2010-5
15

Launch of ScharfHoldings.com complete

Category: General | Tags: | No Comments

I am very excited to announce the launch of the new and improved Scharf Holdings, LLC website. As part of my commitment with this company to assist medium sized businesses to obtain or develop enterprise level applications and software as a moonlighting project for the past 10 years, I’ve decided to take it mainstream with a limited capacity as I still have a full-time job which I intend to keep. As the need for more capacity arises I will be hiring as needed to fill customer demand with a continued commitment to quality.

Being my own customer in developing the new web site was challenging, especially since like most companies with real customers, my own needs typically come last. I’m happy to say that the site is complete.

2009-11
3

Creating a Page method (ScriptMethod) within an ASCX user control using AJAX, JSON, base classes and reflection

Category: ajax, ASP.NET Development, The Client Side | Tags: , , , , , , , | 11 Comments

I have searched far and wide for the past week looking for a way to create a page method (a neat feature in ASP.NET which allows you to call static methods in your page decorated with an attribute as an AJAX web service) in an ASCX user control and possibly even a master page. First, a little background (yes, there will be a code download link at the end of the article)

More »

2009-7
20

Silverlight 3 for the Enterprise – Part 1

Category: Silverlight | Tags: | No Comments

I will be covering architectural patterns and design for an enterprise level Silverlight 3 application. Silverlight here is really a misnomer since the UI does not truly identify an enterprise level application, but rather the tiers and application components that make up an extensible, flexible and scalable group of systems. More »

2008-10
30

3-State CheckBox using Microsoft AJAX

Category: ASP.NET Development, The Client Side | Tags: , , | 20 Comments

Preview

Blank (or unset): blank, Checked (or granted): checked, and unchecked (or denied): unchecked.

I recently had some very difficult requirements to fulfill on an access control and configuration application with a web front end. Those of you who have designed or implemented access control interfaces know this is a daunting task, especially when the access control needs to be fairly flexible. Although it’s easy to implement a user interface that directly represents your data model, your users may not always be able to easily use or understand how to accomplish tasks using it. Usability is important to consider when tackling complex concepts or data structures through web UI.

The requirements for our security model were for granting or denying access to specific data elements in the database. By default a user has access to everything. If you explicitly grant access to an element, the user then only has access to those elements you’ve explicitly granted access to. You can also deny access to a given element; however a single element can only have one preference state, un-specified, grant access, or deny access. To top it all off, all the elements are in a recursive tree structure (always makes things more fun).

I had immediately made the decision that whatever we did, it needed to be in a tree fashion to show the end user the structure of what they were granting access to, however the question remained as to how to represent each state in an intuitive and easy to understand way. Enter the 3-State check box. More »

2008-5
2

Creating a JavaScript HashTable

Category: ASP.NET Development, The Client Side | Tags: | No Comments

I use a lot of configuration and provider driven services and variables for developing web applications. Let’s face it, I don’t like to recompile. I recently had the need to share my Web.config settings with the client code, but didn’t want to declare a variable for every possible setting, I just wanted to dynamically create the script of configuration settings in some collection and have access to that in my client side code. Because I wanted this collection to act just like a HashTable in System.Collections, I decided to create a JavaScript type to mirror the storage and access paradigm of the HashTable for use in my applications. More »

2008-4
11

Shrinking JavaScript Arrays

Category: The Client Side | Tags: | No Comments

Recently I’ve found myself writing a ton of client code in a new pure JavaScript/WCF project I am working on. Since most of the programming I’m doing for the UI is in JavaScript files, I’ve found myself having to work with the Array object for many different things. The one thing I’ve noticed however, is that you cannot remove an item from a JavaScript array, say, in the middle of the array and have the array size shrink without losing data at either end, however having to check for array_name[i] != null every single time I iterate the array was getting annoying, to say the least. More »

2008-4
3

Protecting PDF files in IIS 6 using Forms Authentication

Category: ASP.NET Development, IIS | Tags: , , | 9 Comments

Problem

We have a very simple ASP.NET web site that uses the built in Forms Authentication provider out of the box for users, roles and security. Our internal business customers have hundreds of PDF documents that should only be accessible for specific users or roles within the company. A majority of users that need access to these files are outside the company firewall and do not have VPN access. The site must be hosted on Windows Server 2003 using IIS 6.

