ASP.NET 4.5 and ASP.NET Core 1 Hosting BLOG

Tutorial and Articles about ASP.NET 4.0 and the latest ASP.NET 4.5 Hosting

ASP.NET 4.5 Hosting :: Task Parallel Library Improvements (Parralel Programming)

clock August 28, 2013 06:59 by author Mike

Microsoft has introduced a new set of libraries, diagnostic tools and  runtime in .NET 4.0 to enhance support for parallel computing. The main objective of these features is to simplify parallel development, i.e., writing parallel code in a natural idiom without having to work directly with threads. Microsoft has been working on ways to improve the performance of parallel applications in .NET 4.5, specifically those using the Task Parallel Library. Here is a preview of what you can expect to see:



Task, Task<TResult>
At the core of .NET’s parallel programming APIs is the Task object. With such an important class Microsoft took great pains to ensure it is as small as possible. Most of the properties for Task are stored not in the class itself, but rather a secondary object called ContingentProperties. This secondary object is created on an as-needed basis, thus reducing the memory footprint for the most common scenarios.

When .NET 4.0 was released the most common scenario was fork-join style programming such as seen with Parallel.ForEach and Parallel LINQ. With .NET 4.5 and the introduction of async, continuation style programming takes the forefront. Microsoft is so confident that this will be the predominate style that they are moving ContinuationObject into Task and the other fields into ContingentProperties. The end result is faster continuations and a smaller Task object.

The net result was a 49 to 55% reduction in the time it takes to create a Task<Int32> and a 52% reduction in size.


Task.WaitAll, Task.WaitAny
Imagine waiting for 100,000 tasks at the same time. On an x64 machine that would introduce 12,000,000 bytes of overhead above and beyond the size of the tasks themselves. With .NET 4.5 that overhead has dropped to a mere 64 bytes. WaitAny likewise dropped from 23,200,000 bytes of overhead to 152 bytes.

This dramatic change came about due to a change in how kernel synchronization primitives are used. In previous versions one primitive was needed per task. This has been reduced to one per wait operation, regardless of the number of tasks involved.

ConcurrentDictionary

In .NET only reference types and small value types can be assigned atomically. Larger value types such as Guid require are not read and written atomically. To work around this in .NET 4.0, the node objects used by the ConcurrentDictionary are recreated each time the value associated with a key is changed. In .NET 4.5 new nodes are only created if the values cannot be atomically written.To Improve Performance, Reduce Memory Allocations.

One way to reduce memory usage is to avoid using closures. Rather than capturing a local variable inside an anonymous function, one can pass in that information to the Task’s constructor as its “state object”. Starting with .NET 4.5, Task.ContinueWith will also support state objects.

Another technique to reduce memory usage is to cache common used tasks. For example, consider a function that accepts an array and returns a Task<int>. Since the result for the empty array case will always be the same, it would make sense to cache the Task representing the empty array.

The next tip is to avoid unnecessarily “inflating” tasks. A task is inflated when something triggers the creation of its ContingentProperties object. The most common causes for this are:

  • The Task is created with a CancellationToken
  • The Task is created from a non-default ExecutionContext
  • The Task is participating in “structured parallelism” as a parent Task
  • The Task ends in the Faulted state
  • The Task is waited on via ((IAsyncResult)Task).AsyncWaitHandle.Wait()

It should be noted that task inflation isn’t necessarily a bad thing. Rather, it is something to be aware of so that one doesn’t do unnecessary things such as pass in a CancellationToken that isn’t ever used.



ASP.NET 4.5 Hosting – ASPHostPortal.com :: Optimize Your Website Performance with ASP.NET 4.5

clock June 28, 2013 06:45 by author Ben

Microsoft ASP.NET is today the most powerful and fastest growing platform for Web development. ASP.NET powers some of world's largest Web sites and most demanding applications. And now, ASP.NET 4.5 can optimization your website performance.

