Search Results

Search found 134357 results on 5375 pages for 'fort worth net user grou'.

Page 6/5375 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13 | Next Page >

User Story or User Stories for this specific requirement

- by Maximus

I have to write a user story for a requirement that involves passing search filters to the same URI and retrieving corresponding results. I have 5 filters. I plan to write 5 different stories of type: As a URI user I can search by #filter1 so that I can retrieve results based on #filter1. And then a 6th story that involves searching one or more or all six filters in conjunction. Is this is a sensible route to take?

Read the article
Employee Info Starter Kit - Visual Studio 2010 and .NET 4.0 Version (4.0.0) Available

- by joycsharp

Employee Info Starter Kit is a ASP.NET based web application, which includes very simple user requirements, where we can create, read, update and delete (crud) the employee info of a company. Based on just a database table, it explores and solves all major problems in web development architectural space. This open source starter kit extensively uses major features available in latest Visual Studio, ASP.NET and Sql Server to make robust, scalable, secured and maintanable web applications quickly and easily. Since it's first release, this starter kit achieved a huge popularity in web developer community and includes 1,40,000+ download from project web site. Visual Studio 2010 and .NET 4.0 came up with lots of exciting features to make software developers life easier. A new version (v4.0.0) of Employee Info Starter Kit is now available in both MSDN Code Gallery and CodePlex. Chckout the latest version of this starter kit to enjoy cool features available in Visual Studio 2010 and .NET 4.0. [ Release Notes ] Architectural Overview Simple 2 layer architecture (user interface and data access layer) with 1 optional cache layer ASP.NET Web Form based user interface Custom Entity Data Container implemented (with primitive C# types for data fields) Active Record Design Pattern based Data Access Layer, implemented in C# and Entity Framework 4.0 Sql Server Stored Procedure to perform actual CRUD operation Standard infrastructure (architecture, helper utility) for automated integration (bottom up manner) and unit testing Technology UtilizedProgramming Languages/Scripts Browser side: JavaScript Web server side: C# 4.0 Database server side: T-SQL .NET Framework Components .NET 4.0 Entity Framework .NET 4.0 Optional/Named Parameters .NET 4.0 Tuple .NET 3.0+ Extension Method .NET 3.0+ Lambda Expressions .NET 3.0+ Aanonymous Type .NET 3.0+ Query Expressions .NET 3.0+ Automatically Implemented Properties .NET 3.0+ LINQ .NET 2.0 + Partial Classes .NET 2.0 + Generic Type .NET 2.0 + Nullable Type ASP.NET 3.5+ List View (TBD) ASP.NET 3.5+ Data Pager (TBD) ASP.NET 2.0+ Grid View ASP.NET 2.0+ Form View ASP.NET 2.0+ Skin ASP.NET 2.0+ Theme ASP.NET 2.0+ Master Page ASP.NET 2.0+ Object Data Source ASP.NET 1.0+ Role Based Security Visual Studio Features Visual Studio 2010 CodedUI Test Visual Studio 2010 Layer Diagram Visual Studio 2010 Sequence Diagram Visual Studio 2010 Directed Graph Visual Studio 2005+ Database Unit Test Visual Studio 2005+ Unit Test Visual Studio 2005+ Web Test Visual Studio 2005+ Load Test Sql Server Features Sql Server 2005 Stored Procedure Sql Server 2005 Xml type Sql Server 2005 Paging support

Read the article
ASP.NET MVC CRUD Validation

- by Ricardo Peres

One thing I didn’t refer on my previous post on ASP.NET MVC CRUD with AJAX was how to retrieve model validation information into the client. We want to send any model validation errors to the client in the JSON object that contains the ProductId, RowVersion and Success properties, specifically, if there are any errors, we will add an extra Errors collection property. Here’s how: 1: [HttpPost] 2: [AjaxOnly] 3: [Authorize] 4: public JsonResult Edit(Product product) 5: { 6: if (this.ModelState.IsValid == true) 7: { 8: using (ProductContext ctx = new ProductContext()) 9: { 10: Boolean success = false; 11: 12: ctx.Entry(product).State = (product.ProductId == 0) ? EntityState.Added : EntityState.Modified; 13: 14: try 15: { 16: success = (ctx.SaveChanges() == 1); 17: } 18: catch (DbUpdateConcurrencyException) 19: { 20: ctx.Entry(product).Reload(); 21: } 22: 23: return (this.Json(new { Success = success, ProductId = product.ProductId, RowVersion = Convert.ToBase64String(product.RowVersion) })); 24: } 25: } 26: else 27: { 28: Dictionary<String, String> errors = new Dictionary<String, String>(); 29: 30: foreach (KeyValuePair<String, ModelState> keyValue in this.ModelState) 31: { 32: String key = keyValue.Key; 33: ModelState modelState = keyValue.Value; 34: 35: foreach (ModelError error in modelState.Errors) 36: { 37: errors[key] = error.ErrorMessage; 38: } 39: } 40: 41: return (this.Json(new { Success = false, ProductId = 0, RowVersion = String.Empty, Errors = errors })); 42: } 43: } As for the view, we need to change slightly the onSuccess JavaScript handler on the Single view: 1: function onSuccess(ctx) 2: { 3: if (typeof (ctx.Success) != 'undefined') 4: { 5: $('input#ProductId').val(ctx.ProductId); 6: $('input#RowVersion').val(ctx.RowVersion); 7: 8: if (ctx.Success == false) 9: { 10: var errors = ''; 11: 12: if (typeof (ctx.Errors) != 'undefined') 13: { 14: for (var key in ctx.Errors) 15: { 16: errors += key + ': ' + ctx.Errors[key] + '\n'; 17: } 18: 19: window.alert('An error occurred while updating the entity: the model contained the following errors.\n\n' + errors); 20: } 21: else 22: { 23: window.alert('An error occurred while updating the entity: it may have been modified by third parties. Please try again.'); 24: } 25: } 26: else 27: { 28: window.alert('Saved successfully'); 29: } 30: } 31: else 32: { 33: if (window.confirm('Not logged in. Login now?') == true) 34: { 35: document.location.href = '<% 1: : FormsAuthentication.LoginUrl %>?ReturnURL=' + document.location.pathname; 36: } 37: } 38: } The logic is as this: If the Edit action method is called for a new entity (the ProductId is 0) and it is valid, the entity is saved, and the JSON results contains a Success flag set to true, a ProductId property with the database-generated primary key and a RowVersion with the server-generated ROWVERSION; If the model is not valid, the JSON result will contain the Success flag set to false and the Errors collection populated with all the model validation errors; If the entity already exists in the database (ProductId not 0) and the model is valid, but the stored ROWVERSION is different that the one on the view, the result will set the Success property to false and will return the current (as loaded from the database) value of the ROWVERSION on the RowVersion property. On a future post I will talk about the possibilities that exist for performing model validation, stay tuned!

Read the article
Fix: Orchard Error ‘The controller for path '/OrchardLocal/' was not found or does not implement IController.

- by Ken Cox [MVP]

Suddenly, in a local Orchard 1.6 project, I started getting this error in ShellRoute.cs: The controller for path '/OrchardLocal/' was not found or does not implement IController. Obviously I had changed something, but the error wasn’t helping much. After losing far too much time, I copied over the original Orchard source code and was back in business. Shortly thereafter, I further flattened my forehead by applying a sudden, solid blow with the lower portion of my palm! You see, in testing the importing of comments via blogML, I had set the added blog as the Orchard site’s Start page. Then, I deleted the blog so I could test another import batch. The upshot was that by deleting the blog, Orchard no longer had a default (home) page at the root of the site. The site’s default content was missing. The fix was to go to the Admin subdirectory (http://localhost:30320/OrchardLocal/admin) . add a new page, and check Set as homepage. Once again, the problem was between the keyboard and the chair. I hope this helps someone else. Ken

Read the article
Enabling Http caching and compression in IIS 7 for asp.net websites

- by anil.kasalanati

Caching – There are 2 ways to set Http caching 1- Use Max age property 2- Expires header. Doing the changes via IIS Console – 1. Select the website for which you want to enable caching and then select Http Responses in the features tab 2. Select the Expires webcontent and on changing the After setting you can generate the max age property for the cache control 3. Following is the screenshot of the headers Then you can use some tool like fiddler and see 302 response coming from the server. Doing it web.config way – We can add static content section in the system.webserver section <system.webServer> <staticContent> <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" /> </staticContent> Compression - By default static compression is enabled on IIS 7.0 but the only thing which falls under that category is CSS but this is not enough for most of the websites using lots of javascript. If you just thought by enabling dynamic compression would fix this then you are wrong so please follow following steps – In some machines the dynamic compression is not enabled and following are the steps to enable it – Open server manager Roles > Web Server (IIS) Role Services (scroll down) > Add Role Services Add desired role (Web Server > Performance > Dynamic Content Compression) Next, Install, Wait…Done! ? Roles > Web Server (IIS) ? Role Services (scroll down) > Add Role Services Add desired role (Web Server > Performance > Dynamic Content Compression) Next, Install, Wait…Done! Enable - ? Open server manager ? Roles > Web Server (IIS) > Internet Information Services (IIS) Manager Next pane: Sites > Default Web Site > Your Web Site Main pane: IIS > Compression Then comes the custom configuration for encrypting javascript resources. The problem is that the compression in IIS 7 completely works on the mime types and by default there is a mismatch in the mime types Go to following location C:\Windows\System32\inetsrv\config Open applicationHost.config The mimemap is as follows <mimeMap fileExtension=".js" mimeType="application/javascript" /> So the section in the staticTypes should be changed <add mimeType="application/javascript" enabled="true" /> Doing the web.config way – We can add following section in the system.webserver section <system.webServer> <urlCompression doDynamicCompression="false" doStaticCompression="true"/> More Information/References – · http://weblogs.asp.net/owscott/archive/2009/02/22/iis-7-compression-good-bad-how-much.aspx · http://www.west-wind.com/weblog/posts/98538.aspx

Read the article
Permanently redirect your asp.net pages in ASP.Net 4.0

- by nikolaosk

Hello all, In this post, I would like to talk about a new method of the Response object that comes with ASP.Net 4.0. The name of the method is RedirectPermanent . Let's talk a bit about 301 redirection and permanent redirection.301 redirect is the most efficient and Search Engine Friendly method for webpage redirection. Let's imagine that we have this scenario. This is a very common scenario. We have redesigned and move folders to some pages that have high search engine rankings. We do not want to...(read more)

Read the article
Installing ASP.NET MVC 2 RTM on Visual Studio 2010 RC

- by shiju

Visual Studio 2010 RC is built against the ASP.NET MVC 2 RC version but you easily install ASP.NET MVC 2 RTM on the Visual Studio 2010 RC. For installing ASP.NET MVC 2 RTM, do the following steps 1) Uninstall "ASP.NET MVC 2 ". 2) Uninstall "Microsoft ASP.NET MVC 2 – Visual Studio 2008 Tools". 3) Install the new ASP.NET MVC 2 RTM version for Visual Studio 2008 SP1. The above steps will enable you to use ASP.NET MVC 2 RTM version on the Visual Studio 2010 RC. Note : Don't uninstall Microsoft ASP.NET MVC 2 – Visual Studio 2010 Tools

Read the article
What is New in ASP.NET 4.0 Code Access Security

- by Xiaohong

ASP.NET Code Access Security (CAS) is a feature that helps protect server applications on hosting multiple Web sites, ASP.NET lets you assign a configurable trust level that corresponds to a predefined set of permissions. ASP.NET has predefined ASP.NET Trust Levels and Policy Files that you can assign to applications, you also can assign custom trust level and policy files. Most web hosting companies run ASP.NET applications in Medium Trust to prevent that one website affect or harm another site etc. As .NET Framework's Code Access Security model has evolved, ASP.NET 4.0 Code Access Security also has introduced several changes and improvements. The main change in ASP.NET 4.0 CAS In ASP.NET v4.0 partial trust applications, application domain can have a default partial trust permission set as opposed to being full-trust, the permission set name is defined in the <trust /> new attribute permissionSetName that is used to initialize the application domain . By default, the PermissionSetName attribute value is "ASP.Net" which is the name of the permission set you can find in all predefined partial trust configuration files. <trust level="Something" permissionSetName="ASP.Net" /> This is ASP.NET 4.0 new CAS model. For compatibility ASP.NET 4.0 also support legacy CAS model where application domain still has full trust permission set. You can specify new legacyCasModel attribute on the <trust /> element to indicate whether the legacy CAS model is enabled. By default legacyCasModel is false which means that new 4.0 CAS model is the default. <trust level="Something" legacyCasModel="true|false" /> In .Net FX 4.0 Config directory, there are two set of predefined partial trust config files for each new CAS model and legacy CAS model, trust config files with name legacy.XYZ.config are for legacy CAS model: New CAS model: Legacy CAS model: web_hightrust.config legacy.web_hightrust.config web_mediumtrust.config legacy.web_mediumtrust.config web_lowtrust.config legacy.web_lowtrust.config web_minimaltrust.config legacy.web_minimaltrust.config The figure below shows in ASP.NET 4.0 new CAS model what permission set to grant to code for partial trust application using predefined partial trust levels and policy files: There also some benefits that comes with the new CAS model: You can lock down a machine by making all managed code no-execute by default (e.g. setting the MyComputer zone to have no managed execution code permissions), it should still be possible to configure ASP.NET web applications to run as either full-trust or partial trust. UNC share doesn’t require full trust with CASPOL at machine-level CAS policy. Side effect that comes with the new CAS model: processRequestInApplicationTrust attribute is deprecated in new CAS model since application domain always has partial trust permission set in new CAS model. In ASP.NET 4.0 legacy CAS model or ASP.NET 2.0 CAS model, even though you assign partial trust level to a application but the application domain still has full trust permission set. The figure below shows in ASP.NET 4.0 legacy CAS model (or ASP.NET 2.0 CAS model) what permission set to grant to code for partial trust application using predefined partial trust levels and policy files: What $AppDirUrl$, $CodeGen$, $Gac$ represents: $AppDirUrl$ The application's virtual root directory. This allows permissions to be applied to code that is located in the application's bin directory. For example, if a virtual directory is mapped to C:\YourWebApp, then $AppDirUrl$ would equate to C:\YourWebApp. $CodeGen$ The directory that contains dynamically generated assemblies (for example, the result of .aspx page compiles). This can be configured on a per application basis and defaults to %windir%\Microsoft.NET\Framework\{version}\Temporary ASP.NET Files. $CodeGen$ allows permissions to be applied to dynamically generated assemblies. $Gac$ Any assembly that is installed in the computer's global assembly cache (GAC). This allows permissions to be granted to strong named assemblies loaded from the GAC by the Web application. The new customization of CAS Policy in ASP.NET 4.0 new CAS model 1. Define which named permission set in partial trust configuration files By default the permission set that will be assigned at application domain initialization time is the named "ASP.Net" permission set found in all predefined partial trust configuration files. However ASP.NET 4.0 allows you set PermissionSetName attribute to define which named permission set in a partial trust configuration file should be the one used to initialize an application domain. Example: add "ASP.Net_2" named permission set in partial trust configuration file: <PermissionSet class="NamedPermissionSet" version="1" Name="ASP.Net_2"> <IPermission class="FileIOPermission" version="1" Read="$AppDir$" PathDiscovery="$AppDir$" /> <IPermission class="ReflectionPermission" version="1" Flags ="RestrictedMemberAccess" /> <IPermission class="SecurityPermission " version="1" Flags ="Execution, ControlThread, ControlPrincipal, RemotingConfiguration" /></PermissionSet> Then you can use "ASP.Net_2" named permission set for the application domain permission set: <trust level="Something" legacyCasModel="false" permissionSetName="ASP.Net_2" /> 2. Define a custom set of Full Trust Assemblies for an application By using the new fullTrustAssemblies element to configure a set of Full Trust Assemblies for an application, you can modify set of partial trust assemblies to full trust at the machine, site or application level. The configuration definition is shown below: <fullTrustAssemblies> <add assemblyName="MyAssembly" version="1.1.2.3" publicKey="hex_char_representation_of_key_blob" /></fullTrustAssemblies> 3. Define <CodeGroup /> policy in partial trust configuration files ASP.NET 4.0 new CAS model will retain the ability for developers to optionally define <CodeGroup />with membership conditions and assigned permission sets. The specific restriction in ASP.NET 4.0 new CAS model though will be that the results of evaluating custom policies can only result in one of two outcomes: either an assembly is granted full trust, or an assembly is granted the partial trust permission set currently associated with the running application domain. It will not be possible to use custom policies to create additional custom partial trust permission sets. When parsing the partial trust configuration file: Any assemblies that match to code groups associated with "PermissionSet='FullTrust'" will run at full trust. Any assemblies that match to code groups associated with "PermissionSet='Nothing'" will result in a PolicyError being thrown from the CLR. This is acceptable since it provides administrators with a way to do a blanket-deny of managed code followed by selectively defining policy in a <CodeGroup /> that re-adds assemblies that would be allowed to run. Any assemblies that match to code groups associated with other permissions sets will be interpreted to mean the assembly should run at the permission set of the appdomain. This means that even though syntactically a developer could define additional "flavors" of partial trust in an ASP.NET partial trust configuration file, those "flavors" will always be ignored. Example: defines full trust in <CodeGroup /> for my strong named assemblies in partial trust config files: <CodeGroup class="FirstMatchCodeGroup" version="1" PermissionSetName="Nothing"> <IMembershipCondition class="AllMembershipCondition" version="1" /> <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="FullTrust" Name="My_Strong_Name" Description="This code group grants code signed full trust. "> <IMembershipCondition class="StrongNameMembershipCondition" version="1" PublicKeyBlob="hex_char_representation_of_key_blob" /> </CodeGroup> <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net"> <IMembershipCondition class="UrlMembershipCondition" version="1" Url="$AppDirUrl$/*" /> </CodeGroup> <CodeGroup class="UnionCodeGroup" version="1" PermissionSetName="ASP.Net"> <IMembershipCondition class="UrlMembershipCondition" version="1" Url="$CodeGen$/*" /> </CodeGroup></CodeGroup> 4. Customize CAS policy at runtime in ASP.NET 4.0 new CAS model ASP.NET 4.0 new CAS model allows to customize CAS policy at runtime by using custom HostSecurityPolicyResolver that overrides the ASP.NET code access security policy. Example: use custom host security policy resolver to resolve partial trust web application bin folder MyTrustedAssembly.dll to full trust at runtime: You can create a custom host security policy resolver and compile it to assembly MyCustomResolver.dll with strong name enabled and deploy in GAC: public class MyCustomResolver : HostSecurityPolicyResolver{ public override HostSecurityPolicyResults ResolvePolicy(Evidence evidence) { IEnumerator hostEvidence = evidence.GetHostEnumerator(); while (hostEvidence.MoveNext()) { object hostEvidenceObject = hostEvidence.Current; if (hostEvidenceObject is System.Security.Policy.Url) { string assemblyName = hostEvidenceObject.ToString(); if (assemblyName.Contains(“MyTrustedAssembly.dll”) return HostSecurityPolicyResult.FullTrust; } } //default fall-through return HostSecurityPolicyResult.DefaultPolicy; }} Because ASP.NET accesses the custom HostSecurityPolicyResolver during application domain initialization, and a custom policy resolver requires full trust, you also can add a custom policy resolver in <fullTrustAssemblies /> , or deploy in the GAC. You also need configure a custom HostSecurityPolicyResolver instance by adding the HostSecurityPolicyResolverType attribute in the <trust /> element: <trust level="Something" legacyCasModel="false" hostSecurityPolicyResolverType="MyCustomResolver, MyCustomResolver" permissionSetName="ASP.Net" /> Note: If an assembly policy define in <CodeGroup/> and also in hostSecurityPolicyResolverType, hostSecurityPolicyResolverType will win. If an assembly added in <fullTrustAssemblies/> then the assembly has full trust no matter what policy in <CodeGroup/> or in hostSecurityPolicyResolverType. Other changes in ASP.NET 4.0 CAS Use the new transparency model introduced in .Net Framework 4.0 Change in dynamically compiled code generated assemblies by ASP.NET: In new CAS model they will be marked as security transparent level2 to use Framework 4.0 security transparent rule that means partial trust code is treated as completely Transparent and it is more strict enforcement. In legacy CAS model they will be marked as security transparent level1 to use Framework 2.0 security transparent rule for compatibility. Most of ASP.NET products runtime assemblies are also changed to be marked as security transparent level2 to switch to SecurityTransparent code by default unless SecurityCritical or SecuritySafeCritical attribute specified. You also can look at Security Changes in the .NET Framework 4 for more information about these security attributes. Support conditional APTCA If an assembly is marked with the Conditional APTCA attribute to allow partially trusted callers, and if you want to make the assembly both visible and accessible to partial-trust code in your web application, you must add a reference to the assembly in the partialTrustVisibleAssemblies section: <partialTrustVisibleAssemblies> <add assemblyName="MyAssembly" publicKey="hex_char_representation_of_key_blob" />/partialTrustVisibleAssemblies> Most of ASP.NET products runtime assemblies are also changed to be marked as conditional APTCA to prevent use of ASP.NET APIs in partial trust environments such as Winforms or WPF UI controls hosted in Internet Explorer. Differences between ASP.NET new CAS model and legacy CAS model: Here list some differences between ASP.NET new CAS model and legacy CAS model ASP.NET 4.0 legacy CAS model : Asp.net partial trust appdomains have full trust permission Multiple different permission sets in a single appdomain are allowed in ASP.NET partial trust configuration files Code groups Machine CAS policy is honored processRequestInApplicationTrust attribute is still honored New configuration setting for legacy model: <trust level="Something" legacyCASModel="true" ></trust><partialTrustVisibleAssemblies> <add assemblyName="MyAssembly" publicKey="hex_char_representation_of_key_blob" /></partialTrustVisibleAssemblies> ASP.NET 4.0 new CAS model: ASP.NET will now run in homogeneous application domains. Only full trust or the app-domain's partial trust grant set, are allowable permission sets. It is no longer possible to define arbitrary permission sets that get assigned to different assemblies. If an application currently depends on fine-tuning the partial trust permission set using the ASP.NET partial trust configuration file, this will no longer be possible. processRequestInApplicationTrust attribute is deprecated Dynamically compiled assemblies output by ASP.NET build providers will be updated to explicitly mark assemblies as transparent. ASP.NET partial trust grant sets will be independent from any enterprise, machine, or user CAS policy levels. A simplified model for locking down web servers that only allows trusted managed web applications to run. Machine policy used to always grant full-trust to managed code (based on membership conditions) can instead be configured using the new ASP.NET 4.0 full-trust assembly configuration section. The full-trust assembly configuration section requires explicitly listing each assembly as opposed to using membership conditions. Alternatively, the membership condition(s) used in machine policy can instead be re-defined in a <CodeGroup /> within ASP.NET's partial trust configuration file to grant full-trust. New configuration setting for new model: <trust level="Something" legacyCASModel="false" permissionSetName="ASP.Net" hostSecurityPolicyResolverType=".NET type string" ></trust><fullTrustAssemblies> <add assemblyName=”MyAssembly” version=”1.0.0.0” publicKey="hex_char_representation_of_key_blob" /></fullTrustAssemblies><partialTrustVisibleAssemblies> <add assemblyName="MyAssembly" publicKey="hex_char_representation_of_key_blob" /></partialTrustVisibleAssemblies> Hope this post is helpful to better understand the ASP.Net 4.0 CAS. Xiaohong Tang ASP.NET QA Team

