November 2008 - Posts
I just attended the online event, Security Sidebars and Hacker Tricks! (Level 200). Mike Benkovich of BenkoTips fame, shared with us how hackers can send an email taking a user to your site, but instead, the link inserts an iframe into your page that takes the user to their site instead, where they get the user's credit card info, etc. He also showed many other hacker tricks, including changing the price of an item on your shopping cart page, so they can purchase mass quantities of an item at $1, that should cost $300.
He shared information about the Microsoft Anti-Cross Site Scripting Library, and how to use it to thwart these hackers and make your site more secure.
I can't wait to watch this event again, as I was constantly interrupted by phone calls and only got bits and pieces. But one thing I did learn during the time I was able to watch it is, every asp.net developer needs to see this webcast and incorporate the Anti-Cross Site Scripting Library into their code.
May your dreams be in ASP.NET!
Nannette
Are you a developer who's been laid off? Have you been faced with checking the job boards to find your skills are nearly obsolete and there's nothing available? If you have the ability to program in an old technology, you can learn a new one. It may seem daunting at first, because you don't have the money to invest in new tools and training classes, but I assure you, you can learn ASP.NET and find a vast amount of free help without spending a dime.
About a year ago I purchased the newest version of a non-Microsoft product that I had purchased about 5 years earlier. Back when, there was a Tutorial installed on the menu. But not so today. In fact, not only was there not a tutorial, but to get any type of tutorials, you were directed to a pay site, where you had to pay a monthly membership to gain access to any type of training. This seems counterproductive to me! Why would anyone buy a product they can't learn to use without dishing out thousands more dollars?
I Love Microsoft
I love Microsoft. Say what you may about them, they make it easy for you to learn. What other software company offers fully-functional, non-expiring development software free? If you're into asp.net development, none of this is news to you, so move along. This is for those who are checking out Microsoft technologies. And with the recent rush of lay-offs, which have affected many of my developer friends using older development technologies, I can imagine many are now looking to update their experience by learning a new technology. Don't lose hope, Microsoft makes it easy to learn, use, and develop for free. So are you jobless and in need of learning a new technology, something that constantly shows up on the job lists? I'd recommend Microsoft's ASP.NET. Go to any job board and you'll see there is never a limit in the number of available jobs.
Free Development Software
For free development software, check out Visual Web Developer Express Edition. I used this for an entire work-at-home 4-month contract with a client. At the time, I didn't have the money to invest in Visual Studio. But I found there was no limit to what I needed to do for this project. The client was aware I was using it, and there was absolutely no problem. You'll want to download both the framework and the express edition.
"But," you say, "I'm laid off right now, I can't afford to pay for a website host or database!" No worries, you can develop a website locally and create a local database as well. All still free. If you're picking a new technology, use asp.net. You won't be sorry.
Free Training
"What about training?" you ask. Perhaps you're not the best at being self-motivated to hit the books. No worries again.
Get Started here then check out all these free step-by-step videos to Learn ASP.NET.
"But I need to get started right away!" you say. Check out these free, full-blown web site Starter Kits. Also, check out Dynamic Data to quickly get your admin pages up and going. With a little more effort, you can get your site off to a quick start.
Free Support
"But what do I do if I have questions? I can't afford Microsoft support." Check out these great ASP.NET forums. I recently had a tough problem, and a Microsoft employee stuck it out with me for several days until the problem was resolved. Didn't cost me anything.
Free Online Events
Need more training? Check out Microsoft's cutting edge event training on the latest breaking technologies from Microsoft Events. Just create a free account, and you're on your way to learn, whether you're an IT Tech, developer or business professional, or more. You can sign up for Live Webcasts, or past On-Demand Webcasts. Software to view these webcasts is downloadable free as well.
Free for Web Designers
1st Peter 5:6-7 Therefore humble yourselves under the mighty hand of God, that He may exalt you in due time, casting all your care upon Him, for He cares for you.
May your dreams be in ASP.NET!
Nannette
Fixing the dreaded: Mail error: Syntax error in parameters or arguments. The server response was: 5.7.1 xx@xx.xx... Permission Denied
I use a separate machine for my mail server to send online mails via smtp. This setup fix might be old hat for some of you, but for me it's new...
Using the older 2.x frameworks, when sending mail, I didn't have anything in my web.config. I did all my setup in a SendMail class I created.