Typical web site contains CSS files, Images and Javascript files along with you HTML elements. CSS files, Images and JS files will take some time to load into the browser though the loading time is in milliseconds but matters. The HTML is not taking much time but other elements are taking time to load in to the browser. The Typical ASP.NET web site might look like as below in Visual Studio. It may contain Scripts  folder, Images Folder, Styles Folder and a Default aspx page.

The first problem that we can see that too many HTTP requests which are going to images, CSS files and to JavaScript files.

ASPHostPortal.com is Microsoft No #1 Recommended Windows and ASP.NET Spotlight Hosting Partner in United States. Microsoft presents this award to ASPHostPortal.com for ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2012, ASP.NET 4.5, ASP.NET MVC 4.0, Silverlight 5 and Visual Studio Lightswitch. Click here for more information

We can use Bundling and Minifying the files to reduce those requests. In ASP.NET 4.5 you have the built-in features to these. Write one line of code in Global.asax to bring these HTTP Requests down.

The above line enables the minification for CSS and Javascript files, only these two. Minifying means removing whitespaces, comments and everything that browser does not need to understand. We can really compress these files using this technique.

Basically this bundling technique looks at the folder and takes all the files inside and bundles them into one file, no matter how many are in the folder. This all happens at runtime. It only happens at once.

The order of bundling of your files goes as first it takes all Jquery scripts first and then it takes custom scripts alphabetically from your solution explorer.

Instead of doing the references to individual files, You can do this

Styles/CSS is the convention. Folder name / CSS bundles all the css files on that folder. We can do the same foe JavaScript like this

Suppose if you want to bundle the files by taking from different directories in

In above code we are registering our own bundle named mycss and then we are adding file styles.css and a directory styles.

Compress components with gZip. we can enables this on IIS. You tell the server everything that respond to client that text based zip it. You can do this by changing the couple of attribute values in web.config file

In IIS 7.5 it enables for you by default, if you running on windows server 2008 then you need to set the attribute values to true.

Encoding the Images to Base64 Images

Above code shows before and after encoding the image.

You may not want to encode all images in your project but if you want the images that you want to embed along with style sheets then you can write some regular expressions as shown below.

We can even transform your response further using coffee script as shown below

You can optimize the images in your folder by using Visual Studio extension tool named Optimize Images and then you can refresh folder and compile.



ASP.NET 4.5 Hosting - ASPHostPortal.com :: Tips to Prevent Cross-Site Scripting in ASP.NET

clock June 14, 2013 08:27 by author Ben

Summary
This How to shows how you can help protect your ASP.NET applications from cross-site scripting attacks by using proper input validation techniques and by encoding the output. It also describes a number of other protection mechanisms that you can use in addition to these two main countermeasures.

Cross-site scripting (XSS) attacks exploit vulnerabilities in Web page validation by injecting client-side script code. Common vulnerabilities that make your Web applications susceptible to cross-site scripting attacks include failing to properly validate input, failing to encode output, and trusting the data retrieved from a shared database. To protect your application against cross-site scripting attacks, assume that all input is malicious. Constrain and validate all input. Encode all output that could, potentially, include HTML characters. This includes data read from files and databases.

Contents

  • Objectives
  • Overview
  • Summary of Steps
  • Step 1. Check That ASP.NET Request Validation Is Enabled
  • Step 2. Review ASP.NET Code That Generates HTML Output
  • Step 3. Determine Whether HTML Output Includes Input Parameters
  • Step 4. Review Potentially Dangerous HTML Tags and Attributes
  • Step 5. Evaluate Countermeasures
  • Additional Considerations
  • Additional Resources

Objectives

  • Understand the common cross-site scripting vulnerabilities in Web page validation.
  • Apply countermeasures for cross-site scripting attacks.
  • Constrain input by using regular expressions, type checks, and ASP.NET validator controls.
  • Constrain output to ensure the browser does not execute HTML tags that contain script code.
  • Review potentially dangerous HTML tags and attributes and evaluate countermeasures.

