Sunday, February 8, 2009

Email ActionResult in ASP.NET MVC

Don't call SmtpClient.SendMail directly within your controller actions because it directly couples your controller to SmtpClient.

Don't even create an interface IMailer and wrapping implementation of this to SmtpClient.

Instead, create a new ActionResult subclass called EmailResult. Make this class have the properties From, To, Subject and BodyData. In the ExecuteResult method use the ViewEngine infrastructure to render a view of the BodyData into your own StringWriter. You can then send the resulting content via email using SmtpClient.

Read More..

Thursday, January 29, 2009

Windows Azure CTP January 2009 Released

At the 2008 Professional Developer Conference, Microsoft unveiled its cloud operating system, Windows Azure. Azure is the operating system that acts as the development, service hosting, and service management environment for the Azure Services Platform. This platform aids developers in publishing services and applications on the internet. Microsoft has released the latest CTP for Azure.

This latest Community Technology Preview updates the Windows Azure SDK and the Windows Azure tools for Visual Studio. The CTP brings several improvements:

The Windows Azure SDK offers improved support for the integration of development storage with Visual Studio, including enhanced performance.

For each Windows Azure SDK sample that accesses the development storage Table Storage service, a database name is now defined within the associated Visual Studio project. When the sample service is started from Visual Studio, the named database is created and the development storage Table Storage service is configured to use this database for the running service.

The StorageClient sample includes the following improvements.

The ASP.Net Providers sample now supports a search syntax similar to the ASP.Net SQL-based providers.


Tuesday, January 27, 2009

ngine Yard takes Ruby and Rails to Amazon’s cloud bandwagon

Engine Yard, which makes application development software for Ruby and Rails deployments, said it will make its offerings available on Amazon Web Services.

The move is part of a mass migration to Amazon’s EC2 services. Engine Yard specializes in Ruby and Rails deployments. Ruby and Rails is an open source programming language used by a bevy of Web 2.0 sites. On Wednesday, the company launched Engine Yard Solo and Vertebra, two products designed to make deploying Ruby easier in a cloud computing setting.

Vertebra is an open platform for developing and managing cloud applications. Engine Yard used it for its own cloud but has open sourced the software. It features security policies, process automation, a federated design and distributed auditing.


Friday, January 23, 2009

Caching in

ASP.NET gives you the ability to cache the output of pages or portions of pages in memory to improve performance.

The main reason to cache is to reduce the latency and increase the scalability of an application while reducing the server resources required to deliver its page content.

Latency is a measure of the time it takes for an application to respond to a user request. Scalability is the ability of an application to handle increased numbers of users.

If a page is cached on the server, the rendered HTML stored in memory is served instead of a freshly generated page from the server. Because it takes less time for the client to get the page and display it, your web site will seem more responsive.

If pages are completely static, deciding to cache them is a no-brainer. But the decision gets trickier if pages must vary their content in response to one of the following:

-Query string parameters

-Client browser type (e.g., Internet Explorer, Netscape, and so on)

-Custom parameters

-Database content

Read MOre..

Thursday, January 22, 2009

what's new in Visual Studio 2010?

1. UML: Now draw UML diagram right from your Visual Studio. No need to buy another tool or go to Visio to do that.

2. Application Architecture Re-engineering: You have a ready made code-solution, now you have to explain it to some one but have documents. VS2010 will help you to draw an application architecture using you application code. This way you get a big picture of your application and also all linkages between different classes. Good for new joiners in an existing team.

3. Stuff for Manual Testers: Manual tester can breathe a lot better with VS2010 tools, log in all your test cases and select the test case to run and click record and then execute your test case as usual and see what you get. If test case passes, you get evidence (most clients in service based companies want that) as videos or if the test case fails, you get the steps to reproduce as videos. Cool, isn’t it?

