base class - Page 698 - Developer IT

jQuery CSS and .hover() not picking up style

- by danit

Im using jQuery to add .hover class to list items. $("#list .item").hover( function () { $(this).addClass("hover"); }, function () { $(this).removeClass("hover"); } ); Then followed by the style in jQuery (I have to supply the style in JS) $('#list .item.hover').css('padding-left', '20px'); The hover class is being applied but the style is not picked up?

Read the article

Proper Form Application Design

- by Soo

I'm creating a WinForm application in C# and one of its functions is displaying text in text boxes. I'm coding the logic for querying a database in a separate class and am unable to access the text box element in the class I'm creating (I'm getting a "name" does not exist in the current context error). Do I put all of my form logic into my Form1.cs file?

Read the article

sonar code coverage issue

- by user1490244

Hi I am running sonar for my impl class, i have written junit for all the methods of impl class but when i ran the sonar the code coverage is just 11% and all the file is in red color. stating that the code is not covered. I really dont understand inspite of writing all the test methods for all the impl methods why is it showing such a less percentage. Any help or tips or guidelines will be greatly appreciated. Thanks

Read the article

Why can't I create extension methods for static classes?

- by dotnetdev

When I try to create an extension method for the File class, I get an error telling me that I cannot do this because the class is static. However, I don't see why this stops the creation of an extension method, what implication is there? Thanks

Read the article

How should onClick Listener by defined and instantiated for an Activity

- by Code Droid

My Activity has multiple lists so I have defined MyClickListener as below: My question is how I should instantiate this class: MyClickListener mMyClickListener = new MyClickListener(); Or maybe it is better to instantiate inside the onCreate(Bundle) and just define above. Whats considered the better way? I don't want too much in onCreate() its already full of stuff. Any thoughts on the declaration and instatiation? Whats the best way? private class MyClickListener implements OnClickListener { @Override public void onClick(View view) { } }

Read the article

[Linq & Dictionary (.NET)] A problem with compare item value

- by Tony

Hi, I have defined my class: public class Host { public string Name; } then a strobgly-typed dictionary: Dictionary<string, Host> HostsTable; then I try to compare a value: if (HostsTable.Values.Where(s => s.Name == "myhostname") != null) { doSomething } and the problem is, nothing is found, even I'm sure the item is on the list. What I'm doing wrong ?

Read the article

Default value for bool in c++

- by greenguy1090

I'm redesigning a class constructor in C++ and need it to catch an unspecified bool. I have used default values for all of the other parameters, but from my understanding bool can only be initialized to true or false. Since both of those cases have meaning in the class, how should I handle checking for change from a default value?

Read the article

jQuery if and logic

- by danit

I have a simple jQuery toolbar, the basic functionality is: Hover: Background change to defined value & add .active class OnClick: Move the icon down 4px, and change background of the toolbar to that of the element What I would like to do move the icon down 4px when it has the class 'active' applied, however also remove the onclick event? Somehow I need an 'IF' statement in my jQuery for the Onclick event.

Read the article

PHP mail with multiple attachments and message in HTML format [closed]

- by Jason

I am new to PHP, so please don't mind if my question is silly. I would to like to make a PHP to send email with numerous attachments and the message of the email will be in HTML format. <html> <body> <form action="mail.php" method="post"> <table> <tr> <td><label>Name:</label></td> <td><input type="text" name="name" /></td> </tr> <tr> <td><label>Your Email:</label></td> <td><input type="text" name="email" /></td> </tr> <tr> <td><label>Attachment:</label></td> <td><input type="file" name="Attach" /></td> </tr> <tr> <td><input type="submit" value="Submit" /></td> </tr> </table> </form> <script language="javascript"> $(document).ready(function() { $("form").submit(function(){ $.ajax({ type: "POST", url: 'mail.php', dataType: 'json', data: { name: $('#name').val(), email: $('#email').val(), Attach: $('#Attach').val(), }, success: function(json){ $(".error, .success").remove(); if (json['error']){ $("form").after(json['error']); } if (json['success']){ $("form").remove(); $(".leftColWrap").append(json['success']); } } }); return false; }); }); </script> </body> </html> This is my HTML for filing in the information. And below is the mail.php <?php session_cache_limiter('nocache'); header('Expires: ' . gmdate('r', 0)); header('Content-type: application/json'); $timeout = time()+60*60*24*30; setcookie(Form, date("F jS - g:i a"), $timeout); $name=$_POST['name']; $email=$_POST['email']; $to="[email protected]"; //*** Uniqid Session ***// $Sid = md5(uniqid(time())); $headers = ""; $headers .= "From: $email \n"; $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-Type: multipart/mixed; boundary=\"".$Sid."\"\n\n"; $headers .= "This is a multi-part message in MIME format.\n"; $headers .= "--".$Sid."\n"; $headers .= "Content-type: text/html; charset=utf-8\n"; $headers .= "Content-Transfer-Encoding: 7bit\n\n"; //*** Attachment ***// if($_FILES["fileAttach"]["name"] != "") { $FilesName = $_FILES["fileAttach"]["name"]; $Content = chunk_split(base64_encode(file_get_contents($_FILES["fileAttach"]["tmp_name"]))); $headers .= "--".$Sid."\n"; $headers .= "Content-Type: application/octet-eam; name=\"".$FilesName."\"\n"; $headers .= "Content-Transfer-Encoding: base64\n"; $headers .= "Content-Disposition: attachment; filename=\"".$FilesName."\"\n\n"; $headers .= $Content."\n\n"; } $message_to=" <html><body> <table class='page-head' align='center' width='100%'> <tr> <td class='left'> <h1>ABC</h1></td> <td class='right' width='63'> <img src='http://xxx/images/logo.png' /></td> </tr> </table><br /><br /> $name ($email) has just sent you an e-mail. </body></html>"; $message_from="<html><body> <table class='page-head' align='center' width='100%'> <tr> <td class='left'> <h1>ABC</h1></td> <td class='right' width='63'> <img src='http://xxx/images/logo.png' /></td> </tr> </table><br /><br /> Thanks for sending the email. </body></html>"; if ($name == "" || $email == "") { $error = "<font color=\"red\">Please fill in all the required fields.</font>"; } elseif (isset($_COOKIE['Form'])) { $error = "You have already sent the email. Please try again later."; } else { mail($to,"A new email from: $name",$message_to,$headers); mail($email,"Thank you for send the email",$message_from,$headers); $success = "Emai sent successfully!"; } $json = array('error' => $error, 'success' => $success); print(json_encode($json)); ?> May someone give some advises on the code? Thanks a lot.

Read the article

C++ return object

- by Pauff

I have a class that has a vector of objects. What do I need to do to return one of this objects and change it outside the class, keeping the changings? Is it possible to do with regular pointers? Is there a standard procedure? (And yes, my background is in Java.)

Read the article

Putting methods in separate files

- by Garry

I have a class (MyClass) with a lot of methods. Consequently, the .m file has become quite difficult to read. I'm relatively new to Objective-C (having come from REALbasic) and I was wondering if it's possible to put some of the methods in MyClass into different files and then include them in the class. How would I go about this in Xcode?

Read the article

Activerecord join search

- by VP

Hi, i have two models: class Category has many :jobs end class Job belongs_to :category end So for sure i'm able to do c = Category.first c.jobs My question is: how can i find just categories that has at least one job?

Read the article

Way to call super(MyClass, self).init() without MyClass?

- by Mark

I find this syntax astoundingly annoying. Every time I rename my class, I have to change this call for no apparent reason. Isn't there some __class__ magic variable or something I can use at least? Interested in answers for Python 2.5, but it doesn't hurt to know if later versions fixed this.

Read the article

Finding the type of an object in C++

- by lemnisca

I have a class A and another class that inherits from it, B. I am overriding a function that accepts an object of type A as a parameter, so I have to accept an A. However, I later call functions that only B has, so I want to return false and not proceed if the object passed is not of type B. What is the best way to find out which type the object passed to my function is?

