asp.net
There are 117 entries for the tag
asp.net
Conway’s Law states, ...organizations which design systems ... are constrained to produce designs which are copies of the communication structures of these organizations. Up until recently, there was probably no better demonstration of this law than the fact that Microsoft had two ways of shipping angle brackets (and curly braces for that matter) over HTTP – ASP.NET MVC and WCF Web API. The reorganization of these two teams under Scott Guthrie (aka “The GU” which I’m contractually bound to tack on) led to an intense effort to consolidate these technologies in a coherent...
Donut caching, the ability to cache an entire page except for a small region of the page (or set of regions) has been conspicuously absent from ASP.NET MVC since version 2. Mmmmm, donuts! – Photo by Pzado at sxc.hu This is something that’s on our Roadmap for ASP.NET MVC 4, but we have yet to flesh out the design. In the meanwhile, there’s a new NuGet package written by Paul Hiles that brings donut caching to ASP.NET MVC 3. I haven’t tried it myself yet, so be forewarned, but judging by the blog post,...
Once in a while folks ask me for details about the hardware and software that hosts my blog. Rather than write about it, a photo can provide all the details that you need. There you have it. Well actuallyTM, my blog runs on a bit more hardware than that these days. Especially after the Great Hard-Drive Failure of 2009. As longtime readers of my blog might remember, nearly two years ago, this blog went down in flames due to a faulty hard-drive on the hosting server. My hosting provider, CrystalTech (now rebranded to be the...
I like to live life on the wild side. No, I don’t base jump off of buildings or invest in speculative tranches made up of junk stock derivatives. What I do is attempt to run recurring background tasks within an ASP.NET application. Writing code is totally just like this - Photo by DVIDSHUB – CC BY 2.0 But before I do anything wild with ASP.NET, I always talk to my colleague, Levi (sadly, no blog). As a developer on the internals of ASP.NET, he knows a huge amount about it, especially the potential pitfalls. He’s also...
Go that way instead - Photo by JacobEnos CC some rights reserved In an ASP.NET web application, it’s very common to write some jQuery code that makes an HTTP request to some URL (a lightweight service) in order to retrieve some data. That URL might be handled by an ASP.NET MVC controller action, a Web API operation, or even an ASP.NET Web Page or Web Form. If it can return curly brackets, it can be respond to a JavaScript request for JSON. One pain point when hosting lightweight HTTP services on ASP.NET is making a request...
Today, during his //BUILD keynote, Scott Guthrie announced the availability of ASP.NET MVC 4 Developer preview. Note those words, developer preview. This is not even a Beta release. But there sure is a lot of cool stuff inside. One great thing about this release is that the runtime libraries (our assemblies) as well as our JavaScript libraries are available as NuGet packages. So if you write packages that depend on the ASP.NET MVC 4 runtime, you can have them depend on our packages. Also included in this release is NuGet 1.5 which was released just recently. If you...
If you’re at the BUILD conference in Anaheim, I’ll be speaking in two sessions on Thursday. Progressively enable the mobile web with ASP.NET MVC 4, HTML5, and jQuery Mobile Thursday, 9:00 AM There are over a billion mobile devices with rich Web capabilities, yet many Websites look terrible on such devices, or worse, fail to work at all. As mobile devices become the primary way that most people access the Web, having a site that fails to deliver a rich experience on the Web using HTML5, JavaScript and jQuery Mobile is missing out...
In a recent blog post, I wrote a a controller inspector to demonstrate Controller and Action Descriptors. In this blog post, I apply that knowledge to build something more useful. One pain point when you write Ajax heavy applications using ASP.NET MVC is managing the URLs that Routing generates on the server. These URLs aren’t accessible from code in a static JavaScript file. There are techniques to mitigate this: Generate the URLs in the view and pass them into the JavaScript API. This approach has the drawback that it isn’t unobtrusive and requires some...
EDITOR’S NOTE: Microsoft has an amazing intern program. For a summer, these bright college students work with a feature crew getting real work done, all the while attending cool events nearly every week that, frankly, make the rest of us jealous! Just look at some of the perks listed in this news article! This summer, the ASP.NET MVC is hosting an intern, Stephen Halter, who while very smart, doesn’t have a blog of his own (booo! hiss!). Being the nice guy that I am (and also being amenable to bribes), I’m letting him guest author a post on my...
I hate code samples in technical books! No seriously, this is bile I’m not afraid to give a permalink to (nor am I afraid to end a sentence with a preposition, so there!). Even the shortest code samples are a pain to type in. And if they show anything reasonably interesting, they’re probably too long to type in. Of course, nobody actually types in the sample code, they grab the code from the companion CD (blech!) or download zip files containing the code from the companion website. With Professional ASP.NET MVC 3 (print edition | kindle edition)...
By default, ASP.NET MVC leverages Data Annotations to provide validation. The approach is easy to get started with and allows the validation applied on the server to “float” to the client without any extra work. However, once you get localization involved, using Data Annotations can really clutter your models. For example, the following is a simple model class with two properties. public class Character {
public string FirstName { get; set; }
public string LastName { get; set; }
}
Nothing to write home about, but it is...
It only feels like yesterday that we shipped ASP.NET MVC 3 followed by a release of updated Visual Studio tooling for ASP.NET MVC 3. But we’re not ones to sit on our hands for long and are busy at work on ASP.NET MVC 4. In fact, almost immediately after shipping ASP.NET MVC 3, we started working through our backlog of bugs at the same time that we started general planning for the next major version. Today, I’ve published the result of that planning in the form of a high-level roadmap for ASP.NET MVC 4. There’s an important...
ASP.NET MVC 3 introduced the ability to bind an incoming JSON request to an action method parameter, which is something I wrote about before. For example, suppose you have the following class defined (keeping it really simple here): public class ComicBook {
public string Title { get; set; }
public int IssueNumber { get; set; }
}
And you have an action method that accepts an instance of ComicBook:
[HttpPost]
public ActionResult Update(ComicBook comicBook) {
// Do something with ComicBook and return an...
In May, we released a tools update for ASP.NET MVC 3 in nine languages other than English. Today I got the good news that ASP.NET MVC 3 documentation is also now available in those nine languages, which arguably is even more helpful to those learning and using ASP.NET MVC. Japanese: http://msdn.microsoft.com/ja-jp/library/gg416514(VS.98).aspx Korean: http://msdn.microsoft.com/ko-kr/library/gg416514(VS.98).aspx Chinese (Simplified): http://msdn.microsoft.com/zh-cn/library/gg416514(VS.98).aspx Chinese (Traditional) http://msdn.microsoft.com/zh-tw/library/gg416514(VS.98).aspx German: http://msdn.microsoft.com/de-de/library/gg416514(VS.98).aspx Spanish: http://msdn.microsoft.com/es-es/library/gg416514(VS.98).aspx French: http://msdn.microsoft.com/fr-fr/library/gg416514(VS.98).aspx Italian: http://msdn.microsoft.com/it-it/library/gg416514(VS.98).aspx ...
