET

Entity Framework:What’s new in .NET 4 and VS 2010

anas — Fri, 22 May 2009 13:15:00 GMT

For the list of updates and enhancements , checkout this post from ADO.NET team....(read more)

Microsoft Free Web Platform Installer (WEB PI)

anas — Mon, 13 Apr 2009 23:05:18 GMT

Web platform installer is a small application that allow you to stay update to date with the latest .NET tools,updates and additions that is being added to the framework.Developers may not have enough time to search and read the latest releases and updates...(read more)

Sharing FormView Edit and insert templates to avoid duplicate markup

anas — Mon, 30 Mar 2009 22:50:00 GMT

If you used the FormView control ,I’m sure that you had modified it’s generated Edit and Insert templates(like adding calendar for the date fields , changing the textboxes that are bound to the foreign key columns with a dropdown list,adding validation...(read more)

Login control FAQ :

anas — Fri, 27 Mar 2009 16:28:00 GMT

This post contains some of the most asked questions when using login control. 1- how to redirect users to different pages based on their roles. This can be done by handling the LoggedIn event of the Login control. protected void Login1_LoggedIn( object...(read more)

Caching techniques for paged GridView

anas — Fri, 13 Mar 2009 17:10:00 GMT

Implementing output cache for the GridView is straight forward if the GridView doesn't require to provide paging functionality. And so , if you don't need paging in the GridView , you can set the output cache on the page level and the GridView will be...(read more)

Solving "A generic error occurred in GDI+" exception.

anas — Sat, 28 Feb 2009 19:23:00 GMT

Hi, If you are getting that error , then I can say that your application doesn't have a write permission on some directory. For example, if you are trying to save the Image from the memory stream to the file system , you may get that error. I also faced...(read more)

Resetting scroll position after partial update Completed.

anas — Thu, 01 Jan 2009 22:56:00 GMT

When you use the UpdatePanel to implement partial updates,the scroll position will be maintained between the asynchronous post backs;But you may need to reset the scroll position after the partial update completed ( after receiving the response). To do...(read more)

Sharing ASP.NET security Database between different applications

anas — Mon, 22 Dec 2008 21:56:00 GMT

This blog will mention the steps that is required to share the asp.net security database between different applications. The steps to follow : Since you are going to use one database for many applications , it will not be practical to have the database...(read more)

Changing the session ID programmatically.

anas — Tue, 16 Dec 2008 20:48:00 GMT

In this blog, I will show how to change the Assigned session Id programmatically.

You may ask : why I need to change the automatically generated the user session id ? well there is many possible reasons like :

You may use the session ID to track the User activities or to implement audit trails in your system.
Preventing Session Hijacking by generating a new session id after the user logged in.
Removing the user session after logging out.

There could be more reasons that I don't know about them , if you know more reasons feel free to post it in the comments section .

Changing the Session id is an easy task in asp.net.You just need to use SessionIDManager class.

The class contains a lot of helpful methods ,I will list some of them :

CreateSessionID : returns a unique session identifier that is a randomly generated number encoded into a 24-character string.
GetSessionID : gets the session-identifier value from the current Web request.
SaveSessionID : saves a newly created session identifier to the HTTP response.

The rest of methods and class members can be found here.

I will now show a simple code that will print the Current SessionId and Create a new session id and save it to the context.

[Code provided in C# ]

        SessionIDManager Manager = new SessionIDManager();

        string NewID = Manager.CreateSessionID(Context);

        string OldID = Context.Session.SessionID;

        bool redirected = false;

        bool IsAdded = false;

        Manager.SaveSessionID(Context, NewID,out redirected, out IsAdded);

        Response.Write("Old SessionId Is : " + OldID);

        if (IsAdded)

            Response.Write("<br/> New Session ID Is : " + NewID);

        else

            Response.Write("<br/> Session Id did not saved : ");

Hope it helps.

Securing your web site using session

anas — Fri, 07 Nov 2008 12:36:00 GMT

When using Asp.net , there is many ways to secure your web site pages . you can use Windows authentication , Or Forms Authentication services.

