Tuesday, May 13, 2008
#
After my first batch of Security Tutorials were published on www.asp.net, a reader emailed me asking if it was possible to display some sort of warning if the user has Caps Lock on whilst entering their password into the Login control. While JavaScript cannot indicate if Caps Lock is on or not, you can ascertain whether it is once the user types an alphabetic key, as JavaScript can determine the key pressed and whether the Shift key was also pressed. In short, if the character is upper case and Shift is not depressed, or if the character is lowercase but Shift is depressed, then it follows that Caps Lock is on.
So it is possible to write a bit of JavaScript that fires when the user types a key into a TextBox and display some warning in response. This ASP.NET Forums post - Give Warning When Caps Lock On - discusses a JavaScript-based solution. The downside is that you have to paste in the necessary JavaScript into the page and add JavaScript to the TextBox control's onkeypressed client-side event. Wouldn't it be easier to be able to drag and drop a control onto the page, set a few properties and, presto, have a working Caps Lock warning?
My latest 4Guys article, Warning the User When Caps Lock is On, looks at building such a control. It is now part of my skmControls2 collection, which includes (currently) two other open-source server controls:
For more open-source, free tools, controls, and other funery, check out My Code Projects.
Enjoy!
Monday, May 05, 2008
#
My Toolbox column in the May 2008 issue of MSDN Magazine is avaiable online. The May issue examines:
- OmniAudit: a tool for creating SQL Server audit trails. OmniAudit offers a very slick and intuitive user interface for defining what tables and columns to audit and then generates the triggers and tracking tables needed to keep a log of changes to those tables and columns, including when the change was made, who made it, and past values. Also included is a log viewing program for searching the log history. (For more on audit logs, see Maintaining a Log of Database Changes.)
- VSNETCodePrint: produce high-quality printouts of your Visual Studio code with VSNETCodePrint. Print (or export to PDF) all the code from an entire project or solution with the click of one button. Very useful for code reviews, user-group talks, conferences, training, and the like.
- Blogs of Note - Joel On Software. Joel Spolsky, co-founder of FogBugz Software, shares his insights on user interface and leading a team of programmers in his interesting, entertaining, and well-written blog.
- The Bookshelf - ASP.NET AJAX in Action, by Alessandro Gallo, David Barkol, and Rama Krishna Vavilala. Here is an excerpt from the book review:
The Microsoft ASP.NET AJAX framework simplifies the process of building AJAX-enabled Web applications by providing a rich and powerful, high-level API over the multitude of low-level interactions that must seamlessly occur between the client and server. Any book about the ASP.NET AJAX framework must balance the low- and high-level details. The space devoted to client-side issues like the XMLHttpRequest object and JSON must be weighed against coverage of the framework's Web controls and client- and server-side APIs. ... ASP.NET AJAX In Action starts from the low-level details and works its way up. ... ASP.NET AJAX In Action is not intended for beginning Web developers, as it assumes a certain level of familiarity with how to build ASP.NET applications, but this book is accessible regardless of past client-side or AJAX development experience.
Enjoy! - http://msdn.microsoft.com/en-us/magazine/cc507638.aspx
As always, if you have any suggestions for products or books to review for the Toolbox column, please send them into toolsmm@microsoft.com.
Monday, April 14, 2008
#
My Toolbox column in the April 2008 issue of MSDN Magazine is avaiable online. The April issue examines:
- Techniques for logging Web application errors. Provides an overview of two technologies for automatically logging web application exceptions: Microsoft's Health Monitoring system and Atif Aziz's open-source ELMAH library.
- Blogs of Note - Coding Horror, the interesting and popular blog written by (now) full-time blogger Jeff Atwood.
- The Bookshelf - Pro LINQ, by Joseph C. Rattz, Jr.
Enjoy! - http://msdn2.microsoft.com/en-us/magazine/cc500592.aspx
As always, if you have any suggestions for products or books to review for the Toolbox column, please send them into toolsmm@microsoft.com.
Wednesday, April 02, 2008
#
As noted in previous blog entries, I've been working on some tutorials for the www.asp.net site on the topics of forms authentication, authorization, membership, and roles. The first set of tutorials covered security basics and examined forms authentication in detail; the second set looked at the Membership system and the SqlMembershipProvider. The third set of tutorials examined the Roles framework and the SqlRoleProvider. The final slate of tutorials includes three on implementing common administrative tasks.