Overview
Cross-site scripting attacks exploit vulnerabilities in Web page validation by injecting client-side script code. The script code embeds itself in response data, which is sent back to an unsuspecting user. The user's browser then runs the script code. Because the browser downloads the script code from a trusted site, the browser has no way of recognizing that the code is not legitimate, and Microsoft Internet Explorer security zones provide no defense. Cross-site scripting attacks also work over HTTP and HTTPS (SSL) connections.

One of the most serious examples of a cross-site scripting attack occurs when an attacker writes script to retrieve the authentication cookie that provides access to a trusted site and then posts the cookie to a Web address known to the attacker. This enables the attacker to spoof the legitimate user's identity and gain illicit access to the Web site.

Common vulnerabilities that make your Web application susceptible to cross-site scripting attacks include:

  • Failing to constrain and validate input.
  • Failing to encode output.
  • Trusting data retrieved from a shared database.

Guidelines
The two most important countermeasures to prevent cross-site scripting attacks are to:

  • Constrain input.
  • Encode output.

Constrain Input
Start by assuming that all input is malicious. Validate input type, length, format, and range.

  • To constrain input supplied through server controls, use ASP.NET validator controls such as RegularExpressionValidator and RangeValidator.
  • To constrain input supplied through client-side HTML input controls or input from other sources such as query strings or cookies, use the System.Text.RegularExpressions.Regex class in your server-side code to check for expected using regular expressions.
  • To validate types such as integers, doubles, dates, and currency amounts, convert the input data to the equivalent .NET Framework data type and handle any resulting conversion errors.

Encode Output
Use the AntiXSS.HtmlEncode method to encode output if it contains input from the user or from other sources such as databases. HtmlEncode replaces characters that have special meaning in HTML-to-HTML variables that represent those characters. For example, < is replaced with &lt; and " is replaced with &quot;. Encoded data does not cause the browser to execute code. Instead, the data is rendered as harmless HTML.

Similarly, use AntiXSS.UrlEncode to encode output URLs if they are constructed from input.

Summary of Steps
To prevent cross-site scripting, perform the following steps:

  • Step 1. Check that ASP.NET request validation is enabled.
  • Step 2. Review ASP.NET code that generates HTML output.
  • Step 3. Determine whether HTML output includes input parameters.
  • Step 4. Review potentially dangerous HTML tags and attributes.
  • Step 5. Evaluate countermeasures.

Step 1. Check That ASP.NET Request Validation Is Enabled
By default, request validation is enabled in Machine.config. Verify that request validation is currently enabled in your server's Machine.config file and that your application does not override this setting in its Web.config file. Check that validateRequest is set to true as shown in the following code example.

<system.web>
  <pages buffer="true" validateRequest="true" />
</system.web>

You can disable request validation on a page-by-page basis. Check that your pages do not disable this feature unless necessary. For example, you may need to disable this feature for a page if it contains a free-format, rich-text entry field designed to accept a range of HTML characters as input.

To test that ASP.NET request validation is enabled
1.
Create an ASP.NET page that disables request validation. To do this, set ValidateRequest="false", as shown in the following code example.

<%@ Page Language="C#" ValidateRequest="false" %>
<html>
 <script runat="server">
  void btnSubmit_Click(Object sender, EventArgs e)
  {
    // If ValidateRequest is false, then 'hello' is displayed
    // If ValidateRequest is true, then ASP.NET returns an exception
    Response.Write(txtString.Text);
  }
 </script>
 <body>
  <form id="form1" runat="server">
    <asp:TextBox id="txtString" runat="server"
                 Text="<script>alert('hello');</script>" />
    <asp:Button id="btnSubmit" runat="server"  
                OnClick="btnSubmit_Click"
                Text="Submit" />
  </form>
 </body>
</html>

2. Run the page. It displays Hello in a message box because the script in txtString is passed through and rendered as client-side script in your browser.