Read the article
ASP.NET MVC 2 Released

- by Ricardo Peres

Get it while it’s hot from here. Also read the release notes.

Read the article
ASP.NET Podcast Show #148 - ASP.NET WebForms to build a Mobile Web Application

- by Wallym

Check the podcast site for the original url. This is the video and source code for an ASP.NET WebForms app that I wrote that is optimized for the iPhone and mobile environments. Subscribe to everything. Subscribe to WMV. Subscribe to M4V for iPhone/iPad. Subscribe to MP3. Download WMV. Download M4V for iPhone/iPad. Download MP3. Link to iWebKit. Source Code: <%@ Page Title="MapSplore" Language="C#" MasterPageFile="iPhoneMaster.master" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="AT_iPhone_Default" %> <asp:Content ID="Content1" ContentPlaceHolderID="head" Runat="Server"></asp:Content><asp:Content ID="Content2" ContentPlaceHolderID="Content" Runat="Server" ClientIDMode="Static"> <asp:ScriptManager ID="sm" runat="server" EnablePartialRendering="true" EnableHistory="false" EnableCdn="true" /> <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=true"></script> <script language="javascript" type="text/javascript">  </script> <asp:HiddenField ID="Latitude" runat="server" /> <asp:HiddenField ID="Longitude" runat="server" /> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js%22%3E%3C/script> <script language="javascript" type="text/javascript"> $(document).ready(function () { GetLocation(); setupMapDiv(); setupPlaceIveBeen(); }); function GetLocation() { if (navigator.geolocation != null) { navigator.geolocation.getCurrentPosition(getData); } else { var mess = document.getElementById('<%=Message.ClientID %>'); mess.innerHTML = "Sorry, your browser does not support geolocation. " + "Try the latest version of Safari on the iPhone, Android browser, or the latest version of FireFox."; } } function UpdateLocation_Click() { GetLocation(); } function getData(position) { var latitude = position.coords.latitude; var longitude = position.coords.longitude; var hdLat = document.getElementById('<%=Latitude.ClientID %>'); var hdLon = document.getElementById('<%=Longitude.ClientID %>'); hdLat.value = latitude; hdLon.value = longitude; } </script> <asp:Label ID="Message" runat="server" /> <asp:UpdatePanel ID="upl" runat="server"> <ContentTemplate> <asp:Panel ID="pnlStart" runat="server" Visible="true"> <div id="topbar"> <div id="title">MapSplore</div> </div> <div id="content"> <ul class="pageitem"> <li class="menu"> <asp:LinkButton ID="lbLocalDeals" runat="server" onclick="lbLocalDeals_Click"> <asp:Image ID="imLocalDeals" runat="server" ImageUrl="~/Images/ArtFavor_Money_Bag_Icon.png" Height="30" /> <span class="name">Local Deals.</span> <span class="arrow"></span> </asp:LinkButton> </li> <li class="menu"> <asp:LinkButton ID="lbLocalPlaces" runat="server" onclick="lbLocalPlaces_Click"> <asp:Image ID="imLocalPlaces" runat="server" ImageUrl="~/Images/Andy_Houses_on_the_horizon_-_Starburst_remix.png" Height="30" /> <span class="name">Local Places.</span> <span class="arrow"></span> </asp:LinkButton> </li> <li class="menu"> <asp:LinkButton ID="lbWhereIveBeen" runat="server" onclick="lbWhereIveBeen_Click"> <asp:Image ID="imImHere" runat="server" ImageUrl="~/Images/ryanlerch_flagpole.png" Height="30" /> <span class="name">I've been here.</span> <span class="arrow"></span> </asp:LinkButton> </li> <li class="menu"> <asp:LinkButton ID="lbMyStats" runat="server"> <asp:Image ID="imMyStats" runat="server" ImageUrl="~/Images/Anonymous_Spreadsheet.png" Height="30" /> <span class="name">My Stats.</span> <span class="arrow"></span> </asp:LinkButton> </li> <li class="menu"> <asp:LinkButton ID="lbAddAPlace" runat="server" onclick="lbAddAPlace_Click"> <asp:Image ID="imAddAPlace" runat="server" ImageUrl="~/Images/jean_victor_balin_add.png" Height="30" /> <span class="name">Add a Place.</span> <span class="arrow"></span> </asp:LinkButton> </li> <li class="button"> <input type="button" value="Update Your Current Location" onclick="UpdateLocation_Click()"> </li> </ul> </div> </asp:Panel> <div> <asp:Panel ID="pnlCoupons" runat="server" Visible="false"> <div id="topbar"> <div id="title">MapSplore</div> <div id="leftbutton"> <asp:LinkButton runat="server" Text="Return" ID="ReturnFromDeals" OnClick="ReturnFromDeals_Click" /></div></div> <div class="content"> <asp:ListView ID="lvCoupons" runat="server"> <LayoutTemplate> <ul class="pageitem" runat="server"> <asp:PlaceHolder ID="itemPlaceholder" runat="server" /> </ul> </LayoutTemplate> <ItemTemplate> <li class="menu"> <asp:LinkButton ID="lbBusiness" runat="server" Text='<%#Eval("Place.Name") %>' OnClick="lbBusiness_Click"> <span class="comment"> <asp:Label ID="lblAddress" runat="server" Text='<%#Eval("Place.Address1") %>' /> <asp:Label ID="lblDis" runat="server" Text='<%# Convert.ToString(Convert.ToInt32(Eval("Place.Distance"))) + " meters" %>' CssClass="smallText" /> <asp:HiddenField ID="hdPlaceId" runat="server" Value='<%#Eval("PlaceId") %>' /> <asp:HiddenField ID="hdGeoPromotionId" runat="server" Value='<%#Eval("GeoPromotionId") %>' /> </span> <span class="arrow"></span> </asp:LinkButton></li></ItemTemplate></asp:ListView><asp:GridView ID="gvCoupons" runat="server" AutoGenerateColumns="false"> <HeaderStyle BackColor="Silver" /> <AlternatingRowStyle BackColor="Wheat" /> <Columns> <asp:TemplateField AccessibleHeaderText="Business" HeaderText="Business"> <ItemTemplate> <asp:Image ID="imPlaceType" runat="server" Text='<%#Eval("Type") %>' ImageUrl='<%#Eval("Image") %>' /> <asp:LinkButton ID="lbBusiness" runat="server" Text='<%#Eval("Name") %>' OnClick="lbBusiness_Click" /> <asp:LinkButton ID="lblAddress" runat="server" Text='<%#Eval("Address1") %>' CssClass="smallText" /> <asp:Label ID="lblDis" runat="server" Text='<%# Convert.ToString(Convert.ToInt32(Eval("Distance"))) + " meters" %>' CssClass="smallText" /> <asp:HiddenField ID="hdPlaceId" runat="server" Value='<%#Eval("PlaceId") %>' /> <asp:HiddenField ID="hdGeoPromotionId" runat="server" Value='<%#Eval("GeoPromotionId") %>' /> <asp:Label ID="lblInfo" runat="server" Visible="false" /> </ItemTemplate> </asp:TemplateField> </Columns> </asp:GridView> </div> </asp:Panel> <asp:Panel ID="pnlPlaces" runat="server" Visible="false"> <div id="topbar"> <div id="title"> MapSplore</div><div id="leftbutton"> <asp:LinkButton runat="server" Text="Return" ID="ReturnFromPlaces" OnClick="ReturnFromPlaces_Click" /></div></div> <div id="content"> <asp:ListView ID="lvPlaces" runat="server"> <LayoutTemplate> <ul id="ulPlaces" class="pageitem" runat="server"> <asp:PlaceHolder ID="itemPlaceholder" runat="server" /> <li class="menu"> <asp:LinkButton ID="lbNotListed" runat="server" CssClass="name" OnClick="lbNotListed_Click"> Place not listed <span class="arrow"></span> </asp:LinkButton> </li> </ul> </LayoutTemplate> <ItemTemplate> <li class="menu"> <asp:LinkButton ID="lbImHere" runat="server" CssClass="name" OnClick="lbImHere_Click"> <%#DisplayName(Eval("Name")) %>  <%# Convert.ToString(Convert.ToInt32(Eval("Distance"))) + " meters" %> <asp:HiddenField ID="hdPlaceId" runat="server" Value='<%#Eval("PlaceId") %>' /> <span class="arrow"></span> </asp:LinkButton></li></ItemTemplate></asp:ListView> </div> </asp:Panel> <asp:Panel ID="pnlImHereNow" runat="server" Visible="false"> <div id="topbar"> <div id="title"> MapSplore</div><div id="leftbutton"> <asp:LinkButton runat="server" Text="Places" ID="lbImHereNowReturn" OnClick="lbImHereNowReturn_Click" /></div></div> <div id="rightbutton"> <asp:LinkButton runat="server" Text="Beginning" ID="lbBackToBeginning" OnClick="lbBackToBeginning_Click" /> </div> <div id="content"> <ul class="pageitem"> <asp:HiddenField ID="hdPlaceId" runat="server" /> <asp:HiddenField ID="hdPlaceLat" runat="server" /> <asp:HiddenField ID="hdPlaceLon" runat="server" /> <asp:HiddenField ID="hdPlaceTitle" runat="server" /> <asp:Button ID="btnImHereNow" runat="server" Text="I'm here" OnClick="btnImHereNow_Click" /> <asp:Label ID="lblPlaceTitle" runat="server" /><br /> <asp:TextBox ID="txtWhatsHappening" runat="server" TextMode="MultiLine" Rows="2" style="width:300px" /><br /> <div id="divImHere" style="width:300px; height:300px"></div> </div> </ul> </asp:Panel> <asp:Panel runat="server" ID="pnlIveBeenHere" Visible="false"> <div id="topbar"> <div id="title"> Where I've been</div><div id="leftbutton"> <asp:LinkButton ID="lbIveBeenHereBack" runat="server" Text="Back" OnClick="lbIveBeenHereBack_Click" /></div></div> <div id="content"> <asp:ListView ID="lvWhereIveBeen" runat="server"> <LayoutTemplate> <ul id="ulWhereIveBeen" class="pageitem" runat="server"> <asp:PlaceHolder ID="itemPlaceholder" runat="server" /> </ul> </LayoutTemplate> <ItemTemplate> <li class="menu" runat="server"> <asp:LinkButton ID="lbPlaceIveBeen" runat="server" OnClick="lbPlaceIveBeen_Click" CssClass="name"> <asp:Label ID="lblPlace" runat="server" Text='<%#Eval("PlaceName") %>' /> at <asp:Label ID="lblTime" runat="server" Text='<%#Eval("ATTime") %>' CssClass="content" /> <asp:HiddenField ID="hdATID" runat="server" Value='<%#Eval("ATID") %>' /> <span class="arrow"></span> </asp:LinkButton> </li> </ItemTemplate> </asp:ListView> </div> </asp:Panel> <asp:Panel runat="server" ID="pnlPlaceIveBeen" Visible="false"> <div id="topbar"> <div id="title"> I've been here </div> <div id="leftbutton"> <asp:LinkButton ID="lbPlaceIveBeenBack" runat="server" Text="Back" OnClick="lbPlaceIveBeenBack_Click" /> </div> <div id="rightbutton"> <asp:LinkButton ID="lbPlaceIveBeenBeginning" runat="server" Text="Beginning" OnClick="lbPlaceIveBeenBeginning_Click" /> </div> </div> <div id="content"> <ul class="pageitem"> <li> <asp:HiddenField ID="hdPlaceIveBeenPlaceId" runat="server" /> <asp:HiddenField ID="hdPlaceIveBeenLatitude" runat="server" /> <asp:HiddenField ID="hdPlaceIveBeenLongitude" runat="server" /> <asp:Label ID="lblPlaceIveBeenName" runat="server" /><br /> <asp:Label ID="lblPlaceIveBeenAddress" runat="server" /><br /> <asp:Label ID="lblPlaceIveBeenCity" runat="server" />, <asp:Label ID="lblPlaceIveBeenState" runat="server" /> <asp:Label ID="lblPlaceIveBeenZipCode" runat="server" /><br /> <asp:Label ID="lblPlaceIveBeenCountry" runat="server" /><br /> <div id="divPlaceIveBeen" style="width:300px; height:300px"></div> </li> </ul> </div> </asp:Panel> <asp:Panel ID="pnlAddPlace" runat="server" Visible="false"> <div id="topbar"><div id="title">MapSplore</div><div id="leftbutton"><asp:LinkButton ID="lbAddPlaceReturn" runat="server" Text="Back" OnClick="lbAddPlaceReturn_Click" /></div><div id="rightnav"></div></div><div id="content"> <ul class="pageitem"> <li id="liPlaceAddMessage" runat="server" visible="false"> <asp:Label ID="PlaceAddMessage" runat="server" /> </li> <li class="bigfield"> <asp:TextBox ID="txtPlaceName" runat="server" placeholder="Name of Establishment" /> </li> <li class="bigfield"> <asp:TextBox ID="txtAddress1" runat="server" placeholder="Address 1" /> </li> <li class="bigfield"> <asp:TextBox ID="txtCity" runat="server" placeholder="City" /> </li> <li class="select"> <asp:DropDownList ID="ddlProvince" runat="server" placeholder="Select State" /> <span class="arrow"></span> </li> <li class="bigfield"> <asp:TextBox ID="txtZipCode" runat="server" placeholder="Zip Code" /> </li> <li class="select"> <asp:DropDownList ID="ddlCountry" runat="server" onselectedindexchanged="ddlCountry_SelectedIndexChanged" /> <span class="arrow"></span> </li> <li class="bigfield"> <asp:TextBox ID="txtPhoneNumber" runat="server" placeholder="Phone Number" /> </li> <li class="checkbox"> <span class="name">You Here Now:</span> <asp:CheckBox ID="cbYouHereNow" runat="server" Checked="true" /> </li> <li class="button"> <asp:Button ID="btnAdd" runat="server" Text="Add Place" onclick="btnAdd_Click" /> </li> </ul></div> </asp:Panel> <asp:Panel ID="pnlImHere" runat="server" Visible="false"> <asp:TextBox ID="txtImHere" runat="server" TextMode="MultiLine" Rows="3" Columns="40" /><br /> <asp:DropDownList ID="ddlPlace" runat="server" /><br /> <asp:Button ID="btnHere" runat="server" Text="Tell Everyone I'm Here" onclick="btnHere_Click" /><br /> </asp:Panel> </div> </ContentTemplate> </asp:UpdatePanel> </asp:Content> Code Behind .cs file: using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.HtmlControls;using System.Web.UI.WebControls;using LocationDataModel; public partial class AT_iPhone_Default : ViewStatePage{ private iPhoneDevice ipd; protected void Page_Load(object sender, EventArgs e) { LocationDataEntities lde = new LocationDataEntities(); if (!Page.IsPostBack) { var Countries = from c in lde.Countries select c; foreach (Country co in Countries) { ddlCountry.Items.Add(new ListItem(co.Name, co.CountryId.ToString())); } ddlCountry_SelectedIndexChanged(ddlCountry, null); if (AppleIPhone.IsIPad()) ipd = iPhoneDevice.iPad; if (AppleIPhone.IsIPhone()) ipd = iPhoneDevice.iPhone; if (AppleIPhone.IsIPodTouch()) ipd = iPhoneDevice.iPodTouch; } } protected void btnPlaces_Click(object sender, EventArgs e) { } protected void btnAdd_Click(object sender, EventArgs e) { bool blImHere = cbYouHereNow.Checked; string Place = txtPlaceName.Text, Address1 = txtAddress1.Text, City = txtCity.Text, ZipCode = txtZipCode.Text, PhoneNumber = txtPhoneNumber.Text, ProvinceId = ddlProvince.SelectedItem.Value, CountryId = ddlCountry.SelectedItem.Value; int iProvinceId, iCountryId; double dLatitude, dLongitude; DataAccess da = new DataAccess(); if ((!String.IsNullOrEmpty(ProvinceId)) && (!String.IsNullOrEmpty(CountryId))) { iProvinceId = Convert.ToInt32(ProvinceId); iCountryId = Convert.ToInt32(CountryId); if (blImHere) { dLatitude = Convert.ToDouble(Latitude.Value); dLongitude = Convert.ToDouble(Longitude.Value); da.StorePlace(Place, Address1, String.Empty, City, iProvinceId, ZipCode, iCountryId, PhoneNumber, dLatitude, dLongitude); } else { da.StorePlace(Place, Address1, String.Empty, City, iProvinceId, ZipCode, iCountryId, PhoneNumber); } liPlaceAddMessage.Visible = true; PlaceAddMessage.Text = "Awesome, your place has been added. Add Another!"; txtPlaceName.Text = String.Empty; txtAddress1.Text = String.Empty; txtCity.Text = String.Empty; ddlProvince.SelectedIndex = -1; txtZipCode.Text = String.Empty; txtPhoneNumber.Text = String.Empty; } else { liPlaceAddMessage.Visible = true; PlaceAddMessage.Text = "Please select a State and a Country."; } } protected void ddlCountry_SelectedIndexChanged(object sender, EventArgs e) { string CountryId = ddlCountry.SelectedItem.Value; if (!String.IsNullOrEmpty(CountryId)) { int iCountryId = Convert.ToInt32(CountryId); LocationDataModel.LocationDataEntities lde = new LocationDataModel.LocationDataEntities(); var prov = from p in lde.Provinces where p.CountryId == iCountryId orderby p.ProvinceName select p; ddlProvince.Items.Add(String.Empty); foreach (Province pr in prov) { ddlProvince.Items.Add(new ListItem(pr.ProvinceName, pr.ProvinceId.ToString())); } } else { ddlProvince.Items.Clear(); } } protected void btnImHere_Click(object sender, EventArgs e) { int i = 0; DataAccess da = new DataAccess(); double Lat = Convert.ToDouble(Latitude.Value), Lon = Convert.ToDouble(Longitude.Value); List<Place> lp = da.NearByLocations(Lat, Lon); foreach (Place p in lp) { ListItem li = new ListItem(p.Name, p.PlaceId.ToString()); if (i == 0) { li.Selected = true; } ddlPlace.Items.Add(li); i++; } pnlAddPlace.Visible = false; pnlImHere.Visible = true; } protected void lbImHere_Click(object sender, EventArgs e) { string UserName = Membership.GetUser().UserName; ListViewItem lvi = (ListViewItem)(((LinkButton)sender).Parent); HiddenField hd = (HiddenField)lvi.FindControl("hdPlaceId"); long PlaceId = Convert.ToInt64(hd.Value); double dLatitude = Convert.ToDouble(Latitude.Value); double dLongitude = Convert.ToDouble(Longitude.Value); DataAccess da = new DataAccess(); Place pl = da.GetPlace(PlaceId); pnlImHereNow.Visible = true; pnlPlaces.Visible = false; hdPlaceId.Value = PlaceId.ToString(); hdPlaceLat.Value = pl.Latitude.ToString(); hdPlaceLon.Value = pl.Longitude.ToString(); hdPlaceTitle.Value = pl.Name; lblPlaceTitle.Text = pl.Name; } protected void btnHere_Click(object sender, EventArgs e) { string UserName = Membership.GetUser().UserName; string WhatsH = txtImHere.Text; long PlaceId = Convert.ToInt64(ddlPlace.SelectedValue); double dLatitude = Convert.ToDouble(Latitude.Value); double dLongitude = Convert.ToDouble(Longitude.Value); DataAccess da = new DataAccess(); da.StoreUserAT(UserName, PlaceId, WhatsH, dLatitude, dLongitude); } protected void btnLocalCoupons_Click(object sender, EventArgs e) { double dLatitude = Convert.ToDouble(Latitude.Value); double dLongitude = Convert.ToDouble(Longitude.Value); DataAccess da = new DataAccess(); } protected void lbBusiness_Click(object sender, EventArgs e) { string UserName = Membership.GetUser().UserName; GridViewRow gvr = (GridViewRow)(((LinkButton)sender).Parent.Parent); HiddenField hd = (HiddenField)gvr.FindControl("hdPlaceId"); string sPlaceId = hd.Value; Int64 PlaceId; if (!String.IsNullOrEmpty(sPlaceId)) { PlaceId = Convert.ToInt64(sPlaceId); } } protected void lbLocalDeals_Click(object sender, EventArgs e) { double dLatitude = Convert.ToDouble(Latitude.Value); double dLongitude = Convert.ToDouble(Longitude.Value); DataAccess da = new DataAccess(); pnlCoupons.Visible = true; pnlStart.Visible = false; List<GeoPromotion> lgp = da.NearByDeals(dLatitude, dLongitude); lvCoupons.DataSource = lgp; lvCoupons.DataBind(); } protected void lbLocalPlaces_Click(object sender, EventArgs e) { DataAccess da = new DataAccess(); double Lat = Convert.ToDouble(Latitude.Value); double Lon = Convert.ToDouble(Longitude.Value); List<LocationDataModel.Place> places = da.NearByLocations(Lat, Lon); lvPlaces.DataSource = places; lvPlaces.SelectedIndex = -1; lvPlaces.DataBind(); pnlPlaces.Visible = true; pnlStart.Visible = false; } protected void ReturnFromPlaces_Click(object sender, EventArgs e) { pnlPlaces.Visible = false; pnlStart.Visible = true; } protected void ReturnFromDeals_Click(object sender, EventArgs e) { pnlCoupons.Visible = false; pnlStart.Visible = true; } protected void btnImHereNow_Click(object sender, EventArgs e) { long PlaceId = Convert.ToInt32(hdPlaceId.Value); string UserName = Membership.GetUser().UserName; string WhatsHappening = txtWhatsHappening.Text; double UserLat = Convert.ToDouble(Latitude.Value); double UserLon = Convert.ToDouble(Longitude.Value); DataAccess da = new DataAccess(); da.StoreUserAT(UserName, PlaceId, WhatsHappening, UserLat, UserLon); } protected void lbImHereNowReturn_Click(object sender, EventArgs e) { pnlImHereNow.Visible = false; pnlPlaces.Visible = true; } protected void lbBackToBeginning_Click(object sender, EventArgs e) { pnlStart.Visible = true; pnlImHereNow.Visible = false; } protected void lbWhereIveBeen_Click(object sender, EventArgs e) { string UserName = Membership.GetUser().UserName; pnlStart.Visible = false; pnlIveBeenHere.Visible = true; DataAccess da = new DataAccess(); lvWhereIveBeen.DataSource = da.UserATs(UserName, 0, 15); lvWhereIveBeen.DataBind(); } protected void lbIveBeenHereBack_Click(object sender, EventArgs e) { pnlIveBeenHere.Visible = false; pnlStart.Visible = true; } protected void lbPlaceIveBeen_Click(object sender, EventArgs e) { LinkButton lb = (LinkButton)sender; ListViewItem lvi = (ListViewItem)lb.Parent.Parent; HiddenField hdATID = (HiddenField)lvi.FindControl("hdATID"); Int64 ATID = Convert.ToInt64(hdATID.Value); DataAccess da = new DataAccess(); pnlIveBeenHere.Visible = false; pnlPlaceIveBeen.Visible = true; var plac = da.GetPlaceViaATID(ATID); hdPlaceIveBeenPlaceId.Value = plac.PlaceId.ToString(); hdPlaceIveBeenLatitude.Value = plac.Latitude.ToString(); hdPlaceIveBeenLongitude.Value = plac.Longitude.ToString(); lblPlaceIveBeenName.Text = plac.Name; lblPlaceIveBeenAddress.Text = plac.Address1; lblPlaceIveBeenCity.Text = plac.City; lblPlaceIveBeenState.Text = plac.Province.ProvinceName; lblPlaceIveBeenZipCode.Text = plac.ZipCode; lblPlaceIveBeenCountry.Text = plac.Country.Name; } protected void lbNotListed_Click(object sender, EventArgs e) { SetupAddPoint(); pnlPlaces.Visible = false; } protected void lbAddAPlace_Click(object sender, EventArgs e) { SetupAddPoint(); } private void SetupAddPoint() { double lat = Convert.ToDouble(Latitude.Value); double lon = Convert.ToDouble(Longitude.Value); DataAccess da = new DataAccess(); var zip = da.WhereAmIAt(lat, lon); if (zip.Count > 0) { var z0 = zip[0]; txtCity.Text = z0.City; txtZipCode.Text = z0.ZipCode; ddlProvince.ClearSelection(); if (z0.ProvinceId.HasValue == true) { foreach (ListItem li in ddlProvince.Items) { if (li.Value == z0.ProvinceId.Value.ToString()) { li.Selected = true; break; } } } } pnlAddPlace.Visible = true; pnlStart.Visible = false; } protected void lbAddPlaceReturn_Click(object sender, EventArgs e) { pnlAddPlace.Visible = false; pnlStart.Visible = true; liPlaceAddMessage.Visible = false; PlaceAddMessage.Text = String.Empty; } protected void lbPlaceIveBeenBack_Click(object sender, EventArgs e) { pnlIveBeenHere.Visible = true; pnlPlaceIveBeen.Visible = false; } protected void lbPlaceIveBeenBeginning_Click(object sender, EventArgs e) { pnlPlaceIveBeen.Visible = false; pnlStart.Visible = true; } protected string DisplayName(object val) { string strVal = Convert.ToString(val); if (AppleIPhone.IsIPad()) { ipd = iPhoneDevice.iPad; } if (AppleIPhone.IsIPhone()) { ipd = iPhoneDevice.iPhone; } if (AppleIPhone.IsIPodTouch()) { ipd = iPhoneDevice.iPodTouch; } return (iPhoneHelper.DisplayContentOnMenu(strVal, ipd)); }} iPhoneHelper.cs file: using System;using System.Collections.Generic;using System.Linq;using System.Web; public enum iPhoneDevice{ iPhone, iPodTouch, iPad}/// <summary>/// Summary description for iPhoneHelper/// </summary>/// public class iPhoneHelper{ public iPhoneHelper() { // // TODO: Add constructor logic here // } // This code is stupid in retrospect. Use css to solve this problem public static string DisplayContentOnMenu(string val, iPhoneDevice ipd) { string Return = val; string Elipsis = "..."; int iPadMaxLength = 30; int iPhoneMaxLength = 15; if (ipd == iPhoneDevice.iPad) { if (Return.Length > iPadMaxLength) { Return = Return.Substring(0, iPadMaxLength - Elipsis.Length) + Elipsis; } } else { if (Return.Length > iPhoneMaxLength) { Return = Return.Substring(0, iPhoneMaxLength - Elipsis.Length) + Elipsis; } } return (Return); }} Source code for the ViewStatePage: using System;using System.Data;using System.Data.SqlClient;using System.Configuration;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls; /// <summary>/// Summary description for BasePage/// </summary>#region Base class for a page.public class ViewStatePage : System.Web.UI.Page{ PageStatePersisterToDatabase myPageStatePersister; public ViewStatePage() : base() { myPageStatePersister = new PageStatePersisterToDatabase(this); } protected override PageStatePersister PageStatePersister { get { return myPageStatePersister; } } }#endregion #region This class will override the page persistence to store page state in a database.public class PageStatePersisterToDatabase : PageStatePersister{ private string ViewStateKeyField = "__VIEWSTATE_KEY"; private string _exNoConnectionStringFound = "No Database Configuration information is in the web.config."; public PageStatePersisterToDatabase(Page page) : base(page) { } public override void Load() { // Get the cache key from the web form data System.Int64 key = Convert.ToInt64(Page.Request.Params[ViewStateKeyField]); Pair state = this.LoadState(key); // Abort if cache object is not of type Pair if (state == null) throw new ApplicationException("Missing valid " + ViewStateKeyField); // Set view state and control state ViewState = state.First; ControlState = state.Second; } public override void Save() { // No processing needed if no states available if (ViewState == null && ControlState != null) return; System.Int64 key; IStateFormatter formatter = this.StateFormatter; Pair statePair = new Pair(ViewState, ControlState); // Serialize the statePair object to a string. string serializedState = formatter.Serialize(statePair); // Save the ViewState and get a unique identifier back. key = SaveState(serializedState); // Register hidden field to store cache key in // Page.ClientScript does not work properly with Atlas. //Page.ClientScript.RegisterHiddenField(ViewStateKeyField, key.ToString()); ScriptManager.RegisterHiddenField(this.Page, ViewStateKeyField, key.ToString()); } private System.Int64 SaveState(string PageState) { System.Int64 i64Key = 0; string strConn = String.Empty, strProvider = String.Empty; string strSql = "insert into tblPageState ( SerializedState ) values ( '" + SqlEscape(PageState) + "');select scope_identity();"; SqlConnection sqlCn; SqlCommand sqlCm; try { GetDBConnectionString(ref strConn, ref strProvider); sqlCn = new SqlConnection(strConn); sqlCm = new SqlCommand(strSql, sqlCn); sqlCn.Open(); i64Key = Convert.ToInt64(sqlCm.ExecuteScalar()); if (sqlCn.State != ConnectionState.Closed) { sqlCn.Close(); } sqlCn.Dispose(); sqlCm.Dispose(); } finally { sqlCn = null; sqlCm = null; } return i64Key; } private Pair LoadState(System.Int64 iKey) { string strConn = String.Empty, strProvider = String.Empty, SerializedState = String.Empty, strMinutesInPast = GetMinutesInPastToDelete(); Pair PageState; string strSql = "select SerializedState from tblPageState where tblPageStateID=" + iKey.ToString() + ";" + "delete from tblPageState where DateUpdated<DateAdd(mi, " + strMinutesInPast + ", getdate());"; SqlConnection sqlCn; SqlCommand sqlCm; try { GetDBConnectionString(ref strConn, ref strProvider); sqlCn = new SqlConnection(strConn); sqlCm = new SqlCommand(strSql, sqlCn); sqlCn.Open(); SerializedState = Convert.ToString(sqlCm.ExecuteScalar()); IStateFormatter formatter = this.StateFormatter; if ((null == SerializedState) || (String.Empty == SerializedState)) { throw (new ApplicationException("No ViewState records were returned.")); } // Deserilize returns the Pair object that is serialized in // the Save method. PageState = (Pair)formatter.Deserialize(SerializedState); if (sqlCn.State != ConnectionState.Closed) { sqlCn.Close(); } sqlCn.Dispose(); sqlCm.Dispose(); } finally { sqlCn = null; sqlCm = null; } return PageState; } private string SqlEscape(string Val) { string ReturnVal = String.Empty; if (null != Val) { ReturnVal = Val.Replace("'", "''"); } return (ReturnVal); } private void GetDBConnectionString(ref string ConnectionStringValue, ref string ProviderNameValue) { if (System.Configuration.ConfigurationManager.ConnectionStrings.Count > 0) { ConnectionStringValue = System.Configuration.ConfigurationManager.ConnectionStrings["ApplicationServices"].ConnectionString; ProviderNameValue = System.Configuration.ConfigurationManager.ConnectionStrings["ApplicationServices"].ProviderName; } else { throw new ConfigurationErrorsException(_exNoConnectionStringFound); } } private string GetMinutesInPastToDelete() { string strReturn = "-60"; if (null != System.Configuration.ConfigurationManager.AppSettings["MinutesInPastToDeletePageState"]) { strReturn = System.Configuration.ConfigurationManager.AppSettings["MinutesInPastToDeletePageState"].ToString(); } return (strReturn); }}#endregion AppleiPhone.cs file: using System;using System.Collections.Generic;using System.Linq;using System.Web; /// <summary>/// Summary description for AppleIPhone/// </summary>public class AppleIPhone{ public AppleIPhone() { // // TODO: Add constructor logic here // } static public bool IsIPhoneOS() { return (IsIPad() || IsIPhone() || IsIPodTouch()); } static public bool IsIPhone() { return IsTest("iPhone"); } static public bool IsIPodTouch() { return IsTest("iPod"); } static public bool IsIPad() { return IsTest("iPad"); } static private bool IsTest(string Agent) { bool bl = false; string ua = HttpContext.Current.Request.UserAgent.ToLower(); try { bl = ua.Contains(Agent.ToLower()); } catch { } return (bl); }} Master page .cs: using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.UI;using System.Web.UI.HtmlControls;using System.Web.UI.WebControls; public partial class MasterPages_iPhoneMaster : System.Web.UI.MasterPage{ protected void Page_Load(object sender, EventArgs e) { HtmlHead head = Page.Header; HtmlMeta meta = new HtmlMeta(); if (AppleIPhone.IsIPad() == true) { meta.Content = "width=400,user-scalable=no"; head.Controls.Add(meta); } else { meta.Content = "width=device-width, user-scalable=no"; meta.Attributes.Add("name", "viewport"); } meta.Attributes.Add("name", "viewport"); head.Controls.Add(meta); HtmlLink cssLink = new HtmlLink(); HtmlGenericControl script = new HtmlGenericControl("script"); script.Attributes.Add("type", "text/javascript"); script.Attributes.Add("src", ResolveUrl("~/Scripts/iWebKit/javascript/functions.js")); head.Controls.Add(script); cssLink.Attributes.Add("rel", "stylesheet"); cssLink.Attributes.Add("href", ResolveUrl("~/Scripts/iWebKit/css/style.css") ); cssLink.Attributes.Add("type", "text/css"); head.Controls.Add(cssLink); HtmlGenericControl jsLink = new HtmlGenericControl("script"); //jsLink.Attributes.Add("type", "text/javascript"); //jsLink.Attributes.Add("src", ResolveUrl("~/Scripts/jquery-1.4.1.min.js") ); //head.Controls.Add(jsLink); HtmlLink appleIcon = new HtmlLink(); appleIcon.Attributes.Add("rel", "apple-touch-icon"); appleIcon.Attributes.Add("href", ResolveUrl("~/apple-touch-icon.png")); HtmlMeta appleMobileWebAppStatusBarStyle = new HtmlMeta(); appleMobileWebAppStatusBarStyle.Attributes.Add("name", "apple-mobile-web-app-status-bar-style"); appleMobileWebAppStatusBarStyle.Attributes.Add("content", "black"); head.Controls.Add(appleMobileWebAppStatusBarStyle); } internal string FindPath(string Location) { string Url = Server.MapPath(Location); return (Url); }}

