Tag Archives: .net

In research of a javascript library to be used with ASP.NET on my next project…

Leave a reply

Hi fellow readers,

Today I come to share with you how I choose a javascript library to be used on my new project.

I’m not talk about choosing just an AJAX library but I want some ‘full’ set of library which including both AJAX core and user interface core.

Here are my choices before consideration…

  • jQuery
  • YUI (Yahoo User Interface)
  • ExtJs

Sorry that I didn’t included other libraries because I’m not impressed with any other at all.

First, jQuery, this is by far the best AJAX + effect library for me personally. I really love it because it produces a ‘short’ script. Especially when compared to YUI.

However, what jQuery lack of is UI components. You have to find out 3rd party for yourself.

So, I decide to move on YUI which currently have a bunch of UI components included.

What I can say about YUI is I really impressed with it. It has a BUNCH of UI included in the library which you can select to use or bypass.

However, most of the script produced by YUI is so ‘long’ when compared to jQuery.

So, now, I hold on both YUI and jQuery and finding for a better library in the market.

I finally found ExtJs.

Try yourself and let me know how you feel about it.

I feel the ‘MOST’ impress with ExtJs.

Cool UI and effect and I decided to use it in combination with jQuery.

This will help me reduce much time to develop my project.

Technical details will be continued in the next part while I’m developing my project. :D

Talk soon,

Seree W.

Why you need validation in your web application?

Leave a reply

Hi folks,

Did you ever use ASP.NET validation controls?

If you never heard or never use it before, see on the toolbox at the “validation” group.

Those are all validation controls.

- RequiredFieldValidator

- RangeValidator

- CompareValidator

- RegularExpressionValidator

- CustomValidator

- ValidationSummary

The main point of this control group is to be used to validate the input form entered by user before doing any postback.

But why?

As we can implement validation easily in code-behind.

Right?

It had to say Yes and No.

Yes, because validation coding in server-side (code-behind) is easier to code.

No, because while you know at the client that the data is invalid. Why you will let user postback to server?

Waste of bandwidth.

Totally waste!

This is the main reason why you have to use validation controls in your web forms.

Because it’ll help to reduce the unnecessary roundtrip between client and web server.

This will not affect much on the application that consumes less resource.

But it will be a big pain on the application that consumes much resource.

So, when you are dealing with input form.

Always use validation controls!

I know it will help you much.

:-)

Cryptography in .NET – Part I

Leave a reply

Hi folks,

Today, let’s see what .NET was provided to developer like us about cryptography.

In this post, I’ll talk about a brief of cryptography. How .NEt handle it and how many way to do some cryptographic in .NET.

For sample of implementation, I’ll cover it all from basic encryption to decryption, hashing, using message authentication code (MAC), hash-based message authentication code (HMAC) and even Digital signature. But it’ll continue to the next part.

Here we’ll focus to the cryptography in System.Security.Cryptography namespace.

.NET has divided cryptography into three main functionality basis.

1. Basic cryptography – See about encrypt & decrypt.

2. Hashing algorithm – See about hash calculation.

3. Digital signature – See about digital signature to be used in data transfer on network.

Let’s talk a brief one-by-one. Begin with basic cryptography.

1. Basic Cryptography

It’s like what its name saids. It’s totally a basic function on cryptography. With basic cryptography like this, it have been divided into two sub models.

1.1 Symmetric Key

Someone call this “Secret Key” but in theoritical, it usually named as “Symmetric Key” in term.

With this model, the person who want to encrypt the data required a single key called “Secret Key” in encryption process. Someone call this key as “Private Key”. It’s equal in meaning.

When people want to decrypt the data, they need to use the “Secret Key” that used to encrypt the data.

This all means both encryptor and decryptor should have the same “Secret Key” to work properly.

This wasn’t much secured because you need to give away the “Key” to public people to encrypt the data and send back to you. So with this model, we’ll have a higher risk to be attacked by man-in-the-middle method. As he may know the “Key” that we distributes. This known as weakness of symmetric key model.

1.2 Asymmetric Keys

Someone call this “Public Key Cryptographic System” or “PKCS”. As you may seen its name “Asymmetric Keys”. See the “Keys” not a “Key”. This extra “s” means we’ll have more than one key in this model. This requires a pair of keys.

The first one we call it “Public Key” and the second one is “Private Key”.

“Public Key” will be distributed to public people who want to encrypt the data and send back to us.

The only thing you should know about “Public Key” is that it should be used to encrypt data only. It’s unable to decrypt the data that have been encrypt by itself.

When you want to decrypt it, you should use “Private Key” only. This means, the data collector will keep “Private Key” alone and no need to distribute “Private Key” to anyone except himself.

