Sunday, January 31, 2010

ASP.NET ViewState Review

Was going through the internals of the ways that ASP.NET engine handles the Viewstate. Came across this wow article by Scott Mitchel. The states that an ASP.NET page goes through; and the cost of the ViewState that an ASP.NET page has to pay in form of performance barriers; and ways to avoid heavy duty pages, including persisting ViewState on server file system.



The great thing about the article is that it comes with a parser to decode the base64 encoded ViewState information that resides in hidden __VIEWSTATE form field. Just decode about any ASP.NET page an enjoy the secrets; although it is not very much recommended to store anything sensitive in ViewState or even use an important public property called ViewStateUserKey that is used as salt to encrypt the information; and then probably you may be able to save your users from "one click attacks".

Tuesday, January 26, 2010

MCMS: Problem Installing MCMS SP1a, J# 3.0 is required!

Problem Installing MCMS SP1a, J# 3.0 is required!

There is no un/official semi-ignored release of J# 3.0 or J# 3.5; then why Microsoft Content Management Server SP1a Installation Wizard asks for it? Moreover, during Microsoft Content Management Server SP1a installation it does not install Site Manager; and if you go through custom installation, the Site Manager check box is disabled.

It appears that MCMS tries to find the J# for the most recent .NET framework you have installed. It actually looks for J# 3.0, or whatever latest version of the framework that is installed on the system.

So, there are three solutions that I was able to find:

1. Manual
- Uninstall your 3.0,
- Install MCMS, you will see the enabled check boxes for Site Manager
- And reinstall you latest .NET framework

2. Registry
- Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\ in regedit
- Rename v3.0 subkey(folder) to whatever(for instance 'zero')
- Install MCMS, you will see the enabled check boxes for Site Manager

3. Alternatively
- Install J# 2.0 SE from msdn site
- Create an empty file(VJSLIB.DLL) at the following location C:\WINDOWS\Microsoft.NET\Framework\v3.0\vjslib.dll
- Install MCMS, you will see the enabled check boxes for Site Manager

Friday, January 22, 2010

.NET Cryptographic Services

Quick note, in cryptography services; .NET framework provides with the ability to securely transmit sensitive data. It implements a streams-based encryption layer, which allows data streams to be routed through encryption objects to produce encrypted output streams.

It supports the following symmetric(use the same key for encrypt/decryption) algorithms:
DES, 3DES, RC2, Rijndael/AES.

Following asymmetric(two keys, one for encryption and one for decryption) algorithms, called public and private keys:
RSA, DSA

Following are the hashing algos supported by .NET:

hashing algorithms; MD5(now getting obsolete), SHA1, SHA256, SHA384, SHA512, along with the support of X.509 certificates.

Also, .NET's SecureString is worth looking into.

Wednesday, January 20, 2010

ASP.NET: How to pass NULL value to Crystal Reports

Question: How to pass NULL value, or "no value", to parameters defined in, probably user defined, Crystal Reports, that in turn access the database using watever, sp, query, etc?

This question hanged over my head like a sword - for I was working in production.

This dint really help as I would expect it the usual way it should.! Specially when I found a bug on my production server; this required a hotfix! and well... following is how I worked it around.

Following dint work:
1. Empty string
2. null
3. DBValue.Null

A suggestion, among many, that I got stumbled upon was that, in the crystal reports make update your formula to something like following:

If IsNull({?String}) OR {?String} = '' then  //2 single quotes
   "Empty Parameter"
else
   {?String};

But, we are talking about literally thousands of "user generated" reports; having no access to anything inside the report, except for parameters; something has got to be generic here.

Following, did the trick!
val = (object)(new ParameterDiscreteValue()); //Just instantiate an object of discrete value
reportDocument.SetParameterValue(strParamName, val);//and enjoy!

The reason, that I have boxed it because this loc is right outta my code! Just for someone chasing a stopwatch.

The last, microscopic line, helped me.

Happy null'ing around! (0:

Wednesday, January 13, 2010

Button click event being called automatically upon Page Refresh

Problem statement:
Button click event being called automatically upon Page Refresh (F5).

Bug:
When I press F5, I get duplicate records. That is, when I click on a save record button on my web page, and then if I refresh the page, that is hit the F5 key, the action repeats itself and another identical record is inserted in the database.

Reason:
That is in essence what a browser refresh functionality does; it repeats the last POST/GET action that was performed. And no wonder that we get to notice behavior only in such cases of duplicate record insertion (0:

By the way, if anyone of you did notice, Internet Explorer(and I am sure any other browser) does warn before adding a "duplicate record".




Workarounds:
1. Redirect to self:
Response.Redirect(Request.Url.AbsoluteUri);
2. Catch at the db level
3. Check through a sessioned variable
4. Detect browser's refresh button, here.


I would quote Terry Morton who touched the same topic starting with following comments:
Why on earth would the user be pressing the Refresh button?

Which you must have thought as well? well... she continued.
However, if you have been in application development for any length of time, you will know that end users have no limit to their "creative approaches" to application navigation. And they will INDEED press that Refresh button even though there is no logical reason to do so.

Happy refreshing! (0:

Thursday, January 7, 2010

Web 2.0 vs Web 3.0?

So whats with the Web 2.0 thing? My take is that these are just "buzzwords"; not a product or service; a technological state achieved by the web. With the rise of social web sites (facebook, twitter, googlefriend, linked, digg, reddit, etc); making the web appear live, more user interactive, turning the user data into information; it was started to be called web 2.0.


It was only after the web 2.0 was named 2.0; the old traditional static web sites were named web 1.0; which incorporates html tables, guestbooks, marquees, gif buttons, etc - the static web.

