Thursday, May 28, 2009

Google Page Rank Checker



You can embed this Page Rank Checker on your website using the code given below:


<iframe style="BORDER-BOTTOM: 0px; BORDER-LEFT: 0px; WIDTH: 600px;
HEIGHT: 125px; BORDER-TOP: 0px; BORDER-RIGHT: 0px"

src="http://server.com/GooglePageRankChecker.aspx" frameborder="no"></iframe>
In the next post I will be giving some cool images for displaying the page rank on the website.

Monday, May 25, 2009

ASP.NET Ajax 4.0 by Stephen Walther - TechEd Presentation

Here is a tech-ed presentation delivered by Stepehen Walther on ASP.NET Ajax 4.0 at Hyderabad.




Courtsey: SlideShare.net

Friday, May 22, 2009

How to create an IE8 Web Slice in ASP.NET?

Web Slice is a cool feature in IE8!


In frequently updating web sites, for monitoring status we need to visit those web sites often. Usually we keep the URL to monitor in our favorites list and hit the web site whenever required. When we hit the web site the entire page gets loaded, but our point of interest is only a small updating portion of the web site. This usually happens when visiting the stock updates web site. We want the updated stock, which is actually a very small portion of the web site. But for getting those updates we need to load the entire web page. Is there an option to view only that small updated portion of the web site? YES, indeed there is an option to only view the small updated portion of the web site with IE8's Web Slice feature!

Using Web Slices user can add small snippets of a web site in the IE favorite toolbar and monitor their updates. These Web Slices needs to be enabled during web site creation. Please note that this feature is only supported in IE8. Figure below shows the Web Slice for the updated section.

Figure 1: Web Slice

How to create a Web Slice?
To enable a WebSlice on your site, just add HTML annotations to your webpage. A WebSlice uses a combination of the hAtom Microformat and the WebSlice format.
<div class="hslice" id="item123">
<p class="entry-title">Stock: Reliance Petro</p>
<div class="entry-content">BSE: XXX, NSE: XXX

</div>
</div>
These three annotations helps IE recognize that it is a WebSlice and treat it like a feed; handling the discovery, subscription, and processing of the WebSlice. You can also add additional properties to a WebSlice, such as expiration, time-to-live value, and an alternative source as shown below:

<div class="hslice" id="datafound">
<p class="entry-title">Stock: Reliance Petro</p>
<a rel="feedurl"
href="http://localhost:24730/StockInfo/DataFoundUpdate.aspx#datafound-update" />
</div>
In the above sample we have used a URL for the feed as "http://localhost:24730/StockInfo/DataFoundUpdate.aspx#datafound-update". Please note that this URL has ID of the container DIV preceded by "#" as "#datafound-update". It is better to have separate aspx page for showing the updates, because this separate page will be lightweight and hence can be rendered quickly. The DataFoundUpdate.aspx page mentioned in the above example has code as shown below:
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<div class="hslice" id="datafound-update">
<h2 class="entry-title">Data Found Report</h2>
<a class="entry-content" rel="entry-content"
href="http://localhost:24730/StockInfo/SilverlightDisplay.aspx" />
</div>
</form>
</body>
</html>
In the above code we have referenced a silverlight page, just to show rich UI interface to the user. Instead you can also render the updated content. Authentication is also enabled for the Web Slice. You can set User name and Password by changing the Properties of a Web Slice. The Web Slice properties can be change by right clicking the favorite slice --> Properties.

Some important links on Web Slice:
1. More information on Web Slice
2. Watch Web Slice Video
3. Download the source code

Here is a cool framework developed for Creating Web Slices in ASP.NET at CodePlex.
Hope this helps you!

Thursday, May 21, 2009

Microsoft to Ban MemCopy()

The C runtime library was created about 25 years ago, when the threats to the computers were altogether different. The computers were not interconnected and were majorly used for professional purposes. But today, almost everybody has his own computer connected in a network or to the internet. Thus the network threats to the computer has increased and so the coding vulnerabilities.

Let's take a look at What MemCopy() function does..

MEMCopy()
The MEMCopy() intrinsic function is used to efficiently copy blocks of data from one memory array to another.

void MEMCopy( source_ptr, destination_ptr, num_bytes );

any ptr source_ptr;
A pointer to a source memory block. Pointer can be of any type.

any ptr destination_ptr;
A pointer to the destination memory block. Pointer can be of any type.

int num_bytes;
The number of bytes of data to copy.

Example:
Copy 10000 bytes starting 5000 bytes into array src to a newly allocated destination buffer (dst).

local byte ptr src, byte ptr dst
...
dst = EAlloc(byte,10000)
call MEMCopy(src + 5000, dst, 10000)


Thus, the MemCopy() function is primarily responsible for copying blocks of memory from one location to another. Later this year Microsoft is planning to ban this API for security reasons. There is a whole list of API's that are banned due to security reasons, which you can find here.