4. Besides these a lot more in Unit Testing side.

5. A lot more features and integration with SharePoint.

6. Above all brings in .NET 4.0


Wednesday, January 21, 2009

Windows 7 SDK beta arrives

Last weekend, Microsoft unleashed the Windows 7 beta (take our in-depth tour) and the Windows Server 2008 R2 beta to the web. Due to the chaos and craze over downloading a beta operating system, many missed the news that Microsoft had also made the Windows 7 beta SDK available. If you're a developer, or you're just slightly interested, you can grab it from the Microsoft Download Center (1304.8MB). Here's what's on the .iso file:
The Windows SDK for Windows 7 and .NET Framework 3.5 SP1: BETA provides the documentation, samples, header files, libraries, and tools (including C++ compilers) that you need to develop applications to run on Windows 7 BETA and the .NET Framework 3.5 SP1. To build and run .NET Framework applications, you must have the corresponding version of the .NET Framework installed. This SDK is compatible with Visual Studio® 2008, including Visual Studio Express Editions, which are available free of charge.

If that got you interested, be sure to check out the Release Notes as well. The most important thing to note about this release is that the SDK will definitely change by the time Windows 7 is released, and developers should keep this in mind when they're using it. I would still recommend downloading it and getting a feel for what you'll want to update in your application to take advantage of the improvements of Vista's successor.


Sunday, January 18, 2009

Authentication, Authorization in ASP.Net 2.0

Authentication and authorization is essential for the purpose of security in any software. Web projects require the technology of authentication and authorization to prevent the systems from the outside attacks. You can never keep your documents safe unless there is technology for protecting your documents from the hackers and malicious programs. Authentication is required for checking the identity of the person who wants to get the access inside your network and authorization is needed to give the permission for accessing particular resource.

Let us discuss the topic in detail:

1. Whenever user logs on to the computer system using the password there is need of authentication and authorization for allowing the user to use the system of the workplace. provides the facility to authenticate the user and then provide the authorization for accessing the resources. There are three types of authentication which are used in Form authentication, window authentication and passport authentication.

2. Authorization is performed by the IIS which is used in If the user is not authenticated then IIS configuration setting does not allow the entrance of user to access the resources. Authentication is done using the tickets. Cookies are stored and used by the authentication system for checking the user authentication and providing permission for accessing the resources.

3. You can use the built in facility for authentication and authorization. You can customize the facilities for making it suitable according to your usage. Password and login id can be changed for making easy processing. Password of the user can be checked and new password can be issued for new user. You can add the new user in the existing system. There are many new features in the updated version.
Authentication is performed using the IIS feature in with the help of the tracking of the cookie. Cookies play an important role in authenticating the user.

4. Authorization is performed perfectly by the improved functionality. You can add many users and database tables must be updated. Authentication in uses the database tables for authentication and users are checked for the existence.

5. Cookies are used for the authentication but some browsers do not support the functionality. So tickets are attached for authenticating the users. Secure socket layer is also applicable and provides security to the online users. Time out is also used for detaching the user from the server and again the password and login id comes in to play.


Friday, January 16, 2009

Important Features of DOT NET

1. Interoperability support
You can easily migrate from any programming language to with an ease. You will find it really easy to migrate if you are from COM or java. In fact the Microsoft has the migration utility to automatically migrate existing java code into that of C#.

2. Common Language Runtime (CLR)
Microsoft has come up with this engine which is shared by all the programming language like C Sharp, VB, Visual C++, JavaScript, VB Script etc and the language supported by .net. With the help of CLR you can make base classes in C#, child class and aggregate in visual C++. This is really the idea which not only you but all of us have experienced to be very handy. This is really the most important achievement as far as the Microsoft is concerned.

3. Base Class Library
Can you guess why java appears to be so versatile and cross platform independent? Yes if you have guessed the class library then you are absolutely right. However you will find it really great how it is implemented in the .net technology. It has moved a step further by making them available for all the languages. With them you are now capable of using features like string manipulation, exception handling, remoting, collection management construct in the same way for all the languages that are supported by the CLI.

4. Common type system( CTS)
You will really be amazed when you will come to know that the data types remain the same as far as all the languages supported by the ClI is concerned.

