Second INETA Component Code Challenge 2012

 .NET, Application, ASP.NET, C#, General, MVC3, MVC4, Silverlight  No Responses »
Sep 122012
 

For the second time this year I have the great opportunity to be one of the judges for the INETA Component Code Challenge.  Here are the details:

Have you ever thought “I have a good idea for an application, however what can I get for it?” and/or “I would love to go to DevConnections, but I am not sure how to pay for it?”. Well, you are in luck. With the INETA Component Code Challenge for 2012, all you need to do is create an application using 2 approved controls from 2 approved vendors, create a video talking about your application, and submit it to our judging panel. Our judging panel, consisting of Bill Reiss, Nikita Polyakov, Matt Hidinger, and Greg Leonardo, will be looking for innovation and creativity in the use of approved controls. To read official rules click here.

So grab your computer and Visual Studio and GET YOUR CODE ON!

Disclaimer: INETA covers one conference ticket, hotel, and travel to the conference as is outlined in INETA’s travel policy. Please visit the site for additional rules.

Quick look at security in MVC3

 .NET, Application, General, MVC3  No Responses »
Mar 022012
 

I learned about some security features in MVC3, that I had forgotten about.  So, let’s discuss them and the differences between authenticate and authorization as well as look at some standard attacks.  MVC3 out of the box supports Windows and Forms based authentication, Windows authentication are generally used for intranet applications and Forms based is general used for internet based applications.  With forms authenticate SSL needs to used to help protect the username and password being entered by the user.

To secure a controller action you can use the [Authorize]  attribute to secure an action or the controller itself.  If you use just the [Authorize] attribute, all you are really saying is you don’t want anonymous users to access the controller or action.  You can further define this by adding Roles or Users to the [Authorize] attribute, which is the authorization part of security in MVC3.

Now let’s talk about site attacks.

Cross-Site Scripting, which are defined as cookie theft, malware downloads, account hijacking, and modify content to name a few.  This is controlled by the underlying framework, however you can use [AllowHtml] attribute to the model property you would like to allow Html to flow through with minimal risk.

The Anti Cross Script library can be used to help sanitize the Html.

Cross site request forgery can be combated with the @Html.AntiForgeryToken() on your form declaration and ValidateAntiForgeryToken attribute on the post destination action in the controller.

Example:
In the View form definition.

[sourcecode langauge="csharp"]
@using (Html.BeginForm("Contact", "Home")) {
@Html.AntiForgeryToken()
@Html.ValidationSummary(true)
[/sourcecode]

In the Controller Action

[sourcecode langauge="csharp"]
[OutputCache(NoStore=true, Duration=0)]
[ValidateAntiForgeryToken]
public ActionResult Contact(string message = null)
{
EmailModel email = new EmailModel();
ViewBag.Message = message;
return View(email);
}
[/sourcecode]

Hopefully this give some insight into security options with MVC3, I will follow this up with MVC4 here soon.

Rock, Paper, Azure! Contest – White Screen or 404 Error While Running Local.

 .NET, ASP.NET, C#  No Responses »
Apr 062011
 

I registered for ROCKPAPERAZURE, downloaded the Bits, after installing the pre-reqs, click F5 and got a 404/blank page.

After some troubleshooting I found that install the following applications through the Microsoft Web Platform Installer, the issue was corrected.  I also verified this with Kevin D. Wolfe - as he had the same issue – thanks Kevin:

  1. IIS 7 Recommended Configuration (Good to clean up IIS installs)
  2. Application Request Routing 2.5

Anyway happy Rock, Paper, Azure!, follow the link for more info or to compete.

Silverlight 4 Printing

 .NET, Application, Architecture, ASP.NET, Enterprise, General, Silverlight  1 Response »
Jan 182011
 

Printing in Silverlight has been made pretty simple, how it comes with some caveats because it opnly supports rasterized image printing.  Not 100% a problem but in LOB applications will run into issue with printing thinks like PDF, because all formatting is lost in reflect to the final printed document.

Here is a quick code method on printing in Silverlight 4:

[sourcecode langauge="csharp"]
PrintDocument documentToPrint= new PrintDocument();
documentToPrint.DocumentName = "Sample Document";
documentToPrint.StartPrint += new EventHandler(documentToPrint_StartPrint);
documentToPrint.PrintPage += new EventHandler(documentToPrint_PrintPage);
documentToPrint.Print();
[/sourcecode]

Quick Refresher – ASP.NET Page Life Cycle

 .NET, Application, Architecture, ASP.NET, General  No Responses »
Jan 062011
 

The Life Cycle of a page when requested for the first time:

Initializing: During this phase, the server creates an instance of the server control

Loading: During this phase, the instance of the control is loaded onto the page object in which it is defined.