- Building an Interface to Select One User Account from Many [VB | C#] - when we needed to select a user account in previous tutorials we used a drop-down list. While a drop-down list is sufficient if there are only a handful of user accounts, it becomes unusable when there are hundreds or thousands of users. This tutorial looks at building an interface to efficiently and easily select one user account from a large number of accounts.
- Recovering and Changing Passwords [VB | C#] - shows how to use the PasswordRecovery and ChangePassword controls to allow users and administrators to recover lost passwords and change existing passwords.
- Unlocking and Approving User Accounts [VB | C#] - as a security measure, if a user supplies an incorrect password too many times, they are locked out. Users may also be unapproved. In either case, they cannot login. This tutorial examines how these properties are set, how they can be modified by an administrator, and how the user's approved status can be utilized to prevent new users from logging in until some action has been completed (such as clicking a link in an email message or receiving approval from an administrator).
All tutorials are available in C# and VB versions, include a complete, working source code download, and are available to download as PDF. The next batch of tutorials examines creating administrative pages to manage user accounts.
Enjoy! - http://asp.net/learn/security/
Tuesday, April 01, 2008
#
My immediate and extended family enjoys playing games, and one of the favorites is Boggle. Boggle is a word game trademarked by Parker Brothers and Hasbro that involves several players trying to find as many words as they can in a 4x4 grid of letters. At the end of the game, players compare the words they found. During this comparison I've always wondered what words we may have missed. Was there some elusive 10-letter word that no one unearthed? Did we only discover 25 solutions when there were 200 or more?
To answer this question that plagues every completed Boggle game, I created a simple Boggle solver (using, of course, ASP.NET 3.5 and C#). Enter in the tiles in each of the 16 cells of the 4x4 grid, and the Boggle solver will spit out all solutions in the puzzle. You can give this toy project a run at http://scottonwriting.net/Boggle/.
I've also written an article on this fun little project on 4Guys: Creating an Online Boggle Solver.
Article: http://aspnet.4guysfromrolla.com/articles/040208-1.aspx
Live demo: http://scottonwriting.net/Boggle/
Complete source code: http://aspnet.4guysfromrolla.com/code/BoggleSolver.zip
Tuesday, March 25, 2008
#
I've been working on some tutorials for the www.asp.net site on the topics of forms authentication, authorization, membership, and roles. The first set of tutorials covered security basics and examined forms authentication in detail; the second set looked at the Membership system and the SqlMembershipProvider. The third set of tutorials are now available online and focus on the Roles framework and the SqlRoleProvider.
- Creating and Managing Roles [VB | C#] - examines the Roles framework and the SqlRoleProvider. Shows how to create new roles and manage these roles from a web page interface.
- Assigning Roles to Users [VB | C#] - looks at the Roles framework methods for assigning and removing users from roles.
- Role-Based Authorization [VB | C#] - shows how to perform role-based URL authorization, as well as how to programmatically grant or deny functionality based on the currently logged in user's role(s). Also looks at using the LoginView control to display different content based on the logged on user's role.
All tutorials are available in C# and VB versions, include a complete, working source code download, and are available to download as PDF. The next batch of tutorials examines creating administrative pages to manage user accounts.
Enjoy! - http://asp.net/learn/security/
Wednesday, March 19, 2008
#
Over the past several weeks, some dedicated developers have been undertaking a grand Code Trip, travelling around the Western half of the United States in a bus speaking and hanging out at Code Camps, User Groups, and conferences. On Tuesday, March 25th the Code Trip bus rolls into San Diego to take over the San Diego .NET User Group meeting (along with regular speaker Michele Leroux Bustamante).
For more information, and to register for the event, visit http://thecodetrip.com/1/san-diego-dotnet-user-group. Should be a fun and interesting night.
Saturday, March 15, 2008
#
After a three month hiatus, I am back to authoring the Toolbox column for MSDN Magainze. (Thanks to James Avery for authoring the column the last three months.) There has also been some changes to the content you'll find in Toolbox. When the column debuted in January 2006, it was designed to examine two to three indespensible developer tools and a book review. Specifically, it aimed to cover commercial tools designed by third-party vendors that weren't priced beyond levels that would require top-tier managerial approval to buy (in other words, it should not include products costing several thousands of dollars).