At the risk of getting punched in the face by my friend Miguel, I’m not afraid to admit I’m a fan of responsible use of dependency injection. However, for many folks, attempting to use DI runs into a roadblock when it comes to ASP.NET HttpModule. In the past, I typically used “Poor man’s DI” for this. I wasn’t raised in an affluent family, so I guess I don’t have as much of a problem with this approach that others do. However, when the opportunity for something better comes along, I’ll take it Daddy Warbucks. I was refactoring some...
When you build an ASP.NET MVC 3 application and are ready to deploy it to your hosting provider, there are a set of assemblies you’ll need to include with your application for it to run properly, unless they are already installed in the Global Assembly Cache (GAC) on the server. In previous versions of ASP.NET MVC, this set of assemblies was rather small. In fact, it was only one assembly, System.Web.Mvc.dll, though in the case of ASP.NET MVC 1.0, if you didn’t have SP1 of .NET 3.5 installed, you would have also needed to deploy System.Web.Abstractions.dll and System.Web.Routing.dll. ...
In April we announced the release of ASP.NET MVC 3 Tools Update which added Scaffolding, HTML 5 project templates, Modernizr, and EF Code First Magic Unicorn Edition. Today, just shy of one month later I’m happy to announce that this release is now available in nine other languages via the Web Platform Installer (Web PI). We’ve also included release notes translated into the nine languages as well. Chinese (Simplified) Chinese (Traditional) French German Italian Japanese Korean...
ASP.NET MVC project templates include support for precompiling views, which is useful for finding syntax errors within your views at build time rather than at runtime. In case you missed the memo, the following outline how to enable this feature. Right click on your ASP.NET MVC project in the Solution Explorer Select Unload Project in the context menu. Your project will show up as unavailable Right click on the project again and select Edit ProjectName.csproj. This will bring up the project file within Visual Studio. Search for...
Say you want to apply an action filter to every action except one. How would you go about it? For example, suppose you want to apply an authorization filter to every action except the action that lets the user login. Seems like a pretty good idea, right? Currently, it takes a bit of work to do this. If you add a filter to the GlobalFilters.Filters collection, it applies to every action, which in the previous scenario would mean you already need to be authorized to login. Now that is security you can trust! You can also...
Today at Mix, Scott Guthrie announced an update to the ASP.NET MVC 3 we’re calling the ASP.NET MVC 3 Tools Update. You can install it via Web PI or download the installer by going to the download details page. Check out the release notes as well for more details. Notice the emphasis on calling it a Tools Update? The reason for that is simple. This only updates the tooling for ASP.NET MVC 3 and not the runtime. There are no changes to System.Web.Mvc.dll or any of its other assemblies that ship as part of the ASP.NET MVC 3 Framework....
Layouts in Razor serve the same purpose as Master Pages do in Web Forms. They allow you to specify a layout for your site and carve out some placeholder sections for your views to implement. For example, here’s a simple layout with a main body section and a footer section. <!DOCTYPE html>
<html>
<head><title>Sample Layout</head>
<body>
<div>@RenderBody()</div>
<footer>@RenderSection("Footer")</footer>
</body>
</html>
In order to use this layout, your view might look like.
@{
Layout = "MyLayout.cshtml";
}
<h1>Main Content!</h1>
@section Footer {
...
David Fowler turned me on to a really cool feature of Razor I hadn’t realized made it into 1.0, Templated Razor Delegates. What’s that? I’ll let the code do the speaking. @{
Func<dynamic, object> b = @<strong>@item</strong>;
}
<span>This sentence is @b("In Bold").</span>
That could come in handy if you have friends who’ll jump on your case for using the bold tag instead of the strong tag because it’s “not semantic”. Yeah, I’m looking at you Damian . I mean, don’t both words signify being forceful? I digress.
Note that the delegate that’s...
Within a Razor view, you have access to a base set of properties (such as Html, Url, Ajax, etc.) each of which provides methods you can use within the view. For example, in the following view, we use the Html property to access the TextBox method. @Html.TextBox("SomeProperty")
Html is a property of type HtmlHelper and there are a large number of useful extension methods that hang off this type, such as TextBox.
But where did the Html property come from? It’s a property of System.Web.Mvc.WebViewPage, the default base type...
It pains me to say it, but ASP.NET MVC 3 introduces a minor regression in routing from ASP.NET MVC 2. The good news is that there’s an easy workaround. The bug manifests when you have a route with two consecutive optional URL parameters and you attempt to use the route to generate an URL. The incoming request matching behavior is unchanged and continues to work fine. For example, suppose you have the following route defined: routes.MapRoute("by-day",
"archive/{month}/{day}",
...
Over a decade ago, Tim Berners-Lee, creator of the World Wide Web instructed the world know that cool URIs don’t change with what appears to be a poem, but it doesn’t rhyme and it’s not haiku. What makes a cool URI? A cool URI is one which does not change. What sorts of URI change? URIs don't change: people change them. In a related article, URL as UI, usability expert Jakob Nielsen lists the following criteria for...
Over the past couple of years, I’ve written several blog posts on ASP.NET Routing where I provided various extensions to routing. Typically such blog posts included a zip download of the binaries and source code to allow readers to easily try out the code. But that’s always been a real pain and most people don’t bother. But now, there’s a better way to share such code. Moving forward, I’ll be using NuGet packages as a means of sharing my code samples. In the case of my routing extensions, I’ve compiled them into a solution I call RouteMagic (source...
For those of you who enjoy learning about a technology via screencast, I’ve recorded a video to accompany and complement this blog post. The screencast shows you what this package does, and the blog post covers more of the implementation details. A key feature of any package manager is the ability to let you know when there’s an update available for a package and let you easily install that update. For example, when we deployed the release candidate for NuGet, the Visual Studio Extension Manager displayed the release in the Updates section. Likewise,...
The changing of the year is a time of celebration as people reflect thoughtfully on the past year and grow excited with anticipation for what’s to come in the year ahead. Today, there’s one less thing to anticipate as we announce the final release of ASP.NET MVC 3 and NuGet 1.0! Oh yeah, this never gets old. Install it via Web Platform Installer or download the installer directly to run it yourself. Here are a few helpful resources for learning more about this release: What’s New in...
