At the 2008 Professional Developer Conference, Microsoft unveiled its cloud operating system, Windows Azure. Azure is the operating system that acts as the development, service hosting, and service management environment for the Azure Services Platform. This platform aids developers in publishing services and applications on the internet. Microsoft has released the latest CTP for Azure.
This latest Community Technology Preview updates the Windows Azure SDK and the Windows Azure tools for Visual Studio. The CTP brings several improvements:
The Windows Azure SDK offers improved support for the integration of development storage with Visual Studio, including enhanced performance.
For each Windows Azure SDK sample that accesses the development storage Table Storage service, a database name is now defined within the associated Visual Studio project. When the sample service is started from Visual Studio, the named database is created and the development storage Table Storage service is configured to use this database for the running service.
The StorageClient sample includes the following improvements.
The ASP.Net Providers sample now supports a search syntax similar to the ASP.Net SQL-based providers.
Read More...
Showing posts with label .net programming. Show all posts
Showing posts with label .net programming. Show all posts
Thursday, January 29, 2009
Tuesday, January 27, 2009
ngine Yard takes Ruby and Rails to Amazon’s cloud bandwagon
Engine Yard, which makes application development software for Ruby and Rails deployments, said it will make its offerings available on Amazon Web Services.
The move is part of a mass migration to Amazon’s EC2 services. Engine Yard specializes in Ruby and Rails deployments. Ruby and Rails is an open source programming language used by a bevy of Web 2.0 sites. On Wednesday, the company launched Engine Yard Solo and Vertebra, two products designed to make deploying Ruby easier in a cloud computing setting.
Vertebra is an open platform for developing and managing cloud applications. Engine Yard used it for its own cloud but has open sourced the software. It features security policies, process automation, a federated design and distributed auditing.
Read More...
The move is part of a mass migration to Amazon’s EC2 services. Engine Yard specializes in Ruby and Rails deployments. Ruby and Rails is an open source programming language used by a bevy of Web 2.0 sites. On Wednesday, the company launched Engine Yard Solo and Vertebra, two products designed to make deploying Ruby easier in a cloud computing setting.
Vertebra is an open platform for developing and managing cloud applications. Engine Yard used it for its own cloud but has open sourced the software. It features security policies, process automation, a federated design and distributed auditing.
Read More...
Friday, January 23, 2009
Caching in Asp.net
ASP.NET gives you the ability to cache the output of pages or portions of pages in memory to improve performance.
The main reason to cache is to reduce the latency and increase the scalability of an application while reducing the server resources required to deliver its page content.
Latency is a measure of the time it takes for an application to respond to a user request. Scalability is the ability of an application to handle increased numbers of users.
If a page is cached on the server, the rendered HTML stored in memory is served instead of a freshly generated page from the server. Because it takes less time for the client to get the page and display it, your web site will seem more responsive.
If pages are completely static, deciding to cache them is a no-brainer. But the decision gets trickier if pages must vary their content in response to one of the following:
-Query string parameters
-Client browser type (e.g., Internet Explorer, Netscape, and so on)
-Custom parameters
-Database content
Read MOre..
The main reason to cache is to reduce the latency and increase the scalability of an application while reducing the server resources required to deliver its page content.
Latency is a measure of the time it takes for an application to respond to a user request. Scalability is the ability of an application to handle increased numbers of users.
If a page is cached on the server, the rendered HTML stored in memory is served instead of a freshly generated page from the server. Because it takes less time for the client to get the page and display it, your web site will seem more responsive.
If pages are completely static, deciding to cache them is a no-brainer. But the decision gets trickier if pages must vary their content in response to one of the following:
-Query string parameters
-Client browser type (e.g., Internet Explorer, Netscape, and so on)
-Custom parameters
-Database content
Read MOre..
Thursday, January 22, 2009
what's new in Visual Studio 2010?
1. UML: Now draw UML diagram right from your Visual Studio. No need to buy another tool or go to Visio to do that.
2. Application Architecture Re-engineering: You have a ready made code-solution, now you have to explain it to some one but have documents. VS2010 will help you to draw an application architecture using you application code. This way you get a big picture of your application and also all linkages between different classes. Good for new joiners in an existing team.
3. Stuff for Manual Testers: Manual tester can breathe a lot better with VS2010 tools, log in all your test cases and select the test case to run and click record and then execute your test case as usual and see what you get. If test case passes, you get evidence (most clients in service based companies want that) as videos or if the test case fails, you get the steps to reproduce as videos. Cool, isn’t it?
4. Besides these a lot more in Unit Testing side.
5. A lot more features and integration with SharePoint.
6. Above all brings in .NET 4.0
Read More...
2. Application Architecture Re-engineering: You have a ready made code-solution, now you have to explain it to some one but have documents. VS2010 will help you to draw an application architecture using you application code. This way you get a big picture of your application and also all linkages between different classes. Good for new joiners in an existing team.
3. Stuff for Manual Testers: Manual tester can breathe a lot better with VS2010 tools, log in all your test cases and select the test case to run and click record and then execute your test case as usual and see what you get. If test case passes, you get evidence (most clients in service based companies want that) as videos or if the test case fails, you get the steps to reproduce as videos. Cool, isn’t it?
4. Besides these a lot more in Unit Testing side.
5. A lot more features and integration with SharePoint.
6. Above all brings in .NET 4.0
Read More...
Wednesday, January 21, 2009
Windows 7 SDK beta arrives
Last weekend, Microsoft unleashed the Windows 7 beta (take our in-depth tour) and the Windows Server 2008 R2 beta to the web. Due to the chaos and craze over downloading a beta operating system, many missed the news that Microsoft had also made the Windows 7 beta SDK available. If you're a developer, or you're just slightly interested, you can grab it from the Microsoft Download Center (1304.8MB). Here's what's on the .iso file:
The Windows SDK for Windows 7 and .NET Framework 3.5 SP1: BETA provides the documentation, samples, header files, libraries, and tools (including C++ compilers) that you need to develop applications to run on Windows 7 BETA and the .NET Framework 3.5 SP1. To build and run .NET Framework applications, you must have the corresponding version of the .NET Framework installed. This SDK is compatible with Visual Studio® 2008, including Visual Studio Express Editions, which are available free of charge.