Through asp.Net forums, I noticed that there is many developers trying to use the session to secure there web sites.they are doing this by storing some flag in the session , like storing the username , so that they can check this value in the pages to make sure that the user is logged in.

Note: I recommended to not use the session to secure the web site , because session will timeout , and so your users will need to login on every timeout period ( 20 minutes by default) . also when using the session , you will need to manually manage the user roles , while you don't have to worry about that if you used Membership Services.

However, if you still want to use the session ,I will show you how to correctly implement that using a custom base page class .

Note: The Base Class will contains the required checks , and so you need to change your pages to inherit from this custom class instead of inheriting from "System.Web.UI.Page" class which is the Default class for ASPX pages.

Ok , Take a look at the Base Page class Below :

    6 /// <summary>

    7 /// this page will be used as a basePage class for all pages that needs to be secured .

    8 /// so if you want to make some pages secured ,

    9 /// just let them inherit from this class instead of directly  inheriting from System.Web.UI.Page

   10 /// </summary>

   11 ///

   12 public class SecuredPage : System.Web.UI.Page

   13 {

   15     protected string LoginUrl

   16     {

   17         get { return "~/Login.aspx"; }

   18     }

   20     // return true if the current page is the Login Page .

   21     private bool IsLoginPage

   22     {

   23         get {

   24             return VirtualPathUtility.GetFileName(Request.Path).ToLower() ==

   25                 VirtualPathUtility.GetFileName(LoginUrl.ToLower());

   26         }

   27     }

   29     // Property to get/set the UserName from/in the session

   30     private const string UserNameKey = "UserName";

   31     protected string  UserName

   32     {

   33         get

   34         {

   35             return Convert.ToString(Session[UserNameKey]);

   36         }

   37         set {

   38             Session[UserNameKey] = value;

   39         }

   40     }

   42     protected string DefaultPage

   43     {

   44         get {

   45             return "Default.aspx";

   46         }

   47     }

   48     protected void RequestLogin()

   49     {

   50         string CurrentUrl = Request.RawUrl;

   51         Response.Redirect(LoginUrl + "?ReturnUrl=" + Server.HtmlEncode( CurrentUrl));

   52     }

   54     // use this method to redirect the user after sucessfull login ,

   55     // this method will make sure that the user will get redirected to the original url  that was on .

   57     protected void RedirectFromLoginPage(string TargetUrl)

   58     {

   59         if (! string.IsNullOrEmpty(UserName))

   60         {

   61             if (Request.QueryString["ReturnUrl"] != null)

   62             {

   63                 Response.Redirect(Request.QueryString["ReturnUrl"]);

   64             }

   65             else

   66                 Response.Redirect(TargetUrl);

   67         }

   68     }

   70     // you can just call this method , it will automatically redirect to default page ,

   71     protected void RedirectFromLoginPage()

   72     {

   73         RedirectFromLoginPage(DefaultPage);

   74     }

   76     protected override void OnInit(EventArgs e)

   77     {

   78         // if the user is not logged in  , redirect  to Login Page

   79         if (string.IsNullOrEmpty(UserName) && !IsLoginPage)

   80             RequestLogin();

   81         // this needed to initialize its base page class

   82         base.OnInit(e);

   83     }

   84 }

To Use the above class, change your pages to inherit from it, then in the login page , you can handle the Authenticate event for your login control like this :

   18     protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)

   19     {

   20         bool Authenticated = true;

   21         Authenticated = ValidateLogin(Login1.UserName, Login1.Password);

   22         if (Authenticated)

   23         {

   25             // store the user name in the session

   26             UserName = Login1.UserName;

   27             // use this method instead of directly calling response.redirect ,

   28             // because this method will remember the previous page that the user requested ,

   30             RedirectFromLoginPage();

   31         }

   32     }

   34     private bool ValidateLogin(string UserName, string Password)

   35     {

   36         // here you need to check the entered user and pasword ,

   37         //you may need to check the users table in the database ..