Some people confuse that AJAX is web 2.0; rather AJAX is just a part of web 2.0, used to build rich/interactive user interfaces. Several other technologies that goes in web 2.0 are like RSS Aggregation, REST, SOAP, web widgets, social networks, taggings, new open architectures, bloggings, wikis, collaboration, sharing;

While web 3.0 is about small web applets (weblets?) peiced toghether on standard interfaces to enrich online user experiences from anywhere any device (web, mobile, pc, desktop, netbook). They say its more about semantic web. Which is more like linked-data(google wave), turning every data into information. Technologies like XML, RDF, OWL, SPARQL.



See how Microsoft is investing in Semantic Web technologies.

And for web 4.0 someone wrote "
The web become sentient, rises up, conquers the world and enslaves the human race?
" (0:

Tuesday, January 5, 2010

.NET: CIL, CTS, CLS, CLR?

What is CIL, and then CTS, or CLS, or CLR? a WTF of abbreviations!

CIL (Common Intermediate Language) is the byte code to which our C# code is compiled. It's the "machine code" of the .NET execution engine.


The CTS (Common Type System) is the representation of types (classes and structures) at the compiled level. Basically, it's saying that all .NET languages will use a common way of representing types (classes and structures).

The CLS (Common Language Specification) is a set of constraints on APIs and a complementary set of requirements on languages. If a library is CLS-compliant (i.e. adheres to all the constraints), then any CLS-compliant language will be able to use that API. Conversely, a CLS-compliant language is guaranteed to be able to use any CLS-compliant library. For example, a CLS-compliant language is guaranteed to support Int32, so the CLS guarantees it's safe for library writers to use Int32 in their API.

While CLR (Common Language Runtime) is just a virtual machine component that runs byte code.
 
If you are interested further, see ECMA C# and Common Language Infrastructure Standards.

Monday, January 4, 2010

WCF: Why use MessageContract when DataContract is there?

Windows Communication Foundation (WCF): Why use MessageContract when DataContract is there?

UPDATED 07/15/2012: Based upon comments
Nutshell: Just know that, data contracts are used to define the data structure. Messages that are simply a .NET typed convenience for generating the XML for the data you want to pass.

Message contracts are preferred only when there is a need to "control" the layout of your message(the SOAP message); for instance, adding specific headers/footer/etc to a message.



Keeping it simple, stupid:
Data contracts are used to define the data structure. Messages that are simply a .NET type, lets say in form of POCO (plain old CLR object), and generate the XML for the data you want to pass.

Message contracts are preferred only when there is a need to "control" the layout of your message(the SOAP message); for instance, adding specific headers/footer/etc to a message.

Detailed answer:
While going through couple of WCF examples, this question was bogging down my empty skull for some time; and when I realized the difference and usage of each in specific scenario, which basically would base upon my requirement, I am posting this for if anyone who is going through the mind-boggles of similar sort!

What is a Contract, really? Wiki says:
"In law, a contract is a binding legal agreement that is enforceable in a court of law.[1] That is to say, a contract is an exchange of promises for the breach of which the law will provide a remedy."


So what does that mean? In technical terms this means that these contracts(DataContract, MessageContract) bounds the IO client with specific terms and conditions; and only when met, the data is exchanged.
MSDN: A data contract is a formal agreement between a service and a client that abstractly describes the data to be exchanged. That is, to communicate, the client and the service do not have to share the same types, only the same data contracts. A data contract precisely defines, for each parameter or return type, what data is serialized (turned into XML) to be exchanged." - See DataContract types.

1. DataContracts descibes the datatypes used by a service.
2. DataContracts can be used to describe either parameters or return values.
3. DataContracts are unnecessary if the service only uses simple types
4. Data contracts enable interoperability through the XML Schema Definition (XSD) standard.

Note that, this enables the types to be described in metadata to enable the clients to interop with the service.


Following is how a basic DataContract is defined:

[DataContract]
public class Shape { }

[DataContract(Name = "Circle")]
public class CircleType : Shape { }

[DataContract(Name = "Triangle")]
public class TriangleType : Shape { }

While, MessageContract(s) describes the structure of SOAP messages(since SOAP is context oriented - passing-on complete information about object) sent to/from a service and enable you to inspect and control most of the details in the SOAP header and body.

1. Generic - MessageContract enables you to interoperate with any system that communicates through SOAP.
2. Control - Using message contracts, we get complete control over SOAP messages sent to/from a service by having access to the SOAP headers and bodies.
3. Object Context - This(SOAPing) allows use of simple or complex types to define the exact content of the SOAP.

MSDN: sometimes complete control over the structure of a SOAP message is just as important as control over its contents. This is especially true when interoperability is important or to specifically control security issues at the level of the message or message part. In these cases, you can create a message contract that enables you to use a type for a parameter or return value that serializes directly into the precise SOAP message that you need.

Following is a simplest message contract:
[MessageContract]
public class BankingDepositLog
{
  [MessageHeader] public int numRecords
  [MessageHeader] public DepositRecord records[];
  [MessageHeader] public int branchID;
}

And above would result as following in SOAP headers:

3

  Record1
  Record2
  Record3

20643



To see why it is useful to use MessageContract(s), that is, to pass information in SOAP headers, you will have to dive into the SOAP advantages; and yep I am not getting into the disadvantages of SOAP (0: since their aren't too many - and those which are there are vary from scenario to scenario. This obviously does not mean you use SOAP all the time, but you definitely would require a good reason to use SOAP headers over simple XML.

Enjoy coding!

Related Posts

Popular Posts