Read the article
User is trying to leave! Set at-least confirm alert on browser(tab) close event!!

- by kaushalparik27

This is something that might be annoying or irritating for end user. Obviously, It's impossible to prevent end user from closing the/any browser. Just think of this if it becomes possible!!!. That will be a horrible web world where everytime you will be attacked by sites and they will not allow to close your browser until you confirm your shopping cart and do the payment. LOL:) You need to open the task manager and might have to kill the running browser exe processes.Anyways; Jokes apart, but I have one situation where I need to alert/confirm from the user in any anyway when they try to close the browser or change the url. Think of this: You are creating a single page intranet asp.net application where your employee can enter/select their TDS/Investment Declarations and you wish to at-least ALERT/CONFIRM them if they are attempting to:[1] Close the Browser[2] Close the Browser Tab[3] Attempt to go some other site by Changing the urlwithout completing/freezing their declaration.So, Finally requirement is clear. I need to alert/confirm the user what he is going to do on above bulleted events. I am going to use window.onbeforeunload event to set the javascript confirm alert box to appear. <script language="JavaScript" type="text/javascript"> window.onbeforeunload = confirmExit; function confirmExit() { return "You are about to exit the system before freezing your declaration! If you leave now and never return to freeze your declaration; then they will not go into effect and you may lose tax deduction, Are you sure you want to leave now?"; } </script>See! you are halfway done!. So, every time browser unloads the page, above confirm alert causes to appear on front of user like below:By saying here "every time browser unloads the page"; I mean to say that whenever page loads or postback happens the browser onbeforeunload event will be executed. So, event a button submit or a link submit which causes page to postback would tend to execute the browser onbeforeunload event to fire!So, now the hurdle is how can we prevent the alert "Not to show when page is being postback" via any button/link submit? Answer is JQuery :)Idea is, you just need to set the script reference src to jQuery library and Set the window.onbeforeunload event to null when any input/link causes a page to postback.Below will be the complete code:<head runat="server"> <title></title> <script src="jquery.min.js" type="text/javascript"></script> <script language="JavaScript" type="text/javascript"> window.onbeforeunload = confirmExit; function confirmExit() { return "You are about to exit the system before freezing your declaration! If you leave now and never return to freeze your declaration; then they will not go into effect and you may lose tax deduction, Are you sure you want to leave now?"; } $(function() { $("a").click(function() { window.onbeforeunload = null; }); $("input").click(function() { window.onbeforeunload = null; }); }); </script></head><body> <form id="form1" runat="server"> <div></div> </form></body></html>So, By this post I have tried to set the confirm alert if user try to close the browser/tab or try leave the site by changing the url. I have attached a working example with this post here. I hope someone might find it helpful.

Read the article
ASP.NET Web Site Administration Tool unkown Error ASP.NET 4 VS 2010

- by Gabriel Guimarães

I was following the MVCMusic tutorial with an machine with full sql server 2008 r2 and full visual studio professional and when I got to the page where it sets up membership (near page 66) the Web administration tool wont work, i got the following error: An error was encountered. Please return to the previous page and try again. my web config is like this: <connectionStrings> <clear /> <add name="MvcMusicStoreCN" connectionString="Data Source=.;Initial Catalog=MvcMusicStore;Integrated Security=True" providerName="System.Data.SqlClient" /> <add name="MvcMusicStoreEntities" connectionString="metadata=res://*/Models.Store.csdl|res://*/Models.Store.ssdl|res://*/Models.Store.msl;provider=System.Data.SqlClient;provider connection string="Data Source=.;Initial Catalog=MvcMusicStore;Integrated Security=True;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" /> </connectionStrings> <system.web> <membership defaultProvider="AspNetSqlMembershipProvider"> <providers> <clear /> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="MvcMusicStoreCN" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" passwordFormat="Hashed" /> </providers> </membership> <profile> <providers> <clear /> <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="MvcMusicStoreCN" applicationName="/" /> </providers> </profile> <roleManager enabled="true" defaultProvider="MvcMusicStoreCN"> <providers> <clear /> <add connectionStringName="MvcMusicStoreCN" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" /> <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" /> </providers> </roleManager> </system.web>

Read the article
Creating .NET 3.0 sub-applications within .NET 1.1 applications in IIS/ASP.Net

- by Karen

I am basically trying to do the same thing as this question, create a new application within a folder so it could be accessed as follows. * http://www.domain.com/ < Main App * http://www.domain.com/newapp < New App The problem is that newapp is reading the web.config from the Main App, which is causing errors because it doesn't have all the same dlls etc. For New App, in IIS, the starting point is set at /newapp, so I am not sure why it is reading the web.config from / at all. It is set as it's own application. I am testing this in IIS6 on XP Pro, so not sure if that makes a difference. The Main App is dotnet 1.1, and New App is 3.0. Edit: Adding 'inheritInChildApplications to <location doesn't work in 1.1, you get an error: Parser Error Message: Unrecognized attribute 'inheritInChildApplications'

Read the article
User roles in GWT applications

- by csaffi

Hi everybody, I'm wondering if you could suggest me any way to implement "user roles" in GWT applications. I would like to implement a GWT application where users log in and are assigned "roles". Based on their role, they would be able to see and use different application areas. Here are two possible solution I thought: 1) A possible solution could be to make an RPC call to the server during onModuleLoad. This RPC call would generate the necessary Widgets and/or place them on a panel and then return this panel to the client end. 2) Another possible solution could be to make an RPC call on login retrieving from server users roles and inspecting them to see what the user can do. What do you think about? Thank you very much in advance for your help!

Read the article
.NET 4.0, Silverlight 4, F# decompilation in .NET Reflector, our crazy shipping schedule, and some p

- by Bart Read

Yes, with a list of topics that broad, it can only be another update on what's happening in Red Gate's .NET Developer Tools division....(read more)

Read the article
Is PluralSight worth the cost [closed]

- by B Woods

I am an looking at a few different supplemental learning courses to help me beef up my skills but unsure which one to use. I am interested in PluralSight because I work for the government and they use all Microsoft technologies for the most part. I like the courses on PluralSight but the price tag is pretty hefty. I am not sure how good the courses are because I cannot view the ones I want so I am a tad bit skeptical. I am sure some of you have PluralSight, do you think its a good investment for your learning or should I just stick with books/internet? Any suggestions?

Read the article
Maintaining shared service in ASP.NET MVC Application

- by kazimanzurrashid

Depending on the application sometimes we have to maintain some shared service throughout our application. Let’s say you are developing a multi-blog supported blog engine where both the controller and view must know the currently visiting blog, it’s setting , user information and url generation service. In this post, I will show you how you can handle this kind of case in most convenient way. First, let see the most basic way, we can create our PostController in the following way: public class PostController : Controller { public PostController(dependencies...) { } public ActionResult Index(string blogName, int? page) { BlogInfo blog = blogSerivce.FindByName(blogName); if (blog == null) { return new NotFoundResult(); } IEnumerable<PostInfo> posts = postService.FindPublished(blog.Id, PagingCalculator.StartIndex(page, blog.PostPerPage), blog.PostPerPage); int count = postService.GetPublishedCount(blog.Id); UserInfo user = null; if (HttpContext.User.Identity.IsAuthenticated) { user = userService.FindByName(HttpContext.User.Identity.Name); } return View(new IndexViewModel(urlResolver, user, blog, posts, count, page)); } public ActionResult Archive(string blogName, int? page, ArchiveDate archiveDate) { BlogInfo blog = blogSerivce.FindByName(blogName); if (blog == null) { return new NotFoundResult(); } IEnumerable<PostInfo> posts = postService.FindArchived(blog.Id, archiveDate, PagingCalculator.StartIndex(page, blog.PostPerPage), blog.PostPerPage); int count = postService.GetArchivedCount(blog.Id, archiveDate); UserInfo user = null; if (HttpContext.User.Identity.IsAuthenticated) { user = userService.FindByName(HttpContext.User.Identity.Name); } return View(new ArchiveViewModel(urlResolver, user, blog, posts, count, page, achiveDate)); } public ActionResult Tag(string blogName, string tagSlug, int? page) { BlogInfo blog = blogSerivce.FindByName(blogName); if (blog == null) { return new NotFoundResult(); } TagInfo tag = tagService.FindBySlug(blog.Id, tagSlug); if (tag == null) { return new NotFoundResult(); } IEnumerable<PostInfo> posts = postService.FindPublishedByTag(blog.Id, tag.Id, PagingCalculator.StartIndex(page, blog.PostPerPage), blog.PostPerPage); int count = postService.GetPublishedCountByTag(tag.Id); UserInfo user = null; if (HttpContext.User.Identity.IsAuthenticated) { user = userService.FindByName(HttpContext.User.Identity.Name); } return View(new TagViewModel(urlResolver, user, blog, posts, count, page, tag)); } } As you can see the above code heavily depends upon the current blog and the blog retrieval code is duplicated in all of the action methods, once the blog is retrieved the same blog is passed in the view model. Other than the blog the view also needs the current user and url resolver to render it properly. One way to remove the duplicate blog retrieval code is to create a custom model binder which converts the blog from a blog name and use the blog a parameter in the action methods instead of the string blog name, but it only helps the first half in the above scenario, the action methods still have to pass the blog, user and url resolver etc in the view model. Now lets try to improve the the above code, first lets create a new class which would contain the shared services, lets name it as BlogContext: public class BlogContext { public BlogInfo Blog { get; set; } public UserInfo User { get; set; } public IUrlResolver UrlResolver { get; set; } } Next, we will create an interface, IContextAwareService: public interface IContextAwareService { BlogContext Context { get; set; } } The idea is, whoever needs these shared services needs to implement this interface, in our case both the controller and the view model, now we will create an action filter which will be responsible for populating the context: public class PopulateBlogContextAttribute : FilterAttribute, IActionFilter { private static string blogNameRouteParameter = "blogName"; private readonly IBlogService blogService; private readonly IUserService userService; private readonly BlogContext context; public PopulateBlogContextAttribute(IBlogService blogService, IUserService userService, IUrlResolver urlResolver) { Invariant.IsNotNull(blogService, "blogService"); Invariant.IsNotNull(userService, "userService"); Invariant.IsNotNull(urlResolver, "urlResolver"); this.blogService = blogService; this.userService = userService; context = new BlogContext { UrlResolver = urlResolver }; } public static string BlogNameRouteParameter { [DebuggerStepThrough] get { return blogNameRouteParameter; } [DebuggerStepThrough] set { blogNameRouteParameter = value; } } public void OnActionExecuting(ActionExecutingContext filterContext) { string blogName = (string) filterContext.Controller.ValueProvider.GetValue(BlogNameRouteParameter).ConvertTo(typeof(string), Culture.Current); if (!string.IsNullOrWhiteSpace(blogName)) { context.Blog = blogService.FindByName(blogName); } if (context.Blog == null) { filterContext.Result = new NotFoundResult(); return; } if (filterContext.HttpContext.User.Identity.IsAuthenticated) { context.User = userService.FindByName(filterContext.HttpContext.User.Identity.Name); } IContextAwareService controller = filterContext.Controller as IContextAwareService; if (controller != null) { controller.Context = context; } } public void OnActionExecuted(ActionExecutedContext filterContext) { Invariant.IsNotNull(filterContext, "filterContext"); if ((filterContext.Exception == null) || filterContext.ExceptionHandled) { IContextAwareService model = filterContext.Controller.ViewData.Model as IContextAwareService; if (model != null) { model.Context = context; } } } } As you can see we are populating the context in the OnActionExecuting, which executes just before the controllers action methods executes, so by the time our action methods executes the context is already populated, next we are are assigning the same context in the view model in OnActionExecuted method which executes just after we set the model and return the view in our action methods. Now, lets change the view models so that it implements this interface: public class IndexViewModel : IContextAwareService { // More Codes } public class ArchiveViewModel : IContextAwareService { // More Codes } public class TagViewModel : IContextAwareService { // More Codes } and the controller: public class PostController : Controller, IContextAwareService { public PostController(dependencies...) { } public BlogContext Context { get; set; } public ActionResult Index(int? page) { IEnumerable<PostInfo> posts = postService.FindPublished(Context.Blog.Id, PagingCalculator.StartIndex(page, Context.Blog.PostPerPage), Context.Blog.PostPerPage); int count = postService.GetPublishedCount(Context.Blog.Id); return View(new IndexViewModel(posts, count, page)); } public ActionResult Archive(int? page, ArchiveDate archiveDate) { IEnumerable<PostInfo> posts = postService.FindArchived(Context.Blog.Id, archiveDate, PagingCalculator.StartIndex(page, Context.Blog.PostPerPage), Context.Blog.PostPerPage); int count = postService.GetArchivedCount(Context.Blog.Id, archiveDate); return View(new ArchiveViewModel(posts, count, page, achiveDate)); } public ActionResult Tag(string blogName, string tagSlug, int? page) { TagInfo tag = tagService.FindBySlug(Context.Blog.Id, tagSlug); if (tag == null) { return new NotFoundResult(); } IEnumerable<PostInfo> posts = postService.FindPublishedByTag(Context.Blog.Id, tag.Id, PagingCalculator.StartIndex(page, Context.Blog.PostPerPage), Context.Blog.PostPerPage); int count = postService.GetPublishedCountByTag(tag.Id); return View(new TagViewModel(posts, count, page, tag)); } } Now, the last thing where we have to glue everything, I will be using the AspNetMvcExtensibility to register the action filter (as there is no better way to inject the dependencies in action filters). public class RegisterFilters : RegisterFiltersBase { private static readonly Type controllerType = typeof(Controller); private static readonly Type contextAwareType = typeof(IContextAwareService); protected override void Register(IFilterRegistry registry) { TypeCatalog controllers = new TypeCatalogBuilder() .Add(GetType().Assembly) .Include(type => controllerType.IsAssignableFrom(type) && contextAwareType.IsAssignableFrom(type)); registry.Register<PopulateBlogContextAttribute>(controllers); } } Thoughts and Comments?