3. Set ValidateRequest="true" or remove the ValidateRequest page attribute and browse to the page again. Verify that the following error message is displayed.

A potentially dangerous Request.Form value was detected from the client (txtString="<script>alert('hello...").

This indicates that ASP.NET request validation is active and has rejected the input because it includes potentially dangerous HTML characters.

Note: Do not rely on ASP.NET request validation. Treat it as an extra precautionary measure in addition to your own input validation.

Step 2. Review ASP.NET Code That Generates HTML Output
ASP.NET writes HTML as output in two ways, using "Response.Write" and "<% = ". Search your pages to locate where HTML and URL output is returned to the client.

Step 3. Determine Whether HTML Output Includes Input Parameters
Analyze your design and your page code to determine whether the output includes any input parameters. These parameters can come from a variety of sources. The following list includes common input sources:

·         Form fields, such as the following.

Response.Write(name.Text);
Response.Write(Request.Form["name"]);
Query Strings
Response.Write(Request.QueryString["name"]);

·         Query strings, such as the following:

Response.Write(Request.QueryString["username"]);

·         Databases and data access methods, such as the following:

SqlDataReader reader = cmd.ExecuteReader();
Response.Write(reader.GetString(1));

Be particularly careful with data read from a database if it is shared by other applications.

·         Cookie collection, such as the following:

Response.Write(
Request.Cookies["name"].Values["name"]);

·         Session and application variables, such as the following:

Response.Write(Session["name"]);
Response.Write(Application["name"]);

In addition to source code analysis, you can also perform a simple test by typing text such as "XYZ" in form fields and testing the output. If the browser displays "XYZ" or if you see "XYZ" when you view the source of the HTML, your Web application is vulnerable to cross-site scripting.

To see something more dynamic, inject <script>alert('hello');</script> through an input field. This technique might not work in all cases because it depends on how the input is used to generate the output.

Step 4. Review Potentially Dangerous HTML Tags and Attributes
If you dynamically create HTML tags and construct tag attributes with potentially unsafe input, make sure you HTML-encode the tag attributes before writing them out.

The following .aspx page shows how you can write HTML directly to the return page by using the <asp:Literal> control. The code takes user input of a color name, inserts it into the HTML sent back, and displays text in the color entered. The page uses HtmlEncode to ensure the inserted text is safe.

<%@ Page Language="C#" AutoEventWireup="true"%>
<html>
  <form id="form1" runat="server">
    <div>
      Color:&nbsp;<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox><br />
      <asp:Button ID="Button1" runat="server" Text="Show color"
         OnClick="Button1_Click" /><br />
      <asp:Literal ID="Literal1" runat="server"></asp:Literal>
    </div>
  </form>
</html>

<script runat="server">
  private void Page_Load(Object Src, EventArgs e)
  {
    protected void Button1_Click(object sender, EventArgs e)
    {
      Literal1.Text = @"<span style=""color:"
        + Server.HtmlEncode(TextBox1.Text)
        + @""">Color example</span>";
    }          
  }
</Script>

Potentially Dangerous HTML Tags
While not an exhaustive list, the following commonly used HTML tags could allow a malicious user to inject script code:

  • <applet>
  • <body>
  • <embed>
  • <frame>
  • <script>
  • <frameset>
  • <html>
  • <iframe>
  • <img>
  • <style>
  • layer>
  • <link>
  • <ilayer>
  • <meta>
  • <object>

An attacker can use HTML attributes such as src, lowsrc, style, and href in conjunction with the preceding tags to inject cross-site scripting. For example, the src attribute of the <img> tag can be a source of injection, as shown in the following examples.

<img src="javascript:alert('hello');">
<img src="java&#010;script:alert('hello');">
<img src="java&#X0A;script:alert('hello');">

An attacker can also use the <style> tag to inject a script by changing the MIME type as shown in the following.