The focus of the column has shifted a bit. Instead of focusing exclusively on commercial ISV products, the column is more dedicated to examining community-created projects and open-source software. We are also launching a new section in the Toolbox column called Blogs of Note, where I share and review interesting and informative technology-focused blogs. The column still includes a commercial ISV software reviews and a book review.
The March issue of Toolbox includes coverage on:
- Firebug - a free, open-source client-side Web development tool for the Mozilla FireFox browser. With Firebug you can quickly examine and modify the HTML, CSS, and JavaScript of a page, all directly within the browser. A must-have tool for web developers.
- Scott Guthrie's Blog - Scott is one of the original creators of Microsoft's ASP.NET and, today, is the Vice President of the Microsoft Developer Division. His blog is a fountainhead of information on current and upcoming web technologies and tools.
- Extending Reflector with Add-Ins - a look at the popular disassembler and class viewer, Reflector, along with information about a variety of free, community-created Reflector Add-Ins.
In addition, I reviewed Lynn Beighley's book Head First SQL (O'Reilly). Here is a snippet from the review:
Most books that teach SQL do so with dry prose and focus on business and accounting scenarios. O'Reilly's Head First SQL by Lynn Beighley turns this approach on its head, and to great effect. The topics covered in Head First SQL are familiar: the fundamentals of the SELECT, INSERT, UPDATE, and DELETE queries; JOINs; subqueries; data normalization; data and relational integrity; and so on. But the unique presentation in Head First SQL makes it fun to learn and easy to remember.
...
Head First SQL shines in its ability to explain concepts in a way that makes even the most complicated scenarios seem like common sense. The chapter on JOINs is the most lucid and digestible description I've read yet. The same is true for the chapter on subqueries.
I hope you like the shift in focus of the Toolbox column. I invite any feedback, comments, or constructive criticism you may have about the column at mitchell@4guysfromrolla.com. Likewise, send me any suggestions for products, blogs, or books to review!
On a side note, it appears that the MSDN Magazine website has been retooled and many past links to my Toolbox columns are now broken. Boo. I've always been a firm believer that URLs are a public interface and therefore must remain in tact for the lifetime of the website (in theory, then, forever); it's frustrating that Microsoft doesn't share these same ideals.
As always, if you have any suggestions for products, blogs, or books to review for the Toolbox column, please send them to me at mitchell@4guysfromrolla.com
Thursday, February 28, 2008
#
As I blogged about earlier, I've been working on some tutorials for the www.asp.net site on the topics of forms authentication, authorization, membership, and roles. The first set of tutorials covered security basics and examined forms authentication in detail. The second set of tutorials are now available online and focus on the Membership framework and the SqlMembershipProvider.
- Creating the Membership Schema in SQL Server [VB | C#] - explores the Membership framework and its goals. Looks at configuring and setting up the SqlMembershipProvider, which stores user account information in a Microsoft SQL Server database.
- Creating User Accounts [VB | C#] - examines creating user accounts using the CreateUserWizard control as well as using the Membership class's CreateUser method.
- Validating User Credentials Against the Membership User Store [VB | C#] - shows how to validate a user's supplied credentials and log them on (and off) the site. Looks at using both the Login Web control and the Membership.ValidateUser method.
- User-Based Authorization [VB | C#] - examines how to restrict access to pages or functionality within a page based on the logged in user.
- Storing Additional User Information [VB | C#] - the Membership framework only stores a handful of user attributes, but oftentimes additional, application-specific user information needs to be tracked. This tutorial looks at how to accomplish this.
Like with the Working with Data tutorials, all tutorials are available in C# and VB versions, include a complete, working source code download, and are available to download as PDF. The next batch of tutorials will examine the Roles framework (and the SqlRoleProvider).
Enjoy! - http://asp.net/learn/security/
Monday, February 18, 2008
#
I have a few speaking engagements and training events coming up in the next few days and months here in beautiful San Diego.
Local User Group Talk: Storing Binary Data in an ASP.NET Web Application - Tuesday, February 19th, 2008
I'll be speaking at the ASP.NET SIG here in San Diego. The meeting, held at Microsoft's office in UTC on La Jolla Village Drive starts at 6:30 PM with announcements and free pizza and soft drinks!!! My talk begins at 7:00 PM. My talk looks at storing binary data in an ASP.NET web application, examining the pros and cons and comparing and contrasting the necessary steps of storing data in the web server's file system vs. storing it directly in the database.