Read the article
multi-clients web application,should I use custom user controls or a common user control

- by ValidfroM

Say my company is going to build a complicated asp.net web form education system. One of the module is web based registration. To make it flexiable, we decide to use user control(ascx) with rule-engine (work flow) regulating all business logic behide them. Thus in future,for different clients, we can simply config basic existing rules or adding new rules.(Rules stored in db or XML per client). Now the question is how to deal with the user controls (ascx)? My opinion is for different client build diffrent user control from scratch. other voice is like reuse existing user controls.

Read the article
Where is .NET Framework 4.5 directory located?

- by Evgeni Nabokov

I installed .NET Framework 4.5 on Windows 7 Enterprise SP1 64 bit. When I looked in C:\Windows\Microsoft.NET\Framework (Framework64) directory, I did not see any directory containing files of .NET Framework 4.5, just those: v1.0.3705 v1.1.4322 v2.0.50727 v3.0 v3.5 v4.0.30319 Installing the .NET Framework 4.5 says: The .NET Framework 4.5 replaces the .NET Framework 4. When you install the .NET Framework 4.5 on a system that has the .NET Framework 4 installed, the assemblies are replaced. Thereby, 4.5's files are located in v4.0.30319 directory. Am I right?

Read the article
Daily tech links for .net and related technologies - Apr 8-10, 2010

- by SanjeevAgarwal

Daily tech links for .net and related technologies - Apr 8-10, 2010 Web Development Using RIA DomainServices with ASP.NET and MVC 2 - geekswithblogs Using AntiXss As The Default Encoder For ASP.NET - Phil Haack New Syntax for HTML Encoding Output in ASP.NET 4 (and ASP.NET MVC 2) - Scott Gu Multi-Step Processing in ASP.NET - Dave M. Bush MvcContrib - Portable Area – Visual Studio project template - erichexter Encoding/Decoding URIs and HTML in the .NET 4 Client Profile - Pete Brown Jon Takes Five...(read more)

Read the article
ASP.NET MVC2 custom rolemanager (webconfig problem)

- by ile

Structure of the web: SAMembershipProvider.cs namespace User.Membership { public class SAMembershipProvider : MembershipProvider { #region - Properties - private int NewPasswordLength { get; set; } private string ConnectionString { get; set; } //private MachineKeySection MachineKey { get; set; } //Used when determining encryption key values. public bool enablePasswordReset { get; set; } public bool enablePasswordRetrieval { get; set; } public bool requiresQuestionAndAnswer { get; set; } public bool requiresUniqueEmail { get; set; } public int maxInvalidPasswordAttempts { get; set; } public int passwordAttemptWindow { get; set; } public MembershipPasswordFormat passwordFormat { get; set; } public int minRequiredNonAlphanumericCharacters { get; set; } public int minRequiredPasswordLength { get; set; } public string passwordStrengthRegularExpression { get; set; } public override string ApplicationName { get; set; } // Indicates whether passwords can be retrieved using the provider's GetPassword method. // This property is read-only. public override bool EnablePasswordRetrieval { get { return enablePasswordRetrieval; } } // Indicates whether passwords can be reset using the provider's ResetPassword method. // This property is read-only. public override bool EnablePasswordReset { get { return enablePasswordReset; } } // Indicates whether a password answer must be supplied when calling the provider's GetPassword and ResetPassword methods. // This property is read-only. public override bool RequiresQuestionAndAnswer { get { return requiresQuestionAndAnswer; } } public override int MaxInvalidPasswordAttempts { get { return maxInvalidPasswordAttempts; } } // For a description, see MaxInvalidPasswordAttempts. // This property is read-only. public override int PasswordAttemptWindow { get { return passwordAttemptWindow; } } // Indicates whether each registered user must have a unique e-mail address. // This property is read-only. public override bool RequiresUniqueEmail { get { return requiresUniqueEmail; } } public override MembershipPasswordFormat PasswordFormat { get { return passwordFormat; } } // The minimum number of characters required in a password. // This property is read-only. public override int MinRequiredPasswordLength { get { return minRequiredPasswordLength; } } // The minimum number of non-alphanumeric characters required in a password. // This property is read-only. public override int MinRequiredNonAlphanumericCharacters { get { return minRequiredNonAlphanumericCharacters; } } // A regular expression specifying a pattern to which passwords must conform. // This property is read-only. public override string PasswordStrengthRegularExpression { get { return passwordStrengthRegularExpression; } } #endregion #region - Methods - public override void Initialize(string name, NameValueCollection config) { throw new NotImplementedException(); } public override bool ChangePassword(string username, string oldPassword, string newPassword) { throw new NotImplementedException(); } public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { throw new NotImplementedException(); } // Takes, as input, a user name, password, e-mail address, and other information and adds a new user // to the membership data source. CreateUser returns a MembershipUser object representing the newly // created user. It also accepts an out parameter (in Visual Basic, ByRef) that returns a // MembershipCreateStatus value indicating whether the user was successfully created or, if the user // was not created, the reason why. If the user was not created, CreateUser returns null. // Before creating a new user, CreateUser calls the provider's virtual OnValidatingPassword method to // validate the supplied password. It then creates the user or cancels the action based on the outcome of the call. public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { throw new NotImplementedException(); } public override bool DeleteUser(string username, bool deleteAllRelatedData) { throw new NotImplementedException(); } public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new NotImplementedException(); } // Returns a MembershipUserCollection containing MembershipUser objects representing users whose user names // match the usernameToMatch input parameter. Wildcard syntax is data source-dependent. MembershipUser objects // in the MembershipUserCollection are sorted by user name. If FindUsersByName finds no matching users, it // returns an empty MembershipUserCollection. // For an explanation of the pageIndex, pageSize, and totalRecords parameters, see the GetAllUsers method. public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new NotImplementedException(); } // Returns a MembershipUserCollection containing MembershipUser objects representing all registered users. If // there are no registered users, GetAllUsers returns an empty MembershipUserCollection // The results returned by GetAllUsers are constrained by the pageIndex and pageSize input parameters. pageSize // specifies the maximum number of MembershipUser objects to return. pageIndex identifies which page of results // to return. Page indexes are 0-based. // // GetAllUsers also takes an out parameter (in Visual Basic, ByRef) named totalRecords that, on return, holds // a count of all registered users. public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords) { throw new NotImplementedException(); } // Returns a count of users that are currently online-that is, whose LastActivityDate is greater than the current // date and time minus the value of the membership service's UserIsOnlineTimeWindow property, which can be read // from Membership.UserIsOnlineTimeWindow. UserIsOnlineTimeWindow specifies a time in minutes and is set using // the <membership> element's userIsOnlineTimeWindow attribute. public override int GetNumberOfUsersOnline() { throw new NotImplementedException(); } // Takes, as input, a user name and a password answer and returns that user's password. If the user name is not // valid, GetPassword throws a ProviderException. // Before retrieving a password, GetPassword verifies that EnablePasswordRetrieval is true. If // EnablePasswordRetrieval is false, GetPassword throws a NotSupportedException. If EnablePasswordRetrieval is // true but the password format is hashed, GetPassword throws a ProviderException since hashed passwords cannot, // by definition, be retrieved. A membership provider should also throw a ProviderException from Initialize if // EnablePasswordRetrieval is true but the password format is hashed. // // GetPassword also checks the value of the RequiresQuestionAndAnswer property before retrieving a password. If // RequiresQuestionAndAnswer is true, GetPassword compares the supplied password answer to the stored password // answer and throws a MembershipPasswordException if the two don't match. GetPassword also throws a // MembershipPasswordException if the user whose password is being retrieved is currently locked out. public override string GetPassword(string username, string answer) { throw new NotImplementedException(); } // Takes, as input, a user name or user ID (the method is overloaded) and a Boolean value indicating whether // to update the user's LastActivityDate to show that the user is currently online. GetUser returns a MembershipUser // object representing the specified user. If the user name or user ID is invalid (that is, if it doesn't represent // a registered user) GetUser returns null (Nothing in Visual Basic). public override MembershipUser GetUser(object providerUserKey, bool userIsOnline) { throw new NotImplementedException(); } // Takes, as input, a user name or user ID (the method is overloaded) and a Boolean value indicating whether to // update the user's LastActivityDate to show that the user is currently online. GetUser returns a MembershipUser // object representing the specified user. If the user name or user ID is invalid (that is, if it doesn't represent // a registered user) GetUser returns null (Nothing in Visual Basic). public override MembershipUser GetUser(string username, bool userIsOnline) { throw new NotImplementedException(); } // Takes, as input, an e-mail address and returns the first registered user name whose e-mail address matches the // one supplied. // If it doesn't find a user with a matching e-mail address, GetUserNameByEmail returns an empty string. public override string GetUserNameByEmail(string email) { throw new NotImplementedException(); } // Virtual method called when a password is created. The default implementation in MembershipProvider fires a // ValidatingPassword event, so be sure to call the base class's OnValidatingPassword method if you override // this method. The ValidatingPassword event allows applications to apply additional tests to passwords by // registering event handlers. // A custom provider's CreateUser, ChangePassword, and ResetPassword methods (in short, all methods that record // new passwords) should call this method. protected override void OnValidatingPassword(ValidatePasswordEventArgs e) { base.OnValidatingPassword(e); } // Takes, as input, a user name and a password answer and replaces the user's current password with a new, random // password. ResetPassword then returns the new password. A convenient mechanism for generating a random password // is the Membership.GeneratePassword method. // If the user name is not valid, ResetPassword throws a ProviderException. ResetPassword also checks the value of // the RequiresQuestionAndAnswer property before resetting a password. If RequiresQuestionAndAnswer is true, // ResetPassword compares the supplied password answer to the stored password answer and throws a // MembershipPasswordException if the two don't match. // // Before resetting a password, ResetPassword verifies that EnablePasswordReset is true. If EnablePasswordReset is // false, ResetPassword throws a NotSupportedException. If the user whose password is being changed is currently // locked out, ResetPassword throws a MembershipPasswordException. // // Before resetting a password, ResetPassword calls the provider's virtual OnValidatingPassword method to validate // the new password. It then resets the password or cancels the action based on the outcome of the call. If the new // password is invalid, ResetPassword throws a ProviderException. // // Following a successful password reset, ResetPassword updates the user's LastPasswordChangedDate. public override string ResetPassword(string username, string answer) { throw new NotImplementedException(); } // Unlocks (that is, restores login privileges for) the specified user. UnlockUser returns true if the user is // successfully unlocked. Otherwise, it returns false. If the user is already unlocked, UnlockUser simply returns true. public override bool UnlockUser(string userName) { throw new NotImplementedException(); } // Takes, as input, a MembershipUser object representing a registered user and updates the information stored for // that user in the membership data source. If any of the input submitted in the MembershipUser object is not valid, // UpdateUser throws a ProviderException. // Note that UpdateUser is not obligated to allow all the data that can be encapsulated in a MembershipUser object to // be updated in the data source. public override void UpdateUser(MembershipUser user) { throw new NotImplementedException(); } // Takes, as input, a user name and a password and verifies that they are valid-that is, that the membership data // source contains a matching user name and password. ValidateUser returns true if the user name and password are // valid, if the user is approved (that is, if MembershipUser.IsApproved is true), and if the user isn't currently // locked out. Otherwise, it returns false. // Following a successful validation, ValidateUser updates the user's LastLoginDate and fires an // AuditMembershipAuthenticationSuccess Web event. Following a failed validation, it fires an // // AuditMembershipAuthenticationFailure Web event. public override bool ValidateUser(string username, string password) { throw new NotImplementedException(); //if (string.IsNullOrEmpty(password.Trim())) return false; //string hash = EncryptPassword(password); //User user = _repository.GetByUserName(username); //if (user == null) return false; //if (user.Password == hash) //{ // User = user; // return true; //} //return false; } #endregion /// <summary> /// Procuses an MD5 hash string of the password /// </summary> /// <param name="password">password to hash</param> /// <returns>MD5 Hash string</returns> protected string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } } // End Class } SARoleProvider.cs namespace User.Membership { public class SARoleProvider : RoleProvider { #region - Properties - // The name of the application using the role provider. ApplicationName is used to scope // role data so that applications can choose whether to share role data with other applications. // This property can be read and written. public override string ApplicationName { get; set; } #endregion #region - Methods - public override void Initialize(string name, NameValueCollection config) { throw new NotImplementedException(); } // Takes, as input, a list of user names and a list of role names and adds the specified users to // the specified roles. // AddUsersToRoles throws a ProviderException if any of the user names or role names do not exist. // If any user name or role name is null (Nothing in Visual Basic), AddUsersToRoles throws an // ArgumentNullException. If any user name or role name is an empty string, AddUsersToRoles throws // an ArgumentException. public override void AddUsersToRoles(string[] usernames, string[] roleNames) { throw new NotImplementedException(); } // Takes, as input, a role name and creates the specified role. // CreateRole throws a ProviderException if the role already exists, the role name contains a comma, // or the role name exceeds the maximum length allowed by the data source. public override void CreateRole(string roleName) { throw new NotImplementedException(); } // Takes, as input, a role name and a Boolean value that indicates whether to throw an exception if there // are users currently associated with the role, and then deletes the specified role. // If the throwOnPopulatedRole input parameter is true and the specified role has one or more members, // DeleteRole throws a ProviderException and does not delete the role. If throwOnPopulatedRole is false, // DeleteRole deletes the role whether it is empty or not. // // When DeleteRole deletes a role and there are users assigned to that role, it also removes users from the role. public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) { throw new NotImplementedException(); } // Takes, as input, a search pattern and a role name and returns a list of users belonging to the specified role // whose user names match the pattern. Wildcard syntax is data-source-dependent and may vary from provider to // provider. User names are returned in alphabetical order. // If the search finds no matches, FindUsersInRole returns an empty string array (a string array with no elements). // If the role does not exist, FindUsersInRole throws a ProviderException. public override string[] FindUsersInRole(string roleName, string usernameToMatch) { throw new NotImplementedException(); } // Returns the names of all existing roles. If no roles exist, GetAllRoles returns an empty string array (a string // array with no elements). public override string[] GetAllRoles() { throw new NotImplementedException(); } // Takes, as input, a user name and returns the names of the roles to which the user belongs. // If the user is not assigned to any roles, GetRolesForUser returns an empty string array // (a string array with no elements). If the user name does not exist, GetRolesForUser throws a // ProviderException. public override string[] GetRolesForUser(string username) { throw new NotImplementedException(); //User user = _repository.GetByUserName(username); //string[] roles = new string[user.Role.Rights.Count + 1]; //roles[0] = user.Role.Description; //int idx = 0; //foreach (Right right in user.Role.Rights) // roles[++idx] = right.Description; //return roles; } public override string[] GetUsersInRole(string roleName) { throw new NotImplementedException(); } // Takes, as input, a role name and returns the names of all users assigned to that role. // If no users are associated with the specified role, GetUserInRole returns an empty string array (a string array with // no elements). If the role does not exist, GetUsersInRole throws a ProviderException. public override bool IsUserInRole(string username, string roleName) { throw new NotImplementedException(); //User user = _repository.GetByUserName(username); //if (user != null) // return user.IsInRole(roleName); //else // return false; } // Takes, as input, a list of user names and a list of role names and removes the specified users from the specified roles. // RemoveUsersFromRoles throws a ProviderException if any of the users or roles do not exist, or if any user specified // in the call does not belong to the role from which he or she is being removed. public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) { throw new NotImplementedException(); } // Takes, as input, a role name and determines whether the role exists. public override bool RoleExists(string roleName) { throw new NotImplementedException(); } #endregion } // End Class } From Web.config: <membership defaultProvider="SAMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear/> <add name="SAMembershipProvider" type="User.Membership.SAMembershipProvider, User" /> </providers> </membership> <roleManager defaultProvider="SARoleProvider" enabled="true" cacheRolesInCookie="true"> <providers> <clear/> <add name="SARoleProvider" type="User.Membership.SARoleProvider" /> </providers> </roleManager> When running project, I get following error: Server Error in '/' Application. Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately. Parser Error Message: The method or operation is not implemented. Source Error: Line 71: <providers> Line 72: <clear/> Line 73: <add name="SARoleProvider" type="User.Membership.SARoleProvider" /> Line 74: </providers> Line 75: </roleManager> I tried: <add name="SARoleProvider" type="User.Membership.SARoleProvider, User" /> and <add name="SARoleProvider" type="User.Membership.SARoleProvider, SARoleProvider" /> and <add name="SARoleProvider" type="User.Membership.SARoleProvider, User.Membership" /> but none works Any idea what's wrong here? Thanks, Ile