This model will lowering the risk of man-in-the-middle attack. It’s all because the data collector people not need to distribute “Private Key”. So, It’s much easier to keep it confidential.

All we’ve talk is about the basic cryptography. The next part I’ll cover into the next topic. Hashing algorithm in brief.

I’ll try to finish all brief on MAC, HMAC and Digital signature in the next part. After that, we’ll play with the sample code in real world case study. And not theoritically-based at all, because I hate theoritically sample!

See yah next part.

7 Tips made rendering HTML faster (Do it lately!)

2 Replies

Any serious web developers should experience a too long rendering time for his/her web pages. Here is the list that I usually do it before release my web application to production stage. I call it my “Optimization check-list”. Please note that, some of tip should be used on ASP.NET specifically and any other may not.

Please keep in mind that, these tips can be effectively used after you’ve completed develop your web application too. As it doesn’t required much effort to re-design or re-programming. I’ll release another tips series that can be done before development begin too as It’s very effective than these tips.

Let’s roll out your hand now. Continue reading

Prevent your .NET application from SQL Injection

Leave a reply

Hello everyone,

Now I’ll talking about a technique that script kiddies widely used to attack to the first wall of your application. If you’re a rookie for security topics on development then you may never heard about this before. In my .NET courses training experiences, most of my trainees never know about this issue before and they feel very surprises when I’ve hacked into their system in no time.

What is SQL injection?

Straightly, It’s something like you try to inject some unexpected characters into SQL querying process to gain the out-of-case result.

Let’s see it in more detail!

What should you do If you want to coding your application to authenticate user’s credential that kept in database?

So easy, right? I’m just querying the result from database with this simple SQL query and a few line of code.

Dim strSQL As String = “Select COUNT(*) From Members WHERE LoginName=’” & txtLoginName.Text & “‘ AND Password=’” & txtPassword.Text & “‘”

Dim cmd As New SqlCommand(strSQL, con)

cmd.ExecuteScalar()

It works perfectly! but how the it’ll handle if a hard core user input something unexpected into login name just like the following

xyz’ OR ’1′=’1

When it concatenate into SQL string. It’ll result in to… Continue reading

Real world ASP.NET authentication

Leave a reply

Hello everyone,

I’m here to say that most of ASP.NET books on the market didn’t provide you the effective way to use authentication cookies.

Assume that when you’re working with form-based authentication. (Setting in web.config) When we do some manual authentication method, we imports System.Web.Security and using FormsAuthentication.RedirectFromLoginPage(“userName”, false). The ASP.NET authentication engine will automatically create a cookie to persist authenticate status. This cookies was used to identify the user have been signed in or not. So, when we want to store some of user’s profile. How do we do it?

We can coding to create new cookie object to store those profile but we already known that ASP.NET authentication engine already created the cookie when signed in. The question should be “How do we access this cookie? Is it possible?”.

Certainly, you can do it. Please review the following code.

In your login button’s click event.

if(AuthSucceeded){ Continue reading

Create RSS Feed from your data with .NET

Leave a reply

Hello,

Today I’ll give you a quick guide on how to create RSS Feed channel from your existing data. Before we go to the implementation, let’s see a brief overview of What is RSS, Feed or Atom?

RSS, Feed or Atom is a format name of the method for latest generation webmaster to feed their own updated contents into external web sites or any external applications. I focus to the word updated contents because this is a point of the method. (Now I’ll call it RSS and no more Feed or Atom) The content that provide RSS Feed channel almost often updated.

RSS content can be read by any RSS reader software such as Internet Explorer 7.0, Mozilla FireFox, Microsoft Outlook or any third party. Sometime it called “Feed reader” or “Aggregator” instead of “RSS reader”. Most of RSS reader can monitoring the RSS Feed channel and seeing if there are any changes occurred in the content when compared to previous time. This is very useful when some user don’t want to spend too much time to load any UI as it takes so much time than actual contents. If you still don’t get an idea and you have some RSS reader installed, you can try it online here. (Sorry, but the content of the feed is in Thai language. Just prove to get you idea)

For webmaster or developer like us, If you want to build your web site to stay tuned with Web 2.0 trend. You should build RSS Feed channel to your web application to let external applications consume your data and get more traffics.

In technically terms. RSS, Feed or Atom are all just an XML file that had their own format which RSS reader can be read. You can see the sample of XML structure here. (Just RSS 2.0)

So, how can we coding to build up RSS Feed channel from the existing data? It’s very easy, easier than you thinks! Continue reading

VB.NET vs C# – Who will win?

Leave a reply

Hi all,

This is my first post on blog about Microsoft .NET development. So, let me say a little sorry about my bad English.
Let’s go to those day that C/C++ language dominating Visual Basic all the time. If I can remember it takes more than ten years now since Visual Basic for DOS (1.0). In this blog I’ll show the various perspective and conclude about these two languages of choices for developer to be chosen for Microsoft .NET development.

