Archives / 2007 / April
  • Creating Custom ASP.NET Server Controls with Embedded JavaScript

    I did some consulting work recently for a company that had a lot of JavaScript embedded in pages that was used used to perform advanced client-side functionality and make AJAX calls back to the server.  The company needed additional team members to be able to contribute to the application without spending a lot of time learning client-side Web technologies.  One solution was to provide good documentation of the JavaScript objects and methods that could be called.  This still required some fundamental knowledge of JavaScript though.  The focus, however, seemed to be on getting other team members involved with learning C# and server-side technologies so that they could also build back-end code tiers rather than having everyone spend time learning JavaScript and other related client-side technologies such as CSS and DHTML/DOM.


  • JavaScript Intellisense and Documentation in VS.NET Orcas

    Microsoft's Betrand Le Roy just put together a great post on how to document JavaScript code in VS.NET Orcas.  By adding documentation comments, users of your script will get nice intellisense as they type and use JavaScript classes, methods, etc.  Nice stuff that we've all wanted for a long, long time.


  • The Power of Anonymous Methods in C#

    Anonymous methods are a new feature in C# 2.0 that allow you to hook an action directly to an event as opposed to having a separate event handler.  For example, when a user clicks a button and you need to pop-up a MessageBox, you could handle it the standard way with a delegate and an event handler, or you could hook the action to perform directly to the Click event using an anonymous method as shown next:


  • Simple ASP.NET 2.0 Tips and Tricks that You May (or may not) have Heard About

    ASP.NET 2.0 is an awesome framework for developing Web applications.  If you've worked with it for awhile then that's no secret.  It offers some great new features that you can implement with a minimal amount of code.  I wanted to start a list of some of the most simple (yet cool) things you could do with it that required little or no C#/VB.NET code.  If you have other suggestions add a comment and I'll update the list if the suggestion is a simple task that can be applied easily.

     1.  Maintain the position of the scrollbar on postbacks:  In ASP.NET 1.1 it was a pain to maintain the position of the scrollbar when doing a postback operation.  This was especially true when you had a grid on the page and went to edit a specific row.  Instead of staying on the desired row, the page would reload and you'd be placed back at the top and have to scroll down.  In ASP.NET 2.0 you can simply add the MaintainScrollPostionOnPostBack attribute to the Page directive:

    <%@ Page Language="C#" MaintainScrollPositionOnPostback="true" AutoEventWireup="true" CodeFile="..." Inherits="..." %>

    2.  Set the default focus to a control when the page loads:  This is another extremely simple thing that can be done without resorting to writing JavaScript.  If you only have a single textbox (or two) on a page why should the user have to click in the textbox to start typing?  Shouldn't the cursor already be blinking in the textbox so they can type away?  Using the DefaultFocus property of the HtmlForm control you can easily do this.

    <form id="frm" DefaultFocus="txtUserName" runat="server">

    3. Set the default button that is triggered when the user hits the enter key:  This was a major pain point in ASP.NET 1.1 and required some JavaScript to be written to ensure that when the user hit the enter key that the appropriate button on the form triggered a "click" event on the server-side.  Fortunately, you can now use the HtmlForm control's DefaultButton property to set which button should be clicked when the user hits enter.  This property is also available on the Panel control in cases where different buttons should be triggered as a user moves into different Panels on a page.

    <form id="frm" DefaultButton="btnSubmit" runat="server">

    4. Locate nested controls easily: Finding controls within a Page's control hierarchy can be painful but if you know how the controls are nested you can use the lesser known "$" shortcut to find controls without having to write recursive code.  If you're looking for a great way to recursively find a control (in cases where you don't know the exact control nesting) check out my good buddy Michael Palermo's blog entry. The following example shows how to use the DefaultFocus property to set the focus on a textbox that is nested inside of a FormView control.  Notice that the "$" is used to delimit the nesting:

    <form id="form1" runat="server" DefaultFocus="formVw$txtName">
    <asp:FormView ID="formVw" runat="server">
                    <asp:TextBox ID="txtName" runat="server" 
    Text='<%# Eval("FirstName") + " " + Eval("LastName") %>' />

    This little trick can also be used on the server-side when calling FindControl().  I blogged about this awhile back if you'd like more details.  Here's an example:

    TextBox tb = this.FindControl("form1$formVw$txtName"as TextBox;
    (tb != null)
    //Access TextBox control

    5. Strongly-typed access to cross-page postback controls:  This one is a little more involved than the others, but quite useful.  ASP.NET 2.0 introduced the concept of cross-page postbacks where one page could postback information to a page other than itself.  This is done by setting the PostBackUrl property of a button to the name of the page that the button should postback data to.  Normally, the posted data can be accessed by doing something like PreviousPage.FindControl("ControlID").  However, this requires a cast if you need to access properties of the target control in the previous page (which you normally need to do).  If you add a public property into the code-behind page that initiates the postback operation, you can access the property in a strongly-typed manner by adding the PreviousPageType directive into the target page of the postback.  That may sound a little confusing if you haven't done it so let me explain a little more.