   38         //Authenticated= UserBLL.ValidateUser(Login1.UserName, Login1.Password);

   39         // for this  , demo lets just use User:admin and password:admin

   41         // again , instead of this code , you must validate your users based on database or else.

   42         return UserName == "admin" && Password == "admin";

   43     }

Note: RedirectFromLoginPage() method will make sure to send the user back to the page that he/she was on .

I created a demo website that will show you how to use the SecuredPage class in your website , you can download the demo [here].

Hope it helps.

Anas Ghanem

Avoid session loss when using Cookieless sessions with XML Sitemap Provider

anas — Thu, 30 Oct 2008 08:10:00 GMT

In march 2008 , I showed how to avoid losing session when using cookiless sessions with XmlSiteMapPorvider. I mentioned how to quickly fix this issue by handling the Data Bound events of Navigation controls . Since This issue is still reproducible in .Net 3.5 ,I published an article that discusses this issue in more details , Read the article.[Here]

Creating Custom Parameters for Data source Controls

anas — Tue, 14 Oct 2008 21:56:00 GMT

Asp.net provide various types of parameters , like session parameter which get its value from session ,control parameter which get its value from form control , and there is also many other parameters each one used to read the parameter value from different location .

But sometimes , those parameters doesn't fit your needs , for example , if you want a parameter that get its value from the UserName of the current logged in user ( User.Identity.Name ) , in this case you may end up by using the default <asp:Parameter > which requires to set its value manually in the data Source Selecting , Updating , Inserting , or deleting event.

However , you could create a custom parameter that can be used in all places that you want to use the Current logged in UserName as a parameter in the data source controls , this can be accomplished by inheriting from System.Web.UI.WebControls.Parameter class , and by overriding it's Evaluate method.

Note: the evaluate method will be called automatically by the framework .

The custom parameter can be placed in App_Code folder or in a separate class library if you want to use it in other projects.

This is the custom UserParameter class:

   11 namespace CustomControls

   12 {

   13     /// <summary>

   14     /// Summary description for UserParameter

   15     /// </summary>

   16     public class UserParameter : System.Web.UI.WebControls.Parameter

   17     {

   18         protected override object Evaluate(HttpContext context, System.Web.UI.Control control)

   19         {

   20             if (context.User != null && !string.IsNullOrEmpty(context.User.Identity.Name))

   21             {

   22                 return context.User.Identity.Name;

   23             }

   25             return null;

   26         }

   27     }

   28 }

Now to use the UserName parameter,

First thing , you should register the custom control ,

<%@ Register Namespace="CustomControls" TagPrefix="cc1" %>

Then you can use it as a parameter for your data source :

<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<$ConnectionStrings:DatabaseConnectionString %>"

    SelectCommand="SELECT [ProjectId], [Name], [UserName] FROM [Projects] where [UserName]=@UserName">

     <SelectParameters>

      <cc1:UserParameter Name="UserName" />

    </SelectParameters>

  </asp:SqlDataSource>

Hope it helps

Anas Ghanem

Development Tip #1: Wrap your Date Selector inside a User control

anas — Fri, 19 Sep 2008 22:38:00 GMT

When developing web application, you will need to decide which date selector you are going to use , you may choose between the Caledar Extendar , or any other 3'rd party controls (like infragistics ,Telerik ,...).In the future , if you decided to change the date selector for some reason , you will need to go to all places in which you used the date selector and change the code to use the new date selector control !

The required changes could be :

you will need to remove all "<%@ register " tags that reference the old control
change the pages code behind to use the new control .
also you may need to change the validations.

The Solution :

What I suggest here is that from the Beginning of the development , create a User Control that expose some properties like Selected Date(set , get) , and another property like IsRequired , and inside the user control , you can place any type of date selector control , then you just need to use this user control as a date selector in your web site , and when you want to change the date selector control , you just need to change the user control code .