Training: ASP.NET Programming II - Thursday, February 21st through March 27th
This 27 hour course spread over six weeks covers a gamut of ASP.NET programming topics, from working with data, to building an application architecture, to creating a custom site map provider, and examining the Membership and Roles features. This course is through the University of California - San Diego University Extension.
Training: ASP.NET In Depth: Forms Authentication, Authorization, Membership, and Roles - Saturday, April 12, 8:00 AM to 12:00 PM
This four hour class offers an in depth look at ASP.NET's forms authentication, authorization, membership, and roles systems. See how to accomplish common user account-related tasks, like building a login page, registering new user accounts, showing different data based on the currently logged in user, and populating grids and other data controls with users and user account information.
Training: ASP.NET In Depth: Networking Functions - Email, HTTP Requests, Screen Scrapes, and RSS - Saturday, April 12, 1:00 PM to 5:00 PM
Any network function you can perform from your desktop can be accomplished from an ASP.NET page. This includes sending and downloading email, making HTTP requests, screen scraping, and publishing and consuming RSS feeds. This four hour class looks at using classes in the .NET Framework as well as open source and affordable third-party components to: send email using SMTP; download email from a POP3 server; download, parse, and display the HTML from another website; consume and display remote RSS feeds; and generate RSS feeds for your website.
Training: ASP.NET In Depth: Building AJAX-Enabled Web Applications - Saturday, May 10, 8:00 AM to 12:00 PM
AJAX-enabled web applications offer a highly interactive user interface whose responsiveness rivals that of desktop applications. Popular web applications like the social networking news site Digg and GMail are prime examples of AJAX techniques in action. Microsoft’s ASP.NET AJAX Framework and AJAX Control Toolkit makes building AJAX-enabled ASP.NET web applications remarkably fast, easy, and fun. This four hour class examines key AJAX concepts and techniques and then explores the ASP.NET AJAX Framework and AJAX Control Toolkit, illustrating how to build highly responsive, real-world user interfaces.
Training: ASP.NET In Depth: Website Performance and Scalability - Saturday, May 10, 1:00 PM to 5:00 PM
As a website's use and popularity grows, performance and scalability become two key concerns. Performance issues in ASP.NET applications typically arise from excessive page markup and inefficient data access. This four hour class starts by looking at tools for measuring a site’s performance and identifying potential bottlenecks. It then looks at common performance and scalability pitfalls along with tips for achieving optimal performance.
Thursday, February 14, 2008
#
I often use the free and awesome decompiler Reflector to peer into the source code of Microsoft's .NET Framework. It's an indispensable tool. However, I had a little difficulty viewing the underlying source code for some of the new .NET 3.5 classes. In particular, for a recent article I was interested in looking at what was happening underneath the covers when the DataPager control was rendered. The DataPager is a new control in ASP.NET 3.5 used to render a paging interface for the ListView control (also new to 3.5).
By default, Reflector had the v2.0 assemblies loaded. “No problem,” I thought, “I'll just navigate to the 3.5 assemblies in the %WINDIR%\Microsoft.NET\Framework folder and open the System.Web assemby from there. While there is a 3.5 subfolder there, it only includes a sprinkling of assemblies, and none of the 3.5 assemblies I was interested in. The .NET 3.5-specific classes are installed in the GAC in the System.Web.Extensions.dll assembly. Reflector, it appears, can't locate this assembly and I couldn't reach it through Windows Explorer.
I was able to use Reflector to dig into this assembly, but I'm sure there's an easier way to do it. I'm going to share my approach, but I invite anyone who knows of a simpler technique to post instructions in the comments. One possible solution would be to update Visual Studio 2008 so that the .NET Framework code can be stepped into during debugging. I tried applying the hotfix a while back and got an error, and have not yet taken the time to investigate the error further. With the .NET Framework source code integration can you view the source code through VS 2008 like with Reflector, or is the code only accessible when debugging?
To open the System.Web.Extensions.dllfrom Reflector, perform the following steps:
- Drop to the command line (Start / Run / cmd.exe)
- Navigate to the appropriate GAC folder, %WINDIR%\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\
- Copy the System.Web.Extensions.dll to another location on my hard drive (such as C:\MyAssemblies\).