Read the article

DisplayMemberPath is not working in WPF

- by WpfBee

I want to display CustomerList\CustomerName property items to the listBox using ItemsSource DisplayMemberPath property only. But it is not working. I do not want to use DataContext or any other binding in my problem. Please help. My code is given below: MainWindow.xaml.cs namespace BindingAnItemControlToAList { /// <summary> /// Interaction logic for MainWindow.xaml /// </summary> public partial class MainWindow : Window { public MainWindow() { InitializeComponent(); } } public class Customer { public string Name {get;set;} public string LastName { get; set; } } public class CustomerList { public List<Customer> Customers { get; set; } public List<string> CustomerName { get; set; } public List<string> CustomerLastName { get; set; } public CustomerList() { Customers = new List<Customer>(); CustomerName = new List<string>(); CustomerLastName = new List<string>(); CustomerName.Add("Name1"); CustomerLastName.Add("LastName1"); CustomerName.Add("Name2"); CustomerLastName.Add("LastName2"); Customers.Add(new Customer() { Name = CustomerName[0], LastName = CustomerLastName[0] }); Customers.Add(new Customer() { Name = CustomerName[1], LastName = CustomerLastName[1] }); } } } **MainWindow.Xaml** <Window x:Class="BindingAnItemControlToAList.MainWindow" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:local="clr-namespace:BindingAnItemControlToAList" Title="MainWindow" Height="350" Width="525" Loaded="Window_Loaded" > <Window.Resources> <local:CustomerList x:Key="Cust"/> </Window.Resources> <Grid Name="Grid1"> <ListBox ItemsSource="{Binding Source={StaticResource Cust}}" DisplayMemberPath="CustomerName" Height="172" HorizontalAlignment="Left" Margin="27,23,0,0" Name="lstStates" VerticalAlignment="Top" Width="245" /> </Grid> </Window>

Read the article

Custom InputIterator for Boost graph (BGL)

- by Shadow

Hi, I have a graph with custom properties to the vertices and edges. I now want to create a copy of this graph, but I don't want the vertices to be as complex as in the original. By this I mean that it would suffice that the vertices have the same indices (vertex_index_t) as they do in the original graph. Instead of doing the copying by hand I wanted to use the copy-functionality of boost::adjacency_list (s. http://www.boost.org/doc/libs/1_37_0/libs/graph/doc/adjacency_list.html): template <class EdgeIterator> adjacency_list(EdgeIterator first, EdgeIterator last, vertices_size_type n, edges_size_type m = 0, const GraphProperty& p = GraphProperty()) The description there says: The EdgeIterator must be a model of InputIterator. The value type of the EdgeIterator must be a std::pair, where the type in the pair is an integer type. The integers will correspond to vertices, and they must all fall in the range of [0, n). Unfortunately I have to admit that I don't quite get it how to define an EdgeIterator that is a model of InputIterator. Here's what I've succeded so far: template< class EdgeIterator, class Edge > class MyEdgeIterator// : public input_iterator< std::pair<int, int> > { public: MyEdgeIterator() {}; MyEdgeIterator(EdgeIterator& rhs) : actual_edge_it_(rhs) {}; MyEdgeIterator(const MyEdgeIterator& to_copy) {}; bool operator==(const MyEdgeIterator& to_compare) { return actual_edge_it_ == to_compare.actual_edge_it_; } bool operator!=(const MyEdgeIterator& to_compare) { return !(*this == to_compare); } Edge operator*() const { return *actual_edge_it_; } const MyEdgeIterator* operator->() const; MyEdgeIterator& operator ++() { ++actual_edge_it_; return *this; } MyEdgeIterator operator ++(int) { MyEdgeIterator<EdgeIterator, Edge> tmp = *this; ++*this; return tmp; } private: EdgeIterator& actual_edge_it_; } However, this doesn't work as it is supposed to and I ran out of clues. So, how do I define the appropriate InputIterator?

Read the article

C++ sort method

- by qwead

I want to sort a vector using std::sort, but my sort method is a static method of a class, and I want to call std::sort outside it, but it seems to be trouble doing it this way. On the class: static int CompareIt(void *sol1, void *sol2) { ... } std::sort call: sort(distanceList.at(q).begin(), distanceList.at(q).end(), &DistanceNodeComparator::CompareIt); Shouldn't it be possible to do this way?

Read the article

how to use form_tag in rails 2.3

- by mtay

Hey all, I'm running into an error using form_tag in Rails 2.3 and can't seem to wrap my head around it. What may I be doing wrong syntactically? =form_tag :action => 'form', :name => "admin_form" #images_actions_bar =submit_tag "Approve", :class => "button", :name => "approve" =submit_tag "Update", :class => "button", :name => "update" I am seeing "syntax error, unexpected kENSURE, expecting $end"

Read the article

C++ require that one template type is derived from the other

- by Will

In a comparison operator: template<class R1, class R2> bool operator==(Manager<R1> m1, Manager<R2> m2) { return p1.internal_field == p2.internal_field; } Is there any way I could enforce that R1 and R2 must have a supertype or subtype relation? That is, I'd like to allow either R1 to be derived from R2, or R2 to be derived from R1, but disallow the comparison if R1 and R2 are unrelated types.

Read the article

Why can a List(Of SomeObject) not be converted to an IEnumerable(Of ISomeInterface) while SomeObject

- by ropstah

Please see the last comment in GetListChildren() function. "Why can a List(Of Page) not be converted to an IEnumerable(Of IListHasChildren) ?" Interface IListHasChildren Function GetListChildren() as IEnumerable(Of IListHasChildren) End Interface Public Class Page : Implements IListHasChildren Public Function GetChildren() As List(Of Page) //'return List(Of Page) with children End Function Public Function GetListChildren() : Implements IListHasChildren.GetListChildren Return Me.GetChildren() //'This cannot be converted to IEnumerable(Of IListHasChildren) ?? End Function End Class

Read the article

ASP.Net MVC 2 Auto Complete Textbox With Custom View Model Attribute & EditorTemplate

- by SeanMcAlinden