I gave a presentation to another team at Microsoft yesterday on ASP.NET MVC and the Razor view engine and someone asked if there was a reference for the Razor syntax. It turns out, there is a pretty good guide about Razor available, but it’s focused on covering the basics of web programming using Razor and inline pages and not just the Razor syntax. So I thought it might be handy to write up a a really concise quick reference about the Razor syntax. Syntax/Sample ...
A lot has been written about how to get ASP.NET MVC running on IIS 6 with extensionless URLs. Up until now, the story hasn’t been very pretty. When running ASP.NET MVC on ASP.NET 4, it gets a lot easier. To be fair, the part that makes it easier has nothing to do with ASP.NET MVC 3 and everything to do with a little known new feature of ASP.NET 4 creatively called the ASP.NET 4 Extensionless URL feature. ASP.NET MVC 3 requires ASP.NET 4 so it naturally benefits from this new feature. If you have a server running IIS...
Along with James Senior, I’ll be speaking at a couple of free Web Camps events in South America in March 2011. Buenos Aires, Argentina – March 14-15, 2011 São Paulo, Brazil – March 18-19, 2011 The registration links are not yet available, but I’ll update this blog post once they are.Registration is open! Register for Argentina. Register for Brazil.
For a list of all upcoming Web Camps events, see the events list. If you’re not familiar with Web Camps, the website provides the following description, emphasis mine: Microsoft's 2 day Web Camps...
Almost exactly one month ago, we released the Release Candidate for ASP.NET MVC 3. And today we learn why we use the term “Candidate”. As Scott writes, Visual Studio 2010 SP1 Beta was released just this week and as we were testing it we found a few incompatibilities with it and the ASP.NET MVC 3 RC that we had just released. That’s when we, in the parlance of the military, scrambled the jets to get another release candidate prepared. You can install it directly using the Web Platform Installer (Web PI) download the installer yourself from from...
I don’t normally post lists of links as it’s really not my style. But there’s a lot of great NuGet blog posts I want to call out so I thought I’d try my hand at it. Hey! Here’s a random picture of a goat. I also tend to post links from my twitter account http://twitter.com/haacked. Using NuGet to spice up your development project – Willem Meints writes a nice intro to NuGet and shows how to package up a library. Using the Library Package Manager with Add-on...
Sometimes, despite your best efforts, you encounter a problem with your ASP.NET MVC application that seems impossible to figure out and makes you want to pull out your hair. Or worse, it makes you want to pull out my hair. In some of those situations, it ends up being a PEBKAC issue, but in the interest of avoiding physical harm, I try not to point that out. Thankfully, in the interest of saving my hair, Brad Wilson (recently featured on This Developer’s Life!) wrote a simple diagnostics web page for ASP.NET MVC that you can drop into...
UPDATE: 2011/02/13: This code is now included in the RouteMagic NuGet package! To use this code, simply run Install-Package RouteMagic within the NuGet Package Manager Console.
One thing ASP.NET Routing doesn’t support is washing and detailing my car. I really pushed for that feature, but my coworkers felt it was out of scope. Kill joys. Another thing Routing doesn’t support out of the box is a way to group a set of routes within another route. For example, suppose I want a set of routes to all live under the same URL path. Today, I’d need to make sure all...
A question I often receive via my blog and email goes like this: Hi, I just got an email from a Nigerian prince asking me to hold some money in a bank account for him after which I’ll get a cut. Is this a scam? The answer is yes. But that’s not the question I wanted to write about. Rather, a question that I often see on StackOverflow and our ASP.NET MVC forums is more interesting to me and it goes something like this: How do I get the route...
The beginning of wisdom is to call things by their right names – Chinese Proverb Routing in ASP.NET doesn’t require that you name your routes, and in many cases it works out great. When you want to generate an URL, you grab this bag of values you have lying around, hand it to the routing engine, and let it sort it all out. For example, suppose an application has the following two routes defined routes.MapRoute(
name: "Test",
...
Today we’re releasing the release candidate for ASP.NET MVC 3. We’re in the home stretch now so it’ll mostly be bug fixes and small tweaks from here on out. There are two ways to install ASP.NET MVC 3: Via the Web Platform Installer (Web PI) Or by downloading the installer directly Also, be sure to check out the ASP.NET MVC 3 web page for information and content about ASP.NET MVC 3 as well as the release notes for this release. Also, don’t miss Scott Guthrie’s blog post...
UPDATE: This post is a out of date. We recently released the Release Candidate for ASP.NET MVC 3.
Wow! It’s been a busy two months and change since we released Preview 1 of ASP.NET MVC 3. Today I’m happy (and frankly, relieved) to announce the Beta release of ASP.NET MVC 3. Be sure to read Scott Guthrie’s announcement as well. Credits: Image from ICanHazCheezburger http://icanhascheezburger.com/tag/onward/ Yes, you heard me right, we’re jumping straight to Beta with this release! To try it out… Install it immediately via the Web Platform Installer (Web PI). ...
By now, you’re probably aware of a serious ASP.NET Vulnerability going around. The ASP.NET team has been working around the clock to address this. Quite literally as last weekend, I came in twice over the weekend (to work on something unrelated) to find people working to address the exploit. Recently, Scott Guthrie posted a follow-up blog post with an additional recommended mitigation you should apply to your servers. I’ve seen a lot of questions about these mitigations, as well as a lot of bad advice. The best advice I’ve seen is this - if you’re running an ASP.NET application,...
UPDATE: This post is a out of date. We recently released the Release Candidate for ASP.NET MVC 3.
Feels like just yesterday that we released ASP.NET MVC 2 to the world and here I am already talking about an early preview. In a way, we’re right on schedule. It was almost exactly a year ago that we released Preview 1 of ASP.NET MVC 2. Today I’m happy to announce that ASP.NET MVC 3 Preview 1 is available for download. Give it a try out and let us know what you think. Some key notes before you give it a whirl:...
In my last blog post, I wrote about the proper way to check for empty enumerations and proposed an IsNullOrEmpty method for collections which sparked a lot of discussion. This post covers a similar issue, but from a different angle. A very long time ago, I wrote about my love for the null coalescing operator. However, over time, I’ve found it to be not quite as useful as it could be when dealing with strings. For example, here’s the code I might want to write: public static void DoSomething(string argument)...
ASP.NET 4 introduces a few new extensibility APIs that live the hermit lifestyle away from the public eye. They’re not exactly hidden - they are well documented on MSDN - but they aren’t well publicized. It’s about time we shine a spotlight on them. PreApplicationStartMethodAttribute This new attribute allows you to have code run way early in the ASP.NET pipeline as an application starts up. I mean way early, even before Application_Start. This happens to also be before code in your App_code folder (assuming you have any code in there) has been compiled. To use...