5. Easy deployment technique
The applications can now be deployed easily with just the help of XCOPY of the assemblies, files and configuration file. There is no more the need of the DLL.

6. Improved web services
With the implementation of Web technologies like ASP.NET you will definitely find that you can now develop more advance and powerful web application.


Thursday, January 15, 2009

Microsoft launched Robotics Studio 2008

Microsoft launched Robotics Studio 2008 in mid-November. New version of Robotics Studio is a whole set of tools designed to help developers write code that controls robots. The Microsoft Robotics Studio is a Windows-based environment for robot control and simulation. It is aimed at academic, hobbyist, and commercial developers and handles a wide variety of robot hardware. Robotics Studio 2008 offers a suite of tools that makes it easy to write code that controls robots, from simple robots to advanced robots. Application developers can choose from the Visual Programming Language within the Microsoft suite or C# to create code.


Monday, January 12, 2009

Things you should adopt or avoid while web development

“WEBSITE” is the best platform that brings you in contact with your customers. It must be impressive and lucrative in terms of traffic generation and improving market value. Your website should be excellent in terms of creativity, indigenous approach, web 2.0 implementation, table/table less and capable of talking good to your clients. This means that your website should be able to create an impression upon your clients and convince them on dealing with you. To get more and more traffic your web development has to be placed properly.

Here are few tips, which will tell you what is good for you website development. What should be your website tools that would render your web development process in real time?

* Your website is informative and helpful to your visitor.
* Content must be an imperative criterion in web development.
* Content you are using is unique and genuine.
* Common features like content, image, less usage of java scripts, to the point write-ups and smooth navigation aptitude should be present in you website.
* Website is able to bring other aspects of web development like less loading time and usage of graphic images.
* Do not exaggerate on ideas and concepts to such a degree that people discontinue believing in your website.
* The additional number of graphic images and heavy scripting codes, and presentation will slower your website to download. So be sure about it!
* “Trust” indeed is a prerequisite, which makes a website triumphant and popular amongst visitors.


Sunday, January 11, 2009

Tips on getting your ASP.NET Dynamic Data questions answered quickly

When you run into an issue or have a question about ASP.NET Dynamic Data, the best place for it is the Dynamic Data Forum. When you write your question, there are a few simple things that you can do to make it easier for the ‘experts’ to answer (and hence to get an answer quicker!).

1. Mention what ORM framework you are using
Out of the box, Dynamic Data supports LINQ To SQL and Entity Framework. While they seem similar on the surface, they are actually fairly different once you get a little deeper into the API. Just mention which one you’re using and you’ll save a roundtrip.

2. Mention what release you’re using
The official release of Dynamic Data is the one that comes with .NET Framework 3.5 SP1 (or Visual Studio 2008 SP1). There are also various preview bits and samples that you can download from Codeplex. Just mention exactly what you are using. If you’re using some preview bits, you can include a link to them to them to remove any ambiguity.

3. When possible, report issues using a standard database
Obviously, we don’t expect you to use Northwind or Adventure Works in your real project. But when you run into an issue with your custom schema, you should always check whether you are able to see the same thing with the standard DBs. Those DBs have schemas which contain many of the common patterns that you may be using. e.g. For One to Many relationship, you Northwind’s Product/Category, and for Many To Many, use Employees/Territories.

There are a few reasons why doing this is preferred. First, most readers are familiar with those schemas, so they can make sense of the situation quicker without having to analyze a custom schema. It also makes it a lot easier for people to try to reproduce the issue you’re seeing, since everyone has those sample databases. And finally, if the issue calls for a sample that demonstrates a workaround, using the standard DB, makes it much more useful to everyone else who runs into it.

Clearly, there are some situation where your custom schema is just different and using the standard DBs will not work. In those cases, just try to precisely describe your schema. Including a diagram can help too. In a nutshell, make sure that a reader not familiar with your database will understand enough of it to make sense of your question.

4. Try to isolate the issue

If an issue you see in a complex scenario can also be seen in a simpler scenario, it is always better to report it on the simpler scenario. It makes the question shorter and easier to read, as it keeps it focused on the essential.