How to trace visitor information in ASP.NET?

It is often required to trace or gather the details of the visitor for maintaining website statistics. This can be easily done in ASP.NET using the Server variables and the Request information available. Various attributes such as remote host name, IP address, browser type and version etc can be known using the Server variables.

Source Code:
<%
Response.Write("<b>Name:</b> " + Request.ServerVariables["REMOTE_HOST"] + "<br />");
Response.Write("<b>IP:</b> " + Request.ServerVariables["REMOTE_ADDR"] + "<br />");
Response.Write("<b>User agent:</b> " + Request.ServerVariables["HTTP_USER_AGENT"] + "<br />");
Response.Write("<b>Language:</b> " + Request.ServerVariables["HTTP_ACCEPT_LANGUAGE"] + "<br />");
Response.Write("<b>Browser:</b> " + Request.Browser.Browser + "<br />");
Response.Write("<b>Type:</b> " + Request.Browser.Type + "<br />");
Response.Write("<b>Version:</b> " + Request.Browser.Version + "<br />");
Response.Write("<b>Major version:</b> " + Request.Browser.MajorVersion + "<br />");
Response.Write("<b>Minor version:</b> " + Request.Browser.MinorVersion + "<br />");
Response.Write("<b>Beta:</b> " + Request.Browser.Beta + "<br />");
Response.Write("<b>Cookies:</b> " + Request.Browser.Cookies + "<br />");
Response.Write("<b>Frames:</b> " + Request.Browser.Frames + "<br />");
Response.Write("<b>Tables:</b> " + Request.Browser.Tables + "<br />");
Response.Write("<b>ActiveX:</b> " + Request.Browser.ActiveXControls + "<br />");
Response.Write("<b>Java Applets:</b> " + Request.Browser.JavaApplets + "<br />");
Response.Write("<b>JavaScript:</b> " + Request.Browser.JavaScript + "<br />");
Response.Write("<b>VBScript:</b> " + Request.Browser.VBScript + "<br />");
Response.Write("<b>Platform:</b> " + Request.Browser.Platform + "<br />");
Response.Write("<b>Crawler:</b> " + Request.Browser.Crawler + "<br />");
%>
Download Source Code

Output:

Tip: This information is also gathered by hackers to find vulnerabilities on your machine!

You can download the source code here.
Hope this helps you!

Enhance website security with ASP.NET AJAX NoBot Control

It has been a common security attack to bombard a site with (n) number of requests per second. This type of attach will reduce the server response time and will make the system less usable. There are various mechanisms to prevent such attacks, one of them is the CAPTCHA security implementation. When using CAPTCHA security, the user (human) has to enter the code that appears on the image shown (see figure-1 below). The image may show a code, an arithmetic calculation etc.Thus the automated programs will not be able to enter the exact CAPTCHA code and will prevent unwanted requests to the website.

Figure -1

The NoBot Control

NoBot is an ASP.NET Ajax control that provides a CAPTCHA like security without any human intervention. The NoBot control provides a no human interaction security with simple JavaScript and server side logic. NoBot employs a few different anti-bot techniques:

  • Forcing the client's browser to perform a configurable JavaScript calculation and verifying the result as part of the postback. (Ex: the calculation may be a simple numeric one, or may also involve the DOM for added assurance that a browser is involved)
  • Enforcing a configurable delay between when a form is requested and when it can be posted back. (Ex: a human is unlikely to complete a form in less than two seconds)
  • Enforcing a configurable limit to the number of acceptable requests per IP address per unit of time. (Ex: a human is unlikely to submit the same form more than five times in one minute)
Courtsey: www.asp.net

The NoBot control can be initialized as shown below:

<ajaxToolkit:NoBot
ID="NoBotForLoginPage"
runat="server"
OnGenerateChallengeAndResponse="CustomChallengeResponse"
ResponseMinimumDelaySeconds="2"
CutoffWindowSeconds="60"
CutoffMaximumInstances="5" />

The properties in italics are optional.
  • OnGenerateChallengeAndResponse - [Optional] EventHandler providing implementation of the challenge/response code
  • ResponseMinimumDelaySeconds - [Optional] Minimum number of seconds before which a response (postback) is considered valid
  • CutoffWindowSeconds - [Optional] Number of seconds specifying the length of the cutoff window that tracks previous postbacks from each IP address
  • CutoffMaximumInstances - [Optional] Maximum number of postbacks to allow by a single IP addresses within the cutoff window

A short video showing the usage of the NoBot control is given below:

Install Silverlight

Hope this helps you prevent unauthorized access..
Be secure.. Be safe!