Read the article
Understanding Request Validation in ASP.NET MVC 3

- by imran_ku07

Introduction: A fact that you must always remember "never ever trust user inputs". An application that trusts user inputs may be easily vulnerable to XSS, XSRF, SQL Injection, etc attacks. XSS and XSRF are very dangerous attacks. So to mitigate these attacks ASP.NET introduced request validation in ASP.NET 1.1. During request validation, ASP.NET will throw HttpRequestValidationException: 'A potentially dangerous XXX value was detected from the client', if he found, < followed by an exclamation(like <!) or < followed by the letters a through z(like <s) or & followed by a pound sign(like &#123) as a part of query string, posted form and cookie collection. In ASP.NET 4.0, request validation becomes extensible. This means that you can extend request validation. Also in ASP.NET 4.0, by default request validation is enabled before the BeginRequest phase of an HTTP request. ASP.NET MVC 3 moves one step further by making request validation granular. This allows you to disable request validation for some properties of a model while maintaining request validation for all other cases. In this article I will show you the use of request validation in ASP.NET MVC 3. Then I will briefly explain the internal working of granular request validation. Description: First of all create a new ASP.NET MVC 3 application. Then create a simple model class called MyModel, public class MyModel { public string Prop1 { get; set; } public string Prop2 { get; set; } } Then just update the index action method as follows, public ActionResult Index(MyModel p) { return View(); } Now just run this application. You will find that everything works just fine. Now just append this query string ?Prop1=<s to the url of this application, you will get the HttpRequestValidationException exception. Now just decorate the Index action method with [ValidateInputAttribute(false)], [ValidateInput(false)] public ActionResult Index(MyModel p) { return View(); } Run this application again with same query string. You will find that your application run without any unhandled exception. Up to now, there is nothing new in ASP.NET MVC 3 because ValidateInputAttribute was present in the previous versions of ASP.NET MVC. Any problem with this approach? Yes there is a problem with this approach. The problem is that now users can send html for both Prop1 and Prop2 properties and a lot of developers are not aware of it. This means that now everyone can send html with both parameters(e.g, ?Prop1=<s&Prop2=<s). So ValidateInput attribute does not gives you the guarantee that your application is safe to XSS or XSRF. This is the reason why ASP.NET MVC team introduced granular request validation in ASP.NET MVC 3. Let's see this feature. Remove [ValidateInputAttribute(false)] on Index action and update MyModel class as follows, public class MyModel { [AllowHtml] public string Prop1 { get; set; } public string Prop2 { get; set; } } Note that AllowHtml attribute is only decorated on Prop1 property. Run this application again with ?Prop1=<s query string. You will find that your application run just fine. Run this application again with ?Prop1=<s&Prop2=<s query string, you will get HttpRequestValidationException exception. This shows that the granular request validation in ASP.NET MVC 3 only allows users to send html for properties decorated with AllowHtml attribute. Sometimes you may need to access Request.QueryString or Request.Form directly. You may change your code as follows, [ValidateInput(false)] public ActionResult Index() { var prop1 = Request.QueryString["Prop1"]; return View(); } Run this application again, you will get the HttpRequestValidationException exception again even you have [ValidateInput(false)] on your Index action. The reason is that Request flags are still not set to unvalidate. I will explain this later. For making this work you need to use Unvalidated extension method, public ActionResult Index() { var q = Request.Unvalidated().QueryString; var prop1 = q["Prop1"]; return View(); } Unvalidated extension method is defined in System.Web.Helpers namespace . So you need to add using System.Web.Helpers; in this class file. Run this application again, your application run just fine. There you have it. If you are not curious to know the internal working of granular request validation then you can skip next paragraphs completely. If you are interested then carry on reading. Create a new ASP.NET MVC 2 application, then open global.asax.cs file and the following lines, protected void Application_BeginRequest() { var q = Request.QueryString; } Then make the Index action method as, [ValidateInput(false)] public ActionResult Index(string id) { return View(); } Please note that the Index action method contains a parameter and this action method is decorated with [ValidateInput(false)]. Run this application again, but now with ?id=<s query string, you will get HttpRequestValidationException exception at Application_BeginRequest method. Now just add the following entry in web.config, <httpRuntime requestValidationMode="2.0"/> Now run this application again. This time your application will run just fine. Now just see the following quote from ASP.NET 4 Breaking Changes, In ASP.NET 4, by default, request validation is enabled for all requests, because it is enabled before the BeginRequest phase of an HTTP request. As a result, request validation applies to requests for all ASP.NET resources, not just .aspx page requests. This includes requests such as Web service calls and custom HTTP handlers. Request validation is also active when custom HTTP modules are reading the contents of an HTTP request. This clearly state that request validation is enabled before the BeginRequest phase of an HTTP request. For understanding what does enabled means here, we need to see HttpRequest.ValidateInput, HttpRequest.QueryString and HttpRequest.Form methods/properties in System.Web assembly. Here is the implementation of HttpRequest.ValidateInput, HttpRequest.QueryString and HttpRequest.Form methods/properties in System.Web assembly, public NameValueCollection Form { get { if (this._form == null) { this._form = new HttpValueCollection(); if (this._wr != null) { this.FillInFormCollection(); } this._form.MakeReadOnly(); } if (this._flags[2]) { this._flags.Clear(2); this.ValidateNameValueCollection(this._form, RequestValidationSource.Form); } return this._form; } } public NameValueCollection QueryString { get { if (this._queryString == null) { this._queryString = new HttpValueCollection(); if (this._wr != null) { this.FillInQueryStringCollection(); } this._queryString.MakeReadOnly(); } if (this._flags[1]) { this._flags.Clear(1); this.ValidateNameValueCollection(this._queryString, RequestValidationSource.QueryString); } return this._queryString; } } public void ValidateInput() { if (!this._flags[0x8000]) { this._flags.Set(0x8000); this._flags.Set(1); this._flags.Set(2); this._flags.Set(4); this._flags.Set(0x40); this._flags.Set(0x80); this._flags.Set(0x100); this._flags.Set(0x200); this._flags.Set(8); } } The above code indicates that HttpRequest.QueryString and HttpRequest.Form will only validate the querystring and form collection if certain flags are set. These flags are automatically set if you call HttpRequest.ValidateInput method. Now run the above application again(don't forget to append ?id=<s query string in the url) with the same settings(i.e, requestValidationMode="2.0" setting in web.config and Application_BeginRequest method in global.asax.cs), your application will run just fine. Now just update the Application_BeginRequest method as, protected void Application_BeginRequest() { Request.ValidateInput(); var q = Request.QueryString; } Note that I am calling Request.ValidateInput method prior to use Request.QueryString property. ValidateInput method will internally set certain flags(discussed above). These flags will then tells the Request.QueryString (and Request.Form) property that validate the query string(or form) when user call Request.QueryString(or Request.Form) property. So running this application again with ?id=<s query string will throw HttpRequestValidationException exception. Now I hope it is clear to you that what does requestValidationMode do. It just tells the ASP.NET that not invoke the Request.ValidateInput method internally before the BeginRequest phase of an HTTP request if requestValidationMode is set to a value less than 4.0 in web.config. Here is the implementation of HttpRequest.ValidateInputIfRequiredByConfig method which will prove this statement(Don't be confused with HttpRequest and Request. Request is the property of HttpRequest class), internal void ValidateInputIfRequiredByConfig() { ............................................................... ............................................................... ............................................................... ............................................................... if (httpRuntime.RequestValidationMode >= VersionUtil.Framework40) { this.ValidateInput(); } } Hopefully the above discussion will clear you how requestValidationMode works in ASP.NET 4. It is also interesting to note that both HttpRequest.QueryString and HttpRequest.Form only throws the exception when you access them first time. Any subsequent access to HttpRequest.QueryString and HttpRequest.Form will not throw any exception. Continuing with the above example, just update Application_BeginRequest method in global.asax.cs file as, protected void Application_BeginRequest() { try { var q = Request.QueryString; var f = Request.Form; } catch//swallow this exception { } var q1 = Request.QueryString; var f1 = Request.Form; } Without setting requestValidationMode to 2.0 and without decorating ValidateInput attribute on Index action, your application will work just fine because both HttpRequest.QueryString and HttpRequest.Form will clear their flags after reading HttpRequest.QueryString and HttpRequest.Form for the first time(see the implementation of HttpRequest.QueryString and HttpRequest.Form above). Now let's see ASP.NET MVC 3 granular request validation internal working. First of all we need to see type of HttpRequest.QueryString and HttpRequest.Form properties. Both HttpRequest.QueryString and HttpRequest.Form properties are of type NameValueCollection which is inherited from the NameObjectCollectionBase class. NameObjectCollectionBase class contains _entriesArray, _entriesTable, NameObjectEntry.Key and NameObjectEntry.Value fields which granular request validation uses internally. In addition granular request validation also uses _queryString, _form and _flags fields, ValidateString method and the Indexer of HttpRequest class. Let's see when and how granular request validation uses these fields. Create a new ASP.NET MVC 3 application. Then put a breakpoint at Application_BeginRequest method and another breakpoint at HomeController.Index method. Now just run this application. When the break point inside Application_BeginRequest method hits then add the following expression in quick watch window, System.Web.HttpContext.Current.Request.QueryString. You will see the following screen, Now Press F5 so that the second breakpoint inside HomeController.Index method hits. When the second breakpoint hits then add the following expression in quick watch window again, System.Web.HttpContext.Current.Request.QueryString. You will see the following screen, First screen shows that _entriesTable field is of type System.Collections.Hashtable and _entriesArray field is of type System.Collections.ArrayList during the BeginRequest phase of the HTTP request. While the second screen shows that _entriesTable type is changed to Microsoft.Web.Infrastructure.DynamicValidationHelper.LazilyValidatingHashtable and _entriesArray type is changed to Microsoft.Web.Infrastructure.DynamicValidationHelper.LazilyValidatingArrayList during executing the Index action method. In addition to these members, ASP.NET MVC 3 also perform some operation on _flags, _form, _queryString and other members of HttpRuntime class internally. This shows that ASP.NET MVC 3 performing some operation on the members of HttpRequest class for making granular request validation possible. Both LazilyValidatingArrayList and LazilyValidatingHashtable classes are defined in the Microsoft.Web.Infrastructure assembly. You may wonder why their name starts with Lazily. The fact is that now with ASP.NET MVC 3, request validation will be performed lazily. In simple words, Microsoft.Web.Infrastructure assembly is now taking the responsibility for request validation from System.Web assembly. See the below screens. The first screen depicting HttpRequestValidationException exception in ASP.NET MVC 2 application while the second screen showing HttpRequestValidationException exception in ASP.NET MVC 3 application. In MVC 2: In MVC 3: The stack trace of the second screenshot shows that Microsoft.Web.Infrastructure assembly (instead of System.Web assembly) is now performing request validation in ASP.NET MVC 3. Now you may ask: where Microsoft.Web.Infrastructure assembly is performing some operation on the members of HttpRequest class. There are at least two places where the Microsoft.Web.Infrastructure assembly performing some operation , Microsoft.Web.Infrastructure.DynamicValidationHelper.GranularValidationReflectionUtil.GetInstance method and Microsoft.Web.Infrastructure.DynamicValidationHelper.ValidationUtility.CollectionReplacer.ReplaceCollection method, Here is the implementation of these methods, private static GranularValidationReflectionUtil GetInstance() { try { if (DynamicValidationShimReflectionUtil.Instance != null) { return null; } GranularValidationReflectionUtil util = new GranularValidationReflectionUtil(); Type containingType = typeof(NameObjectCollectionBase); string fieldName = "_entriesArray"; bool isStatic = false; Type fieldType = typeof(ArrayList); FieldInfo fieldInfo = CommonReflectionUtil.FindField(containingType, fieldName, isStatic, fieldType); util._del_get_NameObjectCollectionBase_entriesArray = MakeFieldGetterFunc<NameObjectCollectionBase, ArrayList>(fieldInfo); util._del_set_NameObjectCollectionBase_entriesArray = MakeFieldSetterFunc<NameObjectCollectionBase, ArrayList>(fieldInfo); Type type6 = typeof(NameObjectCollectionBase); string str2 = "_entriesTable"; bool flag2 = false; Type type7 = typeof(Hashtable); FieldInfo info2 = CommonReflectionUtil.FindField(type6, str2, flag2, type7); util._del_get_NameObjectCollectionBase_entriesTable = MakeFieldGetterFunc<NameObjectCollectionBase, Hashtable>(info2); util._del_set_NameObjectCollectionBase_entriesTable = MakeFieldSetterFunc<NameObjectCollectionBase, Hashtable>(info2); Type targetType = CommonAssemblies.System.GetType("System.Collections.Specialized.NameObjectCollectionBase+NameObjectEntry"); Type type8 = targetType; string str3 = "Key"; bool flag3 = false; Type type9 = typeof(string); FieldInfo info3 = CommonReflectionUtil.FindField(type8, str3, flag3, type9); util._del_get_NameObjectEntry_Key = MakeFieldGetterFunc<string>(targetType, info3); Type type10 = targetType; string str4 = "Value"; bool flag4 = false; Type type11 = typeof(object); FieldInfo info4 = CommonReflectionUtil.FindField(type10, str4, flag4, type11); util._del_get_NameObjectEntry_Value = MakeFieldGetterFunc<object>(targetType, info4); util._del_set_NameObjectEntry_Value = MakeFieldSetterFunc(targetType, info4); Type type12 = typeof(HttpRequest); string methodName = "ValidateString"; bool flag5 = false; Type[] argumentTypes = new Type[] { typeof(string), typeof(string), typeof(RequestValidationSource) }; Type returnType = typeof(void); MethodInfo methodInfo = CommonReflectionUtil.FindMethod(type12, methodName, flag5, argumentTypes, returnType); util._del_validateStringCallback = CommonReflectionUtil.MakeFastCreateDelegate<HttpRequest, ValidateStringCallback>(methodInfo); Type type = CommonAssemblies.SystemWeb.GetType("System.Web.HttpValueCollection"); util._del_HttpValueCollection_ctor = CommonReflectionUtil.MakeFastNewObject<Func<NameValueCollection>>(type); Type type14 = typeof(HttpRequest); string str6 = "_form"; bool flag6 = false; Type type15 = type; FieldInfo info6 = CommonReflectionUtil.FindField(type14, str6, flag6, type15); util._del_get_HttpRequest_form = MakeFieldGetterFunc<HttpRequest, NameValueCollection>(info6); util._del_set_HttpRequest_form = MakeFieldSetterFunc(typeof(HttpRequest), info6); Type type16 = typeof(HttpRequest); string str7 = "_queryString"; bool flag7 = false; Type type17 = type; FieldInfo info7 = CommonReflectionUtil.FindField(type16, str7, flag7, type17); util._del_get_HttpRequest_queryString = MakeFieldGetterFunc<HttpRequest, NameValueCollection>(info7); util._del_set_HttpRequest_queryString = MakeFieldSetterFunc(typeof(HttpRequest), info7); Type type3 = CommonAssemblies.SystemWeb.GetType("System.Web.Util.SimpleBitVector32"); Type type18 = typeof(HttpRequest); string str8 = "_flags"; bool flag8 = false; Type type19 = type3; FieldInfo flagsFieldInfo = CommonReflectionUtil.FindField(type18, str8, flag8, type19); Type type20 = type3; string str9 = "get_Item"; bool flag9 = false; Type[] typeArray4 = new Type[] { typeof(int) }; Type type21 = typeof(bool); MethodInfo itemGetter = CommonReflectionUtil.FindMethod(type20, str9, flag9, typeArray4, type21); Type type22 = type3; string str10 = "set_Item"; bool flag10 = false; Type[] typeArray6 = new Type[] { typeof(int), typeof(bool) }; Type type23 = typeof(void); MethodInfo itemSetter = CommonReflectionUtil.FindMethod(type22, str10, flag10, typeArray6, type23); MakeRequestValidationFlagsAccessors(flagsFieldInfo, itemGetter, itemSetter, out util._del_BitVector32_get_Item, out util._del_BitVector32_set_Item); return util; } catch { return null; } } private static void ReplaceCollection(HttpContext context, FieldAccessor<NameValueCollection> fieldAccessor, Func<NameValueCollection> propertyAccessor, Action<NameValueCollection> storeInUnvalidatedCollection, RequestValidationSource validationSource, ValidationSourceFlag validationSourceFlag) { NameValueCollection originalBackingCollection; ValidateStringCallback validateString; SimpleValidateStringCallback simpleValidateString; Func<NameValueCollection> getActualCollection; Action<NameValueCollection> makeCollectionLazy; HttpRequest request = context.Request; Func<bool> getValidationFlag = delegate { return _reflectionUtil.GetRequestValidationFlag(request, validationSourceFlag); }; Func<bool> func = delegate { return !getValidationFlag(); }; Action<bool> setValidationFlag = delegate (bool value) { _reflectionUtil.SetRequestValidationFlag(request, validationSourceFlag, value); }; if ((fieldAccessor.Value != null) && func()) { storeInUnvalidatedCollection(fieldAccessor.Value); } else { originalBackingCollection = fieldAccessor.Value; validateString = _reflectionUtil.MakeValidateStringCallback(context.Request); simpleValidateString = delegate (string value, string key) { if (((key == null) || !key.StartsWith("__", StringComparison.Ordinal)) && !string.IsNullOrEmpty(value)) { validateString(value, key, validationSource); } }; getActualCollection = delegate { fieldAccessor.Value = originalBackingCollection; bool flag = getValidationFlag(); setValidationFlag(false); NameValueCollection col = propertyAccessor(); setValidationFlag(flag); storeInUnvalidatedCollection(new NameValueCollection(col)); return col; }; makeCollectionLazy = delegate (NameValueCollection col) { simpleValidateString(col[null], null); LazilyValidatingArrayList array = new LazilyValidatingArrayList(_reflectionUtil.GetNameObjectCollectionEntriesArray(col), simpleValidateString); _reflectionUtil.SetNameObjectCollectionEntriesArray(col, array); LazilyValidatingHashtable table = new LazilyValidatingHashtable(_reflectionUtil.GetNameObjectCollectionEntriesTable(col), simpleValidateString); _reflectionUtil.SetNameObjectCollectionEntriesTable(col, table); }; Func<bool> hasValidationFired = func; Action disableValidation = delegate { setValidationFlag(false); }; Func<int> fillInActualFormContents = delegate { NameValueCollection values = getActualCollection(); makeCollectionLazy(values); return values.Count; }; DeferredCountArrayList list = new DeferredCountArrayList(hasValidationFired, disableValidation, fillInActualFormContents); NameValueCollection target = _reflectionUtil.NewHttpValueCollection(); _reflectionUtil.SetNameObjectCollectionEntriesArray(target, list); fieldAccessor.Value = target; } } Hopefully the above code will help you to understand the internal working of granular request validation. It is also important to note that Microsoft.Web.Infrastructure assembly invokes HttpRequest.ValidateInput method internally. For further understanding please see Microsoft.Web.Infrastructure assembly code. Finally you may ask: at which stage ASP NET MVC 3 will invoke these methods. You will find this answer by looking at the following method source, Unvalidated extension method for HttpRequest class defined in System.Web.Helpers.Validation class. System.Web.Mvc.MvcHandler.ProcessRequestInit method. System.Web.Mvc.ControllerActionInvoker.ValidateRequest method. System.Web.WebPages.WebPageHttpHandler.ProcessRequestInternal method. Summary: ASP.NET helps in preventing XSS attack using a feature called request validation. In this article, I showed you how you can use granular request validation in ASP.NET MVC 3. I explain you the internal working of granular request validation. Hope you will enjoy this article too. SyntaxHighlighter.all()