In this post I’m going to show how to create a generic, ajax driven Auto Complete text box using the new MVC 2 Templates and the jQuery UI library. The template will be automatically displayed when a property is decorated with a custom attribute within the view model. The AutoComplete text box in action will look like the following: The first thing to do is to do is visit my previous blog post to put the custom model metadata provider in place, this is necessary when using custom attributes on the view model. http://weblogs.asp.net/seanmcalinden/archive/2010/06/11/custom-asp-net-mvc-2-modelmetadataprovider-for-using-custom-view-model-attributes.aspx Once this is in place, make sure you visit the jQuery UI and download the latest stable release – in this example I’m using version 1.8.2. You can download it here. Add the jQuery scripts and css theme to your project and add references to them in your master page. Should look something like the following: Site.Master <head runat="server"> <title><asp:ContentPlaceHolder ID="TitleContent" runat="server" /></title> <link href="../../Content/Site.css" rel="stylesheet" type="text/css" /> <link href="../../css/ui-lightness/jquery-ui-1.8.2.custom.css" rel="stylesheet" type="text/css" /> <script src="../../Scripts/jquery-1.4.2.min.js" type="text/javascript"></script> <script src="../../Scripts/jquery-ui-1.8.2.custom.min.js" type="text/javascript"></script> </head> Once this is place we can get started. Creating the AutoComplete Custom Attribute The auto complete attribute will derive from the abstract MetadataAttribute created in my previous post. It will look like the following: AutoCompleteAttribute using System.Collections.Generic; using System.Web.Mvc; using System.Web.Routing; namespace Mvc2Templates.Attributes { public class AutoCompleteAttribute : MetadataAttribute { public RouteValueDictionary RouteValueDictionary; public AutoCompleteAttribute(string controller, string action, string parameterName) { this.RouteValueDictionary = new RouteValueDictionary(); this.RouteValueDictionary.Add("Controller", controller); this.RouteValueDictionary.Add("Action", action); this.RouteValueDictionary.Add(parameterName, string.Empty); } public override void Process(ModelMetadata modelMetaData) { modelMetaData.AdditionalValues.Add("AutoCompleteUrlData", this.RouteValueDictionary); modelMetaData.TemplateHint = "AutoComplete"; } } } As you can see, the constructor takes in strings for the controller, action and parameter name. The parameter name will be used for passing the search text within the auto complete text box. The constructor then creates a new RouteValueDictionary which we will use later to construct the url for getting the auto complete results via ajax. The main interesting method is the method override called Process. With the process method, the route value dictionary is added to the modelMetaData AdditionalValues collection. The TemplateHint is also set to AutoComplete, this means that when the view model is parsed for display, the MVC 2 framework will look for a view user control template called AutoComplete, if it finds one, it uses that template to display the property. The View Model To show you how the attribute will look, this is the view model I have used in my example which can be downloaded at the end of this post. View Model using System.ComponentModel; using Mvc2Templates.Attributes; namespace Mvc2Templates.Models { public class TemplateDemoViewModel { [AutoComplete("Home", "AutoCompleteResult", "searchText")] [DisplayName("European Country Search")] public string SearchText { get; set; } } } As you can see, the auto complete attribute is called with the controller name, action name and the name of the action parameter that the search text will be passed into. The AutoComplete Template Now all of this is in place, it’s time to create the AutoComplete template. Create a ViewUserControl called AutoComplete.ascx at the following location within your application – Views/Shared/EditorTemplates/AutoComplete.ascx Add the following code: AutoComplete.ascx <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl" %> <% var propertyName = ViewData.ModelMetadata.PropertyName; var propertyValue = ViewData.ModelMetadata.Model; var id = Guid.NewGuid().ToString(); RouteValueDictionary urlData = (RouteValueDictionary)ViewData.ModelMetadata.AdditionalValues.Where(x => x.Key == "AutoCompleteUrlData").Single().Value; var url = Mvc2Templates.Views.Shared.Helpers.RouteHelper.GetUrl(this.ViewContext.RequestContext, urlData); %> <input type="text" name="<%= propertyName %>" value="<%= propertyValue %>" id="<%= id %>" class="autoComplete" /> <script type="text/javascript"> $(function () { $("#<%= id %>").autocomplete({ source: function (request, response) { $.ajax({ url: "<%= url %>" + request.term, dataType: "json", success: function (data) { response(data); } }); }, minLength: 2 }); }); </script> There is a lot going on in here but when you break it down it’s quite simple. Firstly, the property name and property value are retrieved through the model meta data. These are required to ensure that the text box input has the correct name and data to allow for model binding. If you look at line 14 you can see them being used in the text box input creation. The interesting bit is on line 8 and 9, this is the code to retrieve the route value dictionary we added into the model metada via the custom attribute. Line 11 is used to create the url, in order to do this I created a quick helper class which looks like the code below titled RouteHelper. The last bit of script is the code to initialise the jQuery UI AutoComplete control with the correct url for calling back to our controller action. RouteHelper using System.Web.Mvc; using System.Web.Routing; namespace Mvc2Templates.Views.Shared.Helpers { public static class RouteHelper { const string Controller = "Controller"; const string Action = "Action"; const string ReplaceFormatString = "REPLACE{0}"; public static string GetUrl(RequestContext requestContext, RouteValueDictionary routeValueDictionary) { RouteValueDictionary urlData = new RouteValueDictionary(); UrlHelper urlHelper = new UrlHelper(requestContext); int i = 0; foreach(var item in routeValueDictionary) { if (item.Value == string.Empty) { i++; urlData.Add(item.Key, string.Format(ReplaceFormatString, i.ToString())); } else { urlData.Add(item.Key, item.Value); } } var url = urlHelper.RouteUrl(urlData); for (int index = 1; index <= i; index++) { url = url.Replace(string.Format(ReplaceFormatString, index.ToString()), string.Empty); } return url; } } } See it in action All you need to do to see it in action is pass a view model from your controller with the new AutoComplete attribute attached and call the following within your view: <%= this.Html.EditorForModel() %> NOTE: The jQuery UI auto complete control expects a JSON string returned from your controller action method… as you can’t use the JsonResult to perform GET requests, use a normal action result, convert your data into json and return it as a string via a ContentResult. If you download the solution it will be very clear how to handle the controller and action for this demo. The full source code for this post can be downloaded here. It has been developed using MVC 2 and Visual Studio 2010. As always, I hope this has been interesting/useful. Kind Regards, Sean McAlinden.