Let’s take a look after them!

Comparison begin, who will win?

For Visual Basic, this language had dominated the development community due to it’s ease of use, short learning curve, rich GUI(s) and many more reasons. As It’s really easy for people to learn and begin programming in no time!
Personally, I’ve used Visual Basic since version 3.0. In those time it still using 3.5″ diskettes for setup. The first time I try it, I’m wondering how they can made GUI programming very easy. But I never use it in any commercial applications as those time the application built from Visual Basic is so slow when comparing to any C++ based compiler. So, I’m sticking with Borland C++ and Visual C++. A few years quickly passed, I’ve a chance to try Visual Basic again but now for 5.0. It had been improved so much! Very impresses to me. However, Its performance still generate the reason that I should not use it cause of it’s so slow when comparing to C++ based. But that time I’m really think that its WYSIWYG is very good and will increase my productivity significantly. So, I decide to learn it in a little deep details. At last, I still consider to stick with C++ based as the speed really made me sick about it. But now I’m finding some tools that has a cool WYSIWYG but based on C++. So, now I got a really cool tools. Borland C++ Builder.
I used Borland C++ Builder instead of Microsoft Visual C++ with MFC for a couple of years until what Microsoft said it’ll be the next generation of software development platform named Microsoft .NET. So, now I got a chance to try again on Visual Basic. Now in version 7.0 aka VB.NET. When compared to C++ application with Win32API it still slow in nature. But the productivity was very high now for .NET. So, I use just a few days to decide to go on .NET platform instead of any Win32API or J2EE platform and using both C# and VB.NET until today.
In my experiences regards on both languages. VB.NET has higher productivity in means of a few line of code and less task effort when developing than C#. So, I call it higher productivity. C# also high productivity but in my opinion, VB.NET is better on this topic. But there are somethings you should know about VB.NET and C# when comparison is begin. I written below as one-by-one…

Performance
No one win! as it’ll produce the same output as based on Microsoft CLR. (Common Language Runtime) So, who think that C# will take ahead from VB.NET on performance. It does not!

Number of line
In my experiences, VB.NET may written less number of line in the same task but in most case It should be equal as they using the same class library.

3rd party components
Equality.

3rd party tools
C# is better as some refactoring/intellisense tools support only for C#.

OOP
Now both of them is fully OOP. In .NET 1.1, VB.NET can’t do operator overloading but in .NET 2.0, it fully support!

My personal conclusion
For my experiences, I preferred VB.NET on small to medium scale of project but C# for large. As on the internet community, I found many C# developers was better than VB.NET. I should not be 100% but for my idea. I think that VB.NET is easies for learning. So, VB.NET may not clearly understand much about architecture and programming logic. But in case of C#, it may not that case as It’s a long time well structured from the past.
At last, it up to you and the application will produce a good or bad result will be based on your understanding of problem domain, solution and your logic. So, don’t bother much about languages!

Clearly no winner between VB.NET and C# but Microsoft!

Great 3rd party Ajax control suite

Leave a reply

Have you ever tried Ajaxify your ASP.NET application? Have you tried and tired?

I’m one of those guys who already tried and tired on ajaxify the application to fully working in Ajax basis. Until the day I found one of a great Ajax control suite named Telerik RadControls for ASP.NET. It was combined by various ASP.NET UI controls. Most of the controls, I can say nearly 100% already ajaxified for your instant using without deep knowledge on Javascript writing.

I found that my productivity was much increased by this suite and their support are great as I never seen this support anywhere even the more famous controls suite like Infragistics NetAdvantage, ComponentArt, ComponentOne or any other else. You can get quick response back within 24 hours with many samples on your desired case. So, for me It doesn’t a hard decision to afford it for 1 year subscription. After I’ve purchased, I found the bonus are very impressive as Telerik give us many interesting things than I thought. In my case, I purchase Telerik RadControls for ASP.NET with subscription for 1 year. I got Telerik RadControls for WinForms too. After purchase date around three months, Telerik releases new version of Telerik RadControls for WinForms with WPF. (Windows Presentation Foundation) and they give me too! What’s a kindly guy! In next six months, I found that the product was continuously updated around 4 times with many new features. Again, when they release their Telerik Reporting product. I also got it from current subscription and I thinks this reporting product are compact, fast and very easy on deployment. (I kicked out Crystal Reports, Microsoft Reporting Services and even DevExpress’ one – Every products I listed here are required to install some special executables into web server but Telerik’s just use XCOPY method)

If you are finding for a great Ajax controls suite. I can say that you will got the point when working with Telerik’s suite. Very very impressive!