<style TYPE="text/javascript">
  alert('hello');
</style>

Step 5. Evaluate Countermeasures
When you find ASP.NET code that generates HTML using some input, you need to evaluate appropriate countermeasures for your specific application. Countermeasures include:

  • Encode HTML output.
  • Encode URL output.
  • Filter user input.

Encode HTML Output
If you write text output to a Web page and you do not know if the text contains HTML special characters (such as <, >, and &), pre-process the text by using the AntiXSS.HtmlEncode method as shown in the following code example. Do this if the text came from user input, a database, or a local file.

Response.Write(AntiXSS.HtmlEncode(Request.Form["name"]));

Do not substitute encoding output for checking that input is well-formed and correct. Use it as an additional security precaution.

Encode URL Output
If you return URL strings that contain input to the client, use the AntiXSS.UrlEncode method to encode these URL strings as shown in the following code example.

Response.Write(AntiXSS.UrlEncode(urlString));

Filter User Input
If you have pages that need to accept a range of HTML elements, for example through some kind of rich text input field, you must disable ASP.NET request validation for the page. If you have several pages that do this, create a filter that allows only the HTML elements that you want to accept. A common practice is to restrict formatting to safe HTML elements such as bold (<b>) and italic (<i>).

To safely allow restricted HTML input
1.
Disable ASP.NET request validation by the adding the ValidateRequest="false" attribute to the @Page directive.

2. Encode the string input with the HtmlEncode method.

3. Use a StringBuilder and call its Replace method to selectively remove the encoding on the HTML elements that you want to permit.

The following .aspx page code shows this approach. The page disables ASP.NET request validation by setting ValidateRequest="false". It HTML-encodes the input and then selectively allows the <b> and <i> HTML elements to support simple text formatting.

<%@ Page Language="C#" ValidateRequest="false"%>
<script runat="server">
  void submitBtn_Click(object sender, EventArgs e)
  {
    // Encode the string input
    StringBuilder sb = new StringBuilder(
                         AntiXSS.HtmlEncode(htmlInputTxt.Text));

  // Selectively allow  <b> and <i>
    sb.Replace("&lt;b&gt;", "<b>");
    sb.Replace("&lt;/b&gt;", "");
    sb.Replace("&lt;i&gt;", "<i>");
    sb.Replace("&lt;/i&gt;", "");
    Response.Write(sb.ToString());
  }
</script>


<html>
  <body>
    <form id="form1" runat="server">
      <div>
        <asp:TextBox ID="htmlInputTxt" Runat="server"
                     TextMode="MultiLine" Width="318px"
                     Height="168px"></asp:TextBox>
        <asp:Button ID="submitBtn" Runat="server"
                     Text="Submit" OnClick="submitBtn_Click" />
      </div>
    </form>
  </body>
</html>

Additional Considerations
In addition to the techniques discussed previously in this How to, use the following countermeasures as further safe guards to prevent cross-site scripting:

  • Set the correct character encoding.
  • Do not rely on input sanitization.
  • Use the HttpOnly cookie option.
  • Use the <frame> security attribute.
  • Use the innerText property instead of innerHTML.

Set the Correct Character Encoding
To successfully restrict valid data for your Web pages, you should limit the ways in which the input data can be represented. This prevents malicious users from using canonicalization and multi-byte escape sequences to trick your input validation routines. A multi-byte escape sequence attack is a subtle manipulation that uses the fact that character encodings, such as uniform translation format-8 (UTF-8), use multi-byte sequences to represent non-ASCII characters. Some byte sequences are not legitimate UTF-8, but they may be accepted by some UTF-8 decoders, thus providing an exploitable security hole.

ASP.NET allows you to specify the character set at the page level or at the application level by using the <globalization> element in the Web.config file. The following code examples show both approaches and use the ISO-8859-1 character encoding, which is the default in early versions of HTML and HTTP.