One of my favorite features of ASP.NET MVC 2 is the support for client validation. I’ve covered a bit about validation in the following two posts: ASP.NET MVC 2 Custom Validation covers writing a custom client validator. Localizing ASP.NET MVC Validation covers localizing error messages. However, one topic I haven’t covered is how validation works with globalization. A common example of this is when validating a number, the client validation should understand that users in the US enter periods as a decimal point, while users in Spain will use...
The ASP.NET MVC2 templates feature is a pretty nice way to quickly scaffold objects at runtime. Be sure to read Brad Wilson’s fantastic series on this topic starting at ASP.NET MVC 2 Templates, Part 1: Introduction. As great as this feature is, there is one template that’s conspicuously missing. ASP.NET MVC does not include a template for displaying a list of objects in a tabular format. Earlier today, ScottGu forwarded an email from Daniel Manes (what?! no blog! ;) with a question on how to accomplish this. Daniel had much of it implemented, but was trying to get over...
One annoyance that some developers have run into with ASP.NET MVC is that certain reserved filenames are not allowed in URLs. Often, this is manifested as a Bad Request error or a File Not Found (404) error.
The specifics of this restriction are accounted for in an interesting blog post entitled Zombie Operating Systems and ASP.NET MVC. This actually wasn’t a restriction on ASP.NET MVC but was built into the core of ASP.NET itself. Fortunately, ASP.NET 4 fixes this issue with a new setting. In web.config, simply add <httpRuntime relaxedUrlToFileSystemMapping="true"/> to the system.web node. Here’s a snippet from my...
This is the third in a three part series related to HTML encoding blocks, aka the <%: ... %> syntax.
Html Encoding Code Blocks With ASP.NET 4
Html Encoding Nuggets With ASP.NET MVC 2
Using AntiXss as the default encoder for ASP.NET
Scott Guthrie recently wrote about the new <%: %> syntax for HTML encoding output in ASP.NET 4. I also covered the topic of HTML encoding code nuggets in the past as well providing some insight into our design choices for the approach we took. A commenter to Scott’s blog post asked, ...
Hot on the heels of the release of ASP.NET MVC 2 yesterday, I’m happy to announce that we are releasing the source code to ASP.NET MVC 2 under the Ms-PL license, an OSI approved Open Source license. This continues the trend from nearly a year ago when we released ASP.NET MVC 1.0 under the Ms-PL. You can read my blog post there to learn more about the hard work that goes into such releases. While I’m one who loves lawyer jokes, I do appreciate the work that they do (one of my best friends is a lawyer) and...
It’s that time of year again when the sakura (cherry blossoms) bloom and allergies kick into high gear. When the drive home is no longer shrouded in darkness and when the ASP.NET team releases Software! Earlier today we released the RTM of ASP.NET MVC 2 for Visual Studio 2008 SP1. See Scott Guthrie’s announcement about it. For download and install options, visit the ASP.NET MVC Download Page. Here are a few helpful resources to help you learn more about this release. What’s New in ASP.NET MVC 2 Upgrading an ASP.NET...
If there’s one impression that Austin left on me, besides the one that Rudy’s “extra moist” barbecue left on my gut, is that it’s a developer friendly town. This past week I spent three days in Austin meeting with all sorts of developers and had many great conversations about technology. I met with companies and people with a passion for technology that couldn’t be suppressed. Meeting with Dell The reason I was in town was to give a couple of presentations at a mini-conference for Dell employees. On my first day in Austin, the day...
During the MVP summit, an attendee asked me for some help with a common scenario common among those building content management systems. He wanted his site to use human friendly URLs. http://example.com/pages/a-page-about-nothing/ instead of http://example.com/pages/123/ Notice how the first URL is descriptive whereas the second is not. The first URL contains a URL “slug” while the second one contains the ID for the content, typically associated with the ID in the database. This is easy enough to set up with routing, but there’s a slight twist. He still wanted the action method which...
If you have a model object with a property named Id, you may have run into an issue where your model state is invalid when binding to that model even though you don’t have an “Id” field in your form. The following scenario should clear up what I mean. Suppose you have the following simple model with two properties. public class Product {
public int Id { get; set; }
public string Name { get; set; }
}
And you are creating a view...
As many of you have probably heard, the release candidate for Visual Studio 2010 was recently released containing immense performance improvements and tons of bug fixes. Another thing that release contains is the release candidate for ASP.NET MVC 2. However, that release is not the latest release of ASP.NET MVC 2 as we recently released a second release candidate for ASP.NET MVC 2 in response to customer feedback. I apologize for the confusion this may have caused, but we really felt it was important to have another release candidate for ASP.NET MVC to help verify that we were...
UPDATE: This blog post is out-of date. We released the RTM of ASP.NET MVC 2 in March 2010. Read about it here.
Today I’m pleased to announce the availability of Release Candidate 2 for ASP.NET MVC 2. After receiving feedback from our last release candidate back in December, we decided it would be prudent to have one more release candidate that incorporated the feedback. You can read the release notes for everything that changed, there’s not a whole lot. The biggest change in this release was described by Brad Wilson in his blog post on Input Validation vs. Model...
When we released ASP.NET MVC 2 Beta back in November, I addressed the issue of support for Visual Studio 2010 Beta 2. Unfortunately, because Visual Studio 2010 Beta 2 and ASP.NET MVC 2 Beta share components which are currently not in sync, running ASP.NET MVC 2 Beta on VS10 Beta 2 is not supported. The release candidate for ASP.NET MVC 2 does not change the situation, but I wasn’t as clear as I could have been about what the situation is exactly. In this post, I hope to clear up the confusion (and hopefully...
Paternity leave is not all fun and games. Mostly it’s soothing an irate baby and toddler while dealing with explosive poo episodes. Believe me when I say the term “blow out” is apt. That’s probably not the imagery you were hoping for in a technical blog post, but I think you can handle it. ;) What!? It’s already time for an RC?! I think I need to be changed. While I’m on leave, the ASP.NET MVC team continues its hard work and is now ready to announce the release candidate for ASP.NET MVC 2. Go get it now! ...
This is the fourth post in my series on ASP.NET MVC 2 and its new features. ASP.NET MVC 2 Beta Released (Release Announcement) Html.RenderAction and Html.Action ASP.NET MVC 2 Custom Validation Localizing ASP.NET MVC Validation In my recent post on custom validation with ASP.NET MVC 2, several people asked about how to localize validation messages. They didn’t want their error messages hard-coded as an attribute value. It turns out that it’s pretty easy to do this. Localizing error messages...
UPDATE: I’ve updated this post to cover changes to client validation made in ASP.NET MVC 2 RC 2. This is the third post in my series ASP.NET MVC 2 Beta and its new features. ASP.NET MVC 2 Beta Released (Release Announcement) Html.RenderAction and Html.Action ASP.NET MVC 2 Custom Validation In this post I will cover validation. No, not that kind of validation, though I do think you’re good enough, you’re smart enough, and doggone it, people like you. Rather, I want...
