Gridding .NET

Unsafe LAMP? Open Source LAMP software more bugs than Microsoft's stack

After:

now this at http://blogs.zdnet.com/Ou/index.php?p=103

On the linux vs Windows front it's pretty much even without browsers I guess, with Firefox installed a LAMP box is definitely not a safe boat

Apache + ASP.NET

ASP.NET + Apache 

first check out IIS6 (see why IIS6 is a better choice to run ASP.NET than apache here and here)

Run ASP.NET on Apache: 

XSP

mod_mono

mod_aspdotnet

Cassini (Cassini on Apache)

CassiniEx (enhanced)

see also http://dotnetjunkies.com/WebLog/kris/archive/2004/06/25/17578.aspx on running apache + asp.net

ASP.NET authentication security bug in IIS4/IIS5(ASP.NET on IIS6 Windows 2003 is not affected)

As written here

http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754

http://weblogs.asp.net/lbarbieri/archive/2004/10/02/237049.aspx

http://weblogs.asp.net/ksamaschke/archive/2004/10/02/237042.aspx
http://weblogs.asp.net/ksamaschke/archive/2004/10/02/237055.aspx

Solutions:
1)Here is some code for a httpmodule to obviate to the problem
http://blogs.devleap.com/rob/archive/2004/10/02/1803.aspx
http://www.mostlylucid.co.uk/archive/2004/10/07/1396.aspx

2)PLEASE PLEASE  PLEASE install for IIS4/IIS5:
URLSCAN :  http://www.microsoft.com/windows2000/downloads/recommended/urlscan/default.asp
IIS Lockdown tool:  http://www.microsoft.com/technet/security/tools/locktool.mspx

export datagrid to excel

this code can be run outside of page, or can be converted to run in and extended datagrid control

imports System.Drawing
Imports System.Web.UI
Imports System.Web.UI.WebControls

Namespace demetz

    Public Class DemExportGridExcel

        Sub RenderGridToExcelFormat(ByVal grid As DataGrid, ByVal saveAsFile As String)
            ' check Excel rows limit
            If grid.Items.Count.ToString + 1 < 65536 Then
                HttpContext.Current.Response.Clear()
                HttpContext.Current.Response.ContentType = "application/vnd.ms-excel"
                HttpContext.Current.Response.AddHeader("content-disposition", "attachment;filename=" & saveAsFile & ".xls")
                ' Remove the charset from the Content-Type header.
                HttpContext.Current.Response.Charset = ""
                'HttpContext.Current.Response.WriteFile("style.txt")
                ' Turn off the view state.
                grid.EnableViewState = False
                Dim tw As New System.IO.StringWriter()
                Dim hw As New System.Web.UI.HtmlTextWriter(tw)
                ' Get the HTML for the control.
                grid.HeaderStyle.ForeColor = Color.Black
                grid.HeaderStyle.BackColor = Color.Red
                grid.ItemStyle.ForeColor = Color.Black
                grid.BorderColor = Color.White
                ClearControls(grid)
                grid.RenderControl(hw)
                ' Write the HTML back to the browser.
                HttpContext.Current.Response.Write(tw.ToString())
                ' End the response.
                HttpContext.Current.Response.End()
            Else
               
                HttpContext.Current.Response.Write("Too many rows - Export to Excel not possible")
            End If
        End Sub

        Sub ClearControls(ByVal control As Control)
            Dim i As Integer
            For i = control.Controls.Count - 1 To 0 Step -1
                ClearControls(control.Controls(i))
            Next i

            If TypeOf control Is System.Web.UI.WebControls.Image Then
                control.Parent.Controls.Remove(control)
            End If

            If (Not TypeOf control Is TableCell) Then
                If Not (control.GetType().GetProperty("SelectedItem") Is Nothing) Then
                    Dim literal As New LiteralControl()
                    control.Parent.Controls.Add(literal)
                    Try
                        literal.Text = CStr(control.GetType().GetProperty("SelectedItem").GetValue(control, Nothing))
                    Catch
                    End Try
                    control.Parent.Controls.Remove(control)
                Else
                    If Not (control.GetType().GetProperty("Text") Is Nothing) Then
                        Dim literal As New LiteralControl()
                        control.Parent.Controls.Add(literal)
                        literal.Text = CStr(control.GetType().GetProperty("Text").GetValue(control, Nothing))
                        control.Parent.Controls.Remove(control)
                    End If
                End If
            End If
            Return
        End Sub 'ClearControls

    End Class

End Namespace

Website trackback HttpModule

I' ve written a HttpHandler to create aggregated trackbacks for websites all in one page.
See the code at
http://www.xpertdotnet.com/code/dmtzHandler.cs.txt
http://www.xpertdotnet.com/code/dmtzLogger.cs.txt

.NET and integration with BCP

add following at beginning of the web.config between <configuration> and <system.web> tags

<configSections>
<section name="myapp_bcp_config"
type="System.Configuration.SingleTagSectionHandler,system, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>

add following after closing </appSettings> tag

    <myapp_bcp_config
 bcp_Tbl = "destDB..destTable"
 bcp_usr = "myUser"
 bcp_pwd = "myPWD"
 bcp_SRVR = "myServer"
 bcp_format = "myapp_bcp_format.fmt" <!--- or custom stuff like -c -f2 depending on database vendor  --->
     />

load config values

    Sub loadParamConfig()
        Dim valueTable As IDictionary = CType(ConfigurationSettings.GetConfig("myapp_bcp_config"), IDictionary)
        bcp_Tbl = valueTable("bcp_Tbl")
        bcp_usr = valueTable("bcp_usr")
        bcp_pwd = valueTable("bcp_pwd")
        bcp_SRVR = valueTable("bcp_SRVR")
        bcp_format = valueTable("bcp_format")
    End Sub

build command

    Function buildBcpCmd(fileName as string)
        Dim sb As New System.Text.StringBuilder()
        sb = New System.Text.StringBuilder()
 '
        sb.Append(bcp_Tbl & " in " & fileName & " ")
        sb.Append("-U " & bcp_usr & " ")
        sb.Append("-P " & bcp_pwd & " ")
        sb.Append("-S " & bcp_SRVR & " ")
        sb.Append("bcp_format)
        Return sb.ToString
    End Function

run command

 invoke sub below with fowwing line of code
 runcmd("bcp", buildBcpCmd("myfile.txt"))