If that got you interested, be sure to check out the Release Notes as well. The most important thing to note about this release is that the SDK will definitely change by the time Windows 7 is released, and developers should keep this in mind when they're using it. I would still recommend downloading it and getting a feel for what you'll want to update in your application to take advantage of the improvements of Vista's successor.
Read More...
The Windows SDK for Windows 7 and .NET Framework 3.5 SP1: BETA provides the documentation, samples, header files, libraries, and tools (including C++ compilers) that you need to develop applications to run on Windows 7 BETA and the .NET Framework 3.5 SP1. To build and run .NET Framework applications, you must have the corresponding version of the .NET Framework installed. This SDK is compatible with Visual Studio® 2008, including Visual Studio Express Editions, which are available free of charge.
If that got you interested, be sure to check out the Release Notes as well. The most important thing to note about this release is that the SDK will definitely change by the time Windows 7 is released, and developers should keep this in mind when they're using it. I would still recommend downloading it and getting a feel for what you'll want to update in your application to take advantage of the improvements of Vista's successor.
Read More...
Sunday, January 18, 2009
Authentication, Authorization in ASP.Net 2.0
Authentication and authorization is essential for the purpose of security in any software. Web projects require the technology of authentication and authorization to prevent the systems from the outside attacks. You can never keep your documents safe unless there is technology for protecting your documents from the hackers and malicious programs. Authentication is required for checking the identity of the person who wants to get the access inside your network and authorization is needed to give the permission for accessing particular resource.
Let us discuss the topic in detail:
1. Whenever user logs on to the computer system using the password there is need of authentication and authorization for allowing the user to use the system of the workplace. ASP.net provides the facility to authenticate the user and then provide the authorization for accessing the resources. There are three types of authentication which are used in Asp.net. Form authentication, window authentication and passport authentication.
2. Authorization is performed by the IIS which is used in ASP.net. If the user is not authenticated then IIS configuration setting does not allow the entrance of user to access the resources. Authentication is done using the tickets. Cookies are stored and used by the authentication system for checking the user authentication and providing permission for accessing the resources.
3. You can use the built in ASP.net facility for authentication and authorization. You can customize the Asp.net facilities for making it suitable according to your usage. Password and login id can be changed for making easy processing. Password of the user can be checked and new password can be issued for new user. You can add the new user in the existing system. There are many new features in the updated version.
Authentication is performed using the IIS feature in ASP.net with the help of the tracking of the cookie. Cookies play an important role in authenticating the user.
4. Authorization is performed perfectly by the ASP.net improved functionality. You can add many users and database tables must be updated. Authentication in ASP.net uses the database tables for authentication and users are checked for the existence.
5. Cookies are used for the authentication but some browsers do not support the functionality. So tickets are attached for authenticating the users. Secure socket layer is also applicable and provides security to the online users. Time out is also used for detaching the user from the server and again the password and login id comes in to play.
Read More...
Let us discuss the topic in detail:
1. Whenever user logs on to the computer system using the password there is need of authentication and authorization for allowing the user to use the system of the workplace. ASP.net provides the facility to authenticate the user and then provide the authorization for accessing the resources. There are three types of authentication which are used in Asp.net. Form authentication, window authentication and passport authentication.
2. Authorization is performed by the IIS which is used in ASP.net. If the user is not authenticated then IIS configuration setting does not allow the entrance of user to access the resources. Authentication is done using the tickets. Cookies are stored and used by the authentication system for checking the user authentication and providing permission for accessing the resources.
3. You can use the built in ASP.net facility for authentication and authorization. You can customize the Asp.net facilities for making it suitable according to your usage. Password and login id can be changed for making easy processing. Password of the user can be checked and new password can be issued for new user. You can add the new user in the existing system. There are many new features in the updated version.
Authentication is performed using the IIS feature in ASP.net with the help of the tracking of the cookie. Cookies play an important role in authenticating the user.
4. Authorization is performed perfectly by the ASP.net improved functionality. You can add many users and database tables must be updated. Authentication in ASP.net uses the database tables for authentication and users are checked for the existence.
5. Cookies are used for the authentication but some browsers do not support the functionality. So tickets are attached for authenticating the users. Secure socket layer is also applicable and provides security to the online users. Time out is also used for detaching the user from the server and again the password and login id comes in to play.
Read More...
Friday, January 16, 2009
Important Features of DOT NET
1. Interoperability support
You can easily migrate from any programming language to the.net with an ease. You will find it really easy to migrate if you are from COM or java. In fact the Microsoft has the migration utility to automatically migrate existing java code into that of C#.
2. Common Language Runtime (CLR)
Microsoft has come up with this engine which is shared by all the programming language like C Sharp, VB, Visual C++, JavaScript, VB Script etc and the language supported by .net. With the help of CLR you can make base classes in C#, child class vb.net and aggregate in visual C++. This is really the idea which not only you but all of us have experienced to be very handy. This is really the most important achievement as far as the Microsoft is concerned.
3. Base Class Library
Can you guess why java appears to be so versatile and cross platform independent? Yes if you have guessed the class library then you are absolutely right. However you will find it really great how it is implemented in the .net technology. It has moved a step further by making them available for all the languages. With them you are now capable of using features like string manipulation, exception handling, remoting, collection management construct in the same way for all the languages that are supported by the CLI.
4. Common type system( CTS)
You will really be amazed when you will come to know that the data types remain the same as far as all the languages supported by the ClI is concerned.
5. Easy deployment technique
The applications can now be deployed easily with just the help of XCOPY of the assemblies, asp.net files and configuration file. There is no more the need of the DLL.
6. Improved web services
With the implementation of Web technologies like ASP.NET you will definitely find that you can now develop more advance and powerful web application.
Read More...
You can easily migrate from any programming language to the.net with an ease. You will find it really easy to migrate if you are from COM or java. In fact the Microsoft has the migration utility to automatically migrate existing java code into that of C#.
2. Common Language Runtime (CLR)
Microsoft has come up with this engine which is shared by all the programming language like C Sharp, VB, Visual C++, JavaScript, VB Script etc and the language supported by .net. With the help of CLR you can make base classes in C#, child class vb.net and aggregate in visual C++. This is really the idea which not only you but all of us have experienced to be very handy. This is really the most important achievement as far as the Microsoft is concerned.