I would pass in a client, username and password (notice this was my MAILSERVER user name and password):
Dim m_smtpclient As String = "xx.xx.xx.xx"
Dim m_smtpUsername As String = "MyMailServerUserName"
Dim m_smtpPassword As String = "MyMailServerUsersPassword"
then later I'd have this:
Dim smtp As New SmtpClient(m_smtpclient)
If Not String.IsNullOrEmpty(m_smtpUsername) And Not String.IsNullOrEmpty(m_smtpPassword) Then
' to authenticate we set the username and password properites on the SmtpClient
smtp.Credentials = New System.Net.NetworkCredential(m_smtpUsername, m_smtpPassword)
End If
smtp.Send(mail)
Now, I recently setup Windows 2008 Web Server and IIS7. And none of the above would work at all. I skipped the above and decided to use new examples I found. I snagged a sendmail function from HOW TO: Send email using System.Net.Mail and used the following in my web.config:
<system.net>
<mailSettings>
<smtp from="xx@xx.xx">
<network host="mail.xx.net" port="xx" userName="xx" password="xx"/>
</smtp>
</mailSettings>
</system.net>
But alas, I was still faced with the dread error:
Mail error: Syntax error in parameters or arguments. The server response was: 5.7.1 xx@xx.xx... Permission Denied
I tried numerous, NUMEROUS variations and attempts. Still failure.
I recently experienced a problem with the membership provider not working in IIS7, and the resolution involved a setting in IIS7 that wasn't in IIS6 (or if it is, I never used it and didn't know it existed). So I got to thinking, what is new in IIS7 that I have not seen before.
So I went to IIS7, selected my website, and I see in the Features View an "SMTP E-mail" icon. I clicked it.
It opens up a screen that allows me to setup my email, and how to deliver.
I tried variations for "specify credentials" as this is how I was used to doing it. But still failure. Almost ready to give up, I thought, well, may as well try the Authentication Setting for "Windows."
I clicked that and boom, it worked.
It altered my web config to look like below, and the host is my LAN IP address.
<system.net>
<mailSettings>
<smtp from="">
<network defaultCredentials="true" host="xx.xx.xx.xx" port="25" />
</smtp>
</mailSettings>
</system.net>
Notice the above is very stripped down. I add the "from" address in my actual SendMailMessage function, which I snagged from HOW TO: Send email using System.Net.Mail, but you could put it in there. I prefer just having the option to pass it into my function based on what I want the "from" to be for that particular mail.
Anyway, there ya go, How to setup the MailSettings for a remote mail server. Note: this mail server is on the same network as my web server. This mail server is setup in my firewall to allow smtp settings as needed. This mail server allows relay from the web server's local IP address.
May your dreams be in ASP.Net!
Nannette
I recently went through a nightmare with getting the Membership Provider Login and any other Membership Provider methods to work using Windows 2008 Web Server and IIS7 connecting to a remote SQL Server 2008 database.
I was consistently getting this error (using windows authentication):
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
From the web server, my web site could connect to the database, display a grid from the tables, insert and update tables, but could not perform any of the membership provider methods. When running my app locally via Visual Studio 2008, I could use the log in control fine, just not from the actual web application.
Thanks to Rick Anderson for his tenacity in sticking with me to find a solution, I am going to explain it here so you won't have to go through what I went through...
If you have your database connection working, but your Membership Provider log ins, etc. are failing, do this:
In IIS7 on your Windows 2008 Web Server...
Please go to Application Pools.
Select your web site.
Click "Advanced Settings" in the "Actions" panel.
Under "Process Model" select "Identity."
In the popup, select the "Custom account" radio button.
"Set" the account and password to your dbo account name and password that are used on your SQL Server 2008 database.
Save that.
Under sites, go to your website. In the Features View panel, select "Authentication" under IIS. Under ASP.Net Impersonation, make sure it's Disabled.
Your web.config will be changed to this:
<identity impersonate="false" />
You may wish to copy your web.config changes made on the server to your local web site in Visual Studo to get the latest copy.
May your dreams be in ASP.net!
Nannette
I have spent the last two weeks researching the latest ASP.net technologies and I have to admit, my mind's been swimming with the mass amount of new things out there to learn.
I purchased Visual Studio 2008 with framework 3.5 and SP1 and Windows Web Server 2008 Web Edition with IIS7 as well as SQL Server 2008 Web Edition on a Windows Vista Ultima OS. (See more info here on VS2008 and more info on SQL Server 2008 Web Edition).
If that isn't enough new stuff to learn, now what direction do I go with development?