Tuesday, May 19, 2009

New flaw found in IIS 6.0 - 18 May 09

Microsoft Internet Information Services (IIS) version 6.0 contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and access sensitive information.

The vulnerability is due to improper processing of Unicode characters in HTTP requests. An unauthenticated, remote attacker could exploit this vulnerability by sending a malicious HTTP request to the system. An exploit could allow the attacker to bypass security restrictions and download arbitrary files from the targeted system.

Exploit code is available.

Microsoft has not confirmed this vulnerability and updates are not available.

Courtesy: Cisco


A new flaw has been found in IIS 6.0 having WebDav. Cisco has reported the details of this flaw and Microsoft team is investigating around it. At present there is no patch available and it is recommended to disable WebDav till the patch is available.

The vulnerability is due to improper processing of Unicode characters in HTTP requests. When IIS is configured with WebDav, it improperly translates Unicode %c0%af (/) characters. Microsoft IIS may process an HTTP request that contains the character before requiring authentication to a protected resource. An unauthenticated, remote attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted server. An exploit could allow the attacker to list directory contents or download protected files that are hosted by IIS without providing authentication credentials.

Courtesy: Cisco


Microsoft may soon release a patch to cover-up this vulnerability.

Windows API Code Pack for accessing Windows 7 features in .NET

The Windows API Code Pack provides a library for Microsoft .NET Framework that can be used to access new Windows 7 features and some of the features in Vista from managed code. The existing .NET framework does not encompass these features. This library can be used with .NET Framework 3.5.

The features included in the API code pack are:

  • Support for Windows Shell namespace objects, including the new Windows 7 libraries, Known Folders and non file system containers.
  • Windows Vista and Windows 7 Task Dialogs.
  • Windows 7 Explorer Browser Control supporting both WPF and Windows Forms.
  • Support for Shell property system.
  • Helpers for Windows 7 Taskbar Jumplists, Icon Overlay and Progress bar.
  • Support for Windows Vista and Windows 7 common file dialogs, including custom file dialog controls.
  • Support for Direct3D 11.0 and DXGI 1.0/1.1 APIs.
  • Sensor Platform APIs
  • Extended Linguistic Services APIs
Important links for Windows API Code Pack:
1. More information on Windows API Code Pack
2. Download the Windows API Code Pack

This is really helpful for developing Windows 7 related features in .NET.

Friday, May 15, 2009

Gather all requirements and resources before committing to the client!

This is cool e-mail I received from one of my friends. It just relates to our behavior of committing things to our client even before analyzing and gathering the requirements. Whenever a client ask "I want XYZ functionality. Will I get it?" and the immediate answer from the lead is "Yes Yes! Why not... ". After a couple of days (or months) we find that the words "Yes Yes! Why not... " have made our life miserable. Well, lets go on to the small story...


A new vacuum cleaner salesman knocked on the door on the first house of
the street. A tall lady answered the door.

Before she could speak, the enthusiastic salesman barged into the living
room and opened a big black plastic bag and poured all the cow droppings
onto the carpet.
"Madam, if I cannot clean this up with the use of this new powerful
Vacuum cleaner, I will EAT all this dung!" exclaimed the eager salesman.

"Do you need chilly sauce or ketchup with that" asked the lady.
The bewildered salesman asked, "Why, madam?"

"There's no electricity in the house..." said the lady.


MORAL: Gather all requirements and resources before working on any
project and committing to the client...!!!

SandCastle - An Ultimate Documentation Tool

Most of you are aware of the free documentation tool NDOC which is available at soureforge.net. SandCastel was developed on similar lines for generating a rich set of documentation from source assemblies. Sandcastle is a documentation compiler for Managed class library that generates Microsoft-style Help topics, both conceptual and API reference. It creates the API reference documentation from the XML comments that are provided in the code. Moreover it extracts these comments from the managed assembly, which means we can generate the entire documentation from application assemblies. Reflection is used to fetch the comments and other details from the managed assemblies. SandCastel provides a CHMBuilder tool, for generating HTML Help 1.x .chm files. Such tools are lifesavers when customer asks for a detailed documentation at the 11th hour.

You can get more information on SandCastel at the CodePlex site.

Wednesday, May 13, 2009

Windows Server 2008 Server Core

The Server Core edition of the Windows Server 2008 operating system provides a low-maintenance server environment with limited functionality. The Server Core is primarily designed for production systems due to it's minimal installation and high performance. It does not provide a GUI, instead alike Unix it provides a command prompt to work upon. The minimal nature of Server Core has limitations such as:
1. There is no Windows shell, with minimal GUI
2. There is limited managed code support
3. There is limited MSI support (unattended mode only).
4. ASP.NET is not supported (MS is working on the next release of server core to support asp.net)

The tools on server core are primarily designed to be managed remotely e.g. you can manage server core IIS in two different ways:
1. Use the command prompt on server core
2. Logon remotely and manage the IIS using the GUI on a remote machine

Since server core is minimal on GUI and high on functionality side, it is best suited for production systems. You can find more information on Server Core here.