3. Base Class Library
Can you guess why java appears to be so versatile and cross platform independent? Yes if you have guessed the class library then you are absolutely right. However you will find it really great how it is implemented in the .net technology. It has moved a step further by making them available for all the languages. With them you are now capable of using features like string manipulation, exception handling, remoting, collection management construct in the same way for all the languages that are supported by the CLI.
4. Common type system( CTS)
You will really be amazed when you will come to know that the data types remain the same as far as all the languages supported by the ClI is concerned.
5. Easy deployment technique
The applications can now be deployed easily with just the help of XCOPY of the assemblies, asp.net files and configuration file. There is no more the need of the DLL.
6. Improved web services
With the implementation of Web technologies like ASP.NET you will definitely find that you can now develop more advance and powerful web application.
Read More...
Monday, January 12, 2009
Things you should adopt or avoid while web development
“WEBSITE” is the best platform that brings you in contact with your customers. It must be impressive and lucrative in terms of traffic generation and improving market value. Your website should be excellent in terms of creativity, indigenous approach, web 2.0 implementation, table/table less and capable of talking good to your clients. This means that your website should be able to create an impression upon your clients and convince them on dealing with you. To get more and more traffic your web development has to be placed properly.
Here are few tips, which will tell you what is good for you website development. What should be your website tools that would render your web development process in real time?
* Your website is informative and helpful to your visitor.
* Content must be an imperative criterion in web development.
* Content you are using is unique and genuine.
* Common features like content, image, less usage of java scripts, to the point write-ups and smooth navigation aptitude should be present in you website.
* Website is able to bring other aspects of web development like less loading time and usage of graphic images.
* Do not exaggerate on ideas and concepts to such a degree that people discontinue believing in your website.
* The additional number of graphic images and heavy scripting codes, and presentation will slower your website to download. So be sure about it!
* “Trust” indeed is a prerequisite, which makes a website triumphant and popular amongst visitors.
Read More...
Here are few tips, which will tell you what is good for you website development. What should be your website tools that would render your web development process in real time?
* Your website is informative and helpful to your visitor.
* Content must be an imperative criterion in web development.
* Content you are using is unique and genuine.
* Common features like content, image, less usage of java scripts, to the point write-ups and smooth navigation aptitude should be present in you website.
* Website is able to bring other aspects of web development like less loading time and usage of graphic images.
* Do not exaggerate on ideas and concepts to such a degree that people discontinue believing in your website.
* The additional number of graphic images and heavy scripting codes, and presentation will slower your website to download. So be sure about it!
* “Trust” indeed is a prerequisite, which makes a website triumphant and popular amongst visitors.
Read More...
Friday, January 9, 2009
Mount Remote FTP And Webdav Servers
NetDrive is a software to mount remote ftp and webdav servers that somehow has never been mentioned at Ghacks before. That’s a rare occurrence especially if the software is well designed and free. A large portion of webmasters have to connect to remote ftp servers regularly to update files on the website. There are obviously other ways to update files like an admin interface that allows the direct manipulation of files on the server.
An alternative to connecting to remote ftp servers with ftp programs is to mount the ftp server as a local drive on the computer system. NetDrive provides the means to do that.
The software comes with a clean interface that has several popular ftp servers preinstalled. New servers can be added by providing the IP, port, username, password and drive letter for that connection. There is also a setting to define when the ftp server or webdav server should be added as a drive letter. The options are to do that when the system starts or when NetDrive starts.
Read More..
An alternative to connecting to remote ftp servers with ftp programs is to mount the ftp server as a local drive on the computer system. NetDrive provides the means to do that.
The software comes with a clean interface that has several popular ftp servers preinstalled. New servers can be added by providing the IP, port, username, password and drive letter for that connection. There is also a setting to define when the ftp server or webdav server should be added as a drive letter. The options are to do that when the system starts or when NetDrive starts.
Read More..
Wednesday, January 7, 2009
The Importance of J2EE Server in the software scenario ?
Businesses all over the globe have realized that they can gain a sustainable advantage over their peers by developing custom applications for their unique business needs.
Quick development and deployment are required whether in-house applications for raising employee efficiency are being created or rich Internet applications to cater to the specialized needs of the clients are being developed.
Another issue, which is of concern to enterprises, is the portability and scalability of their enterprise applications. An enterprise application is viable only when it is easily portable across platforms and devices. Scalability is also another parameter, which decides the long-term feasibility of an application. Enterprise applications must be scalable so that they can be scaled up to accommodate thousands of users simultaneously. J2EE based enterprise applications can be executed across platforms and are functional across devices.
J2EE Development services for established as well as emerging companies across the world.
1. Multi-platform support language and support for web-services also
2. Develop dynamic web applications for e commerce, e learning, polls, HTML forms processing, and more.
3. Combine Java technology-based applications or services to create highly customized applications or services.
The J2EE platform provides a multi-tiered distributed application model, the ability to reuse components, a unified security model, and flexible transaction control. Not only can you deliver innovative customer solutions to market faster than ever, but your platform independent J2EE component based solutions are not tied to the products and APIs of any one vendor. .
The J2EE specification defines the following kinds of components:
Servlet and Java Server Pages (JSP) components (also called Web components): These typically execute in a web server and respond to HTTP requests from web clients. Servlet and JSP pages may be used to generate HTML (or even XML) pages that are an application’s user interface.
Enterprise Java Beans (EJB) components: These execute in a managed environment that supports transactions. Enterprise beans typically contain the business logic for a J2EE application
It is always advisable for outsourcing Java to a company which houses experienced and technically qualified Java professionals which ensures best services and that too in perfect quality.
J2EE or the Java to Enterprise Edition platform developed by Sun Microsystems stipulates the criterion for developing multi-tier enterprise applications. The J2EE platform leverages the robustness of the Java programming language that allows developers to write the code only once and execute the application on any platform. Presently more than two-thirds of development managers use the J2EE platform to develop and deploy their applications.
The user level web application are generally created in the simple HTML, DHTML, sometimes the complex COM and Java script applets. Most of the softwares that were developed earlier were based on the client server architecture, which needed it to be installed separately in each of the user’s computer. Upgrading such web application became extremely difficult as it involved upgrading each and every machine in which it was earlier installed. Another hassle that the client server custom application development required was to license it every time you installed a web application in your computer.