About 8 months ago, I went to the Heros Happen Here convention and was told to steer away from Table Adapters and start working with Linq To SQL for all new development. Now we're told there will be meager support for Linq to SQL and instead of using a Dynamic Data Web Application, to instead use Dynamic Data Entities Web Application (which not only supports ADO.net, but also Linq to SQL, but is called Linq to Entities -- so it's not like you've learned Linq to SQL for nothing).
Here is a Linq to Entities tutorial and more info on the ADO.Net Entity Framework.
Well, after two weeks of researching all that's out there, I narrowed it down to these technologies:
1) To not reinvent the wheel on handling Microsoft's sql membership provider, I decided to purchase HeroCoder's Hero Membership product to handle all of my membership log in, registration, administration, password change, etc. The cost of the product is less than what I make in an hour, so it was a real bargain. I couldn't put that together in an hour.
2) To handle the admin pages for all of my tables, especially populating my "list" type tables like statuses, specialties, categories, you get it, I'd use the Dynamic Data generated admin screens. But not the Dynamic Data Web Application, but instead the ADO.net Dynamic Data Entities Web Application.
3) Now, should I use ADO.NET Entities ORM to access the database, or Linq to Sql? Well, that's a no brainer. Even MS recommends using the ADO.NET Entities, rather than Linq to SQL, and I already know ADO.NET. Besides, that is typical of what most of my clients use. I haven't had any clients ask for Linq to SQL. I'll also use the LearnVisualStudio.net Linq to Sql 101 set of videos to learn the Linq language and Lambda, which can also be used in ADO.NET Entitites Linq to Entities.
4) Now what about Ajax and bells and whistles? I decided to go with the Telerik Toolset. It handles all my Ajax controls, and for a few bucks extra, I got the entire library including ASP.NET Ajax, Winforms, WPF, Silverlight, Reporting, and even OpenAccess ORM if I decide I need that down the road.
You'll also want to take a look at forms authentication and other security videos.
So in a nutshell, there is two weeks of research you don't have to do to figure out what to use. However, I can't help you with actually reading the docs and watching the videos and learning the stuff.
May your dreams be in ASP.net!
Nannette
Telerik VB Dynamic Data Field Templates - DateTime Edit RadDatePicker:
datetime_edit.ascx
<%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>
<telerik:RadDatePicker ID="RadDatePicker1" runat="server" DbSelectedDate="<%# FieldValueEditString %>">
</telerik:RadDatePicker>
dateTime_Edit.ascx.vb
Imports System.Web.DynamicData
Partial Class DateTime_EditField
Inherits System.Web.DynamicData.FieldTemplateUserControl
Public Overrides ReadOnly Property DataControl As Control
Get
Return RadDatePicker1
End Get
End Property
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
RadDatePicker1.ToolTip = Column.Description
End Sub
Protected Overrides Sub ExtractValues(ByVal dictionary As IOrderedDictionary)
dictionary(Column.Name) = ConvertEditedValue(RadDatePicker1.DbSelectedDate.ToString)
End Sub
End Class
For a C# version of Telerik field templates, see Atanas Korchev's blog, Yet another update of RadControls for ASP.NET Ajax DynamicData support.
Here is a Telerik VB Dynamic Data Field Templates - Foreign Key Edit RadComboBox:
foreignKey_edit.ascx
<%@ Register Assembly="Telerik.Web.UI" Namespace="Telerik.Web.UI" TagPrefix="telerik" %>
<telerik:RadComboBox ID="DropDownList1" runat="server">
</telerik:RadComboBox>
foreignkey_edit.ascx.vb
Imports System.Web.DynamicData
Imports Telerik.Web.UI
Partial Class ForeignKey_EditField
Inherits System.Web.DynamicData.FieldTemplateUserControl
Public Overrides ReadOnly Property DataControl() As Control
Get
Return DropDownList1
End Get
End Property
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
If (DropDownList1.Items.Count = 0) Then
Dim dropDownList As New DropDownList()
If Not Column.IsRequired Then
dropDownList.Items.Add(New ListItem("[Not Set]", ""))
End If
PopulateListControl(dropDownList)
For Each listItem As ListItem In dropDownList.Items
Dim comboBoxItem As New RadComboBoxItem()
comboBoxItem.Text = listItem.Text
comboBoxItem.Value = listItem.Value
DropDownList1.Items.Add(comboBoxItem)
Next
End If
End Sub
Public Function SelectItemByValue(ByVal value As String) As Boolean
Dim item As RadComboBoxItem
item = DropDownList1.FindItemByValue(value)
If item IsNot Nothing Then
item.Selected = True
DropDownList1.SelectedValue = value
DropDownList1.Text = item.Text
Return True
Else
Return False
End If
End Function
Protected Overrides Sub OnDataBinding(ByVal e As EventArgs)
MyBase.OnDataBinding(e)
If Mode = DataBoundControlMode.Edit Then
SelectItemByValue(ForeignKeyColumn.GetForeignKeyString(Row))
End If
End Sub
Protected Overrides Sub ExtractValues(ByVal dictionary As IOrderedDictionary)
' If it's an empty string, change it to null
Dim val As String = DropDownList1.SelectedValue
If (val = String.Empty) Then
val = Nothing
End If
ExtractForeignKey(dictionary, val)
End Sub
End Class
For a C# version of Telerik field templates, see Atanas Korchev's blog, Yet another update of RadControls for ASP.NET Ajax DynamicData support.