5. Disable AJAX partial rendering
If you’re getting Javascript errors, the first thing you should try to to disable AJAX partial rendering. Please see this post for more details on this.

6. Include complete stack traces
If you’re getting an error in the browser, make sure you include the full stack trace that you see in there, and not just the text of the error. Looking through a stack trace can reveal some important clues about the issue.


Friday, January 9, 2009

Mount Remote FTP And Webdav Servers

NetDrive is a software to mount remote ftp and webdav servers that somehow has never been mentioned at Ghacks before. That’s a rare occurrence especially if the software is well designed and free. A large portion of webmasters have to connect to remote ftp servers regularly to update files on the website. There are obviously other ways to update files like an admin interface that allows the direct manipulation of files on the server.

An alternative to connecting to remote ftp servers with ftp programs is to mount the ftp server as a local drive on the computer system. NetDrive provides the means to do that.

The software comes with a clean interface that has several popular ftp servers preinstalled. New servers can be added by providing the IP, port, username, password and drive letter for that connection. There is also a setting to define when the ftp server or webdav server should be added as a drive letter. The options are to do that when the system starts or when NetDrive starts.

Read More..

Wednesday, January 7, 2009

The Importance of J2EE Server in the software scenario ?

Businesses all over the globe have realized that they can gain a sustainable advantage over their peers by developing custom applications for their unique business needs.

Quick development and deployment are required whether in-house applications for raising employee efficiency are being created or rich Internet applications to cater to the specialized needs of the clients are being developed.

Another issue, which is of concern to enterprises, is the portability and scalability of their enterprise applications. An enterprise application is viable only when it is easily portable across platforms and devices. Scalability is also another parameter, which decides the long-term feasibility of an application. Enterprise applications must be scalable so that they can be scaled up to accommodate thousands of users simultaneously. J2EE based enterprise applications can be executed across platforms and are functional across devices.

J2EE Development services for established as well as emerging companies across the world.

1. Multi-platform support language and support for web-services also

2. Develop dynamic web applications for e commerce, e learning, polls, HTML forms processing, and more.

3. Combine Java technology-based applications or services to create highly customized applications or services.

The J2EE platform provides a multi-tiered distributed application model, the ability to reuse components, a unified security model, and flexible transaction control. Not only can you deliver innovative customer solutions to market faster than ever, but your platform independent J2EE component based solutions are not tied to the products and APIs of any one vendor. .

The J2EE specification defines the following kinds of components:

Servlet and Java Server Pages (JSP) components (also called Web components): These typically execute in a web server and respond to HTTP requests from web clients. Servlet and JSP pages may be used to generate HTML (or even XML) pages that are an application’s user interface.

Enterprise Java Beans (EJB) components: These execute in a managed environment that supports transactions. Enterprise beans typically contain the business logic for a J2EE application

It is always advisable for outsourcing Java to a company which houses experienced and technically qualified Java professionals which ensures best services and that too in perfect quality.

J2EE or the Java to Enterprise Edition platform developed by Sun Microsystems stipulates the criterion for developing multi-tier enterprise applications. The J2EE platform leverages the robustness of the Java programming language that allows developers to write the code only once and execute the application on any platform. Presently more than two-thirds of development managers use the J2EE platform to develop and deploy their applications.

The user level web application are generally created in the simple HTML, DHTML, sometimes the complex COM and Java script applets. Most of the softwares that were developed earlier were based on the client server architecture, which needed it to be installed separately in each of the user’s computer. Upgrading such web application became extremely difficult as it involved upgrading each and every machine in which it was earlier installed. Another hassle that the client server custom application development required was to license it every time you installed a web application in your computer.

Most database driven applications that are developed using open source technologies have a three-tier structure. The web application itself runs in the browser of a desktop or a laptop. Users can only access the front end of the application to input data or search strings. Java being platform independent allows applications to be accessed on any device like a pda or cellphone or any telnet device.

