Archives / 2007 / April
  • Creating Custom ASP.NET Server Controls with Embedded JavaScript

    I did some consulting work recently for a company that had a lot of JavaScript embedded in pages that was used used to perform advanced client-side functionality and make AJAX calls back to the server.  The company needed additional team members to be able to contribute to the application without spending a lot of time learning client-side Web technologies.  One solution was to provide good documentation of the JavaScript objects and methods that could be called.  This still required some fundamental knowledge of JavaScript though.  The focus, however, seemed to be on getting other team members involved with learning C# and server-side technologies so that they could also build back-end code tiers rather than having everyone spend time learning JavaScript and other related client-side technologies such as CSS and DHTML/DOM.

  • JavaScript Intellisense and Documentation in VS.NET Orcas

    Microsoft's Betrand Le Roy just put together a great post on how to document JavaScript code in VS.NET Orcas.  By adding documentation comments, users of your script will get nice intellisense as they type and use JavaScript classes, methods, etc.  Nice stuff that we've all wanted for a long, long time.

  • The Power of Anonymous Methods in C#

    Anonymous methods are a new feature in C# 2.0 that allow you to hook an action directly to an event as opposed to having a separate event handler.  For example, when a user clicks a button and you need to pop-up a MessageBox, you could handle it the standard way with a delegate and an event handler, or you could hook the action to perform directly to the Click event using an anonymous method as shown next:

  • Simple ASP.NET 2.0 Tips and Tricks that You May (or may not) have Heard About

    ASP.NET 2.0 is an awesome framework for developing Web applications.  If you've worked with it for awhile then that's no secret.  It offers some great new features that you can implement with a minimal amount of code.  I wanted to start a list of some of the most simple (yet cool) things you could do with it that required little or no C#/VB.NET code.  If you have other suggestions add a comment and I'll update the list if the suggestion is a simple task that can be applied easily.

  • XSLT 2.0, XPath 2.0, XQuery and WSDL Support in XMLSpy 2007

    I've always been a fan of Altova's XMLSpy and have used it since it was first released.  Their release of XMLSpy 2007 doesn't disappoint as it adds support for several things that are of particular interest to me such as XSLT 2.0 and XPath 2.0, XQuery and enhanced WSDL editing.  It of course adds many more features which you can learn about at

  • Distributed Application Development with .NET 2.0

    I'm teaching Microsoft's .NET Distributed Application Development course this week in Phoenix and wanted to get some sample code I put together posted for everyone that is attending (and anyone else that is interested).  The code demonstrates asynchronous Web Services calls, MSMQ fundamentals, remoting through code and remoting through configuration files, using delegates with remoting, WSE 3 features, plus more. 

  • AJAX Hacker Attacks - Cross Site Request Forgery

    I was reading an article that was posted yesterday about various AJAX security vulnerabilities that was pretty interesting.  It documents how many AJAX frameworks allow GET requests to hi-jack JSON messages and process them as desired.  This is a big deal since any sensitive information included within a JSON message would be viewable to a clever CSRF (Cross Site Request Forgery) hacker. 

    Microsoft's Scott Guthrie cleared up the issue with regard to the ASP.NET AJAX framework today.  He wrote up a great post describing how the framework automatically disables GET requests by default (the UpdatePanel uses POST operations) and they add a special application/json content type header that is checked.  The architects of the ASP.NET AJAX framework did a great job thinking this through and ensuring that the framework prevented these types of attacks "out of the box".

comments powered by Disqus