PreRendering: During this phase, the control is updated with the changes made to it. This prepares the control for rendering.

Saving: During this phase, the state information of the control is saved. For example, if a value is set for the control during the Load event, it is embedded in the HTML tag that will be returned to the browser.

Rendering: During this phase, the server creates the corresponding HTML tag for the control.

Disposing: During this phase, all cleanup tasks, such as closing files and database connections opened by the control are performed.

Unloading: During this phase, all cleanup tasks, such as destroying the instances of server control are performed. This is the final event in the life cycle of a server control

The processing sequence in which a page is processed during a postback event is:

Initializing: During this phase, the server creates an instance of the server control

Loading view state: During this phase, the view state of the control posted by the client is reloaded into the new instance of the control.

Loading: During this phase, the instance of the control is loaded onto the page object in which it is defined.

Loading the postback data: During this phase, the server searches any data corresponding to the control that is loaded in the data posted by the client.

PreRendering: During this phase, the control is updated with the changes made to it. This prepares the control for rendering.

Saving state: During this phase, the change in the state of control between the current request and the previous request of the page is saved. For each change, the corresponding event is raised. For example, if the text of a textbox is changed, the new text is saved and a text_change event is raised.

Rendering: During this phase, the server creates the corresponding HTML tag for the control.

Disposing: During this phase, all cleanup tasks, such as closing files and database connections opened by the control are performed.

Unloading: During this phase, all cleanup tasks, such as destroying the instances of server control are performed. This is the final event in the life cycle of a server control

The events associated with the relevant page cycle phases are:

  • Page Initialization: Page_Init
  • View State Loading:LoadViewState
  • Postback data processing: LoadPostData
  • Page Loading: Page_Load
  • PostBack Change Notification: RaisePostDataChangedEvent
  • PostBack Event Handling: RaisePostBackEvent
  • Page Pre Rendering Phase: Page_PreRender
  • View State Saving: SaveViewState
  • Page Rendering: Page_Render
  • Page Unloading: Page_UnLoad

Databinding in Silverlight

 .NET, Application, Architecture, C#, General, Silverlight  No Responses »
Jun 202010
 

Databinding in Silverlight is based on any object that is inherites from the DependencyObject class.  Now, with new versions of Silverlight may new features (keywords) had been added.  Let’s look at a couple of new ones.

StringFormat:
Allows the ability to do string formatting directly in the databinding, example:

<TextBox Text=”{Binding paymentDate, StringFormat=’MM/dd/yy’}“/>

TargetNullValue:
Allows you to define what to show if value is null.

<TextBlock Text=”{Binding Path=pageContent, TargetNullValue=’No Page Content is Currently Available’}” />

FallBackValue:
Is used to define a value when the value can not be loaded through the data binding.

<TextBlock Text=”{Binding Path=pageContent, FallbackValue=’There was an Error Retreiving the Data, Please try Again Later.’}”  />

As you can see by the above examples, there are a few helpful keywords with databindings – that deal with formatting, nulls, and when things don’t go right.

TechED 2010 BOF Session

 .NET, Application, Architecture, Enterprise, General, Silverlight  No Responses »
Jun 142010
 

Shawn Wildermith and I had the pleasure of hosting a Birds-of-a-feather discussion on “Silverlight, how will it change frontend development?”. We had roughly 40-50 people present and it was a great experience. Was good to talk through real work issues, so thanks to iNETA and Microsoft for allowing us to host such a great session.

TechED 2010

 .NET, Architecture, OO Concepts, Silverlight  No Responses »
Jun 022010
 

I can’t believe TechED 2010 is almost here. This year I get the opportunity to represent the Microsoft community as a web expert, so if you are at TechED this year swing by the web platform expert area and visit with me. I am also doing a BOF this year with Shawn Wildermith and I am listed as a speaker on the TechED site. Also, if you aren’t doing anything on 6/8 from 1:45-2:30 swing by room 335 and catch our discussion on “Silverlight, where will it take frontend development?”

Page 1 of 212