Enterprise Java bean application development occurs by employing a three-tier architecture consisting of a front end known as the web container, an EJB container, the third tier being the database. This three-tier structure has proved to be immensely useful for enterprise application development.


Tuesday, January 6, 2009

Hidden Features in C#

1) Using @ for variable that are keyword.

var @object = new object();
var @string = "";
var @if = IpsoFacto();

2) Aliased Generics.

using ASimpleName = Dictionary>>;

Allows you to ASimpleName,instead of


Use it when you would use the same generic big long complex thing in a lot of places.

Read MOre..

Cloud Computing with Microsoft , Google and Amazon

Cloud computing is Internet-based (“cloud”) development and use of computer technology (”computing“). The cloud is a metaphor for the Internet (based on how it is depicted in computer network diagrams) and is an abstraction for the complex infrastructure it conceals.[1] It is a style of computing in which IT-related capabilities are provided “as a service”,[2] allowing users to access technology-enabled services from the Internet (”in the cloud”)[3] without knowledge of, expertise with, or control over the technology infrastructure that supports them. According to a 2008 paper published by IEEE Internet Computing “Cloud Computing is a paradigm in which information is permanently stored in servers on the Internet and cached temporarily on clients that include desktops, entertainment centers, table computers, notebooks, wall computers, handhelds, sensors, monitors, etc.”

Cloud computing is a general concept that incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the users.

Microsoft , Google and Amazon has already launch their platform which worked base on the Cloud Computing Architecture. Microsoft Azure Platform , Google Apps Engine and Amazon Web Service are most reasonable example of Cloud Computing .

There are similarities. However, Azure supports any .NET 3.5 language (C#, VB.NET, F# and a number of others), whereas App Engine only supports Python. In addition Microsoft has already announced that eventually you will be able to run native code on Azure opening the door to almost any Language/Framework that runs in Windows (e.g. Java, PERL, PHP).

Google App Engine doesn’t provide local storage. Azure does (although it’s not shared across instances, you have to use the Azure Storage Service for that). I’m not sure what ancillary offerings Google has beside app engine, but Azure provides a number of services above and beyond the hosting service including

* SQL Data (and soon to be Reporting and Analysis) services,
* .NET Services (WF, WCF and Identity services in the cloud),
* Live Framework (too much there for words)

I’m pretty sure I’m missing something there, but it’s 2 in the morning. Basically the big deal here is that Azure has a lot to offer that GAE is lacking currently, and will have more to offer in the upcoming months. So yes it is equal to GAE…and then some.

Read More..

Monday, January 5, 2009

The perfect time to release source code?

Microsoft released last week a ASP.NET MVC demo project called "Oxite" and many Newssites wrote things like "MS launched open source blogging plattform". It´s great that Microsoft released the source code, but on the other handside, there are many criticisms from the alpha geeks. The question is: Should source code only released if it is "perfect"?

As a software developer I think open source is great and I´m very happy that open source is becoming more and more popular. Even development teams at Microsoft release more and more open source code (e.g. MEF, .NET Framework…). "Oxite" was developed by the MIX Online team.

What is Oxite?
"Oxite" is a blogging plattform. It use the new ASP.NET MVC framework (which is itself beta). The Microsoft ASP.NET MVC team don´t even know, that the MIX guys use their stuff. Unfortunately the source code isn´t a great resource for a beautiful architecture (currently - refactoring is going on!).

The problem with Oxite
Every developer know: You don´t have endless time or endless money and your customer wants to see something. Often the right guys with the know how are unrechable and that´s why you are now the developer who implements it - the first time of course!

Read More..

How to make a Gmail-like loading indicator with ASP.NET Ajax

The application uses a few ASP.NET Ajax controls so I was pretty surprised when the customer sent me an email saying that he liked all the dynamic loading and the fact that he could reorder "things" using drag&drop and saving them without waiting the page to reload, but it took him a while to understand was going on. The first time he clicked the button, and since nothing happened, he thought that something was going wrong, so he kept clicking on the button, an yet nothing happening.

