Nuno Gomes /* ASP.NET Adventures */

var myInterests = new { language : "C#", technology: "ASP.NET" };

  • Viking Law #1

    Today, while reading this old post from Emil Gustafsson about the Viking Laws and how they can be projected into the software development context, I just can’t stop thinking that his first law interpretation is missing one of the most important, if not not the most important, commandment.

    Read more...

  • Enum types, FlagsAttribute & Zero value

    We all know about Enums types and use them every single day. What is not that often used is to decorate the Enum type with the FlagsAttribute.

    When an Enum type has the FlagsAttribute we can assign multiple values to it and thus combine multiple information into a single enum.

    The enum values should be a power of two so that a bit set is achieved.

    Here is a typical Enum type:

    public enum OperationMode
    {
        /// <summary>
        /// No operation mode
        /// </summary>
        None = 0,
        /// <summary>
        /// Standard operation mode
        /// </summary>
        Standard = 1,
        /// <summary>
        /// Accept bubble requests mode
        /// </summary>
        Parent = 2
    }

    In such scenario no values combination are possible. In the following scenario a default operation mode exists and combination is used:

    [Flags]
    public enum OperationMode
    {
        /// <summary>
        /// Asynchronous operation mode
        /// </summary>
        Async = 0,
        /// <summary>
        /// Synchronous operation mode
        /// </summary>
        Sync = 1,
        /// <summary>
        /// Accept bubble requests mode
        /// </summary>
        Parent = 2
    }

    Now, it’s possible to do statements like:

    [DefaultValue(OperationMode.Async)] [TypeConverter(typeof(EnumConverter))] public OperationMode Mode { get; set; } /// <summary> /// Gets a value indicating whether this instance supports request from childrens. /// </summary> public bool IsParent { get { return (this.Mode & OperationMode.Parent) == OperationMode.Parent; } }

     

    or

    switch (this.Mode) { case OperationMode.Sync | OperationMode.Parent: Console.WriteLine("Sync,Parent"); break;

    […]

     

    But there is something that you should never forget: Zero is the absorber element for the bitwise AND operation.

    So, checking for OperationMode.Async (the Zero value) mode just like the OperationMode.Parent mode makes no sense since it will always be true:

    (this.Mode & 0x0) == 0x0

    Instead, inverse logic should be used: OperationMode.Async = !OperationMode.Sync

    public bool IsAsync
    {
        get { return (this.Mode & ContentManagerOperationMode.Sync) != ContentManagerOperationMode.Sync; }
    }

    or

    public bool IsAsync
    {
        get { return (int)this.Mode == 0; }
    }

    [Begin: Edit]

    Some readers suggested to use the Enum.HasFlag method. Although it’s another valid approach it’s also widely accepted that this method has some performance issues related an internal box/unboxing. Use it when performance is not a problem (I see this method mostly used by rookie developers).

    [End: Edit]

    Final Note:

    Benefits

    Allow multiple values combination

    The above samples snippets were taken from an ASP.NET control and enabled the following markup usage:

    <my:Control runat="server" Mode="Sync,Parent">
    

    Drawback

    Zero value is the absorber element for the bitwise AND operation

    Be very carefully when evaluating the Zero value, either evaluate the enum value as an integer or use inverse logic.

    Read more...

  • Patch For ASP.NET Vulnerability Available

    Microsoft has published a Security Advisory (2416728) about a security vulnerability in ASP.NET on Saturday, September 18th. This vulnerability exists in all versions of ASP.NET and was publically disclosed late Friday at a security conference.

    Scott Guthrie has provided information on workarounds (please see Important: ASP.NET Security Vulnerability and ASP.NET Security Vulnerability) to prevent attackers from using this vulnerability against their ASP.NET applications.

    To help with Microsoft’s response to the new padding oracle vulnerability, a new forum was also set up: Security Vulnerability.

    Microsoft has now announced the release of an out-of-band security update to address the ASP.NET Security Vulnerability.

    Applying the update addresses the ASP.NET Security Vulnerability, and once the update is applied to your system the workarounds Scott has previously blogged about will no longer be required. But, until the update has been installed, those workarounds must be used.

    You can learn more about this security update release from this reading the Microsoft Security Response Center Blog Post as well as the official Advance Notification Bulletin.

    Important Links:

    Read more...