Have you ever needed to quickly spawn a web server against a local folder to preview a web application? If not, what would you say you do here? This is actually quite common for me since I receive a lot of zip files containing web applications which reproduce a bug. After I unzip the repro, I need a way to quickly point a web server at the folder and run the web site. A while back I wrote about a useful registry hack to do just this. It adds a right click menu to start a web server...
You probably don’t need me to tell you that Visual Studio 2010 Beta 2 has been released as it’s been blogged to death all over the place. Definitely check out the many blog posts out there if you want more details on what’s included. This post will focus more on what Visual Studio 2010 means to ASP.NET MVC and vice versa. Important: If you installed ASP.NET MVC for Visual Studio 2010 Beta 1, make sure to uninstall it (and VS10 Beta 1) before installing Beta 2. In the box baby! Well one of the first things...
This is the first in a three part series related to HTML encoding blocks, aka the <%: ... %> syntax.
Html Encoding Code Blocks With ASP.NET 4
Html Encoding Nuggets With ASP.NET MVC 2
Using AntiXss as the default encoder for ASP.NET
One great new feature being introduced in ASP.NET 4 is a new code block (often called a Code Nugget by members of the Visual Web Developer team) syntax which provides a convenient means to HTML encode output in an ASPX page or view. <%: CodeExpression %>
...
One of the complaints I often here with our our default view engine and Pages is that there’s all this extra cruft in there with the whole page directive and stuff. But it turns out that you can get rid of a lot of it. Credit goes to David Ebbo, the oracle of all hidden gems within the inner workings of ASP.NET, for pointing me in the right direction on this. First, let me show you what the before and after of our default Index view (reformatted to fit the format for this blog). Before ...
UPDATEThis post is now obsolete. Single project areas are a core part of ASP.NET MVC 2. Preview 1 of ASP.NET MVC 2 introduces the concept of Areas. Areas provide a means of dividing a large web application into multiple projects, each of which can be developed in relative isolation. The goal of this feature is to help manage complexity when developing a large site by factoring the site into multiple projects, which get combined back into the main site before deployment. Despite the multiple projects, it’s all logically one web application. One piece of feedback I’ve already heard...
UPDATE: This post is outdated. ASP.NET MVC 2 RTM was released in March.
Four and a half months after my team released ASP.NET MVC 1.0, I am very happy to announce that the release of our first Preview of version 2 of ASP.NET MVC is now available for download. Go download it immediately and enjoy its coolness. :) Don’t be afraid to install it as it will sit nicely side-by-side with ASP.NET 1.0.
The release notes provide more details on what’s in this release and I’ve also updated the Roadmap on CodePlex, which describes the work we want to do in Preview...
This post is now outdated
I apologize for not blogging this over the weekend as I had planned, but the weather this weekend was just fantastic so I spent a lot of time outside with my son. If you haven’t heard yet, Visual Studio 2010 Beta 1 is now available for MSDN subscribers to download. It will be more generally available on Wednesday, according to Soma. You can find a great whitepaper which describes what is new for web developers in ASP 4 which is included. One thing you’ll notice is that ASP.NET MVC is not included...
A while back, I wrote about Donut Caching in ASP.NET MVC for the scenario where you want to cache an entire view except for a small bit of it. The more technical term for this technique is probably “cache substitution” as it makes use of the Response.WriteSubstitution method, but I think “Donut Caching” really describes it well — you want to cache everything but the hole in the middle. However, what happens when you want to do the inverse. Suppose you want to cache the donut hole, instead of the donut? I think we should nickname all of...
There are a couple of peculiarities worth understanding when dealing with title tags and master pages within Web Forms and ASP.NET MVC. These assume you are using the HtmlHead control, aka <head runat="server" />. The first peculiarity involves a common approach where one puts a ContentPlaceHolder inside of a title tag like we do with the default template in ASP.NET MVC: <%@ Master ... %>
<html>
<head runat="server">
<title>
<asp:ContentPlaceHolder ID="titleContent" runat="server" />
</title>
</head>
...
What’s nice about this approach is you can set the title tag...
In my last blog post, I walked step by step through a Cross-site request forgery (CSRF) attack against an ASP.NET MVC web application. This attack is the result of how browsers handle cookies and cross domain form posts and is not specific to any one web platform. Many web platforms thus include their own mitigations to the problem. It might seem that if you’re using Web Forms, you’re automatically safe from this attack. While Web Forms has many mitigations turned on by default, it turns out that it does not automatically protect your site against this specific form of...
A Cross-site request forgery attack, also known as CSRF or XSRF (pronounced sea-surf) is the less well known, but equally dangerous, cousin of the Cross Site Scripting (XSS) attack. Yeah, they come from a rough family. CSRF is a form of confused deputy attack. Imagine you’re a malcontent who wants to harm another person in a maximum security jail. You’re probably going to have a tough time reaching that person due to your lack of proper credentials. A potentially easier approach to accomplish your misdeed is to confuse a deputy to misuse his authority to commit the dastardly act...
Today I’m happy to write that ASP.NET MVC 1.0 RTW (Release To Web) is now officially released. This was one of several announcements ScottGu made at the Mix 09 conference today, which I unfortunately missed because I was on a plane to Vegas enroute to Mix 09. I was busy back at the mother ship making sure everything was in order for the release. Woohoo! It’s been nearly a year and a half since I joined Microsoft and started working on it and what a ride it’s been. Some highlights during that time: ...
Today I read something where someone was comparing Web Forms to ASP.NET MVC and suggested that Web Forms does a lot more than ASP.NET MVC to protect your site from malicious attacks. One example cited was that Server controls automatically handled HTML encoding so you don’t have to really think about it. The idea here is that Web Forms automatically protects you from XSS attacks. My friends, I’m afraid this is just not true. Take a look at the following page code. <%@ Page Language="C#" Inherits="System.Web.UI.Page" %>
<%
//For demo purposes,...
A while back on a lark, I posted a prototype demonstrating how one could use Routing within Web Forms. This is something you can do today with ASP.NET 3.5 SP1, because of the work we did to separate Routing from ASP.NET MVC. I would have liked to include Web Form Routing as part of the Routing feature when we were working on SP1, but we didn’t have the time to do so in a robust manner before SP1 was locked down. Since then, Scott Galloway, who just happens to be my office mate, has taken the reigns and is...