The problem was that since all the Ajax interactions happen behind the scenes asynchronously, the user doesn't understand what's going on: sometimes the user doesn't need to know what's going on (like when you are just reloading some data), but when he presses a button he needs to know that he did the right thing and that something is happening. With the "old style" ASP.NET a postback would have been initiated, so it was obvious that something was happening, but how to do it using Ajax?

That is pretty easy to accomplish with ASP.NET: just drop in an UpdateProgress control and it will be displayed when an Ajax postback happens.

But, as default behavior, the UpdateProgress is displayed in the position where it is added to the page, so, if your page is longer than a scroll page, the indicator could not be visible: it has to be positioned relative to the browser window and not relative the html document.


Sunday, January 4, 2009

Ajax application Security

Ajax is not issue about application security but application programming model dose make application vulnerability more porous as per software engineering.JavaScript-powered client-server interactions do enlarge the attack surface.

Ajax application security issue can be address by take care in desiging of application architechture.Here I will going to introduce that thing which can resolve the Ajax application security problem.

SQL Injection : In these attacks, hackers first research common SQL error messages to find vulnerable pages and then modify Select statements to, for example, use a simple TextBox to gain access to a database. Ajax complicates matters because it makes it possible to write SQL expressions on the client side.

Tips to prevent this kind of attacke are:

1. Use CustomErrors pages in the WebConfig file to prevent attackers from identifying an application's particular vulnerability.
2. Use Stored procedures or parameterized SQL queries instead of dynamically created SQL queries.
3. Perform input validation on the server side, not through JavaScript.
4. Use the Least Privileges account for your database and do not allow access to system data. This builds on the notion that security should be implemented in single layers, Software Engineering stated: "You don't want them to be able to thwart one and then get to the data."

Information Leakage : If the JavaScript APIs that power an Ajax application are not properly secured, hackers can use application workflow data exposed on the client side to piece together server-side services. The best way to protect against this, not surprisingly, is to keep security validation on the server side. The only validation that should occur on the client side is that which defines the user experience

Cross site Scripting : In these attacks, hackers foist malicious JavaScript onto unsuspecting users. This tends to happen on Web sites featuring a simple TextBox and a button click that encapsulates text. Instead of, say, posting a comment in a forum, hackers will use this TextBox to put in a script tag to transfer large sums of money from your bank account to theirs. Ajax, as you might expect, leaves more APIs open than does a traditional Web application.

To Protect against Cross-site-scripting I would urge you to do your own validation to make sure you're not allowing this type of input." To best accomplish this, he recommended the use of a white list, which specifically states only the characters that a user is allowed to type in the TextBox. Make sure this list does not include script tags or HTML code.

Cross-Site Request Forging: These attacks use malicious image tags in emails and leverage browser cookies. The image acts as a placeholder for what is really a query string to make that aforementioned money transfer. Once that page loads, the image request triggers an HTTP GET action, and cookies are passed along with it. "The variables coming in from the query string look exactly the same as a post. It's using that cookie that's stored on your computer, and your information, to make that query work,"
Protecting against cross-site request forging involves three best practices, he continued. The first is to use HTTP POST data as opposed to HTTP GET data; the latter can be used for retrieving data, but it should not be used for performing any sort of action using that data. The second is to use one-time, per-token requests. The third is to stand up to nagging end users and stop using persistent cookies for authentication -- especially if sensitive data sits behind a log-in screen.

JavaScript Hijacking:
This variation of cross-site request forging, which thanks to ASP.NET and IIS authentication does not occur in Internet Explorer, sets script tags to a particular URL that, when HTTP GET is passed, will return a JSON-formatted string. From there, the hacker modifies the object prototype to peer into JSON values when they are created. In addition to using the HTTP POST protocol, Lombardo said the best way to protect against JavaScript hijacking is to encode JSON strings on the server side, not the client side.

Lombardo offered two tidbits of advice that were not covered in his discussions of the five common Ajax security vulnerabilities.

First, he recommended removing the WSDL from Web services, as this only gives hackers information about an application that they otherwise would not be able to determine.

Read More..