Although this problem could be solved in many ways, I wanted to make the site as dynamic as possible since our web master would need to make constant changes to files, structure, etc and we did not want a programmer having to make changes to specific code or a DBA maintaining a database of files, paths, etc. We also wanted to avoid using a network file share to host the files or wrap the site using Plain Text authentication.

The issue is Forms Authentication provides no security on the request stack within IIS 6 as it does in IIS 7. Because we can’t extend this, our files would be wide open to any attacker or malicious employee looking to download the file by figuring out the link or by users who had bookmarked certain files and later after they had been removed from that role, being able to still access them.

The Solution

The solution seemed easy. Some content management systems allow you to store files in databases, or use URL re-writing to accomplish this task, but I wanted something simpler and easier to extend or duplicate in the future. We’re all pretty familiar with IHttpHandler and it seemed since that’s the way the prior, more complex solutions perform this feat more often than not, why not give it a shot for this: More »

2008-3
30

Readability, Sub-Queries in LINQ

Category: LINQ | Tags: , , | 6 Comments

I’ve been working with LINQ and LINQ to SQL for a while now and I have to say, it definitely makes object enumeration, data access and binding extremely easy and efficient. Even the dynamic SQL it generates using LINQ to SQL is acceptable in efficiency and performance. One thing I noticed however is when you need to do complex sub queries or provide summary information within nested levels of relationships, the code can become pretty messy, until I discovered you can write LINQ statements within a generic type from inside an existing LINQ statement.

I’m sure somewhere in the documentation it says you can do this, but I just discovered it for myself, so no laughing if you’re thinking to yourself, “DUH; what a moron!” More »

2008-1
11

You can’t always blame Bill when Vista breaks

Category: IIS7, Windows Vista | Tags: , , , | No Comments

Just recently I decided to upgrade my development machine at the office from Windows XP to Windows Vista. Taking into consideration the ability to play around with the new IIS7, as well as take the opportunity to upgrade to Visual Studio 2008 Team Suite. I can say I’m happy that I did, I even did a clean install since Vista Enterprise did not support an upgrade from XP. Then the fun started. After spending a day and a half re-installing all of my development tools, MS Office, hunting down new drivers for the video card, sound card as well as running Windows Updates, etc I was up and running without a care in the world. More »

2008-1
9

Checking for a null session is a serious matter

Category: ASP.NET Development | 3 Comments

While using Infragistics NetAdvantage for ASP.NET I noticed a bug while working with the UltraGauge (WebGauge) control. It turns out that if you disable session state for the page that this control is on or for the entire web application as I had done for performance reasons, you get a nasty error:

"Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make sure that System.Web.SessionStateModule or a custom session state module is included in the <configuration>\<system.web>\<httpModules> section in the application configuration."

It turns out that the logic in Infragistic's source code was not that bad, it tested if the page was null, that we weren't in design mode, and then used this little snippet of code which was throwing the exception:

    "if (this.Page.Session != null) {…"

This may seem like a sane check, and for the life of me it took a while to figure out what the problem was… turns out that if you call the get { } accessor in the Page's Session property, it in turn calls a method, get_Session(), which throws this exception upon not having access to session or a proper provider/handler. While I lodged a bug with Infragistics to put in a fix for this control, I went ahead and searched for a solution myself.

Inheritance is a wonderful thing, and so are virtual properties

The SAFE way to check whether or not it is valid to use session, regardless if you are on a page, control, static class, etc, is to use HttpContext.Current.Session. For example:

if (HttpContext.Current.Session != null)
{
    // do stuff
}

Therefore, we needed to override the Page's default behavior to add a "safe" get for the Session property:

public override HttpSessionState Session
{
    get
    {
        if (HttpContext.Current.Session == null)
            return null;
        else
            return base.Session;
    }
}

By putting this code in my Page's code-behind, I was able allow the WebGauge control to safely check if Session was null through the Page's Session property without this operation throwing an exception. I was also able to circumvent the need for a re-compile or further code changes should I ever want to re-enable session state in my application or even for that page.

Update

Dear Infragistics Customer,

The following WebGauge issue that you reported has been addressed in a hotfix release:
BR29520 – Exception throw when using the WebGauge with FileSystem deployment, and SessionState turned off for the website.

Incident(s):
WeG73

Hotfix Version(s):
7.2.20072.1072 CLR 2.0, 7.3.20073.1046 CLR 2.0, 8.1.20081.2001 CLR 2.0, 8.1.20081.2001 CLR 3.5