Most database driven applications that are developed using open source technologies have a three-tier structure. The web application itself runs in the browser of a desktop or a laptop. Users can only access the front end of the application to input data or search strings. Java being platform independent allows applications to be accessed on any device like a pda or cellphone or any telnet device.
Enterprise Java bean application development occurs by employing a three-tier architecture consisting of a front end known as the web container, an EJB container, the third tier being the database. This three-tier structure has proved to be immensely useful for enterprise application development.
Read More...
Quick development and deployment are required whether in-house applications for raising employee efficiency are being created or rich Internet applications to cater to the specialized needs of the clients are being developed.
Another issue, which is of concern to enterprises, is the portability and scalability of their enterprise applications. An enterprise application is viable only when it is easily portable across platforms and devices. Scalability is also another parameter, which decides the long-term feasibility of an application. Enterprise applications must be scalable so that they can be scaled up to accommodate thousands of users simultaneously. J2EE based enterprise applications can be executed across platforms and are functional across devices.
J2EE Development services for established as well as emerging companies across the world.
1. Multi-platform support language and support for web-services also
2. Develop dynamic web applications for e commerce, e learning, polls, HTML forms processing, and more.
3. Combine Java technology-based applications or services to create highly customized applications or services.
The J2EE platform provides a multi-tiered distributed application model, the ability to reuse components, a unified security model, and flexible transaction control. Not only can you deliver innovative customer solutions to market faster than ever, but your platform independent J2EE component based solutions are not tied to the products and APIs of any one vendor. .
The J2EE specification defines the following kinds of components:
Servlet and Java Server Pages (JSP) components (also called Web components): These typically execute in a web server and respond to HTTP requests from web clients. Servlet and JSP pages may be used to generate HTML (or even XML) pages that are an application’s user interface.
Enterprise Java Beans (EJB) components: These execute in a managed environment that supports transactions. Enterprise beans typically contain the business logic for a J2EE application
It is always advisable for outsourcing Java to a company which houses experienced and technically qualified Java professionals which ensures best services and that too in perfect quality.
J2EE or the Java to Enterprise Edition platform developed by Sun Microsystems stipulates the criterion for developing multi-tier enterprise applications. The J2EE platform leverages the robustness of the Java programming language that allows developers to write the code only once and execute the application on any platform. Presently more than two-thirds of development managers use the J2EE platform to develop and deploy their applications.
The user level web application are generally created in the simple HTML, DHTML, sometimes the complex COM and Java script applets. Most of the softwares that were developed earlier were based on the client server architecture, which needed it to be installed separately in each of the user’s computer. Upgrading such web application became extremely difficult as it involved upgrading each and every machine in which it was earlier installed. Another hassle that the client server custom application development required was to license it every time you installed a web application in your computer.
Most database driven applications that are developed using open source technologies have a three-tier structure. The web application itself runs in the browser of a desktop or a laptop. Users can only access the front end of the application to input data or search strings. Java being platform independent allows applications to be accessed on any device like a pda or cellphone or any telnet device.
Enterprise Java bean application development occurs by employing a three-tier architecture consisting of a front end known as the web container, an EJB container, the third tier being the database. This three-tier structure has proved to be immensely useful for enterprise application development.
Read More...
Sunday, January 4, 2009
Ajax application Security
Ajax is not issue about application security but application programming model dose make application vulnerability more porous as per software engineering.JavaScript-powered client-server interactions do enlarge the attack surface.
Ajax application security issue can be address by take care in desiging of application architechture.Here I will going to introduce that thing which can resolve the Ajax application security problem.
SQL Injection : In these attacks, hackers first research common SQL error messages to find vulnerable pages and then modify Select statements to, for example, use a simple TextBox to gain access to a database. Ajax complicates matters because it makes it possible to write SQL expressions on the client side.
Tips to prevent this kind of attacke are:
1. Use CustomErrors pages in the WebConfig file to prevent attackers from identifying an application's particular vulnerability.
2. Use Stored procedures or parameterized SQL queries instead of dynamically created SQL queries.
3. Perform input validation on the server side, not through JavaScript.
4. Use the Least Privileges account for your database and do not allow access to system data. This builds on the notion that security should be implemented in single layers, Software Engineering stated: "You don't want them to be able to thwart one and then get to the data."
Information Leakage : If the JavaScript APIs that power an Ajax application are not properly secured, hackers can use application workflow data exposed on the client side to piece together server-side services. The best way to protect against this, not surprisingly, is to keep security validation on the server side. The only validation that should occur on the client side is that which defines the user experience
Cross site Scripting : In these attacks, hackers foist malicious JavaScript onto unsuspecting users. This tends to happen on Web sites featuring a simple TextBox and a button click that encapsulates text. Instead of, say, posting a comment in a forum, hackers will use this TextBox to put in a script tag to transfer large sums of money from your bank account to theirs. Ajax, as you might expect, leaves more APIs open than does a traditional Web application.
To Protect against Cross-site-scripting I would urge you to do your own validation to make sure you're not allowing this type of input." To best accomplish this, he recommended the use of a white list, which specifically states only the characters that a user is allowed to type in the TextBox. Make sure this list does not include script tags or HTML code.
Cross-Site Request Forging: These attacks use malicious image tags in emails and leverage browser cookies. The image acts as a placeholder for what is really a query string to make that aforementioned money transfer. Once that page loads, the image request triggers an HTTP GET action, and cookies are passed along with it. "The variables coming in from the query string look exactly the same as a post. It's using that cookie that's stored on your computer, and your information, to make that query work,"
Protecting against cross-site request forging involves three best practices, he continued. The first is to use HTTP POST data as opposed to HTTP GET data; the latter can be used for retrieving data, but it should not be used for performing any sort of action using that data. The second is to use one-time, per-token requests. The third is to stand up to nagging end users and stop using persistent cookies for authentication -- especially if sensitive data sits behind a log-in screen.
JavaScript Hijacking: This variation of cross-site request forging, which thanks to ASP.NET and IIS authentication does not occur in Internet Explorer, sets script tags to a particular URL that, when HTTP GET is passed, will return a JSON-formatted string. From there, the hacker modifies the object prototype to peer into JSON values when they are created. In addition to using the HTTP POST protocol, Lombardo said the best way to protect against JavaScript hijacking is to encode JSON strings on the server side, not the client side.