As I mentioned before, I’m really excited that we’re shipping jQuery with ASP.NET MVC and with Visual Studio moving forward. Just recently, we issued a patch that enables jQuery Intellisense to work in Visual Studio 2008. But if you’re new to jQuery, you might sit down at your desk ready to take on the web with your knew found JavaScript light saber, only to stare blankly at an empty screen asking yourself, “Is this it?” See, as exciting and cool as jQuery is, it’s really the vast array of plugins that really give jQuery its star power. Today...
This afternoon we released a refresh of our DLR/IronPython support for ASP.NET, now called “ASP.NET Dynamic Language Support”, on our CodePlex site. This was originally part of our July 2007 ASP.NET Futures package, along with several other features. As updates to these features were made available, we would have liked to remove them from the package, but we wanted to wait till everything within the package was updated. Well that time has come. This CodePlex release contains two exceedingly simple sample applications, one for WebForms and one for ASP.NET MVC. It’s compiled against the latest DLR assemblies, and...
Download the MSI and Release notes here. Last night we released ASP.NET CodePlex Preview 5 on CodePlex. Be on the lookout for one of those famous epic blog posts from ScottGu describing the release. In the meanwhile, the release notes contain short write-ups of what has changed. We didn’t originally plan to have another preview. However, we implemented a few significant chunks of functionality and were dying to get feedback so that we could incorporate it into the product before Beta. It helps that with five or so of these interim releases, we’ve become pretty efficient producing...
Yesterday, I wrote a quick and dirty ASP.NET HttpModule for displaying the time that a request takes to process. Note that by turning on trace output for a page, you can get timing information for that page. But as far as I understand, and I need to double check this, this only applies to the page lifecycle, which might not have all the information you want in the context of ASP.NET MVC. Not to mention, I just wanted to see a simple number at the end of the page and not have to wade through all that trace output....
A while back I wrote a routing debugger which is useful for testing your routes and seeing which routes would match a given URL. Rob suggested we have something like this for unit tests, so I whipped something simple up.
This is a class that allows you to test multiple different URLs quickly. You simply create the RouteEvaluator giving it a collection of routes and then GetMatches which returns a List<RouteData> containing a RouteData instance for every route that matches, not just the first one.
Here's a sample of usage.
[Test]
public void CanMatchUsingRouteEvaluator()
{
var routes = new RouteCollection();
GlobalApplication.RegisterRoutes(routes);
var...
Not long ago, my compadre Scott Hanselman related the following story... In a recent MVC design meeting someone said something like "we’ll need a Repeater control" and a powerful and very technical boss-type said: "We’ve got a repeater control, it’s called a foreach loop." I beg to differ. I think we can do better than a foreach loop. A foreach loop doesn’t help you handle alternating items, for example. My response to this story is, “The foreach loop is not our repeater control. Our repeater control is an iterating extension...
Made a few corrections on having default.aspx in the root due to a minor bug we just found. Isn’t preview code so much fun?
We’ve been making some changes to routing to make it more powerful and useful. But as Uncle Ben says, with more power comes more responsibility. I’ll list out the changes first and then discuss some of the implication of the changes.
Routes no longer treat the . character as a separator. Currently, routes treat the . and / characters as special. They are separator characters. The upcoming release of routing will only treat the...
Way down the road, it would be nice to be able to build ASP.NET MVC applications using a DLR language such as IronRuby. However, enabling DLR language support isn’t free.
There are going to be places in our design that are specific to statically typed languages (such as Attribute based filters) that just wouldn’t work (or would be too unnatural) with a dynamic language.
Ideally we can minimize those cases, and for the ones we can’t, we need to make sure the extensibility of the framework allows for extending the system in such a way that we can provide a DLR friendly...
UPDATE: I’ve added a NuGet package named "routedebugger" to the NuGet feed, which will make it much easier to install.
In Scott Hanselman’s wonderful talk at Mix, he demonstrated a simple little route tester I quickly put together.
This utility displays the route data pulled from the request of the current request in the address bar. So you can type in various URLs in the address bar to see which route matches. At the bottom, it shows a list of all defined routes in your application. This allows you to see which of your routes would match the current URL.
The reason this...
UPDATE: I updated the sample to work with the final version of ASP.NET Routing included with ASP.NET 3.5 SP1. This sample is now being hosted on CodePlex.
Download the demo here
In my last post I described how Routing no longer has any dependency on MVC. The natural question I’ve been asked upon hearing that is “Can I use it with Web Forms?” to which I answer “You sure can, but very carefully.”
Being on the inside, I’ve had a working example of this for a while now based on early access to the bits. Even so, Chris Cavanagh impressively beats me to...
At this year’s Mix conference, we announced the availability of the second preview for ASP.NET MVC which you can download from here. Videos highlighting MVC are also available. Now that I am back from Mix and have time to breathe, I thought I’d share a few (non-exhaustive) highlights of this release as well as my thoughts on the future. New Assemblies and Routing Much of the effort and focus of this release was put into routing. If you’ve installed the release, you’ll notice that MVC has been factored into three assemblies: ...
This is part 2 in an ongoing series in which I talk about various design and versioning issues as they relate to Abstract Base Classes (ABC), Interfaces, and Framework design. In part 1 I discussed some ways in which ABCs are more resilient to versioning than interfaces. I haven’t covered the full story yet and will address some great points raised in the comments.
In this part, I want to point out some cases in which Abstract Base Classes fail in versioning. In my last post, I mentioned you could simply add new methods to an Abstract Base Class and not...
Eilon Lipton recently wrote a bit about context objects in ASP.NET MVC and in an “Oh by the way” moment, tossed out the fact that we changed the IHttpContext interface to the HttpContextBase abstract base class (ABC for short). Not long after, this spurred debate among the Twitterati. Why did you choose an Abstract Base Class in this case? The full detailed answer would probably break my keyboard in length, so I thought I would try to address it in a series of posts. In the end, I hope to convince the critiques that the real point of...
By the way my blogging frequency has declined, you can guess I’ve been quite busy here at Microsoft preparing for the next release of ASP.NET MVC. It’s not just working on specs, design meetings, etc... that keep me busy. It’s preparing for several talks, various spec reviews, building hands on labs, demo and and app building, etc...that keeps me busy. All the while I am still learning the ropes and dealing with selling a house in L.A. and buying a house up here. There’s a lot that goes into being a PM I naively didn’t expect, on top...
UPDATE: I improved this based on some feedback in my comments.
With ASP.NET MVC it is possible for someone to try and navigate directly to a .aspx view. In general, this only leaves them with an ugly error message as Views typically need ViewData in order to work.
However, one approach that I think will easily work is to create a Web.config file in the root of your Views directory that contains the following.
We need to do more testing on our side to make sure there's no pathological case in doing this, but so far in my personal testing, it seems to...