Here is a customFieldTemplate for Decimal Edit using VB and Telerik controls - RadNumericTextBox :
decimal_edit.ascx
<%@ Register assembly="Telerik.Web.UI" namespace="Telerik.Web.UI" tagprefix="telerik" %>
<telerik:RadNumericTextBox runat="server" ID="RadNumericTextBox1" Text='<%# FieldValueEditString %>' Skin="Vista"></telerik:RadNumericTextBox>
<asp:RequiredFieldValidator runat="server" ID="RequiredFieldValidator1" ControlToValidate="RadNumericTextBox1" Display="Dynamic" Enabled="false" />
<asp:CompareValidator runat="server" ID="CompareValidator1" ControlToValidate="RadNumericTextBox1" Display="Dynamic"
Operator="DataTypeCheck" Type="Double"/>
<asp:RegularExpressionValidator runat="server" ID="RegularExpressionValidator1" ControlToValidate="RadNumericTextBox1" Display="Dynamic" Enabled="false" />
<asp:RangeValidator runat="server" ID="RangeValidator1" ControlToValidate="RadNumericTextBox1" Type="Double"
Enabled="false" EnableClientScript="true" MinimumValue="0" MaximumValue="100" Display="Dynamic" />
<asp:DynamicValidator runat="server" ID="DynamicValidator1" ControlToValidate="RadNumericTextBox1" Display="Dynamic" />
decimal_edit.ascx.vb
Imports System.Web.DynamicData
Partial Class Decimal_EditField
Inherits System.Web.DynamicData.FieldTemplateUserControl
Public Overrides ReadOnly Property DataControl As Control
Get
Return RadNumericTextBox1
End Get
End Property
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
Dim metaData = MetadataAttributes.OfType(Of System.ComponentModel.DataAnnotations.RangeAttribute)().FirstOrDefault()
If Not IsDBNull(metaData) Then
RadNumericTextBox1.MinValue = Convert.ToDouble(metaData.Minimum)
RadNumericTextBox1.MaxValue = Convert.ToDouble(metaData.Maximum)
End If
RadNumericTextBox1.ToolTip = Column.Description
SetUpValidator(RequiredFieldValidator1)
SetUpValidator(CompareValidator1)
SetUpValidator(RegularExpressionValidator1)
SetUpValidator(RangeValidator1)
SetUpValidator(DynamicValidator1)
End Sub
Protected Overrides Sub ExtractValues(ByVal dictionary As IOrderedDictionary)
dictionary(Column.Name) = ConvertEditedValue(RadNumericTextBox1.Text)
End Sub
End Class
For a C# version of Telerik field templates, see Atanas Korchev's blog, Yet another update of RadControls for ASP.NET Ajax DynamicData support.
As we wrap up this series, we demonstrate how to add a databound grid control to our default page.
Although I wasn't prolific in my explanations, I hope being able to view the code helped you in some way.
Download the ZIP file and Read the entire series here....
Here are some additional links to Dynamic Data, some using Entities. Again, people recommend not using LINQ to SQL, so using Entities seems the way to go... Thanks Rick for these suggestions. Couldn't find them by searching "Dynamic Data Entities Tutorial" on Google and if you don't know, you don't know until you know. So here you go!
http://msdn.microsoft.com/en-us/library/cc488545.aspx
http://www.codeplex.com/aspnet/Release/ProjectReleases.aspx?ReleaseId=14473
It provides these downloads...
DoubleColumn.zip
ExistingWebsite.zip
Scaffold.zip
MvcDynamicData.zip
DynamicDataSProc.zip
Scaffold_Entities.zip
ExistingWebsite_Entities.zip
SecureDynamicData.zip
More Posts
Next page »