Read the article
Introduction to the ASP.NET Web API

- by Stephen.Walther

I am a huge fan of Ajax. If you want to create a great experience for the users of your website – regardless of whether you are building an ASP.NET MVC or an ASP.NET Web Forms site — then you need to use Ajax. Otherwise, you are just being cruel to your customers. We use Ajax extensively in several of the ASP.NET applications that my company, Superexpert.com, builds. We expose data from the server as JSON and use jQuery to retrieve and update that data from the browser. One challenge, when building an ASP.NET website, is deciding on which technology to use to expose JSON data from the server. For example, how do you expose a list of products from the server as JSON so you can retrieve the list of products with jQuery? You have a number of options (too many options) including ASMX Web services, WCF Web Services, ASHX Generic Handlers, WCF Data Services, and MVC controller actions. Fortunately, the world has just been simplified. With the release of ASP.NET 4 Beta, Microsoft has introduced a new technology for exposing JSON from the server named the ASP.NET Web API. You can use the ASP.NET Web API with both ASP.NET MVC and ASP.NET Web Forms applications. The goal of this blog post is to provide you with a brief overview of the features of the new ASP.NET Web API. You learn how to use the ASP.NET Web API to retrieve, insert, update, and delete database records with jQuery. We also discuss how you can perform form validation when using the Web API and use OData when using the Web API. Creating an ASP.NET Web API Controller The ASP.NET Web API exposes JSON data through a new type of controller called an API controller. You can add an API controller to an existing ASP.NET MVC 4 project through the standard Add Controller dialog box. Right-click your Controllers folder and select Add, Controller. In the dialog box, name your controller MovieController and select the Empty API controller template: A brand new API controller looks like this: using System; using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Web.Http; namespace MyWebAPIApp.Controllers { public class MovieController : ApiController { } } An API controller, unlike a standard MVC controller, derives from the base ApiController class instead of the base Controller class. Using jQuery to Retrieve, Insert, Update, and Delete Data Let’s create an Ajaxified Movie Database application. We’ll retrieve, insert, update, and delete movies using jQuery with the MovieController which we just created. Our Movie model class looks like this: namespace MyWebAPIApp.Models { public class Movie { public int Id { get; set; } public string Title { get; set; } public string Director { get; set; } } } Our application will consist of a single HTML page named Movies.html. We’ll place all of our jQuery code in the Movies.html page. Getting a Single Record with the ASP.NET Web API To support retrieving a single movie from the server, we need to add a Get method to our API controller: using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Http; using System.Web.Http; using MyWebAPIApp.Models; namespace MyWebAPIApp.Controllers { public class MovieController : ApiController { public Movie GetMovie(int id) { // Return movie by id if (id == 1) { return new Movie { Id = 1, Title = "Star Wars", Director = "Lucas" }; } // Otherwise, movie was not found throw new HttpResponseException(HttpStatusCode.NotFound); } } } In the code above, the GetMovie() method accepts the Id of a movie. If the Id has the value 1 then the method returns the movie Star Wars. Otherwise, the method throws an exception and returns 404 Not Found HTTP status code. After building your project, you can invoke the MovieController.GetMovie() method by entering the following URL in your web browser address bar: http://localhost:[port]/api/movie/1 (You’ll need to enter the correct randomly generated port). In the URL api/movie/1, the first “api” segment indicates that this is a Web API route. The “movie” segment indicates that the MovieController should be invoked. You do not specify the name of the action. Instead, the HTTP method used to make the request – GET, POST, PUT, DELETE — is used to identify the action to invoke. The ASP.NET Web API uses different routing conventions than normal ASP.NET MVC controllers. When you make an HTTP GET request then any API controller method with a name that starts with “GET” is invoked. So, we could have called our API controller action GetPopcorn() instead of GetMovie() and it would still be invoked by the URL api/movie/1. The default route for the Web API is defined in the Global.asax file and it looks like this: routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); We can invoke our GetMovie() controller action with the jQuery code in the following HTML page: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Get Movie</title> </head> <body> <div> Title: <span id="title"></span> </div> <div> Director: <span id="director"></span> </div> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> getMovie(1, function (movie) { $("#title").html(movie.Title); $("#director").html(movie.Director); }); function getMovie(id, callback) { $.ajax({ url: "/api/Movie", data: { id: id }, type: "GET", contentType: "application/json;charset=utf-8", statusCode: { 200: function (movie) { callback(movie); }, 404: function () { alert("Not Found!"); } } }); } </script> </body> </html> In the code above, the jQuery $.ajax() method is used to invoke the GetMovie() method. Notice that the Ajax call handles two HTTP response codes. When the GetMove() method successfully returns a movie, the method returns a 200 status code. In that case, the details of the movie are displayed in the HTML page. Otherwise, if the movie is not found, the GetMovie() method returns a 404 status code. In that case, the page simply displays an alert box indicating that the movie was not found (hopefully, you would implement something more graceful in an actual application). You can use your browser’s Developer Tools to see what is going on in the background when you open the HTML page (hit F12 in the most recent version of most browsers). For example, you can use the Network tab in Google Chrome to see the Ajax request which invokes the GetMovie() method: Getting a Set of Records with the ASP.NET Web API Let’s modify our Movie API controller so that it returns a collection of movies. The following Movie controller has a new ListMovies() method which returns a (hard-coded) collection of movies: using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Http; using System.Web.Http; using MyWebAPIApp.Models; namespace MyWebAPIApp.Controllers { public class MovieController : ApiController { public IEnumerable<Movie> ListMovies() { return new List<Movie> { new Movie {Id=1, Title="Star Wars", Director="Lucas"}, new Movie {Id=1, Title="King Kong", Director="Jackson"}, new Movie {Id=1, Title="Memento", Director="Nolan"} }; } } } Because we named our action ListMovies(), the default Web API route will never match it. Therefore, we need to add the following custom route to our Global.asax file (at the top of the RegisterRoutes() method): routes.MapHttpRoute( name: "ActionApi", routeTemplate: "api/{controller}/{action}/{id}", defaults: new { id = RouteParameter.Optional } ); This route enables us to invoke the ListMovies() method with the URL /api/movie/listmovies. Now that we have exposed our collection of movies from the server, we can retrieve and display the list of movies using jQuery in our HTML page: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>List Movies</title> </head> <body> <div id="movies"></div> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> listMovies(function (movies) { var strMovies=""; $.each(movies, function (index, movie) { strMovies += "<div>" + movie.Title + "</div>"; }); $("#movies").html(strMovies); }); function listMovies(callback) { $.ajax({ url: "/api/Movie/ListMovies", data: {}, type: "GET", contentType: "application/json;charset=utf-8", }).then(function(movies){ callback(movies); }); } </script> </body> </html> Inserting a Record with the ASP.NET Web API Now let’s modify our Movie API controller so it supports creating new records: public HttpResponseMessage<Movie> PostMovie(Movie movieToCreate) { // Add movieToCreate to the database and update primary key movieToCreate.Id = 23; // Build a response that contains the location of the new movie var response = new HttpResponseMessage<Movie>(movieToCreate, HttpStatusCode.Created); var relativePath = "/api/movie/" + movieToCreate.Id; response.Headers.Location = new Uri(Request.RequestUri, relativePath); return response; } The PostMovie() method in the code above accepts a movieToCreate parameter. We don’t actually store the new movie anywhere. In real life, you will want to call a service method to store the new movie in a database. When you create a new resource, such as a new movie, you should return the location of the new resource. In the code above, the URL where the new movie can be retrieved is assigned to the Location header returned in the PostMovie() response. Because the name of our method starts with “Post”, we don’t need to create a custom route. The PostMovie() method can be invoked with the URL /Movie/PostMovie – just as long as the method is invoked within the context of a HTTP POST request. The following HTML page invokes the PostMovie() method. <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Create Movie</title> </head> <body> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> var movieToCreate = { title: "The Hobbit", director: "Jackson" }; createMovie(movieToCreate, function (newMovie) { alert("New movie created with an Id of " + newMovie.Id); }); function createMovie(movieToCreate, callback) { $.ajax({ url: "/api/Movie", data: JSON.stringify( movieToCreate ), type: "POST", contentType: "application/json;charset=utf-8", statusCode: { 201: function (newMovie) { callback(newMovie); } } }); } </script> </body> </html> This page creates a new movie (the Hobbit) by calling the createMovie() method. The page simply displays the Id of the new movie: The HTTP Post operation is performed with the following call to the jQuery $.ajax() method: $.ajax({ url: "/api/Movie", data: JSON.stringify( movieToCreate ), type: "POST", contentType: "application/json;charset=utf-8", statusCode: { 201: function (newMovie) { callback(newMovie); } } }); Notice that the type of Ajax request is a POST request. This is required to match the PostMovie() method. Notice, furthermore, that the new movie is converted into JSON using JSON.stringify(). The JSON.stringify() method takes a JavaScript object and converts it into a JSON string. Finally, notice that success is represented with a 201 status code. The HttpStatusCode.Created value returned from the PostMovie() method returns a 201 status code. Updating a Record with the ASP.NET Web API Here’s how we can modify the Movie API controller to support updating an existing record. In this case, we need to create a PUT method to handle an HTTP PUT request: public void PutMovie(Movie movieToUpdate) { if (movieToUpdate.Id == 1) { // Update the movie in the database return; } // If you can't find the movie to update throw new HttpResponseException(HttpStatusCode.NotFound); } Unlike our PostMovie() method, the PutMovie() method does not return a result. The action either updates the database or, if the movie cannot be found, returns an HTTP Status code of 404. The following HTML page illustrates how you can invoke the PutMovie() method: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Put Movie</title> </head> <body> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> var movieToUpdate = { id: 1, title: "The Hobbit", director: "Jackson" }; updateMovie(movieToUpdate, function () { alert("Movie updated!"); }); function updateMovie(movieToUpdate, callback) { $.ajax({ url: "/api/Movie", data: JSON.stringify(movieToUpdate), type: "PUT", contentType: "application/json;charset=utf-8", statusCode: { 200: function () { callback(); }, 404: function () { alert("Movie not found!"); } } }); } </script> </body> </html> Deleting a Record with the ASP.NET Web API Here’s the code for deleting a movie: public HttpResponseMessage DeleteMovie(int id) { // Delete the movie from the database // Return status code return new HttpResponseMessage(HttpStatusCode.NoContent); } This method simply deletes the movie (well, not really, but pretend that it does) and returns a No Content status code (204). The following page illustrates how you can invoke the DeleteMovie() action: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Delete Movie</title> </head> <body> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> deleteMovie(1, function () { alert("Movie deleted!"); }); function deleteMovie(id, callback) { $.ajax({ url: "/api/Movie", data: JSON.stringify({id:id}), type: "DELETE", contentType: "application/json;charset=utf-8", statusCode: { 204: function () { callback(); } } }); } </script> </body> </html> Performing Validation How do you perform form validation when using the ASP.NET Web API? Because validation in ASP.NET MVC is driven by the Default Model Binder, and because the Web API uses the Default Model Binder, you get validation for free. Let’s modify our Movie class so it includes some of the standard validation attributes: using System.ComponentModel.DataAnnotations; namespace MyWebAPIApp.Models { public class Movie { public int Id { get; set; } [Required(ErrorMessage="Title is required!")] [StringLength(5, ErrorMessage="Title cannot be more than 5 characters!")] public string Title { get; set; } [Required(ErrorMessage="Director is required!")] public string Director { get; set; } } } In the code above, the Required validation attribute is used to make both the Title and Director properties required. The StringLength attribute is used to require the length of the movie title to be no more than 5 characters. Now let’s modify our PostMovie() action to validate a movie before adding the movie to the database: public HttpResponseMessage PostMovie(Movie movieToCreate) { // Validate movie if (!ModelState.IsValid) { var errors = new JsonArray(); foreach (var prop in ModelState.Values) { if (prop.Errors.Any()) { errors.Add(prop.Errors.First().ErrorMessage); } } return new HttpResponseMessage<JsonValue>(errors, HttpStatusCode.BadRequest); } // Add movieToCreate to the database and update primary key movieToCreate.Id = 23; // Build a response that contains the location of the new movie var response = new HttpResponseMessage<Movie>(movieToCreate, HttpStatusCode.Created); var relativePath = "/api/movie/" + movieToCreate.Id; response.Headers.Location = new Uri(Request.RequestUri, relativePath); return response; } If ModelState.IsValid has the value false then the errors in model state are copied to a new JSON array. Each property – such as the Title and Director property — can have multiple errors. In the code above, only the first error message is copied over. The JSON array is returned with a Bad Request status code (400 status code). The following HTML page illustrates how you can invoke our modified PostMovie() action and display any error messages: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Create Movie</title> </head> <body> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> var movieToCreate = { title: "The Hobbit", director: "" }; createMovie(movieToCreate, function (newMovie) { alert("New movie created with an Id of " + newMovie.Id); }, function (errors) { var strErrors = ""; $.each(errors, function(index, err) { strErrors += "*" + err + "\n"; }); alert(strErrors); } ); function createMovie(movieToCreate, success, fail) { $.ajax({ url: "/api/Movie", data: JSON.stringify(movieToCreate), type: "POST", contentType: "application/json;charset=utf-8", statusCode: { 201: function (newMovie) { success(newMovie); }, 400: function (xhr) { var errors = JSON.parse(xhr.responseText); fail(errors); } } }); } </script> </body> </html> The createMovie() function performs an Ajax request and handles either a 201 or a 400 status code from the response. If a 201 status code is returned then there were no validation errors and the new movie was created. If, on the other hand, a 400 status code is returned then there was a validation error. The validation errors are retrieved from the XmlHttpRequest responseText property. The error messages are displayed in an alert: (Please don’t use JavaScript alert dialogs to display validation errors, I just did it this way out of pure laziness) This validation code in our PostMovie() method is pretty generic. There is nothing specific about this code to the PostMovie() method. In the following video, Jon Galloway demonstrates how to create a global Validation filter which can be used with any API controller action: http://www.asp.net/web-api/overview/web-api-routing-and-actions/video-custom-validation His validation filter looks like this: using System.Json; using System.Linq; using System.Net; using System.Net.Http; using System.Web.Http.Controllers; using System.Web.Http.Filters; namespace MyWebAPIApp.Filters { public class ValidationActionFilter:ActionFilterAttribute { public override void OnActionExecuting(HttpActionContext actionContext) { var modelState = actionContext.ModelState; if (!modelState.IsValid) { dynamic errors = new JsonObject(); foreach (var key in modelState.Keys) { var state = modelState[key]; if (state.Errors.Any()) { errors[key] = state.Errors.First().ErrorMessage; } } actionContext.Response = new HttpResponseMessage<JsonValue>(errors, HttpStatusCode.BadRequest); } } } } And you can register the validation filter in the Application_Start() method in the Global.asax file like this: GlobalConfiguration.Configuration.Filters.Add(new ValidationActionFilter()); After you register the Validation filter, validation error messages are returned from any API controller action method automatically when validation fails. You don’t need to add any special logic to any of your API controller actions to take advantage of the filter. Querying using OData The OData protocol is an open protocol created by Microsoft which enables you to perform queries over the web. The official website for OData is located here: http://odata.org For example, here are some of the query options which you can use with OData: · $orderby – Enables you to retrieve results in a certain order. · $top – Enables you to retrieve a certain number of results. · $skip – Enables you to skip over a certain number of results (use with $top for paging). · $filter – Enables you to filter the results returned. The ASP.NET Web API supports a subset of the OData protocol. You can use all of the query options listed above when interacting with an API controller. The only requirement is that the API controller action returns its data as IQueryable. For example, the following Movie controller has an action named GetMovies() which returns an IQueryable of movies: public IQueryable<Movie> GetMovies() { return new List<Movie> { new Movie {Id=1, Title="Star Wars", Director="Lucas"}, new Movie {Id=2, Title="King Kong", Director="Jackson"}, new Movie {Id=3, Title="Willow", Director="Lucas"}, new Movie {Id=4, Title="Shrek", Director="Smith"}, new Movie {Id=5, Title="Memento", Director="Nolan"} }.AsQueryable(); } If you enter the following URL in your browser: /api/movie?$top=2&$orderby=Title Then you will limit the movies returned to the top 2 in order of the movie Title. You will get the following results: By using the $top option in combination with the $skip option, you can enable client-side paging. For example, you can use $top and $skip to page through thousands of products, 10 products at a time. The $filter query option is very powerful. You can use this option to filter the results from a query. Here are some examples: Return every movie directed by Lucas: /api/movie?$filter=Director eq ‘Lucas’ Return every movie which has a title which starts with ‘S’: /api/movie?$filter=startswith(Title,’S') Return every movie which has an Id greater than 2: /api/movie?$filter=Id gt 2 The complete documentation for the $filter option is located here: http://www.odata.org/developers/protocols/uri-conventions#FilterSystemQueryOption Summary The goal of this blog entry was to provide you with an overview of the new ASP.NET Web API introduced with the Beta release of ASP.NET 4. In this post, I discussed how you can retrieve, insert, update, and delete data by using jQuery with the Web API. I also discussed how you can use the standard validation attributes with the Web API. You learned how to return validation error messages to the client and display the error messages using jQuery. Finally, we briefly discussed how the ASP.NET Web API supports the OData protocol. For example, you learned how to filter records returned from an API controller action by using the $filter query option. I’m excited about the new Web API. This is a feature which I expect to use with almost every ASP.NET application which I build in the future.