Read the article

Loading jQuery Consistently in a .NET Web App

- by Rick Strahl

One thing that frequently comes up in discussions when using jQuery is how to best load the jQuery library (as well as other commonly used and updated libraries) in a Web application. Specifically the issue is the one of versioning and making sure that you can easily update and switch versions of script files with application wide settings in one place and having your script usage reflect those settings in the entire application on all pages that use the script. Although I use jQuery as an example here, the same concepts can be applied to any script library - for example in my Web libraries I use the same approach for jQuery.ui and my own internal jQuery support library. The concepts used here can be applied both in WebForms and MVC. Loading jQuery Properly From CDN Before we look at a generic way to load jQuery via some server logic, let me first point out my preferred way to embed jQuery into the page. I use the Google CDN to load jQuery and then use a fallback URL to handle the offline or no Internet connection scenario. Why use a CDN? CDN links tend to be loaded more quickly since they are very likely to be cached in user's browsers already as jQuery CDN is used by many, many sites on the Web. Using a CDN also removes load from your Web server and puts the load bearing on the CDN provider - in this case Google - rather than on your Web site. On the downside, CDN links gives the provider (Google, Microsoft) yet another way to track users through their Web usage. Here's how I use jQuery CDN plus a fallback link on my WebLog for example: <!DOCTYPE HTML> <html> <head> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js"></script> <script> if (typeof (jQuery) == 'undefined') document.write(unescape("%3Cscript " + "src='/Weblog/wwSC.axd?r=Westwind.Web.Controls.Resources.jquery.js' %3E%3C/script%3E")); </script> <title>Rick Strahl's Web Log</title> ... </head> You can see that the CDN is referenced first, followed by a small script block that checks to see whether jQuery was loaded (jQuery object exists). If it didn't load another script reference is added to the document dynamically pointing to a backup URL. In this case my backup URL points at a WebResource in my Westwind.Web assembly, but the URL can also be local script like src="/scripts/jquery.min.js". Important: Use the proper Protocol/Scheme for for CDN Urls [updated based on comments] If you're using a CDN to load an external script resource you should always make sure that the script is loaded with the same protocol as the parent page to avoid mixed content warnings by the browser. You don't want to load a script link to an http:// resource when you're on an https:// page. The easiest way to use this is by using a protocol relative URL: <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js"></script> which is an easy way to load resources from other domains. This URL syntax will automatically use the parent page's protocol (or more correctly scheme). As long as the remote domains support both http:// and https:// access this should work. BTW this also works in CSS (with some limitations) and links. BTW, I didn't know about this until it was pointed out in the comments. This is a very useful feature for many things - ah the benefits of my blog to myself :-) Version Numbers When you use a CDN you notice that you have to reference a specific version of jQuery. When using local files you may not have to do this as you can rename your private copy of jQuery.js, but for CDN the references are always versioned. The version number is of course very important to ensure you getting the version you have tested with, but it's also important to the provider because it ensures that cached content is always correct. If an existing file was updated the updates might take a very long time to get past the locally cached content and won't refresh properly. The version number ensures you get the right version and not some cached content that has been changed but not updated in your cache. On the other hand version numbers also mean that once you decide to use a new version of the script you now have to change all your script references in your pages. Depending on whether you use some sort of master/layout page or not this may or may not be easy in your application. Even if you do use master/layout pages, chances are that you probably have a few of them and at the very least all of those have to be updated for the scripts. If you use individual pages for all content this issue then spreads to all of your pages. Search and Replace in Files will do the trick, but it's still something that's easy to forget and worry about. Personaly I think it makes sense to have a single place where you can specify common script libraries that you want to load and more importantly which versions thereof and where they are loaded from. Loading Scripts via Server Code Script loading has always been important to me and as long as I can remember I've always built some custom script loading routines into my Web frameworks. WebForms makes this fairly easy because it has a reasonably useful script manager (ClientScriptManager and the ScriptManager) which allow injecting script into the page easily from anywhere in the Page cycle. What's nice about these components is that they allow scripts to be injected by controls so components can wrap up complex script/resource dependencies more easily without having to require long lists of CSS/Scripts/Image includes. In MVC or pure script driven applications like Razor WebPages the process is more raw, requiring you to embed script references in the right place. But its also more immediate - it lets you know exactly which versions of scripts to use because you have to manually embed them. In WebForms with different controls loading resources this often can get confusing because it's quite possible to load multiple versions of the same script library into a page, the results of which are less than optimal… In this post I look a simple routine that embeds jQuery into the page based on a few application wide configuration settings. It returns only a string of the script tags that can be manually embedded into a Page template. It's a small function that merely a string of the script tags shown at the begging of this post along with some options on how that string is comprised. You'll be able to specify in one place which version loads and then all places where the help function is used will automatically reflect this selection. Options allow specification of the jQuery CDN Url, the fallback Url and where jQuery should be loaded from (script folder, Resource or CDN in my case). While this is specific to jQuery you can apply this to other resources as well. For example I use a similar approach with jQuery.ui as well using practically the same semantics. Providing Resources in ControlResources In my Westwind.Web Web utility library I have a class called ControlResources which is responsible for holding resource Urls, resource IDs and string contants that reference those resource IDs. The library also provides a few helper methods for loading common scriptscripts into a Web page. There are specific versions for WebForms which use the ClientScriptManager/ScriptManager and script link methods that can be used in any .NET technology that can embed an expression into the output template (or code for that matter). The ControlResources class contains mostly static content - references to resources mostly. But it also contains a few static properties that configure script loading: A Script LoadMode (CDN, Resource, or script url) A default CDN Url A fallback url They are static properties in the ControlResources class: public class ControlResources { /// <summary> /// Determines what location jQuery is loaded from /// </summary> public static JQueryLoadModes jQueryLoadMode = JQueryLoadModes.ContentDeliveryNetwork; /// <summary> /// jQuery CDN Url on Google /// </summary> public static string jQueryCdnUrl = "//ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js"; /// <summary> /// jQuery CDN Url on Google /// </summary> public static string jQueryUiCdnUrl = "//ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.min.js"; /// <summary> /// jQuery UI fallback Url if CDN is unavailable or WebResource is used /// Note: The file needs to exist and hold the minimized version of jQuery ui /// </summary> public static string jQueryUiLocalFallbackUrl = "~/scripts/jquery-ui.min.js"; } These static properties are fixed values that can be changed at application startup to reflect your preferences. Since they're static they are application wide settings and respected across the entire Web application running. It's best to set these default in Application_Init or similar startup code if you need to change them for your application: protected void Application_Start(object sender, EventArgs e) { // Force jQuery to be loaded off Google Content Network ControlResources.jQueryLoadMode = JQueryLoadModes.ContentDeliveryNetwork; // Allow overriding of the Cdn url ControlResources.jQueryCdnUrl = "http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"; // Route to our own internal handler App.OnApplicationStart(); } With these basic settings in place you can then embed expressions into a page easily. In WebForms use: <!DOCTYPE html> <html> <head runat="server"> <%= ControlResources.jQueryLink() %> <script src="scripts/ww.jquery.min.js"></script> </head> In Razor use: <!DOCTYPE html> <html> <head> @Html.Raw(ControlResources.jQueryLink()) <script src="scripts/ww.jquery.min.js"></script> </head> Note that in Razor you need to use @Html.Raw() to force the string NOT to escape. Razor by default escapes string results and this ensures that the HTML content is properly expanded as raw HTML text. Both the WebForms and Razor output produce: <!DOCTYPE html> <html> <head> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script> <script type="text/javascript"> if (typeof (jQuery) == 'undefined') document.write(unescape("%3Cscript src='/WestWindWebToolkitWeb/WebResource.axd?d=-b6oWzgbpGb8uTaHDrCMv59VSmGhilZP5_T_B8anpGx7X-PmW_1eu1KoHDvox-XHqA1EEb-Tl2YAP3bBeebGN65tv-7-yAimtG4ZnoWH633pExpJor8Qp1aKbk-KQWSoNfRC7rQJHXVP4tC0reYzVw2&t=634535391996872492' type='text/javascript'%3E%3C/script%3E"));</script> <script src="scripts/ww.jquery.min.js"></script> </head> which produces the desired effect for both CDN load and fallback URL. The implementation of jQueryLink is pretty basic of course: /// <summary> /// Inserts a script link to load jQuery into the page based on the jQueryLoadModes settings /// of this class. Default load is by CDN plus WebResource fallback /// </summary> /// <param name="url"> /// An optional explicit URL to load jQuery from. Url is resolved. /// When specified no fallback is applied /// </param> /// <returns>full script tag and fallback script for jQuery to load</returns> public static string jQueryLink(JQueryLoadModes jQueryLoadMode = JQueryLoadModes.Default, string url = null) { string jQueryUrl = string.Empty; string fallbackScript = string.Empty; if (jQueryLoadMode == JQueryLoadModes.Default) jQueryLoadMode = ControlResources.jQueryLoadMode; if (!string.IsNullOrEmpty(url)) jQueryUrl = WebUtils.ResolveUrl(url); else if (jQueryLoadMode == JQueryLoadModes.WebResource) { Page page = new Page(); jQueryUrl = page.ClientScript.GetWebResourceUrl(typeof(ControlResources), ControlResources.JQUERY_SCRIPT_RESOURCE); } else if (jQueryLoadMode == JQueryLoadModes.ContentDeliveryNetwork) { jQueryUrl = ControlResources.jQueryCdnUrl; if (!string.IsNullOrEmpty(jQueryCdnUrl)) { // check if jquery loaded - if it didn't we're not online and use WebResource fallbackScript = @"<script type=""text/javascript"">if (typeof(jQuery) == 'undefined') document.write(unescape(""%3Cscript src='{0}' type='text/javascript'%3E%3C/script%3E""));</script>"; fallbackScript = string.Format(fallbackScript, WebUtils.ResolveUrl(ControlResources.jQueryCdnFallbackUrl)); } } string output = "<script src=\"" + jQueryUrl + "\" type=\"text/javascript\"></script>"; // add in the CDN fallback script code if (!string.IsNullOrEmpty(fallbackScript)) output += "\r\n" + fallbackScript + "\r\n"; return output; } There's one dependency here on WebUtils.ResolveUrl() which resolves Urls without access to a Page/Control (another one of those features that should be in the runtime, not in the WebForms or MVC engine). You can see there's only a little bit of logic in this code that deals with potentially different load modes. I can load scripts from a Url, WebResources or - my preferred way - from CDN. Based on the static settings the scripts to embed are composed to be returned as simple string <script> tag(s). I find this extremely useful especially when I'm not connected to the internet so that I can quickly swap in a local jQuery resource instead of loading from CDN. While CDN loading with the fallback works it can be a bit slow as the CDN is probed first before the fallback kicks in. Switching quickly in one place makes this trivial. It also makes it very easy once a new version of jQuery rolls around to move up to the new version and ensure that all pages are using the new version immediately. I'm not trying to make this out as 'the' definite way to load your resources, but rather provide it here as a pointer so you can maybe apply your own logic to determine where scripts come from and how they load. You could even automate this some more by using configuration settings or reading the locations/preferences out of some sort of data/metadata store that can be dynamically updated instead via recompilation. FWIW, I use a very similar approach for loading jQuery UI and my own ww.jquery library - the same concept can be applied to any kind of script you might be loading from different locations. Hopefully some of you find this a useful addition to your toolset. Resources Google CDN for jQuery Full ControlResources Source Code ControlResource Documentation Westwind.Web NuGet This method is part of the Westwind.Web library of the West Wind Web Toolkit or you can grab the Web library from NuGet and add to your Visual Studio project. This package includes a host of Web related utilities and script support features. © Rick Strahl, West Wind Technologies, 2005-2011Posted in ASP.NET jQuery Tweet (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

