Feel free to post your comments, I'm interested in your reactions to the articles.
Tuesday, December 29, 2009
Cyber Security Related News
Hey everyone, I wanted to share with you two cyber security related news articles. They're pretty interesting and the most interesting part about both articles are the methods that both attackers used to commit their crimes.
Saturday, December 12, 2009
Search and filter items of an ASP.NET GridView control using jQuery
Hey everyone, today I wanted to share with you how search and filter items of an ASP.NET GridView control using jQuery. Lets begin with the reason why I decided to right this post. Every fall , a co-worker and myself provides technical support for a firm-wide application where we manage individual attorney profiles which consists of their security rights and language setting. The main module we use to manage attorney profiles is an aspx page that has a GridView control filled with a list of all attorneys within the firm, which is close to 2000 employees. On a typical day we get requests to change an attorney's language setting or modify their security rights, which at first can be tedious because we need to scroll down the page just to find one user out of 2000. So after a while, I got tired of doing this and came up with a way to search for users easily within a GridView control. Let's take a look on how I did this.
Some of code for this post comes from a previous article that I read called 'Search and Filter Items of ASP.NET Drop Down List using jQuery', I encourage to check it out when you can. Let's begin with the interface. Take a look at 'Figure 1', in my example I'm using the Northiwind database where I'm displaying all product information including the supplier names. Pretty simple interface, a TextBox and GridView control. The TextBox is used to type in the product name that you're looking for.
Figure 1
When a user begins to type into the TextBox, the application filters the GridView to show products where the product name contains or beings with the prefixed text typed into the TextBox control .Look at Figure 2.
Figure 2
Notice that the GridView has shrunk based on the prefixed text in the TextBox control. Notice at the top of the GridView appears text that displays the number items that matched your keyword search. Look at Figure 3.
Figure 3
Now that we have seen the interface, let's take a look at the code behind. Take look at 'Figure 4' where it shows the page's html markup. As you can see I have a GridView and SqlDataSource controls. The GridView.DataSource property uses to the SqlDataSource control as its data source to retrieve product information and the SqlDataSource.SelectCommand property has a select statement that retrieves all product information from the Northwind.Products table.
Figure 4
Let's move onto the jQuery code. Take a look at 'Figure 5', the first half of this code retrieves references to all controls on the page. The $gridView variable contains a reference to the GridView control and the $employeeTextBox variable contains a reference to the TextBox control. Next, we have a $headerItems variable which contains the GridView header row and the $employeeItems variable is all rows besides the GridView header row,which includes the product name. Just as a side note, I'm using the 'filter' method in jQuery for both the $headerItems and $employeeItems variables to retrieve rows that have a 'scope' attribute value of 'col' for the $headerItems variable and retrieve rows that have an anchor control with a 'id' attribute value of 'lnkBtn' for the $employeeItems variable . As you can see the anchor controls displays the product name which I will use for filtering. I have to do it this way because the GridView control is represented as an html table through the browsers, so by using jQuery I can take advantage of jQuery's DOM functionality to extract the 'tr' rows that I need from the GridView. 'Figure 6' shows you the 'View Source' view of a GridView how it displays in your browser.The next line set's the focus to the TextBox control and then finally I'm attaching a keyup event where I'm calling the searchGV function, so every time the user types in a character, the searchGV is called.
Figure 5
Figure 6
The searchGV function performs the filtering based on the text coming from the TextBox control. Figure 7 shows the entire implementation. The first line removes all rows from the GridView control, then we're using regular expression to provide a search term to find all matching product names within the $employeeItems variable. The .grep function bascially finds all matching text and returns them to an array. Next we build the GridView header row since it was removed by the first line and re-add it back to the GridView control, then we check if the arr.length is greater then zero.If true, then we display the number of items found to a span element, then using the .each function we can iterate through the arr object and append each item to the GridView control.
Figure 7
That's it. I hope you enjoy this post and let me know if you liked it or not. Below is a link to the sample solution for you to download.
Thank You Again,
Sunday, September 20, 2009
Tip of the Day: Maintain Order
Last week I was finishing up an upgrade for an ASP.NET app to 3.5, while testing I came across a problem loading data correctly into a strongly type dataset. I notice while debugging the application, that one of the DataTable object was empty, meaning no data and another DataTable object containing the wrong data. What happen? Let's find out. In this post I will provide a sample application that will help you understand the scenario that I was facing.
First I have a stored procedure called dbo.CustomerData which has three select statements. The first select statement returns all Northwind employees that have worked with a customer, the second returns the customer name and primary contract full name and the third returns all orders made by the customer.
- Customer - this contains columns for customer name and primary contact.
- CustomerSalesRep - this contains columns for last name, first name and title.
- CustomerOrderHistory - this contains columns for customer name, order date and order total.