    If you have a page called Default.aspx that exposes a public property that returns a Textbox that is defined in the page, the page that data is posted to (lets call it SearchResults.aspx) can access that property in a strongly-typed manner (no FindControl() call is necessary) by adding the PreviousPageType directive into the top of the page:

    <%@ PreviousPageType VirtualPath="Default.aspx" %>

    By adding this directive, the code in SearchResults.aspx can access the TextBox defined in Default.aspx in a strongly-typed manner.  The following example assumes the property defined in Default.aspx is named SearchTextBox.

    TextBox tb PreviousPage.SearchTextBox;

    This code obviously only works if the previous page is Default.aspx.  PreviousPageType also has a TypeName property as well where you could define a base type that one or more pages derive from to make this technique work with multiple pages.  You can learn more about PreviousPageType here.

    6. Strongly-typed access to Master Pages controls: The PreviousPageType directive isn't the only one that provides strongly-typed access to controls.  If you have public properties defined in a Master Page that you'd like to access in a strongly-typed manner you can add the MasterType directive into a page as shown next (note that the MasterType directive also allows a TypeName to be defined as with the PreviousPageType directive):

    <%@ MasterType VirtualPath="MasterPage.master" %>

    You can then access properties in the target master page from a content page by writing code like the following:

    this.Master.HeaderText "Label updated using MasterType directive with VirtualPath attribute.";

    You can find several other tips and tricks related to working with master pages including sharing master pages across IIS virtual directories at a previous blog post I wrote

    7. Validation groups: You may have a page that has multiple controls and multiple buttons.  When one of the buttons is clicked you want specific validator controls to be evaluated rather than all of the validators defined on the page.  With ASP.NET 1.1 there wasn't a great way to handle this without resorting to some hack code.  ASP.NET 2.0 adds a ValidationGroup property to all validator controls and buttons (Button, LinkButton, etc.) that easily solves the problem.  If you have a TextBox at the top of a page that has a RequiredFieldValidator next to it and a Button control, you can fire that one validator when the button is clicked by setting the ValidationGroup property on the button and on the RequiredFieldValidator to the same value.  Any other validators not in the defined ValidationGroup will be ignored when the button is clicked. Here's an example:

    <form id="form1" runat="server">

        Search Text: 
    <asp:TextBox ID="txtSearch" runat="server" /> 

    asp:RequiredFieldValidator ID="valSearch" runat="Server" 
    ="txtSearch" ValidationGroup="SearchGroup" /> 

    asp:Button ID="btnSearch" runat="server" Text="Search" 
    ="SearchGroup" />
        Other controls with validators and buttons defined here

    8. Finding control/variable names while typing code:  This tip is a bit more related to Visual Studio than to ASP.NET directly, but it's definitely helpful for those of you who remember the first few characters of control variable name (or any variable for that matter) but can't remember the complete name.  It also gives me the chance to mention two great downloads from Microsoft.  First the tip though.  After typing the first few characters of a control/variable name, hit CTRL + SPACEBAR and Visual will bring up a short list of matching items.  Definitely a lot easier than searching for the control/variable definition.  Thanks to Darryl for the tip.  For those who are interested, Microsoft made all of the VS.NET keyboard shortcuts available in a nice downloadable and printable guide.  Get the C# version here and the Visual Basic version here.

    That's all for now.  There are a lot of other things that could be mentioned and I'll try to keep this post updated.  Have a great (simple) ASP.NET 2.0 tip or trick?  Post the details in the comments and I'll add it if the content is appropriate for the list.  Make sure to list your name so I can give proper credit.

    For those who are interested, you can also view videos I've put together that show how to accomplish different tasks from working with AJAX, to ASP.NET to Web Services and WCF at the following URL:




  • XSLT 2.0, XPath 2.0, XQuery and WSDL Support in XMLSpy 2007

    I've always been a fan of Altova's XMLSpy and have used it since it was first released.  Their release of XMLSpy 2007 doesn't disappoint as it adds support for several things that are of particular interest to me such as XSLT 2.0 and XPath 2.0, XQuery and enhanced WSDL editing.  It of course adds many more features which you can learn about at


  • Distributed Application Development with .NET 2.0

    I'm teaching Microsoft's .NET Distributed Application Development course this week in Phoenix and wanted to get some sample code I put together posted for everyone that is attending (and anyone else that is interested).  The code demonstrates asynchronous Web Services calls, MSMQ fundamentals, remoting through code and remoting through configuration files, using delegates with remoting, WSE 3 features, plus more. 


  • AJAX Hacker Attacks - Cross Site Request Forgery

    I was reading an article that was posted yesterday about various AJAX security vulnerabilities that was pretty interesting.  It documents how many AJAX frameworks allow GET requests to hi-jack JSON messages and process them as desired.  This is a big deal since any sensitive information included within a JSON message would be viewable to a clever CSRF (Cross Site Request Forgery) hacker. 

    Microsoft's Scott Guthrie cleared up the issue with regard to the ASP.NET AJAX framework today.  He wrote up a great post describing how the framework automatically disables GET requests by default (the UpdatePanel uses POST operations) and they add a special application/json content type header that is checked.  The architects of the ASP.NET AJAX framework did a great job thinking this through and ensuring that the framework prevented these types of attacks "out of the box".


comments powered by Disqus