Lombardo offered two tidbits of advice that were not covered in his discussions of the five common Ajax security vulnerabilities.
First, he recommended removing the WSDL from Web services, as this only gives hackers information about an application that they otherwise would not be able to determine.
Read More..
Ajax application security issue can be address by take care in desiging of application architechture.Here I will going to introduce that thing which can resolve the Ajax application security problem.
SQL Injection : In these attacks, hackers first research common SQL error messages to find vulnerable pages and then modify Select statements to, for example, use a simple TextBox to gain access to a database. Ajax complicates matters because it makes it possible to write SQL expressions on the client side.
Tips to prevent this kind of attacke are:
1. Use CustomErrors pages in the WebConfig file to prevent attackers from identifying an application's particular vulnerability.
2. Use Stored procedures or parameterized SQL queries instead of dynamically created SQL queries.
3. Perform input validation on the server side, not through JavaScript.
4. Use the Least Privileges account for your database and do not allow access to system data. This builds on the notion that security should be implemented in single layers, Software Engineering stated: "You don't want them to be able to thwart one and then get to the data."
Information Leakage : If the JavaScript APIs that power an Ajax application are not properly secured, hackers can use application workflow data exposed on the client side to piece together server-side services. The best way to protect against this, not surprisingly, is to keep security validation on the server side. The only validation that should occur on the client side is that which defines the user experience
Cross site Scripting : In these attacks, hackers foist malicious JavaScript onto unsuspecting users. This tends to happen on Web sites featuring a simple TextBox and a button click that encapsulates text. Instead of, say, posting a comment in a forum, hackers will use this TextBox to put in a script tag to transfer large sums of money from your bank account to theirs. Ajax, as you might expect, leaves more APIs open than does a traditional Web application.
To Protect against Cross-site-scripting I would urge you to do your own validation to make sure you're not allowing this type of input." To best accomplish this, he recommended the use of a white list, which specifically states only the characters that a user is allowed to type in the TextBox. Make sure this list does not include script tags or HTML code.
Cross-Site Request Forging: These attacks use malicious image tags in emails and leverage browser cookies. The image acts as a placeholder for what is really a query string to make that aforementioned money transfer. Once that page loads, the image request triggers an HTTP GET action, and cookies are passed along with it. "The variables coming in from the query string look exactly the same as a post. It's using that cookie that's stored on your computer, and your information, to make that query work,"
Protecting against cross-site request forging involves three best practices, he continued. The first is to use HTTP POST data as opposed to HTTP GET data; the latter can be used for retrieving data, but it should not be used for performing any sort of action using that data. The second is to use one-time, per-token requests. The third is to stand up to nagging end users and stop using persistent cookies for authentication -- especially if sensitive data sits behind a log-in screen.
JavaScript Hijacking: This variation of cross-site request forging, which thanks to ASP.NET and IIS authentication does not occur in Internet Explorer, sets script tags to a particular URL that, when HTTP GET is passed, will return a JSON-formatted string. From there, the hacker modifies the object prototype to peer into JSON values when they are created. In addition to using the HTTP POST protocol, Lombardo said the best way to protect against JavaScript hijacking is to encode JSON strings on the server side, not the client side.
Lombardo offered two tidbits of advice that were not covered in his discussions of the five common Ajax security vulnerabilities.
First, he recommended removing the WSDL from Web services, as this only gives hackers information about an application that they otherwise would not be able to determine.
Read More..
Friday, December 26, 2008
How to Use .NET 3.5 Features and C# 3.0 Syntax in .NET 2.0?
It is possible to benefit from some of the .NET 3.5 features and new syntactic sugar in C# 3.0, while still targeting customers that have only .NET 2.0 Framework. That's because these two versions share the same .NET CLR and mainly differ in the set of libraries available and compiler being used.
Features that you can leverage, while targeting .NET 2.0 Framework:
local variable inference;
anonymous types;
object initializers;
extension methods;
query expressions (LINQ syntax);
lambda expressions;
LINQ for objects;
new C# compiler that produces better code.
I've done this for production scenarios with ASP.NET Forms and Windows.Forms and everything has been working fine. It is possible that things like WCF or Linq2DB might also be supported, but I've never given it a try.
Below you will find different options for doing this in your solutions.
Note, that in any scenario you still need Visual Studio 2008 to develop these solutions.
Referencing LinqBridge
1. Create new project targeting .NET 2.0 Framework in Visual Studio 2008. This will already give you new syntax capabilities of C# 3.0
2. Download LinqBridge
3. Reference it in the project to get support for the extension methods and LINQ extensions.
Read More...
Features that you can leverage, while targeting .NET 2.0 Framework:
local variable inference;
anonymous types;
object initializers;
extension methods;
query expressions (LINQ syntax);
lambda expressions;
LINQ for objects;
new C# compiler that produces better code.
I've done this for production scenarios with ASP.NET Forms and Windows.Forms and everything has been working fine. It is possible that things like WCF or Linq2DB might also be supported, but I've never given it a try.
Below you will find different options for doing this in your solutions.
Note, that in any scenario you still need Visual Studio 2008 to develop these solutions.
Referencing LinqBridge
1. Create new project targeting .NET 2.0 Framework in Visual Studio 2008. This will already give you new syntax capabilities of C# 3.0
2. Download LinqBridge
3. Reference it in the project to get support for the extension methods and LINQ extensions.
Read More...
Tuesday, December 23, 2008
Visual Studio 2008 simplifies JavaScript debugging
With Visual Studio 2008 installed, there is one additional requirement for enabling JavaScript debugging: Internet Explorer must have script debugging enabled. This setting is available via the Tools | Internet Options menu within Internet Explorer. Once the Internet Options dialog box is open, select the Advanced tab and the Disable Script Debugging option is located in the Browsing section. It should not be checked so that it is enabled.
Features
The JavaScript debugger presents many standard debugging features. The following list provides a review of some of these features.
* Breakpoints: Breakpoints allow you to stop code execution at specific points within the source code. JavaScript breakpoints work just like C#/VB breakpoints.