Read the article

.NET HTML Sanitation for rich HTML Input

- by Rick Strahl

Recently I was working on updating a legacy application to MVC 4 that included free form text input. When I set up the new site my initial approach was to not allow any rich HTML input, only simple text formatting that would respect a few simple HTML commands for bold, lists etc. and automatically handles line break processing for new lines and paragraphs. This is typical for what I do with most multi-line text input in my apps and it works very well with very little development effort involved. Then the client sprung another note: Oh by the way we have a bunch of customers (real estate agents) who need to post complete HTML documents. Oh uh! There goes the simple theory. After some discussion and pleading on my part (<snicker>) to try and avoid this type of raw HTML input because of potential XSS issues, the client decided to go ahead and allow raw HTML input anyway. There has been lots of discussions on this subject on StackOverFlow (and here and here) but to after reading through some of the solutions I didn't really find anything that would work even closely for what I needed. Specifically we need to be able to allow just about any HTML markup, with the exception of script code. Remote CSS and Images need to be loaded, links need to work and so. While the 'legit' HTML posted by these agents is basic in nature it does span most of the full gamut of HTML (4). Most of the solutions XSS prevention/sanitizer solutions I found were way to aggressive and rendered the posted output unusable mostly because they tend to strip any externally loaded content. In short I needed a custom solution. I thought the best solution to this would be to use an HTML parser - in this case the Html Agility Pack - and then to run through all the HTML markup provided and remove any of the blacklisted tags and a number of attributes that are prone to JavaScript injection. There's much discussion on whether to use blacklists vs. whitelists in the discussions mentioned above, but I found that whitelists can make sense in simple scenarios where you might allow manual HTML input, but when you need to allow a larger array of HTML functionality a blacklist is probably easier to manage as the vast majority of elements and attributes could be allowed. Also white listing gets a bit more complex with HTML5 and the new proliferation of new HTML tags and most new tags generally don't affect XSS issues directly. Pure whitelisting based on elements and attributes also doesn't capture many edge cases (see some of the XSS cheat sheets listed below) so even with a white list, custom logic is still required to handle many of those edge cases. The Microsoft Web Protection Library (AntiXSS) My first thought was to check out the Microsoft AntiXSS library. Microsoft has an HTML Encoding and Sanitation library in the Microsoft Web Protection Library (formerly AntiXSS Library) on CodePlex, which provides stricter functions for whitelist encoding and sanitation. Initially I thought the Sanitation class and its static members would do the trick for me,but I found that this library is way too restrictive for my needs. Specifically the Sanitation class strips out images and links which rendered the full HTML from our real estate clients completely useless. I didn't spend much time with it, but apparently I'm not alone if feeling this library is not really useful without some way to configure operation. To give you an example of what didn't work for me with the library here's a small and simple HTML fragment that includes script, img and anchor tags. I would expect the script to be stripped and everything else to be left intact. Here's the original HTML:var value = "<b>Here</b> <script>alert('hello')</script> we go. Visit the " + "<a href='http://west-wind.com'>West Wind</a> site. " + "<img src='http://west-wind.com/images/new.gif' /> " ; and the code to sanitize it with the AntiXSS Sanitize class:@Html.Raw(Microsoft.Security.Application.Sanitizer.GetSafeHtmlFragment(value)) This produced a not so useful sanitized string: Here we go. Visit the <a>West Wind</a> site. While it removed the <script> tag (good) it also removed the href from the link and the image tag altogether (bad). In some situations this might be useful, but for most tasks I doubt this is the desired behavior. While links can contain javascript: references and images can 'broadcast' information to a server, without configuration to tell the library what to restrict this becomes useless to me. I couldn't find any way to customize the white list, nor is there code available in this 'open source' library on CodePlex. Using Html Agility Pack for HTML Parsing The WPL library wasn't going to cut it. After doing a bit of research I decided the best approach for a custom solution would be to use an HTML parser and inspect the HTML fragment/document I'm trying to import. I've used the HTML Agility Pack before for a number of apps where I needed an HTML parser without requiring an instance of a full browser like the Internet Explorer Application object which is inadequate in Web apps. In case you haven't checked out the Html Agility Pack before, it's a powerful HTML parser library that you can use from your .NET code. It provides a simple, parsable HTML DOM model to full HTML documents or HTML fragments that let you walk through each of the elements in your document. If you've used the HTML or XML DOM in a browser before you'll feel right at home with the Agility Pack. Blacklist based HTML Parsing to strip XSS Code For my purposes of HTML sanitation, the process involved is to walk the HTML document one element at a time and then check each element and attribute against a blacklist. There's quite a bit of argument of what's better: A whitelist of allowed items or a blacklist of denied items. While whitelists tend to be more secure, they also require a lot more configuration. In the case of HTML5 a whitelist could be very extensive. For what I need, I only want to ensure that no JavaScript is executed, so a blacklist includes the obvious <script> tag plus any tag that allows loading of external content including <iframe>, <object>, <embed> and <link> etc. <form> is also excluded to avoid posting content to a different location. I also disallow <head> and <meta> tags in particular for my case, since I'm only allowing posting of HTML fragments. There is also some internal logic to exclude some attributes or attributes that include references to JavaScript or CSS expressions. The default tag blacklist reflects my use case, but is customizable and can be added to. Here's my HtmlSanitizer implementation:using System.Collections.Generic; using System.IO; using System.Xml; using HtmlAgilityPack; namespace Westwind.Web.Utilities { public class HtmlSanitizer { public HashSet<string> BlackList = new HashSet<string>() { { "script" }, { "iframe" }, { "form" }, { "object" }, { "embed" }, { "link" }, { "head" }, { "meta" } }; /// <summary> /// Cleans up an HTML string and removes HTML tags in blacklist /// </summary> /// <param name="html"></param> /// <returns></returns> public static string SanitizeHtml(string html, params string[] blackList) { var sanitizer = new HtmlSanitizer(); if (blackList != null && blackList.Length > 0) { sanitizer.BlackList.Clear(); foreach (string item in blackList) sanitizer.BlackList.Add(item); } return sanitizer.Sanitize(html); } /// <summary> /// Cleans up an HTML string by removing elements /// on the blacklist and all elements that start /// with onXXX . /// </summary> /// <param name="html"></param> /// <returns></returns> public string Sanitize(string html) { var doc = new HtmlDocument(); doc.LoadHtml(html); SanitizeHtmlNode(doc.DocumentNode); //return doc.DocumentNode.WriteTo(); string output = null; // Use an XmlTextWriter to create self-closing tags using (StringWriter sw = new StringWriter()) { XmlWriter writer = new XmlTextWriter(sw); doc.DocumentNode.WriteTo(writer); output = sw.ToString(); // strip off XML doc header if (!string.IsNullOrEmpty(output)) { int at = output.IndexOf("?>"); output = output.Substring(at + 2); } writer.Close(); } doc = null; return output; } private void SanitizeHtmlNode(HtmlNode node) { if (node.NodeType == HtmlNodeType.Element) { // check for blacklist items and remove if (BlackList.Contains(node.Name)) { node.Remove(); return; } // remove CSS Expressions and embedded script links if (node.Name == "style") { if (string.IsNullOrEmpty(node.InnerText)) { if (node.InnerHtml.Contains("expression") || node.InnerHtml.Contains("javascript:")) node.ParentNode.RemoveChild(node); } } // remove script attributes if (node.HasAttributes) { for (int i = node.Attributes.Count - 1; i >= 0; i--) { HtmlAttribute currentAttribute = node.Attributes[i]; var attr = currentAttribute.Name.ToLower(); var val = currentAttribute.Value.ToLower(); span style="background: white; color: green">// remove event handlers if (attr.StartsWith("on")) node.Attributes.Remove(currentAttribute); // remove script links else if ( //(attr == "href" || attr== "src" || attr == "dynsrc" || attr == "lowsrc") && val != null && val.Contains("javascript:")) node.Attributes.Remove(currentAttribute); // Remove CSS Expressions else if (attr == "style" && val != null && val.Contains("expression") || val.Contains("javascript:") || val.Contains("vbscript:")) node.Attributes.Remove(currentAttribute); } } } // Look through child nodes recursively if (node.HasChildNodes) { for (int i = node.ChildNodes.Count - 1; i >= 0; i--) { SanitizeHtmlNode(node.ChildNodes[i]); } } } } } Please note: Use this as a starting point only for your own parsing and review the code for your specific use case! If your needs are less lenient than mine were you can you can make this much stricter by not allowing src and href attributes or CSS links if your HTML doesn't allow it. You can also check links for external URLs and disallow those - lots of options. The code is simple enough to make it easy to extend to fit your use cases more specifically. It's also quite easy to make this code work using a WhiteList approach if you want to go that route. The code above is semi-generic for allowing full featured HTML fragments that only disallow script related content. The Sanitize method walks through each node of the document and then recursively drills into all of its children until the entire document has been traversed. Note that the code here uses an XmlTextWriter to write output - this is done to preserve XHTML style self-closing tags which are otherwise left as non-self-closing tags. The sanitizer code scans for blacklist elements and removes those elements not allowed. Note that the blacklist is configurable either in the instance class as a property or in the static method via the string parameter list. Additionally the code goes through each element's attributes and looks for a host of rules gleaned from some of the XSS cheat sheets listed at the end of the post. Clearly there are a lot more XSS vulnerabilities, but a lot of them apply to ancient browsers (IE6 and versions of Netscape) - many of these glaring holes (like CSS expressions - WTF IE?) have been removed in modern browsers. What a Pain To be honest this is NOT a piece of code that I wanted to write. I think building anything related to XSS is better left to people who have far more knowledge of the topic than I do. Unfortunately, I was unable to find a tool that worked even closely for me, or even provided a working base. For the project I was working on I had no choice and I'm sharing the code here merely as a base line to start with and potentially expand on for specific needs. It's sad that Microsoft Web Protection Library is currently such a train wreck - this is really something that should come from Microsoft as the systems vendor or possibly a third party that provides security tools. Luckily for my application we are dealing with a authenticated and validated users so the user base is fairly well known, and relatively small - this is not a wide open Internet application that's directly public facing. As I mentioned earlier in the post, if I had my way I would simply not allow this type of raw HTML input in the first place, and instead rely on a more controlled HTML input mechanism like MarkDown or even a good HTML Edit control that can provide some limits on what types of input are allowed. Alas in this case I was overridden and we had to go forward and allow *any* raw HTML posted. Sometimes I really feel sad that it's come this far - how many good applications and tools have been thwarted by fear of XSS (or worse) attacks? So many things that could be done *if* we had a more secure browser experience and didn't have to deal with every little script twerp trying to hack into Web pages and obscure browser bugs. So much time wasted building secure apps, so much time wasted by others trying to hack apps… We're a funny species - no other species manages to waste as much time, effort and resources as we humans do :-) Resources Code on GitHub Html Agility Pack XSS Cheat Sheet XSS Prevention Cheat Sheet Microsoft Web Protection Library (AntiXss) StackOverflow Links: http://stackoverflow.com/questions/341872/html-sanitizer-for-net http://blog.stackoverflow.com/2008/06/safe-html-and-xss/ http://code.google.com/p/subsonicforums/source/browse/trunk/SubSonic.Forums.Data/HtmlScrubber.cs?r=61© Rick Strahl, West Wind Technologies, 2005-2012Posted in Security HTML ASP.NET JavaScript Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