As you can see the LoadDataSet method accepts three parameters, a DbCommand object, a Dataset object and a string array. I want to point out that the string array is a collection of DataTable object names that comes from the CustomerData dataset. When the LoadDataSet method is called, each DataTable object will be populate based on the order they exist in the string array, so in this case the order is Customer, CustomerSalesRep and CustomerOrderHistory. Now we're ready to run the application.When I ran the application the customer name and primary contact information was missing. What happen? The application ran without any exceptions, so I know that the dataset was loaded properly. What could of happen? Next I debugged the application and I had set a breakpoint right above the line where the code will display the customer name and what I found was that the Customer DataTable object was empty. Also the CustomerSalesRep had exceptions, but the CustomerOrderHistory contained valid data. Below is a 'Watch' window view which shows the details for the CustomerData DataSet object.
That's strange....only the CustomerOrderHistory DataTable object contains valid data. My next thought was to run the dbo.GetCustomerData stored procedure to review the result sets.
Ahh yes, the problem was with the order in which the return data came in. Notice how the customer sales rep came before the company data. The LoadDataSet is not smart of enough, and it shouldn't be, to identify DataTable objects with its corresponding result sets. The LoadDataSet just populates the dataset DataTable objects one by one based on the order in the string array, so in our case the customer sales rep result set was loaded with the Customer DataTable object, then the customer result set was loaded with the CustomerSalesRep DataTable object and then finally the customer order history result set was loaded with the CustomerOrderHistory DataTable object.
To fix the problem all we have to do is switch the customer select statement with the customer sales rep select statement:
As you can see if we re-run the application again all DataTable objects are populate with the correct data.
I hope you learned something. Enjoy!!!
Attached is a sample project that includes full sample code that I've used in this post. This project uses the Northwind database and uses the Enterprise Library 3.1. You can download the Enterprise Library 3.1 from here and you can download the Northwind database from here .
Sunday, August 9, 2009
Developer Evangelist E-Book
Hey everyone, check out the "Developer Evangelist" e-book written by Chris Heilmann....
http://developer-evangelism.com/handbook.php..
It's a easy read and so far I like it.....Enjoy!!!
http://developer-evangelism.com/handbook.php..
It's a easy read and so far I like it.....Enjoy!!!
Saturday, August 8, 2009
Career Goals
Hello everyone, I decide to share my career goals to inspire others to share their career goals as well.
By 30:
By 30:
- Become closer to GOD.
- Become more involve in project management tasks and duties.
- Become more involve in SharePoint and receive my MCTS in SharePoint.
- Become an expert in WCF and REST and recieve my MCTS in WCF development.
- Have a better understanding of SOA.
- Become a better public speaker.
- Become a senior software developer.
- Give back to my community by helping they youth persue a career in science or technology.
- Become a CIO or CTO for a company.
- Become a better public speaker.
- Write articles for tech magazines.
- Give back to my community...
- Become a president and CEO of my own company.
- Become a better public speaker.
Friday, July 24, 2009
Tip of the Day: MicrosftWord and Impersonation
Here's a useful tip....
If you're using the Microsoft.Office.Interop.Word assembly in your asp.net application, before you begin using the API via code, you must impersonate the current user. Below are two examples on how to impersonate in ASP.NET:
Setting impersonation through configuration settings:
Setting impersonation through code:
Right before you being to instantiate Microsoft Word classes such as Application or Document, add the following code in red:
WindowsIdentity iUser = (WindowsIdentity)HttpContext.Current.User.Identity;
WindowsImpersonationContext wic = iUser.Impersonate();
Microsoft.Office.Interop.Word.Application oWord = new Microsoft.Office.Interop.Word.Application();Microsoft.Office.Interop.Word.Document oWordDoc = new Microsoft.Office.Interop.Word.Document();
The reason why you have to impersonate is because your ASP.NET application runs under the network service account and normally the network service account is not a valid user under Micrsoft Word. Because of this, you must impersonate a trusted(valid) user in order use the Microsoft Word assembly via code.
Enjoy!!
If you're using the Microsoft.Office.Interop.Word assembly in your asp.net application, before you begin using the API via code, you must impersonate the current user. Below are two examples on how to impersonate in ASP.NET:
Setting impersonation through configuration settings:
Add the following code highlighted under the system.web element.
Setting impersonation through code:
Right before you being to instantiate Microsoft Word classes such as Application or Document, add the following code in red:
WindowsIdentity iUser = (WindowsIdentity)HttpContext.Current.User.Identity;
WindowsImpersonationContext wic = iUser.Impersonate();
Microsoft.Office.Interop.Word.Application oWord = new Microsoft.Office.Interop.Word.Application();Microsoft.Office.Interop.Word.Document oWordDoc = new Microsoft.Office.Interop.Word.Document();
The reason why you have to impersonate is because your ASP.NET application runs under the network service account and normally the network service account is not a valid user under Micrsoft Word. Because of this, you must impersonate a trusted(valid) user in order use the Microsoft Word assembly via code.