The ASP.NET and Silverlight team are hiring! Brad Abrams (who happens to be my “grand-boss” as in my boss's boss) posted a developers wanted ad on his blog:
Are you JavaScript guru who has a passion to make Ajax easier for the masses?
Are you the resident expert in ASP.NET and consistently think about how data driven applications could be easier to build?
Are you a TDD or patterns wonk that sees how ASP.NET MVC is a game-changer?
Are you excited about the potential of...
I just received a few advanced copies of our new book and am giving away three of them to the first three people who leave a comment on this post. But there’s a catch! You have to have a blog and promise to write a review on your blog. This is on the honor system so I’ll send you the book and you can then review it. In your comment, leave your email address in the email field (it’s not visible to anyone else) and I’ll follow up to get your mailing address. Also let me know if you want...
Remember the book I mentioned that I was writing along with a few colleagues? Well it is finally available for pre-order on Amazon.com! If you love me, you’ll buy five copies each. No. Ten copies! Or, you could wait for the reviews and buy the book on its own merits, which I hope it warrants. But what’s the fun in that? All kidding aside, this was a fun and tiring collaborative effort with Jeff “Coding Horror” Atwood, Jon Galloway, K. Scott Allen, and Wyatt Barnett. The book aggregates our collective wisdom on the topic of building web applications with...
UPDATE: K. Scott Allen got to the root of the problem. It turns out it was an issue of precedence. Compiler options are not additive. Specifying options in @Page override those in web.config. Read his post to find out more. Conditional compilation constants are pretty useful for targeting your application for a particular platform, environment, etc... For example, to have code that only executes in debug mode, you can define a conditional constant named DEBUG and then do this... #if DEBUG
//This code only runs when the app is compiled for debug
Log.EverythingAboutTheMachine();
#endif
It’s not common knowledge to me that these constants...
Not too long ago I wrote a blog post on some of the benefits of Duck Typing for C# developers. In that post I wrote up a simplified code sample demonstrating how you can cast the HttpContext to an interface you create called IHttpContext, for lack of a better name.
Well I couldn’t just sit still on that one so I used Reflector and a lot of patience and created a set of interfaces to match the Http intrinsic classes. Here is a full list of interfaces I created along with the concrete existing class (all in the System.Web namespace except...
First, let me start off with some praise. I really really like Windows Live Writer. I’ve praised it many times on my blog. However, there is one thing that really annoys me about WLW, it’s utter disregard for web standards and the fact that injects crap I don’t want or need into my content.
Of particular annoyance is the way that WLW adds attributes that are not XHTML compliant. For example, when you use the Insert Tags feature, it creates a div that looks something like:
<div class="wlWriterEditableSmartContent"
id="guid1:guid2"
contenteditable="false"
style="padding-right: 0px; display: inline; padding-left: 0px;...
ELMAH, which stands for Error Logging Modules and Handlers for ASP.NET, is an open source project which makes it easy to log and view unhandled exceptions via its pluggable architecture. Having been around a while, a lot has already been written on it so I won’t rehash all that information. For more details, you can read the following: Using HTTP Modules and Handlers to Create Pluggable ASP.NET Components ELMAH page on Google Code All you need to know for the purposes of this post is that...
I have a confession. I am an Open Source developer and my platform of choice is the .NET framework by Microsoft. Not only that, I actually believe it is a good thing to support Open Source projects in the Microsoft ecosystem. Yeah, really. In response to this tidbit, I have heard and am bracing to hear replies such as... Why would you do that (support Open Source on Microsoft)? Or It can’t be Open Source if it’s on the Microsoft platform. One rationale given is that it ain’t really Open Source unless the entire stack is Open Source. I call this the all or nothing...
Testing code written for the web is challenging. Especially code that makes use of the ASP.NET intrinsic objects such as the HttpRequest object. My goal is to make testing such code easier. A while ago, I wrote some code to simulate the HttpContext in order to make writing such unit tests easier. My goal wasn’t to replace web testing frameworks such as Selenium, Watin, or AspUnit. Instead, I’m a fan of the Pareto principle and I hoped to help people easily reach the 80 of the 80/20 rule before reaching out to one of these tools to cover...
One praiseworthy aspect of ASP.NET 2.0 is its much improved XHTML compliance. However, there is one particular implementation detail related to this that causes some web designs to break and could have been implemented in a better manner. The detail is how ASP.NET 2.0 will wrap a DIV tag around hidden input fields. My complaint isn’t that Microsoft added this DIV wrapper, because it is needed for strict compliance. My complaint is that there is no CSS class or id on the DIV to make it easy to exclude CSS styling on it. For example, here is a snippet from the output of...
Simone Chiaretta, a member of the Subtext development team (among other open source projects), has been quite busy lately. I recently mentioned the Vista Sidebar Gadget for CruiseControl.NET he published. He also was recently in a video interview by MindBlog. Go Simo! The post that caught my eye recently is how to make a Gmail-like loading indicator with ASP.NET Ajax. This is a nice demonstartion of how to use the ASP.NET Ajax library to simulate various styles of user interface. Personally though, I’m not a fan of this particular loading indicator at the page level. When I have my...
My Coworker (and Subtext co-admin) Steve Harman writes about a weird double PostBack issue he ran into recently when using CSS Friendly Control Adapters with the CreateUserWizard Membership Provider control. So far he hasn’t received much in the way of feedback in the forums yet. Have any of you run into this? Technorati tags: ASP.NET, CSS
Maybe this is obvious, but it wasn’t obvious to me. I’m binding some data in a repeater that has the following output based on two numeric columns in my database. It doesn’t matter why or what the data represents. It’s just two pieces of data with some formatting:
42, (123)
Basically these are two measurements. Initially, I would databind this like so:
<%# Eval("First") %>, (<%# Eval("Second") %>)
The problem with this is that if the first field is null, I’m left with this output.
, (123)
Ok, easy enough to fix using a format string:
<%# Eval("First", "{0}, ") %>(<%# Eval("Second") %>)
But now I’ve learned that...
UPDATE: Luke Wroblewski posted a link in my comments to his Best Practices for Form Design PDF. It is 100+ pages chock full of good usability information concerning forms. Thanks Luke! James Avery writes about the Art of Label Placement in which he links to a few great articles on form design and label placement. Web Application Form Design by Luke Wroblewski - This article covers the best ways to arrange labels and submission buttons. Web Application Form Design Expanded by Luke Wroblewski - Another great article from Luke W. expanding on the same topics. Label Placement in Forms by Matteo...
Some people think the ViewState is the spawn of the devil. Not one to be afraid of being in bed with the devil, I feel a tad bit less negative towards it, as it can be very useful.
Still, it has its share of disadvantages. It sure can get bloated. Not only that, but disabling ViewState can wreack havock with the functionality of many controls.