Read the article

What’s new in ASP.NET 4.0: Core Features

- by Rick Strahl

Microsoft released the .NET Runtime 4.0 and with it comes a brand spanking new version of ASP.NET – version 4.0 – which provides an incremental set of improvements to an already powerful platform. .NET 4.0 is a full release of the .NET Framework, unlike version 3.5, which was merely a set of library updates on top of the .NET Framework version 2.0. Because of this full framework revision, there has been a welcome bit of consolidation of assemblies and configuration settings. The full runtime version change to 4.0 also means that you have to explicitly pick version 4.0 of the runtime when you create a new Application Pool in IIS, unlike .NET 3.5, which actually requires version 2.0 of the runtime. In this first of two parts I'll take a look at some of the changes in the core ASP.NET runtime. In the next edition I'll go over improvements in Web Forms and Visual Studio. Core Engine Features Most of the high profile improvements in ASP.NET have to do with Web Forms, but there are a few gems in the core runtime that should make life easier for ASP.NET developers. The following list describes some of the things I've found useful among the new features. Clean web.config Files Are Back! If you've been using ASP.NET 3.5, you probably have noticed that the web.config file has turned into quite a mess of configuration settings between all the custom handler and module mappings for the various web server versions. Part of the reason for this mess is that .NET 3.5 is a collection of add-on components running on top of the .NET Runtime 2.0 and so almost all of the new features of .NET 3.5 where essentially introduced as custom modules and handlers that had to be explicitly configured in the config file. Because the core runtime didn't rev with 3.5, all those configuration options couldn't be moved up to other configuration files in the system chain. With version 4.0 a consolidation was possible, and the result is a much simpler web.config file by default. A default empty ASP.NET 4.0 Web Forms project looks like this: <?xml version="1.0"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> </configuration> Need I say more? Configuration Transformation Files to Manage Configurations and Application Packaging ASP.NET 4.0 introduces the ability to create multi-target configuration files. This means it's possible to create a single configuration file that can be transformed based on relatively simple replacement rules using a Visual Studio and WebDeploy provided XSLT syntax. The idea is that you can create a 'master' configuration file and then create customized versions of this master configuration file by applying some relatively simplistic search and replace, add or remove logic to specific elements and attributes in the original file. To give you an idea, here's the example code that Visual Studio creates for a default web.Release.config file, which replaces a connection string, removes the debug attribute and replaces the CustomErrors section: <?xml version="1.0"?> <configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform"> <connectionStrings> <add name="MyDB" connectionString="Data Source=ReleaseSQLServer;Initial Catalog=MyReleaseDB;Integrated Security=True" xdt:Transform="SetAttributes" xdt:Locator="Match(name)"/> </connectionStrings> <system.web> <compilation xdt:Transform="RemoveAttributes(debug)" /> <customErrors defaultRedirect="GenericError.htm" mode="RemoteOnly" xdt:Transform="Replace"> <error statusCode="500" redirect="InternalError.htm"/> </customErrors> </system.web> </configuration> You can see the XSL transform syntax that drives this functionality. Basically, only the elements listed in the override file are matched and updated – all the rest of the original web.config file stays intact. Visual Studio 2010 supports this functionality directly in the project system so it's easy to create and maintain these customized configurations in the project tree. Once you're ready to publish your application, you can then use the Publish <yourWebApplication> option on the Build menu which allows publishing to disk, via FTP or to a Web Server using Web Deploy. You can also create a deployment package as a .zip file which can be used by the WebDeploy tool to configure and install the application. You can manually run the Web Deploy tool or use the IIS Manager to install the package on the server or other machine. You can find out more about WebDeploy and Packaging here: http://tinyurl.com/2anxcje. Improved Routing Routing provides a relatively simple way to create clean URLs with ASP.NET by associating a template URL path and routing it to a specific ASP.NET HttpHandler. Microsoft first introduced routing with ASP.NET MVC and then they integrated routing with a basic implementation in the core ASP.NET engine via a separate ASP.NET routing assembly. In ASP.NET 4.0, the process of using routing functionality gets a bit easier. First, routing is now rolled directly into System.Web, so no extra assembly reference is required in your projects to use routing. The RouteCollection class now includes a MapPageRoute() method that makes it easy to route to any ASP.NET Page requests without first having to implement an IRouteHandler implementation. It would have been nice if this could have been extended to serve *any* handler implementation, but unfortunately for anything but a Page derived handlers you still will have to implement a custom IRouteHandler implementation. ASP.NET Pages now include a RouteData collection that will contain route information. Retrieving route data is now a lot easier by simply using this.RouteData.Values["routeKey"] where the routeKey is the value specified in the route template (i.e., "users/{userId}" would use Values["userId"]). The Page class also has a GetRouteUrl() method that you can use to create URLs with route data values rather than hardcoding the URL: <%= this.GetRouteUrl("users",new { userId="ricks" }) %> You can also use the new Expression syntax using <%$RouteUrl %> to accomplish something similar, which can be easier to embed into Page or MVC View code: <a runat="server" href='<%$RouteUrl:RouteName=user, id=ricks %>'>Visit User</a> Finally, the Response object also includes a new RedirectToRoute() method to build a route url for redirection without hardcoding the URL. Response.RedirectToRoute("users", new { userId = "ricks" }); All of these routines are helpers that have been integrated into the core ASP.NET engine to make it easier to create routes and retrieve route data, which hopefully will result in more people taking advantage of routing in ASP.NET. To find out more about the routing improvements you can check out Dan Maharry's blog which has a couple of nice blog entries on this subject: http://tinyurl.com/37trutj and http://tinyurl.com/39tt5w5. Session State Improvements Session state is an often used and abused feature in ASP.NET and version 4.0 introduces a few enhancements geared towards making session state more efficient and to minimize at least some of the ill effects of overuse. The first improvement affects out of process session state, which is typically used in web farm environments or for sites that store application sensitive data that must survive AppDomain restarts (which in my opinion is just about any application). When using OutOfProc session state, ASP.NET serializes all the data in the session statebag into a blob that gets carried over the network and stored either in the State server or SQL Server via the Session provider. Version 4.0 provides some improvement in this serialization of the session data by offering an enableCompression option on the web.Config <Session> section, which forces the serialized session state to be compressed. Depending on the type of data that is being serialized, this compression can reduce the size of the data travelling over the wire by as much as a third. It works best on string data, but can also reduce the size of binary data. In addition, ASP.NET 4.0 now offers a way to programmatically turn session state on or off as part of the request processing queue. In prior versions, the only way to specify whether session state is available is by implementing a marker interface on the HTTP handler implementation. In ASP.NET 4.0, you can now turn session state on and off programmatically via HttpContext.Current.SetSessionStateBehavior() as part of the ASP.NET module pipeline processing as long as it occurs before the AquireRequestState pipeline event. Output Cache Provider Output caching in ASP.NET has been a very useful but potentially memory intensive feature. The default OutputCache mechanism works through in-memory storage that persists generated output based on various lifetime related parameters. While this works well enough for many intended scenarios, it also can quickly cause runaway memory consumption as the cache fills up and serves many variations of pages on your site. ASP.NET 4.0 introduces a provider model for the OutputCache module so it becomes possible to plug-in custom storage strategies for cached pages. One of the goals also appears to be to consolidate some of the different cache storage mechanisms used in .NET in general to a generic Windows AppFabric framework in the future, so various different mechanisms like OutputCache, the non-Page specific ASP.NET cache and possibly even session state eventually can use the same caching engine for storage of persisted data both in memory and out of process scenarios. For developers, the OutputCache provider feature means that you can now extend caching on your own by implementing a custom Cache provider based on the System.Web.Caching.OutputCacheProvider class. You can find more info on creating an Output Cache provider in Gunnar Peipman's blog at: http://tinyurl.com/2vt6g7l. Response.RedirectPermanent ASP.NET 4.0 includes features to issue a permanent redirect that issues as an HTTP 301 Moved Permanently response rather than the standard 302 Redirect respond. In pre-4.0 versions you had to manually create your permanent redirect by setting the Status and Status code properties – Response.RedirectPermanent() makes this operation more obvious and discoverable. There's also a Response.RedirectToRoutePermanent() which provides permanent redirection of route Urls. Preloading of Applications ASP.NET 4.0 provides a new feature to preload ASP.NET applications on startup, which is meant to provide a more consistent startup experience. If your application has a lengthy startup cycle it can appear very slow to serve data to clients while the application is warming up and loading initial resources. So rather than serve these startup requests slowly in ASP.NET 4.0, you can force the application to initialize itself first before even accepting requests for processing. This feature works only on IIS 7.5 (Windows 7 and Windows Server 2008 R2) and works in combination with IIS. You can set up a worker process in IIS 7.5 to always be running, which starts the Application Pool worker process immediately. ASP.NET 4.0 then allows you to specify site-specific settings by setting the serverAutoStartEnabled on a particular site along with an optional serviceAutoStartProvider class that can be used to receive "startup events" when the application starts up. This event in turn can be used to configure the application and optionally pre-load cache data and other information required by the app on startup. The configuration settings need to be made in applicationhost.config: <sites> <site name="WebApplication2" id="1"> <application path="/" serviceAutoStartEnabled="true" serviceAutoStartProvider="PreWarmup" /> </site> </sites> <serviceAutoStartProviders> <add name="PreWarmup" type="PreWarmupProvider,MyAssembly" /> </serviceAutoStartProviders> Hooking up a warm up provider is optional so you can omit the provider definition and reference. If you do define it here's what it looks like: public class PreWarmupProvider System.Web.Hosting.IProcessHostPreloadClient { public void Preload(string[] parameters) { // initialization for app } } This code fires and while it's running, ASP.NET/IIS will hold requests from hitting the pipeline. So until this code completes the application will not start taking requests. The idea is that you can perform any pre-loading of resources and cache values so that the first request will be ready to perform at optimal performance level without lag. Runtime Performance Improvements According to Microsoft, there have also been a number of invisible performance improvements in the internals of the ASP.NET runtime that should make ASP.NET 4.0 applications run more efficiently and use less resources. These features come without any change requirements in applications and are virtually transparent, except that you get the benefits by updating to ASP.NET 4.0. Summary The core feature set changes are minimal which continues a tradition of small incremental changes to the ASP.NET runtime. ASP.NET has been proven as a solid platform and I'm actually rather happy to see that most of the effort in this release went into stability, performance and usability improvements rather than a massive amount of new features. The new functionality added in 4.0 is minimal but very useful. A lot of people are still running pure .NET 2.0 applications these days and have stayed off of .NET 3.5 for some time now. I think that version 4.0 with its full .NET runtime rev and assembly and configuration consolidation will make an attractive platform for developers to update to. If you're a Web Forms developer in particular, ASP.NET 4.0 includes a host of new features in the Web Forms engine that are significant enough to warrant a quick move to .NET 4.0. I'll cover those changes in my next column. Until then, I suggest you give ASP.NET 4.0 a spin and see for yourself how the new features can help you out. © Rick Strahl, West Wind Technologies, 2005-2010Posted in ASP.NET