Enjoy!!
Wednesday, July 15, 2009
Tip of the Day: WCF & Impersonation
Hey everyone, I want to share with you a tip on how to enable impersonation with your WCF service applications.
Let me begin with my situation first. I have a WCF service application that manages inventory data from a database. The solution includes a service, business and data layers that works togeather in updating and retrieve inventory data. In my service layer, I have service called Invenotry.svc that contains single service operation called UpdateInventory. UpdateInventory accepts two paramters, the product id and the number of products to add or
subtract from inventory. Once I had everything compiled and built, I was ready to test. For testing I'm using the WcfTestClient.exe tool, which provides a simple interface for testing your WCF services. During my testing, my application threw an exception, "The UPDATE permission was denied on the object 'Inventory', database 'GreatValueBookStore', schema 'dbo'.". At first, I was like huh? So I googled the exception and found most people were experencing the same issue, no support for impersonation. Since the WCF application is running on IIS, I know that the network service account runs as the default user, which explains the exception, because the network service account does not have rights to modify data in the my local database. Next I posted a question to an MSDN WCF fourm. Within mintues a user replyed with a series of msdn articles on how to implement security and impersonation with an WCF applications. The articles very helpful and I found what I need to resolve my issue.. So let me show you how to implement impersonation in WCF....
In your service contract, add the following code on top of your service operation:
Let me begin with my situation first. I have a WCF service application that manages inventory data from a database. The solution includes a service, business and data layers that works togeather in updating and retrieve inventory data. In my service layer, I have service called Invenotry.svc that contains single service operation called UpdateInventory. UpdateInventory accepts two paramters, the product id and the number of products to add or
subtract from inventory. Once I had everything compiled and built, I was ready to test. For testing I'm using the WcfTestClient.exe tool, which provides a simple interface for testing your WCF services. During my testing, my application threw an exception, "The UPDATE permission was denied on the object 'Inventory', database 'GreatValueBookStore', schema 'dbo'.". At first, I was like huh? So I googled the exception and found most people were experencing the same issue, no support for impersonation. Since the WCF application is running on IIS, I know that the network service account runs as the default user, which explains the exception, because the network service account does not have rights to modify data in the my local database. Next I posted a question to an MSDN WCF fourm. Within mintues a user replyed with a series of msdn articles on how to implement security and impersonation with an WCF applications. The articles very helpful and I found what I need to resolve my issue.. So let me show you how to implement impersonation in WCF....
In your service contract, add the following code on top of your service operation:
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
This tells WCF that the service operation must impersonate the caller's identity.
Next in your configuration file add the folllowing code:
Then in your service's endpoint, supply the bindingName attribute with the value "WindowsBinding":
This tells WCF that the service operation must impersonate the caller's identity.
Next in your configuration file add the folllowing code:
Then in your service's endpoint, supply the bindingName attribute with the value "WindowsBinding":
This sets the type of client credential to be used for authentication, in this case, Windows.
Then finally on your client application add the following code right before you make a call to a service operation:
InventoryClient.InventoryClient inventoryClient = new InventoryClient.InventoryClient();
inventoryClient.ClientCredentials.Windows.AllowedImpersonationLevel =
System.Security.Principal.TokenImpersonationLevel.Impersonation;
This allows the client to be impersonated when calling the service operation from the client.
That's it!!!!
You can download the sample code below:
InventoryClient.InventoryClient inventoryClient = new InventoryClient.InventoryClient();
inventoryClient.ClientCredentials.Windows.AllowedImpersonationLevel =
System.Security.Principal.TokenImpersonationLevel.Impersonation;
This allows the client to be impersonated when calling the service operation from the client.
That's it!!!!
You can download the sample code below:
Monday, June 29, 2009
Tip of the Day: Visiblity issue with the DIV element and MS Word
Problem:
If you have a table inside of a div element and you're hiding your div element by setting the CSS display property to none, if you copy and paste your div element to word from the ASPX web page, then the table and its contents will appear in the word document.
Solution:
Convert the DIV html element into a server control by applying the runat server tag to the control and provide an unique id value.
Code Link:
If you have a table inside of a div element and you're hiding your div element by setting the CSS display property to none, if you copy and paste your div element to word from the ASPX web page, then the table and its contents will appear in the word document.
Solution:
Convert the DIV html element into a server control by applying the runat server tag to the control and provide an unique id value.
Code Link:
Tuesday, March 10, 2009
MSDN Events: Azure, Debugging and Mobility
For those of you that are interested in "Cloud Computing" and want to see what Microsoft is doing with regards to "Cloud Computing", then check out this event at http://www.msdnevents.com/ . I will be attending the event in Pittsburgh on March 24th. I hope to see you there. Its free !!!!!
Subscribe to:
Posts (Atom)