Breakpoints are set/cleared by clicking to the left of the code within the IDE; by using the Debug menu or by using the Breakpoint Context menu available by right-clicking on the code. In addition, you may create conditional breakpoints to allow you to define conditions for the breakpoint, as well as set up a macro to run or a message to print when the breakpoint is triggered. Breakpoints are viewable in the Watch window located by default in the lower left of Visual Studio 2008.
* Call Stack: The Call Stack tab in the lower right of Visual Studio 2008 allows you to view what is being called when the ASP.NET page is loaded/running.
* Locals: The Locals tab in the lower left of Visual Studio 2008 allows you to view the values of variables and objects during script execution. Also, you may change the contents of one of the local variables while the page is running.
* Execute code: The Immediate Window tab in the lower right of Visual Studio 2008 allows you to execute JavaScript code on-the-fly during page execution.
Read More...
Features
The JavaScript debugger presents many standard debugging features. The following list provides a review of some of these features.
* Breakpoints: Breakpoints allow you to stop code execution at specific points within the source code. JavaScript breakpoints work just like C#/VB breakpoints.
Breakpoints are set/cleared by clicking to the left of the code within the IDE; by using the Debug menu or by using the Breakpoint Context menu available by right-clicking on the code. In addition, you may create conditional breakpoints to allow you to define conditions for the breakpoint, as well as set up a macro to run or a message to print when the breakpoint is triggered. Breakpoints are viewable in the Watch window located by default in the lower left of Visual Studio 2008.
* Call Stack: The Call Stack tab in the lower right of Visual Studio 2008 allows you to view what is being called when the ASP.NET page is loaded/running.
* Locals: The Locals tab in the lower left of Visual Studio 2008 allows you to view the values of variables and objects during script execution. Also, you may change the contents of one of the local variables while the page is running.
* Execute code: The Immediate Window tab in the lower right of Visual Studio 2008 allows you to execute JavaScript code on-the-fly during page execution.
Read More...
Thursday, December 18, 2008
Beep in C# Console Application
How to Alert the user in C# console application
You can use “\a” to alert the user with the system beep sound. The following example alerts the user for input
private static void KeywordExample()
{
Console.Write("\a Your name please" );
string @MyString = Console.ReadLine();
Console.Write(@MyString);
}
Read more..
You can use “\a” to alert the user with the system beep sound. The following example alerts the user for input
private static void KeywordExample()
{
Console.Write("\a Your name please" );
string @MyString = Console.ReadLine();
Console.Write(@MyString);
}
Read more..
Monday, December 15, 2008
Microsoft Azure Services Platform
What is it?
It’s a platform where you can deploy and manage new services or even complete web applications into the “cloud”, in addition to make use of existing services already provided by the platform. This is often referred to as cloud computing. Today the Azure platform contains the following services: Windows Azure (the platform), Microsoft .Net Services, Microsoft SQL Services and Live Services. Microsoft SharePoint Services and Microsoft Dynamics CRM Services are also mentioned in relation to the platform. All of these services make up the Microsoft Azure Services Platform. By reading these names you may see the potential naming confusion? When you say Azure, do you mean Windows Azure or Azure Services Platform?
Now you may ask, what is it really? From a simplified developers perspective it’s a platform on the internet (the cloud). Instead of hosting your web application/service on your local server, you publish it into the cloud. In addition it gives you access to the services you need to build a multi-tier architecture. From another perspective it’s big monster of a datacenter providing you with a lot of data power (virtual Win 2008 servers) to do your stuff, giving you the option to scale up and down at will or dynamically.
How committed are Microsoft to this platform?
As committed as they’ve never ever been before with anything as far as I can remember! They invest heavily in the technology and infrastructure needed to support this platform. By heavily I mean they’ve told the marked that this is such a huge investment that it will highly impact Microsoft’s money bin. As an example of this, here’s a short description of what they’re doing with their datacenters needed to host this beast:
Every datacenter is set up of a grid of physical and virtual computers. These computers are delivered by HP and Dell and some in preconfigured shipping containers ready to be plugged in. I don’t mean the computers are ready to be plugged in, but the containers! What Microsoft then does is put a bunch of these containers close to a power plant (for obvious reasons), plug all the containers in and they’re up and running. At least that’s how it was described to me The applications, services, data etc you have put into this cloud is distributed across many VM’s, meaning if a VM or server (hosting VM’s) goes down, it’s not a problem. There is always some VM on some server holding your data. Actually the shipping containers I mentioned are remotely managed and MS never enters any of these containers for maintenance. If a computer goes down and does not come up again, it just stays down. If this happens to a certain number of servers within one container, the whole container is disconnected from the grid and sent back to HP or Dell to be fixed, without affecting any of the applications or services! This little story told by Clemens Vasters really says a lot of the scale on this monster!
read MOre..
It’s a platform where you can deploy and manage new services or even complete web applications into the “cloud”, in addition to make use of existing services already provided by the platform. This is often referred to as cloud computing. Today the Azure platform contains the following services: Windows Azure (the platform), Microsoft .Net Services, Microsoft SQL Services and Live Services. Microsoft SharePoint Services and Microsoft Dynamics CRM Services are also mentioned in relation to the platform. All of these services make up the Microsoft Azure Services Platform. By reading these names you may see the potential naming confusion? When you say Azure, do you mean Windows Azure or Azure Services Platform?
Now you may ask, what is it really? From a simplified developers perspective it’s a platform on the internet (the cloud). Instead of hosting your web application/service on your local server, you publish it into the cloud. In addition it gives you access to the services you need to build a multi-tier architecture. From another perspective it’s big monster of a datacenter providing you with a lot of data power (virtual Win 2008 servers) to do your stuff, giving you the option to scale up and down at will or dynamically.
How committed are Microsoft to this platform?
As committed as they’ve never ever been before with anything as far as I can remember! They invest heavily in the technology and infrastructure needed to support this platform. By heavily I mean they’ve told the marked that this is such a huge investment that it will highly impact Microsoft’s money bin. As an example of this, here’s a short description of what they’re doing with their datacenters needed to host this beast:
Every datacenter is set up of a grid of physical and virtual computers. These computers are delivered by HP and Dell and some in preconfigured shipping containers ready to be plugged in. I don’t mean the computers are ready to be plugged in, but the containers! What Microsoft then does is put a bunch of these containers close to a power plant (for obvious reasons), plug all the containers in and they’re up and running. At least that’s how it was described to me The applications, services, data etc you have put into this cloud is distributed across many VM’s, meaning if a VM or server (hosting VM’s) goes down, it’s not a problem. There is always some VM on some server holding your data. Actually the shipping containers I mentioned are remotely managed and MS never enters any of these containers for maintenance. If a computer goes down and does not come up again, it just stays down. If this happens to a certain number of servers within one container, the whole container is disconnected from the grid and sent back to HP or Dell to be fixed, without affecting any of the applications or services! This little story told by Clemens Vasters really says a lot of the scale on this monster!
read MOre..