Read the article

Writing Unit Tests for ASP.NET Web API Controller

- by shiju

In this blog post, I will write unit tests for a ASP.NET Web API controller in the EFMVC reference application. Let me introduce the EFMVC app, If you haven't heard about EFMVC. EFMVC is a simple app, developed as a reference implementation for demonstrating ASP.NET MVC, EF Code First, ASP.NET Web API, Domain-Driven Design (DDD), Test-Driven Development (DDD). The current version is built with ASP.NET MVC 4, EF Code First 5, ASP.NET Web API, Autofac, AutoMapper, Nunit and Moq. All unit tests were written with Nunit and Moq. You can download the latest version of the reference app from http://efmvc.codeplex.com/ Unit Test for HTTP Get Let’s write a unit test class for verifying the behaviour of a ASP.NET Web API controller named CategoryController. Let’s define mock implementation for Repository class, and a Command Bus that is used for executing write operations. [TestFixture] public class CategoryApiControllerTest { private Mock<ICategoryRepository> categoryRepository; private Mock<ICommandBus> commandBus; [SetUp] public void SetUp() { categoryRepository = new Mock<ICategoryRepository>(); commandBus = new Mock<ICommandBus>(); } The code block below provides the unit test for a HTTP Get operation. [Test] public void Get_All_Returns_AllCategory() { // Arrange IEnumerable<CategoryWithExpense> fakeCategories = GetCategories(); categoryRepository.Setup(x => x.GetCategoryWithExpenses()).Returns(fakeCategories); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var categories = controller.Get(); // Assert Assert.IsNotNull(categories, "Result is null"); Assert.IsInstanceOf(typeof(IEnumerable<CategoryWithExpense>),categories, "Wrong Model"); Assert.AreEqual(3, categories.Count(), "Got wrong number of Categories"); } The GetCategories method is provided below: private static IEnumerable<CategoryWithExpense> GetCategories() { IEnumerable<CategoryWithExpense> fakeCategories = new List<CategoryWithExpense> { new CategoryWithExpense {CategoryId=1, CategoryName = "Test1", Description="Test1Desc", TotalExpenses=1000}, new CategoryWithExpense {CategoryId=2, CategoryName = "Test2", Description="Test2Desc",TotalExpenses=2000}, new CategoryWithExpense { CategoryId=3, CategoryName = "Test3", Description="Test3Desc",TotalExpenses=3000} }.AsEnumerable(); return fakeCategories; } In the unit test method Get_All_Returns_AllCategory, we specify setup on the mocked type ICategoryrepository, for a call to GetCategoryWithExpenses method returns dummy data. We create an instance of the ApiController, where we have specified the Request property of the ApiController since the Request property is used to create a new HttpResponseMessage that will provide the appropriate HTTP status code along with response content data. Unit Tests are using for specifying the behaviour of components so that we have specified that Get operation will use the model type IEnumerable<CategoryWithExpense> for sending the Content data. The implementation of HTTP Get in the CategoryController is provided below: public IQueryable<CategoryWithExpense> Get() { var categories = categoryRepository.GetCategoryWithExpenses().AsQueryable(); return categories; } Unit Test for HTTP Post The following are the behaviours we are going to implement for the HTTP Post: A successful HTTP Post operation should return HTTP status code Created An empty Category should return HTTP status code BadRequest A successful HTTP Post operation should provide correct Location header information in the response for the newly created resource. Writing unit test for HTTP Post is required more information than we write for HTTP Get. In the HTTP Post implementation, we will call to Url.Link for specifying the header Location of Response as shown in below code block. var response = Request.CreateResponse(HttpStatusCode.Created, category); string uri = Url.Link("DefaultApi", new { id = category.CategoryId }); response.Headers.Location = new Uri(uri); return response; While we are executing Url.Link from unit tests, we have to specify HttpRouteData information from the unit test method. Otherwise, Url.Link will get a null value. The code block below shows the unit tests for specifying the behaviours for the HTTP Post operation. [Test] public void Post_Category_Returns_CreatedStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); var httpConfiguration = new HttpConfiguration(); WebApiConfig.Register(httpConfiguration); var httpRouteData = new HttpRouteData(httpConfiguration.Routes["DefaultApi"], new HttpRouteValueDictionary { { "controller", "category" } }); var controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/api/category/") { Properties = { { HttpPropertyKeys.HttpConfigurationKey, httpConfiguration }, { HttpPropertyKeys.HttpRouteDataKey, httpRouteData } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 1; category.CategoryName = "Mock Category"; var response = controller.Post(category); // Assert Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); var newCategory = JsonConvert.DeserializeObject<CategoryModel>(response.Content.ReadAsStringAsync().Result); Assert.AreEqual(string.Format("http://localhost/api/category/{0}", newCategory.CategoryId), response.Headers.Location.ToString()); } [Test] public void Post_EmptyCategory_Returns_BadRequestStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); var httpConfiguration = new HttpConfiguration(); WebApiConfig.Register(httpConfiguration); var httpRouteData = new HttpRouteData(httpConfiguration.Routes["DefaultApi"], new HttpRouteValueDictionary { { "controller", "category" } }); var controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/api/category/") { Properties = { { HttpPropertyKeys.HttpConfigurationKey, httpConfiguration }, { HttpPropertyKeys.HttpRouteDataKey, httpRouteData } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 0; category.CategoryName = ""; // The ASP.NET pipeline doesn't run, so validation don't run. controller.ModelState.AddModelError("", "mock error message"); var response = controller.Post(category); // Assert Assert.AreEqual(HttpStatusCode.BadRequest, response.StatusCode); } In the above code block, we have written two unit methods, Post_Category_Returns_CreatedStatusCode and Post_EmptyCategory_Returns_BadRequestStatusCode. The unit test method Post_Category_Returns_CreatedStatusCode verifies the behaviour 1 and 3, that we have defined in the beginning of the section “Unit Test for HTTP Post”. The unit test method Post_EmptyCategory_Returns_BadRequestStatusCode verifies the behaviour 2. For extracting the data from response, we call Content.ReadAsStringAsync().Result of HttpResponseMessage object and deserializeit it with Json Convertor. The implementation of HTTP Post in the CategoryController is provided below: // POST /api/category public HttpResponseMessage Post(CategoryModel category) { if (ModelState.IsValid) { var command = new CreateOrUpdateCategoryCommand(category.CategoryId, category.CategoryName, category.Description); var result = commandBus.Submit(command); if (result.Success) { var response = Request.CreateResponse(HttpStatusCode.Created, category); string uri = Url.Link("DefaultApi", new { id = category.CategoryId }); response.Headers.Location = new Uri(uri); return response; } } else { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } throw new HttpResponseException(HttpStatusCode.BadRequest); } The unit test implementation for HTTP Put and HTTP Delete are very similar to the unit test we have written for HTTP Get. The complete unit tests for the CategoryController is given below: [TestFixture] public class CategoryApiControllerTest { private Mock<ICategoryRepository> categoryRepository; private Mock<ICommandBus> commandBus; [SetUp] public void SetUp() { categoryRepository = new Mock<ICategoryRepository>(); commandBus = new Mock<ICommandBus>(); } [Test] public void Get_All_Returns_AllCategory() { // Arrange