Ramani Sandeep's Blog

DotNetting – Fast , Easy Way of Developing Applications

Archive for the ‘ASP.NET 3.5’ Category

« Previous Entries

Tips/Trick : Session timeout problem in IIS7

Posted by Ramani Sandeep on March 19, 2011

Hi all,

Recently we did release to a staging environment running IIS7.x, .NET 3.5. after few days of release users get problem of session timeout when user leave the pc for an hour or more than that. So I have started to search for the cause.

Looked into the session timeout settings in web.config of the application. we already set timeout to 180 minutes (3 hour). So I have tested it myself & came to know that user session get expires after 20 minutes (which is the default setting).

So I started looking into the IIS settings and came to know that i missed two things to change :

  1. Application pool’s Idle Time-out(minutes)
  2. Session state – State server’s Time-out (seconds)

Once I have changed above settings than after Session timeout worked.

So after that I have made one checklist that can help us to validate Session timeout settings, here i am sharing it with you as well so that you will also get some benefits from it :

  1. Application Pool – Advanced Settings Menu – Process Model – Idle Time-out (minutes)
  2. Sites – Session State – Cookie Settings – Time-out (minutes)
  3. If you are using State Server or SQL Server to manage your session (instead of InProcess), Here is the steps to follow :       Sites – Session State – Session State Mode Settings – Time-out (seconds)
  4. Under Web.config – system.web – authentication mode – forms – timeout (for form authentication)

That is all , no more things you need to set in order to increase session timeout from its default value.

Simple but very useful tips.

Hope this will help !!!

Jay Ganesh

Posted in ASP.NET 3.5, IIS 7, Tips and Tricks | Tagged: , , , | 1 Comment »

Improving ASP.NET Security with Visual Studio 2010 Code Analysis

Posted by Ramani Sandeep on January 5, 2011

Anyone doing ASP.NET development probably admits, openly or not, to introducing or stumbling upon a security issue at some point during their career. Developers are often pressured to deliver code as quickly as possible, and the complexity of the platform and vast number of configuration options often leaves the application in a less than desirable security state. In addition, the configuration requirements for debugging and production are different, which can often introduce debugging settings in production, causing a variety of issues.

Over the years, the ASP.NET platform has matured and better documentation has been made available through MSDN and community blogs, but knowing which feature or configuration setting to use is often troublesome. Even with good knowledge of the security functionality, mistakes can happen that could result in security vulnerabilities in your application.

Peer code review is a useful process and a good way to catch issues early. Still, not everyone has the time or budget—or knowledgeable peers at hand—for such review.

Since the introduction of code analysis in Visual Studio 2005, developers have been able to automatically analyze their code to see if it complies with a series of best practices ranging from design, maintainability, performance and security. So far, code analysis has been a great tool, but it hasn’t focused on providing best security practice guidance for ASP.NET—until now.

In this article I’ll introduce you to the new ASP.NET code analysis rules that can be used with Visual Studio code analysis as well as with the standalone FxCop application to improve the security of your ASP.NET applications.

Read more…

Hope this will helps !!!

Jay Ganesh

Posted in ASP.NET 3.5, ASP.NET 4.0, Visual Studio | Tagged: , , , | Leave a Comment »

How to Open Large XML files without Loading the xml Files?

Posted by Ramani Sandeep on December 21, 2010

Working with Xml files in Memory is always a performance issue. It become more important to look into the processing of Xml files which are heavy in size (lets say more than 3 GB). So questions comes in mind that how to process such heavy Xml files.

When we think of working with any XML file, we normally think of using

  • XMLDocument
  • DataSet.ReadXml()
  • XPathDocument

When we use the above options, we are loading the files into the system memory.

The problem is that, if the size of the xml file is for e.g. 5 GB to 7 GB, we have to load the complete file in System’s Memory. This will cost us systems memory and will throw “System out of Memory Exception”.

The best approach to process such large files is to avoid loading the files into the memory.

Microsoft has provided with XmlTextReader class. XmlTextReader helps us to process the xml file line by line. In this way we are not loading the complete xml file into the memory but processing the file line by line, node by node.

Here is code snippet that shows an example of how to use XMLTextReader class: -

XmlTextReader myTextReader = new XmlTextReader(filename);
myTextReader.WhitespaceHandling = WhitespaceHandling.None;
while (myTextReader.Read())
{
	if (myTextReader.NodeType == XmlNodeType.Element &&
		myTextReader.LocalName == "Reward" &&
		myTextReader.IsStartElement() == true)
        {
        	ProcessRewardNode(myTextReader);
                myTextReader.Skip();
	}
}

Here is method implementations of ProcessRewardNode :

private void ProcessRewardNode(XmlTextReader RewardReader)
{
	XmlDocument RewardXmlDoc = new XmlDocument();
	RewardXmlDoc.LoadXml(RewardReader.ReadOuterXml());
	// we can use xpath as below
	myID = RewardXmlDoc.SelectSingleNode("Reward/myID").InnerText;
}

Here code itself tells you lots of things, so i am not discussing it more here. you can look into MSDN of XMLTextReader for more information.

Hope this will helps !!!

Jay Ganesh

Posted in ASP.NET 3.5, CodeProject | Tagged: , , , | 2 Comments »

Request Validation – Preventing Script Attacks

Posted by Ramani Sandeep on August 5, 2010

By default, the application is prevented from processing unencoded HTML content submitted to the server (it means page validaterequest=true & it help us to prevent script attacks ).

This request validation feature can be disabled when the application has been designed to safely process HTML data. When ever you work with DotNetNuke this feature is disabled by default.