Wednesday, December 10, 2008
Microsoft Releases First BizTalk 2009 Server Beta
Microsoft today released the public beta of BizTalk Server 2009 along with modules aimed at simplifying RFID deployments.
The BizTalk Server 2009 beta is the first public test version of Microsoft's latest services oriented architecture (SOA)-based integration platform. Microsoft indicated in September that the beta release was imminent. The live version is still on pace to ship in the first half of 2009, said Burley Kawasaki, a director with Microsoft's connected systems division.
"It's a feature complete release," Kawasaki said. "We're looking forward to gaining a lot more feedback on the release as part of finalizing it." The beta is available for download from Microsoft's Connect Web site to existing BizTalk customers subscribing to Microsoft's Software Assurance licensing program.
There are no major surprises in the release, commented Forrester analyst Ken Vollmer, but it is an important upgrade. "BizTalk has been widely used for low-end b-to-b connectivity, but it's gradually maturing and growing into a much more capable product in the enterprise integration space," Vollmer said.
BizTalk Server 2009 supports the latest versions of Microsoft's platform, notably the Windows Communications Foundation (WCF) component of the .NET Framework 3.5 SP1. With that comes support for Visual Studio 2008 SP1 and the latest releases of SQL Server and Windows Server. It also will support native Hyper-V, improved clustering, improved failover clustering, and added adaptors and host integration interfaces. It has a new registry based on the UDDI 3.0 specifications.
Read More...
The BizTalk Server 2009 beta is the first public test version of Microsoft's latest services oriented architecture (SOA)-based integration platform. Microsoft indicated in September that the beta release was imminent. The live version is still on pace to ship in the first half of 2009, said Burley Kawasaki, a director with Microsoft's connected systems division.
"It's a feature complete release," Kawasaki said. "We're looking forward to gaining a lot more feedback on the release as part of finalizing it." The beta is available for download from Microsoft's Connect Web site to existing BizTalk customers subscribing to Microsoft's Software Assurance licensing program.
There are no major surprises in the release, commented Forrester analyst Ken Vollmer, but it is an important upgrade. "BizTalk has been widely used for low-end b-to-b connectivity, but it's gradually maturing and growing into a much more capable product in the enterprise integration space," Vollmer said.
BizTalk Server 2009 supports the latest versions of Microsoft's platform, notably the Windows Communications Foundation (WCF) component of the .NET Framework 3.5 SP1. With that comes support for Visual Studio 2008 SP1 and the latest releases of SQL Server and Windows Server. It also will support native Hyper-V, improved clustering, improved failover clustering, and added adaptors and host integration interfaces. It has a new registry based on the UDDI 3.0 specifications.
Read More...
Microsoft Releases Open-source Content Management App
Microsoft has released an early version of an open-source content management platform that developers can use to build sophisticated blogs or large Web sites.
Called Oxite, its creators describe it as a standards-compliant and highly extensible content management platform. They built it not because there is a need for another blog engine, but because they were building the MIX Online site for Web designers and wanted to offer an example of a use for ASP.NET MVC, according to the Oxite Web site.
ASP.NET MVC lets developers use ASP.NET to build Web applications using an architecture called model-view-controller. Microsoft released a preview of the ASP.NET MVC framework, designed to make it easier for developers to test applications, late last year.
Oxite includes a number of important blog functions that can be complex to implement, according to Microsoft. The framework offers many features common in blogs, including pingbacks, trackbacks, anonymous or authenticated comments with the option to moderate comments, RSS feeds for any page and a Web administration panel.
It's also designed for users to easily add new Web pages and sub-pages.
At first glance Oxite appears to compete with established blogging products including those from Six Apart. However, Microsoft says that Oxite is designed for developers, rather than less-technical Web users wanting to set up a blog.
Read More..
Called Oxite, its creators describe it as a standards-compliant and highly extensible content management platform. They built it not because there is a need for another blog engine, but because they were building the MIX Online site for Web designers and wanted to offer an example of a use for ASP.NET MVC, according to the Oxite Web site.
ASP.NET MVC lets developers use ASP.NET to build Web applications using an architecture called model-view-controller. Microsoft released a preview of the ASP.NET MVC framework, designed to make it easier for developers to test applications, late last year.
Oxite includes a number of important blog functions that can be complex to implement, according to Microsoft. The framework offers many features common in blogs, including pingbacks, trackbacks, anonymous or authenticated comments with the option to moderate comments, RSS feeds for any page and a Web administration panel.
It's also designed for users to easily add new Web pages and sub-pages.
At first glance Oxite appears to compete with established blogging products including those from Six Apart. However, Microsoft says that Oxite is designed for developers, rather than less-technical Web users wanting to set up a blog.
Read More..
Tuesday, December 9, 2008
Google Chrome fixes Hotmail by being Safari
Google is continuing its rapid development of its Chrome browser with the dev-channel release of Chrome version 0.4.154.33. Again this is mostly a bug fix, though two of the bugs are really interesting.
Bug #6482 fixes an issue with composing mail and switching folders in Hotmail. The really interesting part is that Google admits that Hotmail does not yet properly recognize the Chrome browser so users need to trick Hotmail into thinking that Chrome is actually Apple Safari (which is supported by Hotmail).
Here's the workaround from Google to make Chrome appear to be Safari for Hotmail use:
Add the following to the shortcut you use to launch Google Chrome: --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1 Safari/525.19" Right-click the Google Chrome shortcut, click Properties, and paste the line above to the end of the Target field.
Another interesting bug is #6418 which lets Google Desktop call Google Chrome as a default browser. Seems straight forward enough - though it sure does seem odd that Google Desktop wouldn't have fully supported Chrome from day one.
Read More..