- Once the assembly is “freed” from the GAC, you can open it in Reflector as you would any assembly
Hope this helps!
UPDATE FROM JAMES NEWTON-KING: “You can access the 3.0 and 3.5 assemblies at C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5” (That sure simplifies things!)
Sunday, February 10, 2008
#
Next Tuesday, February 19th, I'll be speaking at the ASP.NET SIG here in San Diego. The meeting, held at Microsoft's office in UTC on La Jolla Village Drive starts at 6:30 PM with announcements and free pizza and soft drinks!!! My talk begins at 7:00 PM.
My talk looks at storing binary data in an ASP.NET web application, examining the pros and cons and comparing and contrasting the necessary steps of storing data in the web server's file system vs. storing it directly in the database.
If you can't make the talk, you can download the PowerPoint slides and code demos at http://datawebcontrols.com/classes/BinaryData.zip.
Hope to see you there!
Friday, February 08, 2008
#
Jeff Atwood's most recent blog post is titled The Years of Experience Myth, and argues that too many companies place too much emphasis on how many years of experience a developer has in a certain technology. Jeff writes:
It's been shown time and time again that there is no correlation between years of experience and skill in programming. After about six to twelve months working in any particular technology stack, you either get it or you don't.
I agree that experience and skill in programming may not be directly correlated, and I concur that a skilled and motivated developer can pick up and be more proficient in a new technology in six months to a year than an unskilled, unmotivated developer who has spent years working with that same technology. But to say that years of experience doesn't matter one iota is lunacy.
The more experience you have with a technology or framework, the more intimate you become with its inner workings. You are privy to its warts - those underdocumented bugs that maybe only 1,000 people in the world have ever encountered and taken the time to understand its origin. You know little tricks and tips that you can only pick up from trial and error, from having spent an entire afternoon stumped on one bug that you finally worked around after trying so many different things. You get a sixth sense when it comes to troubleshooting problems because you've likely run into the same problem before. These are the benefits of experience.
I've been developing web applications with Microsoft technology since 1998, and I can say without doubt that I am a better ASP.NET developer today than I have ever been. My brain is not as sharp as it was in university, my computer science background not as keen as it was during grad school, my time not as disposable and my energy levels not as high as when I was younger, but I know ASP.NET better today than I did last year; last year I knew it better than the year before that, and so on.
Experience isn't everthing, but to discount it, to say that what one person has learned in 10 years can be mastered by another in six months to a year, is preposterous.
Tuesday, February 05, 2008
#
Over the past few months I've been writing a series of ASP.NET security tutorials for the www.asp.net site, much like my Working with Data tutorial series. This tutorial series focuses specifically on forms authentication, authorization, Membership, and Roles (using the SQL Server providers).
Today, the first three tutorials have been published:
- Security Basics and ASP.NET Support [VB | C#] - discusses important security concepts and what facilities are available in ASP.NET to assist in implementing forms authentication, authorization, user accounts, and roles.
- An Overview of Forms Authentication [VB | C#] - provides an in-depth look at the forms authentication workflow.
- Forms Authentication Configuration and Advanced Topics [VB | C#] - examines the various forms authentication settings and see how to modify them through the element.
There will be a total of 14 tutorials. The next batch will focus on the ins and outs of the Membership framework and the SqlMembershipProvider.
Like with the Working with Data tutorials, all tutorials are available in C# and VB versions, include a complete, working source code download, and are available to download as PDF.
Enjoy!
Tuesday, January 22, 2008
#
Prior to ASP.NET 2.0, I wrote an article on 4Guys showing how to add up and down arrow images to a sortable DataGrid's column headers to visually depict the column and direction the grid was sorted by (read the article; see a live demo). In particular, my approach required the page developer to add a bit of code to the ASP.NET page's code-behind class that would enumerate the grid's columns and remove the up/down arrow <img> tag for columns that were not currently being sorted, and would add the appropriate <img> tag to the column the data was sorted by.
I recently updated this functionality for the GridView control, but rather than require that the page developer add code to the ASP.NET page, I instead created a custom server control that extended the GridView. This control automatically adds the up/down arrow image when the grid is sorted.
To check out this code and a demo application, and to learn more about the inner workings of this custom server control, be sure to read my latest 4Guys article: Extending the GridView to Include Sort Arrows.