kashyapa's .NET Rumbles

On Oct 6 2010, ScottGu (I prefer to call him His Guness : ) ) announced BETA 2 release of WebMatrix. You can check the official release blog post here. You can read the beta 2 release readme here.

I have been following WebMatrix lately. This is one of the blog post series on the WebMatrix helpers. As part of Beta 2 following helpers were added to WebMatrix:

• Antiforgery
• Bing
• Json
• Themes

In my last blog post i talked about Bing helper. This blog post i will be looking in to “Antiforgery” helper. So lets dive into topic then.

What is Anti Forgery in web application?

To answer this we should first know what is CSRF – Cross-Site Request Forgery. Here is the WikiPedia explanation for this:

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF ("sea-surf"^[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.^[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

To know more about the subject please visit WikiPedia.

Anti Forgery is nothing but one of the mechanism to stop the CSRF attack.

How does the Anti Forgery Helper help us?

This helper works in two folds. First this will help you to embed a anti forgery token as a field in your form. Second this will help you to validate the token whenever you have a form posted. This also has the capability to generate a default token or take a salt to generate a very specific token for you. Using salt is always better so that its like your own secret key for the token generation. 

Anti Forgery Helper API in WebMatrix:

We can find the Anti Forgery Helper API in the following assembly:

System.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

This API exposes 2 public methods. Lets have a look at them one by one.

i. public static HtmlString GetHtml(string salt)

-   This method will out put the anti forgery token as a hidden form field in your form. Have a look at the screen shot below:

As you can see this will output the value of the hidden field as a binary encoded data.

- The only parameter to this method – what  we call as salt – is optional and default value is “null”. If you provide a salt while generating the anti forgery token using the this method, while validating you need to make sure that you provide the same salt. More on this in the below section.

ii. public static void Validate(string salt)

- This method is used to validate the anti forgery token on the server during your processing.

- This will method will validate your form posting for the presence of the token. If not found meaning if this was a cross site request – will raise a HttpAntiForgeryException.

As you can see the API itself is very neat and cute one : ). It has only 2 methods but does all the work required for your to protect your site from the CSRF. Now lets see some code syntax on how to use this.

Anti Forgery Helper API Usage Syntax:

As you can see from the above code, the usage of the anti forgery helper API syntax is quite simple. You use the GetHtml() method inside the form so that it embeds the token. Then on the server side when you are processing the form – call the Validate() method to check if the request is a cross site request. That’s it. And you have evaded the cross site request attack.

So what exactly happens is – The GetHtml() does 2 things. It creates a HttpCookie for the site which contains the same token value as the form field. In the Validate method you just check if the cookie and the form value tokens match. So if somebody somehow does do a cross site request forgery they will be missing the cookie or the form field for the anti forgery token and that’s how your code will be alerted when you are doing the form processing.

Well this was just my attempt to understand the Helper. Hope it helped you too. Let me know your comments if you do read this. That will help me a lot.

Till next time, Happy coding. Code with passion.

Tweet

WebMatrix Beta 2 was released on Oct 06 2010. Many changes to how WebMatrix used to work in some areas from Beta 1 to Beta 2.

Some changes went into to WebMatrix Helpers also. There are  4 new helpers that have been added to Helper family. They are :

- Antiforgery

- Bing

- Json

- Themes

In this post i am going to talk about “Bing” Helper. Because i was interested to known what this helper can do.

Bing as we all know is “Bing Is Not Google”. This is a search engine from Microsoft. Although it is getting itself positioned as not just an search engine but a decision making tool. So WbeMatrix Bing helper is to allow you to embed the Bing search box within your website.

Let me dive into the API. Bing helper can be found in the following assembly:

Microsoft.Web.Helpers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Lets see the Bing helper methods available.

1. SearchBox

This method helps us to embed a simple search box on to the web page. The syntax is as follows:

IHtmlString SearchBox([Optional, DefaultParameterValue(null)] string siteUrl, 
[Optional, DefaultParameterValue(0x142)] int boxWidth);

It takes in the following parameters:

- siteUrl – optional parameter. If provided will search the query only in that site.
                Default value is null

- boxWidth – optional parameter. Specifies the width of the search box on the 
                     page. It also has a default value so even if we don’t specify, the 
                     width comes with pre defined value of 322.

Following is the code in a razor webpage to get the Bing search box:

   1:  <div>

   2:     <p>Simple Search Box</p>

   3:     @Bing.SearchBox("http://weblogs.asp.net/kashyapa") 

   4:  </div>

As you can see i have passed the site url as “http://weblogs.asp.net/kashyapa”. So that means if i search for anything, it will search in that site only. I have not specified any width so its going to take the default value of 322.

Here is the out out of the above code:

The search box is neatly laid out even with the Bing search glass icon and look at the radio buttons below the search box. They even provide the option to search within the site specified or the whole web. Cool i say. So when i give a search query and hit the search, following is the search results displayed:

You can see that the searches are all done within the site specified while creating the search box.