This is why ASP.NET 2.0 introduces the control state. The basic idea is that there is some state that should be considered the data for the control, while other state is necessary for the control to function. For example,...
Scott Watermasysk has a great set of Quick Tips for ASP.NET on his blog. And this is only part one! I’m Looking forward to seeing the subsequent posts of this series.
However, I disagree slightly with his tip to Never use the ASP.NET Label control. I would rephrase it to:
Never use the ASP.NET Label control when a Literal would do.
The problem is not the Label control. The problem is treating the Label control as if it was merely a Literal control.
The Label control has a specific usage, to be a label for a form input. For example, check out this screenshot of...
How do you uniquely identify a person, without divulging the identity of that person? For example, given a set of personal artifacts, how would I arrange the set of artifacts grouped by the person to which they belonged?
The answer is quite easy, isn’t it (especially given the title of this blog post and the image to the right)? You can look at the fingerprints on the items.
Unless you happened to have a file that mapped the fingerprints to individuals, you won’t know who the comb and mirror belong to, for example, only that they do belong to the same person and...
I’m currently working on an interesting project to develop a series of HTTP services used by games running on the RIM Blackberry. These services will enable players to compete against one another (though not in real time) in various games and see high scores, challenge friends, etc.... It brings a social aspect to gaming on your blackberry device. The games are written in Java and I’m using a Blackberry emulator for testing the interaction between the game and the services. I’m running the service at localhost on my local machine to allow me to step through the debugger when necessary. ...
Last night a unit test saved my life (with apologies). Ok, maybe not my life, but the act of writing some unit tests did save me the embarrasment of an obscure bug which was sure to hit when I least expected it. It is cases like this that made me into such a big fan of writing automated unit tests.
Not too long ago I wrote a C# Akismet API for Subtext. In writing the code, I followed design principles focused on making the API as testable as possible. For example, I applied Inversion of Control (IOC) by having the AkismetClient constructor take...
One of the hidden gems in ASP.NET 2.0 is the new expression syntax. For example, to display the value of a setting in the AppSettings section of your web.config, you can do this: <asp:Label Text="<%$ AppSettings:AnotherSetting %>"
ID="setting"
runat="server" />
Notice that the value of the Text property of the Label control is set to an expression that is similar to the DataBinding syntax (<%#), but instead of a pound sign (#) it uses a dollar sign ($).
Expressions are distinguished by the expression prefix. In the above example, the prefix is AppSettings. The...
One of the benefits of writing an ASP.NET book is that it forces me to spend a lot of time spelunking deep in the bowels of ASP.NET uncovering all sorts of little gems I never noticed the first time around. Many of these little morsels should end up in the book, but I thought I would blog about a few of them as I go along. This is all part of the weird situation I find myself in while writing this book. I thought I would just sit down and all the words would flow. Instead, no matter how motivated I...
This one is probably old news to many of you, but I just recently ran across it. Every time I want to add a new control to a new page, I get annoyed because I have to remember that annoying syntax for registering a control.
Let’s see...how does it go again? Do I have to add a TagName attribute? No, that’s for user controls. Hmmm, forget it, I’ll just dynamically add it! Well in the interest of reducing future angst, here are two examples of the syntax, one for a custom control and one for a user...
Dave (a Subtext developer) just blogged about a project template he created for creating Atlas applications using the Web Application Project (WAP). This is wicked useful for those of us who prefer Web Application Projects over Web Site Projects. Tags: ASP.NET, Atlas
In a recent post I ranted about how ASP.NET denies WebPermission in Medium Trust. I also mentioned that there may be some legitimate reasons to deny this permission based on this hosting guide. Then Cathal (thanks!) emailed me and pointed out that the originUrl does not take wildcards, it takes a regular expression. So I updated the <trust /> element of web.config like so: <trust level="Medium" originUrl=".*" />
Lo and Behold, it works! Akismet works. Trackbacks work. All in Medium Trust.
Of course, a hosting provider can easily override this as Scott Guthrie points out in my comments. I need to stop...
This is a bit of rant born out of some frustrations I have with ASP.NET. When setting the trust level of an ASP.NET site, you have the following options:Full, High, Medium, Low, Minimal It turns out that many web hosting companies have chosen to congregate around Medium trust as a sweet spot in terms of tightened security while still allowing decent functionality. Only natural as it is the one in the middle. For the most part, I am sure there are very good reasons for which permissions make it into Medium trust and which ones are not allowed. But...
Recently I wrote a .NET based Akismet API component for Subtext. In attempting to make as clean as interface as possible, I made the the type of the property to store the commenter’s IP address of type IPAddress. This sort of falls in line with the Framework Design Guidelines, which mention using the Uri class in your public interface rather than a string to represent an URL. I figured this advice equally applied to IP Addresses as well. To obtain the user’s IP Address, I simply used the UserHostAddress property of the HttpRequest object like so. HttpContext.Current.Request.UserHostAddress
The UserHostAddress property is...
Jeff Atwood asks the question in a recent post if writing your own blog software is a form of procrastination (no, blogging is). I remember reading something where someone equated rolling your own blog engine is the modern day equivalent of the Hello World program. I wish I could remember where I heard that so I can give proper credit. UPDATE: Kent Sharkey reminds me that I read it on his blog. It was a quote from Scott Wigart. Thanks for the memory refresh Kent! Obviously, as an Open Source project founder building a blog...
UPDATE: This code is now hosted in the Subkismet project on CodePlex.
Not too long ago I wrote about using heuristics to fight comment spam. A little later I pointed to the NoBot control as an independent implementation of the ideas I mentioned using Atlas.
I think that control is a great start, but it does suffer from a few minor issues that prevent me from using it immediately.
It requires Atlas and Atlas is pretty heavyweight.
Atlas is pre-release right now.
We’re waiting on a bug fix in Atlas...
UPDATE: Looks like this will get fixed in the next release according to a comment on Steve’s blog. Steve Harman, a Subtext developer, was prototyping using Atlas in Subtext and encountered a rather problematic bug. Not only did he encounter the bug, he went through the hard work to dig into the source of the bug right down to the line of code and proposes a fix. How is that for constructive criticism? Unfortunately, he hasn't received any response from the Atlas team (at the time of this posting) regarding whether or not they recognize this as a bug...
Remember my recent post in which I suggested that we need more heuristic approaches to the comment spam problem? Check out this new NoBot control in the Atlas Control Toolkit. I wonder if this came out before or after I wrote my piece, because I don’t want y’all to think I cribbed my ideas from this control. It has a couple features that I mentioned. Forcing the client’s browser to perform a configurable JavaScript calculation and verifying the result as part of the postback. (Ex: the calculation may be a simple numeric one, or may also involve the...