IEnumerable<CategoryWithExpense> fakeCategories = GetCategories(); categoryRepository.Setup(x => x.GetCategoryWithExpenses()).Returns(fakeCategories); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var categories = controller.Get(); // Assert Assert.IsNotNull(categories, "Result is null"); Assert.IsInstanceOf(typeof(IEnumerable<CategoryWithExpense>),categories, "Wrong Model"); Assert.AreEqual(3, categories.Count(), "Got wrong number of Categories"); } [Test] public void Get_CorrectCategoryId_Returns_Category() { // Arrange IEnumerable<CategoryWithExpense> fakeCategories = GetCategories(); categoryRepository.Setup(x => x.GetCategoryWithExpenses()).Returns(fakeCategories); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var response = controller.Get(1); // Assert Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); var category = JsonConvert.DeserializeObject<CategoryWithExpense>(response.Content.ReadAsStringAsync().Result); Assert.AreEqual(1, category.CategoryId, "Got wrong number of Categories"); } [Test] public void Get_InValidCategoryId_Returns_NotFound() { // Arrange IEnumerable<CategoryWithExpense> fakeCategories = GetCategories(); categoryRepository.Setup(x => x.GetCategoryWithExpenses()).Returns(fakeCategories); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var response = controller.Get(5); // Assert Assert.AreEqual(HttpStatusCode.NotFound, response.StatusCode); } [Test] public void Post_Category_Returns_CreatedStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); var httpConfiguration = new HttpConfiguration(); WebApiConfig.Register(httpConfiguration); var httpRouteData = new HttpRouteData(httpConfiguration.Routes["DefaultApi"], new HttpRouteValueDictionary { { "controller", "category" } }); var controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/api/category/") { Properties = { { HttpPropertyKeys.HttpConfigurationKey, httpConfiguration }, { HttpPropertyKeys.HttpRouteDataKey, httpRouteData } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 1; category.CategoryName = "Mock Category"; var response = controller.Post(category); // Assert Assert.AreEqual(HttpStatusCode.Created, response.StatusCode); var newCategory = JsonConvert.DeserializeObject<CategoryModel>(response.Content.ReadAsStringAsync().Result); Assert.AreEqual(string.Format("http://localhost/api/category/{0}", newCategory.CategoryId), response.Headers.Location.ToString()); } [Test] public void Post_EmptyCategory_Returns_BadRequestStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); var httpConfiguration = new HttpConfiguration(); WebApiConfig.Register(httpConfiguration); var httpRouteData = new HttpRouteData(httpConfiguration.Routes["DefaultApi"], new HttpRouteValueDictionary { { "controller", "category" } }); var controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage(HttpMethod.Post, "http://localhost/api/category/") { Properties = { { HttpPropertyKeys.HttpConfigurationKey, httpConfiguration }, { HttpPropertyKeys.HttpRouteDataKey, httpRouteData } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 0; category.CategoryName = ""; // The ASP.NET pipeline doesn't run, so validation don't run. controller.ModelState.AddModelError("", "mock error message"); var response = controller.Post(category); // Assert Assert.AreEqual(HttpStatusCode.BadRequest, response.StatusCode); } [Test] public void Put_Category_Returns_OKStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<CreateOrUpdateCategoryCommand>())).Returns(new CommandResult(true)); Mapper.CreateMap<CategoryFormModel, CreateOrUpdateCategoryCommand>(); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act CategoryModel category = new CategoryModel(); category.CategoryId = 1; category.CategoryName = "Mock Category"; var response = controller.Put(category.CategoryId,category); // Assert Assert.AreEqual(HttpStatusCode.OK, response.StatusCode); } [Test] public void Delete_Category_Returns_NoContentStatusCode() { // Arrange commandBus.Setup(c => c.Submit(It.IsAny<DeleteCategoryCommand >())).Returns(new CommandResult(true)); CategoryController controller = new CategoryController(commandBus.Object, categoryRepository.Object) { Request = new HttpRequestMessage() { Properties = { { HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration() } } } }; // Act var response = controller.Delete(1); // Assert Assert.AreEqual(HttpStatusCode.NoContent, response.StatusCode); } private static IEnumerable<CategoryWithExpense> GetCategories() { IEnumerable<CategoryWithExpense> fakeCategories = new List<CategoryWithExpense> { new CategoryWithExpense {CategoryId=1, CategoryName = "Test1", Description="Test1Desc", TotalExpenses=1000}, new CategoryWithExpense {CategoryId=2, CategoryName = "Test2", Description="Test2Desc",TotalExpenses=2000}, new CategoryWithExpense { CategoryId=3, CategoryName = "Test3", Description="Test3Desc",TotalExpenses=3000} }.AsEnumerable(); return fakeCategories; } } The complete implementation for the Api Controller, CategoryController is given below: public class CategoryController : ApiController { private readonly ICommandBus commandBus; private readonly ICategoryRepository categoryRepository; public CategoryController(ICommandBus commandBus, ICategoryRepository categoryRepository) { this.commandBus = commandBus; this.categoryRepository = categoryRepository; } public IQueryable<CategoryWithExpense> Get() { var categories = categoryRepository.GetCategoryWithExpenses().AsQueryable(); return categories; } // GET /api/category/5 public HttpResponseMessage Get(int id) { var category = categoryRepository.GetCategoryWithExpenses().Where(c => c.CategoryId == id).SingleOrDefault(); if (category == null) { return Request.CreateResponse(HttpStatusCode.NotFound); } return Request.CreateResponse(HttpStatusCode.OK, category); } // POST /api/category public HttpResponseMessage Post(CategoryModel category) { if (ModelState.IsValid) { var command = new CreateOrUpdateCategoryCommand(category.CategoryId, category.CategoryName, category.Description); var result = commandBus.Submit(command); if (result.Success) { var response = Request.CreateResponse(HttpStatusCode.Created, category); string uri = Url.Link("DefaultApi", new { id = category.CategoryId }); response.Headers.Location = new Uri(uri); return response; } } else { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } throw new HttpResponseException(HttpStatusCode.BadRequest); } // PUT /api/category/5 public HttpResponseMessage Put(int id, CategoryModel category) { if (ModelState.IsValid) { var command = new CreateOrUpdateCategoryCommand(category.CategoryId, category.CategoryName, category.Description); var result = commandBus.Submit(command); return Request.CreateResponse(HttpStatusCode.OK, category); } else { return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState); } throw new HttpResponseException(HttpStatusCode.BadRequest); } // DELETE /api/category/5 public HttpResponseMessage Delete(int id) { var command = new DeleteCategoryCommand { CategoryId = id }; var result = commandBus.Submit(command); if (result.Success) { return new HttpResponseMessage(HttpStatusCode.NoContent); } throw new HttpResponseException(HttpStatusCode.BadRequest); } } Source Code The EFMVC app can download from http://efmvc.codeplex.com/ . The unit test project can be found from the project EFMVC.Tests and Web API project can be found from EFMVC.Web.API.

Search Results

Search found 50247 results on 2010 pages for 'base class'.

Page 698/2010 | < Previous Page | 694 695 696 697 698 699 700 701 702 703 704 705 | Next Page >

- by danit

- by Soo

- by user1490244

- by dotnetdev

- by Code Droid

- by Tony

- by greenguy1090

- by danit

- by Jason

- by Pauff

- by Garry

- by VP

- by Mark

- by lemnisca

- by WpfBee

- by Shadow

- by qwead

- by mtay

- by Will

- by ropstah

- by SeanMcAlinden

- by Rick Strahl

- by Rick Strahl

- by Rick Strahl

- by shiju

< Previous Page | 694 695 696 697 698 699 700 701 702 703 704 705 | Next Page >