Now question comes in mind that in such cases how to “Preventing Script Attacks”.

One solution can “stop submitting input that contains such scripts or we can say html tags”.
so that we can prevent script attack.

Here is one solution using RegularExpressionValidator.

Suppose we are having textbox that takes some input text from the user & we do not want them to type any html tags than here is the code for that :


<asp:TextBox runat="server" ID="txtName"></asp:TextBox>

<asp:RegularExpressionValidator runat="server" ID="regName" ControlToValidate="txtName" Display="Dynamic" ValidationGroup="Employeevalgrp" ValidationExpression="^[^<>]+$" ErrorMessage="Html tags are not allowed."/>

<asp:Button runat="server" ID="btnSaveEmployeeInfo" ValidationGroup="Employeevalgrp"
    CausesValidation="true" OnClick="btnSaveEmployeeInfo_Click" />

Here when user press button, validator will validate the input text & submit the text only if it passes thru the validation test.

Here I must say that we are not validating request, we are just validating input that is going to be submitted to the server.

Hope this will help !!!

Posted in ASP.NET 3.5 | Tagged: , , , | Leave a Comment »

Securing ASP.Net Web Services with Forms Authentication

Posted by Ramani Sandeep on June 10, 2010

In this article we show how Forms Authentication can be used to secure ASP.Net Web Services, using the built-in ASP.Net Membership Provider classes which utilize SQL Server to store usernames and passwords.

Why?

Adding a Web Service, (also called an Application Programming Interface, or API for short) to an existing web site or desktop application (of the client-server variety) is a great way to enable additional and innovative uses of the data it holds, and also extend its reach to different development platforms such as native Apple and Linux applications , or to native mobile device applications such as those on Apple’s iPhone.

Read more

Hope this will helps !!!

Jay Ganesh

Posted in ASP.NET, ASP.NET 3.5, ASP.NET 4.0, Web Services | Tagged: , , , , | Leave a Comment »

DNJ – Dot Net jQuery

Posted by Ramani Sandeep on April 28, 2010

DNJ is Open Source framework to make use of jQuery in an ASP.NET application easier.

This article is a quick guide to some features of the DNJ framework. DNJ is an Open Source framework that helps using jQuery with ASP.NET applications. It provide helper functions, an AJAX extender, a transparent RPC, and an implementation of the jQuery UI components as ASP.NET web controls.

View full Article : http://www.codeproject.com/KB/aspnet/dotnetjquery.aspx

Read more : http://dnj.eurekaa.org/

Posted in ASP.NET 3.5, JQuery | Tagged: | 2 Comments »

Click and Retrieve the Value of a GridView Cell using jQuery

Posted by Ramani Sandeep on April 25, 2010

This article demonstrates how to click and retrieve data from a GridView cell.

This article is a sample chapter from Suprotim Agarwal EBook called 51 Tips, Tricks and Recipes with jQuery and ASP.NET Controls.

The chapter has been modified a little to publish it as an article.

click here to read more 

Posted in ASP.NET 3.5, JQuery | Tagged: , | 1 Comment »

Downloading Multiple Files as a Zip File Using GridView and SharpZipLib

Posted by Ramani Sandeep on April 15, 2010

Downloading files becomes a painful procedure if you have to select each individual file manually to perform the download. In this article we are going to select multiple files and download all of them as a single zip file.

SharpZipLib is a free .NET API which is used to perform zipping operations. We will use SharpZipLib to perform the file zip.

Read full article by AzamSharp  : here

Hope this will help !!!

Jay Ganesh

Posted in ASP.NET 3.5 | Tagged: , , | 5 Comments »

Lazy Loading jQuery Collapsible Panel in ASP.Net Using JSON by Satheesh Babu

Posted by Ramani Sandeep on April 14, 2010

Recently I have read very good article on Lazy Loading Collapsible panel in ASP.NET Using JSON.

Satheesh babu has written a very good article on this. I hope it can help you to increase your jQuery skill.

In collapsible panel we fully load the contents when the page is initially rendered to the client. Hence, clicking the arrow buttons on the panel will just expand and collapse the contents. This will make the page heavy when there are large amount of data on different panels on the page. It will be better and light weight when we actually load the contents of the panels only when the user clicks the expand arrow button, a lazy loading or loading on-demand.

Read full article : here

Hope this will helps !!!

Jay Ganesh

Posted in ASP.NET 3.5, JQuery | Tagged: , , , | Leave a Comment »

SQL Cache Dependency with SQL Server, LINQ and ASP.NET 3.5

Posted by Ramani Sandeep on March 15, 2010

The following article demonstrates how to use SQL Cache Dependency with SQL Server 2005/2008, ASP.NET 3.5 and Extension Methods.

ASP.NET has several different varieties of caching features. This article will shine a light on a little known feature of ASP.NET 3.5 called SQL Cache Dependency. SQL Cache Dependency has been around since SQL Server 2000, but back then ASP.NET was limited as far as it had a polling mechanism built in so it would continually poll the database for changes, and when a change was found, it was up to the developer to notify the website that a change had occurred and make the necessary changes in the cache.

With the release of SQL Server 2005 and 2008, ASP.NET has a more mature way to perform SQL Cache Dependency.  The developer can now tell SQL Server to push notifications when data has changed. The biggest factor here is that the website does not have to continually poll the database.

Read more

Hope this will help

Jay Ganesh

Posted in ASP.NET 3.5, Linq | Tagged: , | Leave a Comment »

« Previous Entries
 
Follow

Get every new post delivered to your Inbox.

Join 37 other followers