2. AdvancedSearchBox

This method helps us to embed a advanced search box on to the web page. The syntax is as follows:

   1:  IHtmlString AdvancedSearchBox(

   2:  [Optional, DefaultParameterValue(null)] string siteUrl, 

   3:  [Optional, DefaultParameterValue(null)] string siteName, 

   4:  [Optional, DefaultParameterValue(0x142)] int boxWidth, 

   5:  [Optional, DefaultParameterValue(600)] int resultWidth, 

   6:  [Optional, DefaultParameterValue(400)] int resultHeight, 

   7:  [Optional, DefaultParameterValue("Blue")] string themeColor, 

   8:  [Optional, DefaultParameterValue("en-US")] string locale

   9:  )

So the advanced features of this method is that, i can specify more things than the SearchBox method. As you can see we have the following parameter options:

- siteUrl – optional, if provided the search will be done on this site

- siteName – optional, if provided will be used as caption for the search

- boxWidth – optional, if provided will be used to size the search box. default 
                      value is 322

- resultWidth – optional, if provided will be used to set the size of the result

- resultHeight – optional, if provided will be used to set the height of the result

-themeColor – optional, if provided will be used as a theme color for bing

-locale – optional, if provided the search will be localised to this locale

Here is the syntax for the same:

   1:  <div>

   2:              <p>Advanced Search Box</p>

   3:              @Bing.AdvancedSearchBox(
                    siteUrl:"http://weblogs.asp.net/kashyapa",

   4:               siteName:"Kashyapas .NET Rumbles",

   5:               boxWidth:400,resultWidth:400,resultHeight:400)

   6:  </div>

This method allows you to control the appearance of the search results too. With SearchBox the search results will be opened in a new window,

This is a very good helper if you plan to provide a search capability built into your site. If you are on WebMatrix and Razor band wagon. Give it a try.

Till next time, Happy Coding and Code with Passion

On Saturday, October 9 2010 – Bangalore the Silicon Valley of India is going to witness one of the great technical events. Especially i have been yearning to be in this event. Well wondering what it is. Here it goes. BDOTNET – Bangalore Dot Net User Group is conducting what we call as DevCon 2010 i.e. Developer Conference 2010. Yes the much awaited event for some of us is finally up on the cards. Venue is decided, Speaker list is decided, Agenda is decided and more over we have our sponsors for the event too. Yayyy i say.

Following is a flyer that i did out of my own curiosity. This will get you a glimpse of the technology that is going to be presented and our sponsors for the event:   

Following is the schedule/agenda for the day:

Here is some of the session insights:

Windows Azure AppFabric: This will be delivered by Manoj K Sharma who is a corporate trainer. I haven’t attended any of his previous talks. So i will be sitting for the first and time. He is going to be delivering some interesting topic. Here is the official documentation for what is a “AppFabric” –

Windows Azure platform AppFabric helps developers connect applications and services in the cloud or on-premises. This includes applications running on Windows Azure, Windows Server and a number of other platforms including Java, Ruby, PHP and others. It provides a Service Bus for connectivity across network and organizational boundaries, and Access Control for federated authorization as a service.

Everybody is on the cloud nowadays. So get yourselves geared for the new paradigm that’s starting to emerge. Know more about the cloud : ).

WPF 4 and Silverlight 4: This session will be delivered Chaitra Nagaraj. She is a Microsoft MVP in the area of Web Application Development. I started to attend BDOTNET sessions way back in 2004-2005. And she is a regular speaker in the UG sessions. She has always concentrated on the client application development be it ASP.NET, WPF etc. Anything new on this areas she will be there to give a session. This time she will be speaking on 2 hot things – WPF 4 and Silverlight 4. Some cool new stuffs in both of these technologies. So be there to get updated yourselves within just 1 hour.

Windows Phone 7: This session will be delivered Vic Parmar. He is a Microsoft MVP. I have been personally envying him because he has one of the coolest gadgets on his hand – a Windows Phone 7 – handset. This is currently available to only a few people within in India. So be there to see some interesting thing on Windows Phone 7. The much awaited phone from everybody – i am excited to see what Vic is up to this time. Don’t miss this session.  

Tips n Tricks: We have a 45 minutes slot in between the session where we tried to encourage people to come forward and give a 10 minute presentation/demo. This is actually open for the public. If you think you have an interesting tip or tricks or you have an interesting demo to do just catch hold of any of us i.e. the BDOTNET organizing committee. We will be able to help you out with your slots. We currently have 3 slots filled out.

- VS2010 IDE Tips n Tricks by Wriju Ghosh, Microsoft

- Indic and Windows 7 by Dr. Pavanaja – don't miss this as you will see a whole new thing about how Indian language support is available within Windows 7.