Hope it helps

Anas Ghanem

Fixing DotNetNuke localization for child and dynamically loaded UserControls

anas — Wed, 10 Sep 2008 17:42:00 GMT

The DotNetNuke localization engine depends heavily on the "LocalResourceFile" property which is contained in "PortalModuleBase" class which is must be the base class for the UserCotrols that needs to be used as a controls for the Module.

The "LocalresourceFile" property uses the following code to get the correct Localization file for the control ( the code based on DNN 4.08.04)

Me.TemplateSourceDirectory & "/" & Services.Localization.Localization.LocalResourceDirectory & "/" & Me.ID

Note how the property value depends on the UserCotrol ID , this will cause the problem when the UserCotrol used as a child UserCotrol in another UserCotrol , or when its dynamically loaded to a nother UserCotrol (using the LoadControl method) . in both cases the "LocalResourceFile" property will returns incorrect resource file which prevent the DotNetNuke from localizing the control .

Note that when dynamically loading the UserCotrol using LoadControl method , the UserCotrol Id will be null , and when we place the UserCotrol in another UserCotrol , the UserCotrol id will be the Instance Id , for example if the UserCotrol is "Products.ascx" , then its id will be Products1 or the id that is assigned to it by the developer.

To overcome all of the above issues , the solution is to modify the LocalResourceFile for the UserCotrol , this can be applied by creating a new "LocalResourceFile" property that shadows the Property of the PortalModuleBase control (since the property is not overridable ), and statically return the correct LocalResourceFile , the problem in this solution is that you need to apply it to every UserCotrol .

The other solution( and the best I think) is to create a base UserCotrol class that inherits from PortalModuleBase and fix the LocalResourceFile like below :

public partial class BaseUserControl : DotNetNuke.Entities.Modules.PortalModuleBase
{
    // basicly this will fix the localization issue 
    protected override void OnInit(EventArgs e)
    {
        base.OnInit(e);
        string FileName = System.IO.Path.GetFileNameWithoutExtension(this.AppRelativeVirtualPath);
        if (this.ID != null)
            //this will fix it when its placed as a ChildUserControl 
            this.LocalResourceFile = this.LocalResourceFile.Replace(this.ID, FileName);
        else
            // this will fix it when its dynamically loaded using LoadControl method 
            this.LocalResourceFile = this.LocalResourceFile + FileName + ".ascx.resx";
    }
}

Now change your UserControls to inherit from BaseUserControl Instead of directly inheriting PortalModuleBase .

I can place that code in the PortalModuleBase directly , but I don't like the idea of modifying the Core DNN code , It will be nice if the DNN core team added that fix ).

I used that solution in my projects , Please Let me know if there is any issues in it.

Thanks

Anas Ghanem

Implementing Outputcache with ListView Paging

anas — Sat, 06 Sep 2008 14:15:00 GMT

The ListView Control Supports a lot of functionalities , one of those functionalities is the built in support for data paging .

You can implement data paging in ListView with a help of the DataPager control.

The default behavior of the DataPager control is to provide paging functionality through PostBacks(like the GridView ) control , but the interesting thing is that the Pager Can Be configured to use the query string to keep the current displayed page , this behavior is very important if it used with the output cache to vary the page output Based on That query Field, this way you will have a separate cached version of the web page for each ListView Page, so that you can Provide an Effective and scalable data paging solution ( for example like the "http://weblogs.asp.net" page ) .

To configure the DataPager control to use the querystring , you need to set its "QueryStringField" property to the query string paramter name that you want to use .

<asp:DataPager ID="DataPager1" runat="server" QueryStringField="PageNumber"....

Now the Pager control will add the page number to the querystring field in the page url , for example :

Default.aspx?PageNumber=1

Now you can vary the page outputcache based on the "PageNumber" query string field using output cache directive , in the page decalration :

<%@ OutputCache Duration="90" VaryByParam="PageNumber" %>

This way you will have a separate cached version for each ListView page , and so your application will use the cached version for the subsequent requsts of the same ListViewPage.

You can also optimize this solution by turning off the ListView ViewState by setting its EnabeViewState property to false .

Anas Ghanem