Bug #6482 fixes an issue with composing mail and switching folders in Hotmail. The really interesting part is that Google admits that Hotmail does not yet properly recognize the Chrome browser so users need to trick Hotmail into thinking that Chrome is actually Apple Safari (which is supported by Hotmail).
Here's the workaround from Google to make Chrome appear to be Safari for Hotmail use:
Add the following to the shortcut you use to launch Google Chrome: --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Version/3.1 Safari/525.19" Right-click the Google Chrome shortcut, click Properties, and paste the line above to the end of the Target field.
Another interesting bug is #6418 which lets Google Desktop call Google Chrome as a default browser. Seems straight forward enough - though it sure does seem odd that Google Desktop wouldn't have fully supported Chrome from day one.
Read More..
Microsoft Visual Studio 2008 Professional
Visual Studio 2008 Professional Edition is a comprehensive set of tools that accelerates the process of turning the developer�s vision into reality. Visual Studio 2008 Professional Edition was engineered to support development projects that target the Web (including ASP.NET AJAX), Windows Vista, Windows Server 2008, The 2007 Microsoft Office system, SQL Server 2008, and Windows Mobile devices. The number of platforms that developers must target to meet business needs is increasing rapidly. Visual Studio 2008 Professional Edition provides the integrated toolset for addressing all of these needs by providing a superset of the functionality available in Visual Studio 2008 Standard Edition.
Today�s developers face the challenge of targeting a broad range of platforms and crafting applications that quickly deliver value to the business. Integrated designers and language features in Visual Studio allow developers to build the connected applications demanded by today�s businesses while taking advantage of the .NET Framework 3.5 to reduce development time.
Deliver high-performance applications
Connect to the data you need, regardless of its location, and build datadrivenapplications using Language Integrated Query (LINQ).
Build great client applications
Develop compelling solutions that leverage the user experience and capabilities of the 2007Microsoft Office system and Windows Vista�.
Build powerful Web applications
Build rich, interactive applications using the ASP.NET AJAX interactive Web interfaces.
What's New in 2008
-> Build applications that utilize the latest Web technologies with improved support for AJAX and Web Controls and the Microsoft AJAX Library
-> Create Web applications more easily with an improved design surface and standards support
-> Utilize data from any data source more smoothly with LINQ, a set of language extensions to Visual Basic and Visual C#
-> Manage and build applications that target multiple versions of the .NET Framework. For the first time, you can use one tool to work on applications that run on .NET Framework versions 2.0, 3.0, and 3.5
-> Ensure application correctness more easily with integrated unit testing in Visual Studio 2008 Professional Edition
-> Discover the full power of the .NET Framework 3.5 with integrated tools which simplify building great user experiences and connected systems
-> Build stunning user experiences with integrated designers for Windows Presentation Foundation. Experiences built with WPF can interoperate seamlessly with Windows Forms
-> Create connected applications using new visual designers for Windows Communications Foundation and Windows Workflow Foundation
-> Use Visual Studio�s professional development environment to build Microsoft Office-based solutions that are reliable, scalable, and easy to maintain (available in Visual Studio 2008 Professional Edition only)
-> Enhance collaboration between developers and designers to create more compelling user experiences
Read More..
Today�s developers face the challenge of targeting a broad range of platforms and crafting applications that quickly deliver value to the business. Integrated designers and language features in Visual Studio allow developers to build the connected applications demanded by today�s businesses while taking advantage of the .NET Framework 3.5 to reduce development time.
Deliver high-performance applications
Connect to the data you need, regardless of its location, and build datadrivenapplications using Language Integrated Query (LINQ).
Build great client applications
Develop compelling solutions that leverage the user experience and capabilities of the 2007Microsoft Office system and Windows Vista�.
Build powerful Web applications
Build rich, interactive applications using the ASP.NET AJAX interactive Web interfaces.
What's New in 2008
-> Build applications that utilize the latest Web technologies with improved support for AJAX and Web Controls and the Microsoft AJAX Library
-> Create Web applications more easily with an improved design surface and standards support
-> Utilize data from any data source more smoothly with LINQ, a set of language extensions to Visual Basic and Visual C#
-> Manage and build applications that target multiple versions of the .NET Framework. For the first time, you can use one tool to work on applications that run on .NET Framework versions 2.0, 3.0, and 3.5
-> Ensure application correctness more easily with integrated unit testing in Visual Studio 2008 Professional Edition
-> Discover the full power of the .NET Framework 3.5 with integrated tools which simplify building great user experiences and connected systems
-> Build stunning user experiences with integrated designers for Windows Presentation Foundation. Experiences built with WPF can interoperate seamlessly with Windows Forms
-> Create connected applications using new visual designers for Windows Communications Foundation and Windows Workflow Foundation
-> Use Visual Studio�s professional development environment to build Microsoft Office-based solutions that are reliable, scalable, and easy to maintain (available in Visual Studio 2008 Professional Edition only)
-> Enhance collaboration between developers and designers to create more compelling user experiences
Read More..
How to Retrieve a GridView Based on a CheckBoxList of Items with Asp.Net
The problem is you have a list that you want to retrieve from that contains multiple values. Say for example, you have a list of 5 cities and you want to retrieve a list of people in some combination of those cities. If you use the class SelectValue method with GridView you run out of steam because it’s only one value. What you’d really like to do is pass the CheckBoxList into the GridView as a selection parameter, but unfortunately, when you do that, you just get the one selected value from the CheckBoxList, not all the values.
I’m sure you can make a custom ControlParameter in ObjectDataSource to solve this, but I really don’t have time for that. I just wanted something quick (which I now have and thought I’d share).
Basically, what I did was create an invisible label on my GridView that will get the string of values I want to retrieve, then, my ObjectDataSource gets one value (the string) and parses it into small values. My plan is to do a quick run through of the code here, but then also post the project so you can see for yourself how it works.
Read MOre..
I’m sure you can make a custom ControlParameter in ObjectDataSource to solve this, but I really don’t have time for that. I just wanted something quick (which I now have and thought I’d share).
Basically, what I did was create an invisible label on my GridView that will get the string of values I want to retrieve, then, my ObjectDataSource gets one value (the string) and parses it into small values. My plan is to do a quick run through of the code here, but then also post the project so you can see for yourself how it works.
Read MOre..
Subscribe to:
Posts (Atom)