Read the article
Introduction to the ASP.NET Web API

- by Stephen.Walther

I am a huge fan of Ajax. If you want to create a great experience for the users of your website – regardless of whether you are building an ASP.NET MVC or an ASP.NET Web Forms site — then you need to use Ajax. Otherwise, you are just being cruel to your customers. We use Ajax extensively in several of the ASP.NET applications that my company, Superexpert.com, builds. We expose data from the server as JSON and use jQuery to retrieve and update that data from the browser. One challenge, when building an ASP.NET website, is deciding on which technology to use to expose JSON data from the server. For example, how do you expose a list of products from the server as JSON so you can retrieve the list of products with jQuery? You have a number of options (too many options) including ASMX Web services, WCF Web Services, ASHX Generic Handlers, WCF Data Services, and MVC controller actions. Fortunately, the world has just been simplified. With the release of ASP.NET 4 Beta, Microsoft has introduced a new technology for exposing JSON from the server named the ASP.NET Web API. You can use the ASP.NET Web API with both ASP.NET MVC and ASP.NET Web Forms applications. The goal of this blog post is to provide you with a brief overview of the features of the new ASP.NET Web API. You learn how to use the ASP.NET Web API to retrieve, insert, update, and delete database records with jQuery. We also discuss how you can perform form validation when using the Web API and use OData when using the Web API. Creating an ASP.NET Web API Controller The ASP.NET Web API exposes JSON data through a new type of controller called an API controller. You can add an API controller to an existing ASP.NET MVC 4 project through the standard Add Controller dialog box. Right-click your Controllers folder and select Add, Controller. In the dialog box, name your controller MovieController and select the Empty API controller template: A brand new API controller looks like this: using System; using System.Collections.Generic; using System.Linq; using System.Net.Http; using System.Web.Http; namespace MyWebAPIApp.Controllers { public class MovieController : ApiController { } } An API controller, unlike a standard MVC controller, derives from the base ApiController class instead of the base Controller class. Using jQuery to Retrieve, Insert, Update, and Delete Data Let’s create an Ajaxified Movie Database application. We’ll retrieve, insert, update, and delete movies using jQuery with the MovieController which we just created. Our Movie model class looks like this: namespace MyWebAPIApp.Models { public class Movie { public int Id { get; set; } public string Title { get; set; } public string Director { get; set; } } } Our application will consist of a single HTML page named Movies.html. We’ll place all of our jQuery code in the Movies.html page. Getting a Single Record with the ASP.NET Web API To support retrieving a single movie from the server, we need to add a Get method to our API controller: using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Http; using System.Web.Http; using MyWebAPIApp.Models; namespace MyWebAPIApp.Controllers { public class MovieController : ApiController { public Movie GetMovie(int id) { // Return movie by id if (id == 1) { return new Movie { Id = 1, Title = "Star Wars", Director = "Lucas" }; } // Otherwise, movie was not found throw new HttpResponseException(HttpStatusCode.NotFound); } } } In the code above, the GetMovie() method accepts the Id of a movie. If the Id has the value 1 then the method returns the movie Star Wars. Otherwise, the method throws an exception and returns 404 Not Found HTTP status code. After building your project, you can invoke the MovieController.GetMovie() method by entering the following URL in your web browser address bar: http://localhost:[port]/api/movie/1 (You’ll need to enter the correct randomly generated port). In the URL api/movie/1, the first “api” segment indicates that this is a Web API route. The “movie” segment indicates that the MovieController should be invoked. You do not specify the name of the action. Instead, the HTTP method used to make the request – GET, POST, PUT, DELETE — is used to identify the action to invoke. The ASP.NET Web API uses different routing conventions than normal ASP.NET MVC controllers. When you make an HTTP GET request then any API controller method with a name that starts with “GET” is invoked. So, we could have called our API controller action GetPopcorn() instead of GetMovie() and it would still be invoked by the URL api/movie/1. The default route for the Web API is defined in the Global.asax file and it looks like this: routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); We can invoke our GetMovie() controller action with the jQuery code in the following HTML page: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Get Movie</title> </head> <body> <div> Title: <span id="title"></span> </div> <div> Director: <span id="director"></span> </div> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> getMovie(1, function (movie) { $("#title").html(movie.Title); $("#director").html(movie.Director); }); function getMovie(id, callback) { $.ajax({ url: "/api/Movie", data: { id: id }, type: "GET", contentType: "application/json;charset=utf-8", statusCode: { 200: function (movie) { callback(movie); }, 404: function () { alert("Not Found!"); } } }); } </script> </body> </html> In the code above, the jQuery $.ajax() method is used to invoke the GetMovie() method. Notice that the Ajax call handles two HTTP response codes. When the GetMove() method successfully returns a movie, the method returns a 200 status code. In that case, the details of the movie are displayed in the HTML page. Otherwise, if the movie is not found, the GetMovie() method returns a 404 status code. In that case, the page simply displays an alert box indicating that the movie was not found (hopefully, you would implement something more graceful in an actual application). You can use your browser’s Developer Tools to see what is going on in the background when you open the HTML page (hit F12 in the most recent version of most browsers). For example, you can use the Network tab in Google Chrome to see the Ajax request which invokes the GetMovie() method: Getting a Set of Records with the ASP.NET Web API Let’s modify our Movie API controller so that it returns a collection of movies. The following Movie controller has a new ListMovies() method which returns a (hard-coded) collection of movies: using System; using System.Collections.Generic; using System.Linq; using System.Net; using System.Net.Http; using System.Web.Http; using MyWebAPIApp.Models; namespace MyWebAPIApp.Controllers { public class MovieController : ApiController { public IEnumerable<Movie> ListMovies() { return new List<Movie> { new Movie {Id=1, Title="Star Wars", Director="Lucas"}, new Movie {Id=1, Title="King Kong", Director="Jackson"}, new Movie {Id=1, Title="Memento", Director="Nolan"} }; } } } Because we named our action ListMovies(), the default Web API route will never match it. Therefore, we need to add the following custom route to our Global.asax file (at the top of the RegisterRoutes() method): routes.MapHttpRoute( name: "ActionApi", routeTemplate: "api/{controller}/{action}/{id}", defaults: new { id = RouteParameter.Optional } ); This route enables us to invoke the ListMovies() method with the URL /api/movie/listmovies. Now that we have exposed our collection of movies from the server, we can retrieve and display the list of movies using jQuery in our HTML page: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>List Movies</title> </head> <body> <div id="movies"></div> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> listMovies(function (movies) { var strMovies=""; $.each(movies, function (index, movie) { strMovies += "<div>" + movie.Title + "</div>"; }); $("#movies").html(strMovies); }); function listMovies(callback) { $.ajax({ url: "/api/Movie/ListMovies", data: {}, type: "GET", contentType: "application/json;charset=utf-8", }).then(function(movies){ callback(movies); }); } </script> </body> </html> Inserting a Record with the ASP.NET Web API Now let’s modify our Movie API controller so it supports creating new records: public HttpResponseMessage<Movie> PostMovie(Movie movieToCreate) { // Add movieToCreate to the database and update primary key movieToCreate.Id = 23; // Build a response that contains the location of the new movie var response = new HttpResponseMessage<Movie>(movieToCreate, HttpStatusCode.Created); var relativePath = "/api/movie/" + movieToCreate.Id; response.Headers.Location = new Uri(Request.RequestUri, relativePath); return response; } The PostMovie() method in the code above accepts a movieToCreate parameter. We don’t actually store the new movie anywhere. In real life, you will want to call a service method to store the new movie in a database. When you create a new resource, such as a new movie, you should return the location of the new resource. In the code above, the URL where the new movie can be retrieved is assigned to the Location header returned in the PostMovie() response. Because the name of our method starts with “Post”, we don’t need to create a custom route. The PostMovie() method can be invoked with the URL /Movie/PostMovie – just as long as the method is invoked within the context of a HTTP POST request. The following HTML page invokes the PostMovie() method. <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Create Movie</title> </head> <body> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> var movieToCreate = { title: "The Hobbit", director: "Jackson" }; createMovie(movieToCreate, function (newMovie) { alert("New movie created with an Id of " + newMovie.Id); }); function createMovie(movieToCreate, callback) { $.ajax({ url: "/api/Movie", data: JSON.stringify( movieToCreate ), type: "POST", contentType: "application/json;charset=utf-8", statusCode: { 201: function (newMovie) { callback(newMovie); } } }); } </script> </body> </html> This page creates a new movie (the Hobbit) by calling the createMovie() method. The page simply displays the Id of the new movie: The HTTP Post operation is performed with the following call to the jQuery $.ajax() method: $.ajax({ url: "/api/Movie", data: JSON.stringify( movieToCreate ), type: "POST", contentType: "application/json;charset=utf-8", statusCode: { 201: function (newMovie) { callback(newMovie); } } }); Notice that the type of Ajax request is a POST request. This is required to match the PostMovie() method. Notice, furthermore, that the new movie is converted into JSON using JSON.stringify(). The JSON.stringify() method takes a JavaScript object and converts it into a JSON string. Finally, notice that success is represented with a 201 status code. The HttpStatusCode.Created value returned from the PostMovie() method returns a 201 status code. Updating a Record with the ASP.NET Web API Here’s how we can modify the Movie API controller to support updating an existing record. In this case, we need to create a PUT method to handle an HTTP PUT request: public void PutMovie(Movie movieToUpdate) { if (movieToUpdate.Id == 1) { // Update the movie in the database return; } // If you can't find the movie to update throw new HttpResponseException(HttpStatusCode.NotFound); } Unlike our PostMovie() method, the PutMovie() method does not return a result. The action either updates the database or, if the movie cannot be found, returns an HTTP Status code of 404. The following HTML page illustrates how you can invoke the PutMovie() method: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Put Movie</title> </head> <body> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> var movieToUpdate = { id: 1, title: "The Hobbit", director: "Jackson" }; updateMovie(movieToUpdate, function () { alert("Movie updated!"); }); function updateMovie(movieToUpdate, callback) { $.ajax({ url: "/api/Movie", data: JSON.stringify(movieToUpdate), type: "PUT", contentType: "application/json;charset=utf-8", statusCode: { 200: function () { callback(); }, 404: function () { alert("Movie not found!"); } } }); } </script> </body> </html> Deleting a Record with the ASP.NET Web API Here’s the code for deleting a movie: public HttpResponseMessage DeleteMovie(int id) { // Delete the movie from the database // Return status code return new HttpResponseMessage(HttpStatusCode.NoContent); } This method simply deletes the movie (well, not really, but pretend that it does) and returns a No Content status code (204). The following page illustrates how you can invoke the DeleteMovie() action: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Delete Movie</title> </head> <body> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> deleteMovie(1, function () { alert("Movie deleted!"); }); function deleteMovie(id, callback) { $.ajax({ url: "/api/Movie", data: JSON.stringify({id:id}), type: "DELETE", contentType: "application/json;charset=utf-8", statusCode: { 204: function () { callback(); } } }); } </script> </body> </html> Performing Validation How do you perform form validation when using the ASP.NET Web API? Because validation in ASP.NET MVC is driven by the Default Model Binder, and because the Web API uses the Default Model Binder, you get validation for free. Let’s modify our Movie class so it includes some of the standard validation attributes: using System.ComponentModel.DataAnnotations; namespace MyWebAPIApp.Models { public class Movie { public int Id { get; set; } [Required(ErrorMessage="Title is required!")] [StringLength(5, ErrorMessage="Title cannot be more than 5 characters!")] public string Title { get; set; } [Required(ErrorMessage="Director is required!")] public string Director { get; set; } } } In the code above, the Required validation attribute is used to make both the Title and Director properties required. The StringLength attribute is used to require the length of the movie title to be no more than 5 characters. Now let’s modify our PostMovie() action to validate a movie before adding the movie to the database: public HttpResponseMessage PostMovie(Movie movieToCreate) { // Validate movie if (!ModelState.IsValid) { var errors = new JsonArray(); foreach (var prop in ModelState.Values) { if (prop.Errors.Any()) { errors.Add(prop.Errors.First().ErrorMessage); } } return new HttpResponseMessage<JsonValue>(errors, HttpStatusCode.BadRequest); } // Add movieToCreate to the database and update primary key movieToCreate.Id = 23; // Build a response that contains the location of the new movie var response = new HttpResponseMessage<Movie>(movieToCreate, HttpStatusCode.Created); var relativePath = "/api/movie/" + movieToCreate.Id; response.Headers.Location = new Uri(Request.RequestUri, relativePath); return response; } If ModelState.IsValid has the value false then the errors in model state are copied to a new JSON array. Each property – such as the Title and Director property — can have multiple errors. In the code above, only the first error message is copied over. The JSON array is returned with a Bad Request status code (400 status code). The following HTML page illustrates how you can invoke our modified PostMovie() action and display any error messages: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Create Movie</title> </head> <body> <script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script> <script type="text/javascript"> var movieToCreate = { title: "The Hobbit", director: "" }; createMovie(movieToCreate, function (newMovie) { alert("New movie created with an Id of " + newMovie.Id); }, function (errors) { var strErrors = ""; $.each(errors, function(index, err) { strErrors += "*" + err + "n"; }); alert(strErrors); } ); function createMovie(movieToCreate, success, fail) { $.ajax({ url: "/api/Movie", data: JSON.stringify(movieToCreate), type: "POST", contentType: "application/json;charset=utf-8", statusCode: { 201: function (newMovie) { success(newMovie); }, 400: function (xhr) { var errors = JSON.parse(xhr.responseText); fail(errors); } } }); } </script> </body> </html> The createMovie() function performs an Ajax request and handles either a 201 or a 400 status code from the response. If a 201 status code is returned then there were no validation errors and the new movie was created. If, on the other hand, a 400 status code is returned then there was a validation error. The validation errors are retrieved from the XmlHttpRequest responseText property. The error messages are displayed in an alert: (Please don’t use JavaScript alert dialogs to display validation errors, I just did it this way out of pure laziness) This validation code in our PostMovie() method is pretty generic. There is nothing specific about this code to the PostMovie() method. In the following video, Jon Galloway demonstrates how to create a global Validation filter which can be used with any API controller action: http://www.asp.net/web-api/overview/web-api-routing-and-actions/video-custom-validation His validation filter looks like this: using System.Json; using System.Linq; using System.Net; using System.Net.Http; using System.Web.Http.Controllers; using System.Web.Http.Filters; namespace MyWebAPIApp.Filters { public class ValidationActionFilter:ActionFilterAttribute { public override void OnActionExecuting(HttpActionContext actionContext) { var modelState = actionContext.ModelState; if (!modelState.IsValid) { dynamic errors = new JsonObject(); foreach (var key in modelState.Keys) { var state = modelState[key]; if (state.Errors.Any()) { errors[key] = state.Errors.First().ErrorMessage; } } actionContext.Response = new HttpResponseMessage<JsonValue>(errors, HttpStatusCode.BadRequest); } } } } And you can register the validation filter in the Application_Start() method in the Global.asax file like this: GlobalConfiguration.Configuration.Filters.Add(new ValidationActionFilter()); After you register the Validation filter, validation error messages are returned from any API controller action method automatically when validation fails. You don’t need to add any special logic to any of your API controller actions to take advantage of the filter. Querying using OData The OData protocol is an open protocol created by Microsoft which enables you to perform queries over the web. The official website for OData is located here: http://odata.org For example, here are some of the query options which you can use with OData: · $orderby – Enables you to retrieve results in a certain order. · $top – Enables you to retrieve a certain number of results. · $skip – Enables you to skip over a certain number of results (use with $top for paging). · $filter – Enables you to filter the results returned. The ASP.NET Web API supports a subset of the OData protocol. You can use all of the query options listed above when interacting with an API controller. The only requirement is that the API controller action returns its data as IQueryable. For example, the following Movie controller has an action named GetMovies() which returns an IQueryable of movies: public IQueryable<Movie> GetMovies() { return new List<Movie> { new Movie {Id=1, Title="Star Wars", Director="Lucas"}, new Movie {Id=2, Title="King Kong", Director="Jackson"}, new Movie {Id=3, Title="Willow", Director="Lucas"}, new Movie {Id=4, Title="Shrek", Director="Smith"}, new Movie {Id=5, Title="Memento", Director="Nolan"} }.AsQueryable(); } If you enter the following URL in your browser: /api/movie?$top=2&$orderby=Title Then you will limit the movies returned to the top 2 in order of the movie Title. You will get the following results: By using the $top option in combination with the $skip option, you can enable client-side paging. For example, you can use $top and $skip to page through thousands of products, 10 products at a time. The $filter query option is very powerful. You can use this option to filter the results from a query. Here are some examples: Return every movie directed by Lucas: /api/movie?$filter=Director eq ‘Lucas’ Return every movie which has a title which starts with ‘S’: /api/movie?$filter=startswith(Title,’S') Return every movie which has an Id greater than 2: /api/movie?$filter=Id gt 2 The complete documentation for the $filter option is located here: http://www.odata.org/developers/protocols/uri-conventions#FilterSystemQueryOption Summary The goal of this blog entry was to provide you with an overview of the new ASP.NET Web API introduced with the Beta release of ASP.NET 4. In this post, I discussed how you can retrieve, insert, update, and delete data by using jQuery with the Web API. I also discussed how you can use the standard validation attributes with the Web API. You learned how to return validation error messages to the client and display the error messages using jQuery. Finally, we briefly discussed how the ASP.NET Web API supports the OData protocol. For example, you learned how to filter records returned from an API controller action by using the $filter query option. I’m excited about the new Web API. This is a feature which I expect to use with almost every ASP.NET application which I build in the future.

Read the article
Can I run asp.net mvc 1 on .net 4?

- by Jenea

I have a asp.net mvc site that references a couple of libraries. Recently I discovered that it is necessary to migrate those dlls to .net 4 (I mean compile them for .net 4). Can I run asp.net mvc 1 on .net 4. Migration to asp.net mvc 2 is postponed because of the removal of response.WriteSubstitution(...) method.

Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13 | Next Page >