  
 '
        Sub runcmd(ByVal cmd As String, ByVal exeTxt As String)
            Dim proc As System.Diagnostics.Process
            Dim StartProcessInfo As New System.Diagnostics.ProcessStartInfo()
            proc = New System.Diagnostics.Process()
            StartProcessInfo.UseShellExecute = False
            StartProcessInfo.RedirectStandardOutput = True
            StartProcessInfo.RedirectStandardError = True
            StartProcessInfo.FileName = cmd & ".exe "
            StartProcessInfo.Arguments = exeTxt

            proc.EnableRaisingEvents = True
            Try
                ' start
                proc = proc.Start(StartProcessInfo)
                ' end
                procOut = proc.StandardOutput().ReadToEnd()
                procError = proc.StandardError().ReadToEnd()
  'wait
                proc.WaitForExit()
                ' check exit code
                If Not proc.ExitCode = 0 Then
  ' output message and log
                End If
            Catch cmdExecEx As System.ApplicationException
  ' log stuff
                Throw cmdExecEx
            Finally
             proc.Close()
             proc.Dispose()
             proc = Nothing
    End Try  
        End Sub

PHP vs ASP.NET Oracle FUD

Bertrand Le Roy fights back Oracle's article about ASP.NET vs PHP  with a rebuttal .

On the security of Apache/PHP vs ASP.NET/IIS  I have posted this:
http://dotnetjunkies.com/weblog/stefandemetz/posts/10465.aspx
http://dotnetjunkies.com/weblog/stefandemetz/posts/10388.aspx

What features does ASP.NET still need after Whidbey?

IMHO
workflow engine
web based job scheduler(DTS)
easier handling of stored procedures
better SQL injection/cross site scripting pretenction/prevention

ASP.NET popup user notification with JS alert, popup, custom label

since I hate the front-end GUI stuff part of web development I always had issues of how to
inform users of particular events. Tired of this, I whipped up a small class to handle these user notifications

here's the code:

Namespace DemDiagnostic

' opens new window with defined error message

Public Class DemErrorNotification

' tytpes of user error notification

Public Enum DisplayType

ALERT ' javascript alert

DISPLAY ' put on errorLabel

POPUP ' pop up

End Enum

' check type of notification and proceed accordingly

Sub notifyError(ByVal curpage As System.Web.UI.Page, ByVal DisplayType As String, ByVal MsgStr As String)

Select Case DisplayType

Case DemErrorNotification.DisplayType.ALERT

Case DemErrorNotification.DisplayType.DISPLAY

Case DemErrorNotification.DisplayType.POPUP

Case Else

End Select

End Sub

' popup alert message with ok button

Sub display(ByVal message As String)

Dim writestring As String

End Sub

' puts message on errorLabel component of Page

Function displayOnLabel(ByVal curpage As System.Web.UI.Page, ByVal message As String)

Dim errorlbl As DemWeb.DemUI.DemWebControls.DemErrorLabel

errorlbl = CType(curpage, System.Web.UI.Page).FindControl("ErrorLabel")

Return message

End Function

' creates new page with message and close button

Sub displayOnNewPage(ByVal message As String)

Dim writestring As String

End Sub

' writes a javascript alert

Sub displayOnAlert(ByVal MsgStr As String)

End Sub

End Class

End Namespace

some ASP.NET popup links:

http://weblogs.asp.net/miked/archive/2004/02/11/71506.aspx
http://www.mblog.com/lakshmi/046073.html
http://www.dotnetjohn.com/articles/articleid112.aspx
http://weblogs.asp.net/jgalloway/archive/2003/11/21/39042.aspx
http://dotnetjunkies.com/WebLog/jmeeker/archive/2003/12/01/4122.aspx
http://weblogs.asp.net/sonukapoor/archive/2004/05/02/124777.aspx
http://davidhayden.com/blog/dave/archive/2004/03/16/178.aspx
http://dotnetjunkies.com/WebLog/whoiskb/archive/2004/06/01/14899.aspx
http://www.tanguay.info/superblog/sb.aspx?p=codeExamples&id=7846009
http://weblogs.asp.net/kwarren/archive/2004/04/16/114380.aspx

ASP.NET controls - Granular security

1) you need a repository for your permissions ie a database structure
2) design user, page, group then usergroups,pagegroups tables linking all with proper keys
 a) associate users to groups and groups to pages in composite tables usergroups,pagegroups
3) add permission columns for view, add, update, delete - one column for each permission - setting 0/1 for allowed/not
4) build custom(extended) base page which
 a)does the lookup of user on these tables to retrieve permission sets
 b)loads the permissions into session
 c)authentication of user ie if user's group does not have permissisons on page
5) build custom(extended) webcontrols  which
 a)map a (design time)property to the above permissions
 b)verify the above permissions
 c)do something based on b) eg hide, set enabled=false, change CSSClasss attrubue or other cool stuff like hiding EditCommandColumn and ButtonColumn in a datagrid

6) add custom assembly to VS.NET