- Building Websites with WebMatrix by Me – yes i will be on stage for a 1- minute demo on how to build a website within 10 minutes which is a fully functional and has all aspects of a website using the recently released WebMatrix. Beta 2 was released just yesterday. My laptop is up to date to the Beta 2 now.

SysInternals Tools: This session is delivered by good friend Vijay Raj. He is a Microsoft MVP in the area of Application Setup/Deployment. Some cool stuff he is gonna show on the lines of system internals. Catch this session if you want to know more about how to tweak you system and change some stuff around. Vijay blogs at www.msigeek.com and tweets as @msigeek. (Hope he wont mind me putting out his social handles here : ) ).

Intellitrace: This session is delivered by Phani of  Brainscale/Pluralsight. This is one of coolest addition in VS.NET 2010. If you are working on 2010 and you haven’t heard of Intellitrace then check out this session. Intellitrace opens up a whole new world in debugging code. So don’t miss this one if you are a developer.

Migration Strategies: This session is delivered by Kaliyan of  Dell. He is also a Microsoft MVP. He will be speaking about the migration strategies for moving from Windows XP to Windows 7. This is session is for all IT admin people. This will give you insight into how you have to strategize your migrations within your organization. So you will surely get some idea from this session.

Robotics – TINA: This session is delivered by Ram Prasanna. He is from Microsoft India. One of the much awaited session for me. He is known as the Robotics guru as far as i know. So he is gonna show a cool new robot i believe that named as TINA. I am super excited to be watching him live. I have seen his Buddy Home project/concept which was showcased during TechED 2010 in Bangalore. This time i get to watch him live on stage. This is one session i encourage everybody to attend and not to miss this.

Now coming to the sponsors of the event – this time we have the gracious helping hand of Microsoft, Aditi, INETA and Pluralsight. Pluralsight has come out with a fantastic offer for all of those who attend the event. They are giving out FREE 1-month Standard subscription to Pluralsight On-Demand!. This will give access to all Pluralsight courses for 1 month. That’s not it 3 Winners will get 1 year subscription which is worth US$1499. Wow i say. Wishing if i could win this. I am gonna try hard. I too don’t know if this is going to be a raffle draw or something else. But do be there to grab this opportunity.

For more information on the DevCon 2010 event details do visit the following site:

www.bdotnet.in

It has all the information like, Venue, Agenda and Registration link.

Please note that if you are planning to attend you need to register and carry a printed copy of the registration. This is to insure that we manage the food and other consumables and avoid wastage.

It will be a super Saturday for me. Hope you will there. Catch me if you wanna have a quick chat with me. So see you there at 9 AM.

Till next time, Happy coding. Code with passion.

This is a follow up post to my previous blog post “BDOTNET User Group Meeting–Sep 18”.

I gave a talk on “Web Matrix” on Sep 18 as part of BDOTNET User Group meet. This time i had an audience of around 100. In this session i tried to explain the following:

• What is Web Matrix?
• Why Web Matrix?
• Who is Web Matrix for?
• Introduction to Razor

I have uploaded the slide decks used for the session at the following place. You are free to welcome and use it for your sake. But i just ask to put my name as a credit somewhere :).

WebMatrix.pptx

Also i have embedded the presentation inline in this blog post. I have not uploaded my presentation to any third party server like Slide Share. Instead i am using SkyDrive – the online storage available from Microsoft. If you have a live id then you already have SkyDrive – a 25 GB of online storage (caveat being each file that you upload has a cap of 50MB). With the release of Office Web Apps, its very easy to share your office files on SkyDrive and then embed them using the Web Apps feature.

I have to thank 2 people at this moment. When i started working on the slide decks for the session – i did hunt for content. Microsoft has a very good content in term of text and as well as videos for Web Matrix. But i was searching for slide decks of any community members who have done any presentation on Web Matrix. That would have given me a head start to my session and i would come to know what to pack for 1 hour session. What i found was the following 2 gentlemen from the community, who had slide decks on Web Matrix. So here i thank:

Rob Chartier – Here is a short bio of him:

—Microsoft MVP for ASP.NET for 6 years

—ASP Insider for over 7 years

—VP, Engineering & Support for DotNetNuke Corp

—Contact Information

—Twitter: @robchartier

—Blog: http://weblogs.asp.net/rchartier

—Email: rob.chartier@dnncorp.com

Kris Van Der Mast – Here is a short bio of him:

—Microsoft MVP for ASP.NET

—ASP Insider

—Antwerp, Belgium

—Contact Information

—Twitter: @KvdM

—Blog:  http://blog.krisvandermast.com

—Email: info@krisvandermast.com

My slide decks were greatly influenced by these 2 gentlemen’s presentation. That gave me a idea as to what to present within 1 hour about Web Matrix.

Go through the slide deck and let me know if you have any comments.

Till next time, Happy Coding. Code with passion :)

Tweet