Tuesday, May 12, 2009

VSTS Architecture Edition Overview

View more presentations from Steve Lange.
Courtsey: SlideShare.net

How to disable browser's Back button in ASP.NET

Almost every ASP.NET developer face this problem at least once in his entire career. There could be numerous reasons for disabling the browser's back button. The site is secure and the user should not be allowed to go back to the previous page, for online exams site the student should be not allowed to view the question once answered etc could be the reasons for disabling the back button.

What does the browser back button actually do?
The browser maintains a cache of the pages that are visited by the user. Once the user clicks on the back button, the browser flushes the cached version of the page. Now to avoid this situation we can think of two solutions
1. Whenever the user clicks on the "back" button, again redirect the user to the "next" page using the JavaScript: history.forward(1). This JavaScript needs to be written on the onload JavaScript event of the web page. Thus the user will never be able to come to the previous page. But this is not a reliable technique since some of the browser's do not invoke the onload function on pressing the "Back" button.
2. Another solution is to avoid the browser maintaining the cache of the pages that a user visits. Yes, this can be achieved through AsP.NET server side coding. Add the following code to the Page_Load event of ASP.NET web page or MasterPage:
// Disable the Cache
Response.Buffer= true;
Response.ExpiresAbsolute=DateTime.Now.AddDays(-1d);
Response.Expires =-1500;
Response.CacheControl = “no-cache”;

// Check for your SessionID
if(Session["SessionId"] == null)
{
Response.Redirect (”Home.aspx”);
}
This code will disable the cache for the current page. The pages contents are maintained in memory i.e. in buffer. Once the user logout the session and buffer will be cleared. As we are not maintaining the cache for the page, the back button will not work anyways. It means we have successfully disabled the Back button.

Hope this helps you!

Twitter Updater - A Simple Windows Application

What is Twitter?
Twitter is a service for friends, family, and co–workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing? Thus you can keep your friends, family and co-workers updated with what you are doing, simply by updating Twitter. This article will explain, How to post a message to Twitter using your own desktop application.

Use of Twitter Updater Application
For updating twitter you need to logon to http://twitter.com/ and then post your message. For each simple activity, opening a web browser, navigating to twitter.com and then posting a message becomes a combersome task. To make it easy, I have developed a simple Windows application that can stay on your desktops which will update your twitter in seconds! Frequent users can keep there Twitter username and password in the associated config file. This will eliminate the need of entering the username and password everytime you want to update twitter.

Twitter Updater API's and Screen Shots
The Twitter Updater application makes use of the Twitter Framework API's which can be found at http://code.google.com/p/twitterizer. Following are the screen shot's of the application:



Helpful links for Twitter Programming in .Net
Twitter API Documentation: http://apiwiki.twitter.com/
Twitter Open Source Example: http://code.google.com/p/twitterizer/
Online Discussion Group for Twitterizer: http://groups.google.com/group/twitterizer/

Friday, May 8, 2009

Windows 7 RC1 Released

Microsoft has recently released the RC1 (Release Candidate 1) for Windows 7. The Win7 RC1 has many exciting features and can be downloaded from the Microsoft Website. The RC1 download will be available through July 2009 and unlike the beta release there is no limit on the license copies of RC1 one can have. The RC will expire on June 1, 2010. Starting on March 1, 2010, computer will begin shutting down every two hours. You can find the download instructions here.

One of the exciting features of RC1 is the Windows XP mode. Yes, you heard right! Windows 7 has provided a Windows XP mode for mission critical WinXP apps. It's actually a virtual Windows XP machine with a fully licensed copy of Windows XP SP 3 installed.

Win XP Mode In Win7!

There's much more to come... stay tuned!

Tuesday, May 5, 2009

Seadragon By Microsoft Live Labs

Seadragon developed at Microsoft Live Labs, aims towards making a superior picture experience. It is just like the deep zoom functionality of silverlight and can expand and shrink wall size pictures to mobile size pictures when maintaining their clarity. The Seadragon Deep Zoom functionality can be used in Silverlight application to give a rich look to your applications. Similarly an Ajax version of Seadragon is also available. The following four "promises" of Seadragon has been listed down on the MS Live Labs web site:

1. Speed of navigation is independent of the size or number of objects.
2. Performance depends only on the ratio of bandwidth to pixels on the screen.
3. Transitions are smooth as butter.
4. Scaling is near perfect and rapid for screens of any resolution.

This will definitely pose a challenge to Adobe Flash which was earlier used to show rich picture contents on web UI. Find more information on Seadragon here.

Cheers to Microsoft!