To set the character encoding at the page level, use the <meta> element or the ResponseEncoding page-level attribute as follows:

<meta http-equiv="Content Type"
      content="text/html; charset=ISO-8859-1" />
OR
<% @ Page ResponseEncoding="iso-8859-1" %>

To set the character encoding in the Web.config file, use the following configuration.

<configuration>
   <system.web>
      <globalization
         requestEncoding="iso-8859-1"
         responseEncoding="iso-8859-1"/>
   </system.web>
</configuration>

Validating Unicode Characters
Use the following code to validate Unicode characters in a page. using System.Text.RegularExpressions;
public class WebForm1 : System.Web.UI.Page
{
  private void Page_Load(object sender, System.EventArgs e)
  {
    // Name must contain between 1 and 40 alphanumeric characters
    // and (optionally) special characters such as apostrophes 
    // for names such as O'Dell
    if (!Regex.IsMatch(Request.Form["name"],
               @"^[\p{L}\p{Zs}\p{Lu}\p{Ll}\']{1,40}$"))
      throw new ArgumentException("Invalid name parameter");

    // Use individual regular expressions to validate other parameters
    ...
  }
}

The following explains the regular expression shown in the preceding code:

  • ^ means start looking at this position.
  • \p{ ..} matches any character in the named character class specified by {..}.
  • {L} performs a left-to-right match.
  • {Lu} performs a match of uppercase.
  • {Ll} performs a match of lowercase.
  • {Zs} matches separator and space.
  • 'matches apostrophe.
  • {1,40} specifies the number of characters: no less than 1 and no more than 40.
  • $ means stop looking at this position.

Do Not Rely on Input Sanitization
A common practice is for code to attempt to sanitize input by filtering out known unsafe characters. Do not rely on this approach because malicious users can usually find an alternative means of bypassing your validation. Instead, your code should check for known secure, safe input

Use the HttpOnly Cookie Option
The HttpOnly cookie attribute prevents client-side scripts from accessing a cookie from the document.cookie property. Instead, the script returns an empty string. The cookie is still sent to the server whenever the user browses to a Web site in the current domain.

Use the <frame> Security Attribute
You can set the security attribute for the <frame> and <iframe> elements. You can use the security attribute to apply the user's Restricted Sites Internet Explorer security zone settings to an individual frame or iframe. By default, the Restricted Sites zone does not support script execution.

If you use the security attribute, it must be set to "restricted" as shown in the following.

<frame security="restricted" src="http://www.somesite.com/somepage.htm"></frame>

Use the innerText Property Instead of innerHTML    
If you use the innerHTML property to build a page and the HTML is based on potentially untrusted input, you must use HtmlEncode to make it safe. To avoid having to remember to do this, use innerText instead. The innerText property renders content safe and ensures that scripts are not executed.

The following example shows this approach for two HTML <span> controls. The code in the Page_Load method sets the text displayed in the Welcome1 <span> element using the innerText property, so HTML-encoding is unnecessary. The code sets the text in the Welcome2 <span> element by using the innerHtml property; therefore, you must HtmlEncode it first to make it safe.

<%@ Page Language="C#" AutoEventWireup="true"%>
<html>
  <body>
    <span id="Welcome1" runat="server"> </span>
    <span id="Welcome2" runat="server"> </span>
  </body>
</html>

<script runat="server">
  private void Page_Load(Object Src, EventArgs e)
  {
    // Using InnerText renders the content safe-no need to HtmlEncode
    Welcome1.InnerText = "Hello, " + User.Identity.Name;

    // Using InnerHtml requires the use of HtmlEncode to make it safe
    Welcome2.InnerHtml = "Hello, " +
                        Server.HtmlEncode(User.Identity.Name);
  }
</Script>



ASP.NET 4.5 Hosting :: Use The OnRowDataBound Event of The GridView

clock June 12, 2013 11:12 by author Ben

If you have a requirement to create a GridView paging style programmatically, then use the OnRowDataBound event of the GridView as shown below:

C#

protected void GridView1_RowDataBound(object sender,

GridViewRowEventArgs e)
{
  if (e.Row.RowType == DataControlRowType.Pager)
  {
      TableRow tRow = e.Row.Controls[0].Controls[0].
        Controls[0] as TableRow;
      foreach (TableCell tCell in tRow.Cells)
      {
          Control ctrl = tCell.Controls[0];              
          if (ctrl is LinkButton)
          {
              LinkButton lb = (LinkButton)ctrl;
              lb.Width = Unit.Pixel(15);
              lb.BackColor = System.Drawing.Color.DarkGray;
              lb.ForeColor = System.Drawing.Color.White;
              lb.Attributes.Add("onmouseover",
                 "this.style.backgroundColor='#4f6b72';");
              lb.Attributes.Add("onmouseout",
                "this.style.backgroundColor='darkgray';");
          }
      }
  }
}

VB.NET
Protected Sub GridView1_RowDataBound(ByVal sender As Object, _
                             ByVal e As GridViewRowEventArgs)
     If e.Row.RowType = DataControlRowType.Pager Then
         Dim tRow As TableRow = _
         TryCast(e.Row.Controls(0).Controls(0).Controls(0), _
                                              TableRow)
         For Each tCell As TableCell In tRow.Cells
             Dim ctrl As Control = tCell.Controls(0)
             If TypeOf ctrl Is LinkButton Then
                 Dim lb As LinkButton = CType(ctrl, LinkButton)
                 lb.Width = Unit.Pixel(15)
                 lb.BackColor = System.Drawing.Color.DarkGray
                 lb.ForeColor = System.Drawing.Color.White
                 lb.Attributes.Add("onmouseover", _
                    "this.style.backgroundColor='#4f6b72';")
                 lb.Attributes.Add("onmouseout", _
                    "this.style.backgroundColor='darkgray';")
             End If
         Next tCell
     End If
End Sub

I have set the mouseover and mouseout attributes in this example which changes the color when the user hovers over the pager. You could follow a similar technique or tweak the example to suit your requirement. I hope you get the idea.
The output would be similar to the one shown below:



ASP.NET 4.5 Hosting - ASPHostPortal.com :: DotNetNuke Vs Umbraco

clock May 27, 2013 11:40 by author Ben

The Race for the most popular CMS is on. We care about our websites, therefore we need to stay updated and try our best to continuously improve, based on measurement and analytics. We want our website to serve multiple audiences, grow to a bigger organization with much content, managed perfectly well and also make sure our website content is distributed via other channels such as the social web. For all this ASP.NET CMS plays a vital role and forms integral part of Microsoft's.NET vision.

Business can be improved for better through procedures. Asp.net CMS organizes data and represents them in a predefined manner. These CMS are fully flexible, one can modify as per your need. Beginners can comfortably work on this framework and any novice can manage and edit these CMS with ease.

DotNetNuke is a framework which helps certified CMS developers in deploying interactive, customized, feature-rich, web sites and applications in Microsoft.NET. This CMS enables businesses to quickly build menu-driven interface that allows non-technical users to easily create new sites or extend the functionality and features of their existing web site. It is avialable for free. DNN has a very active community and is supported by a vast community of talented programmers. It is one of the easiest, most cost effective solutions for managing any company's website. In usability point it is the best framework people reach out for, non-technical users can change their content easily, by adding pages, changing layout and adding new features etc in a smooth way without much info. There are 8000 modules in DNN which can customize the website look and feel as well as its functionality. It is extremely scalable as any website can grow to much larger websites with DotNetNuke. There is no limit to the growth. It even can change the way it behaves, one can easily extend it. It is most recognized CMS which powers over 400,000 portals, extranets, intranets and public web sites. More than 700,000 registered members support this platform. There are over 7 millions of downloads done and download rate is 1 in every 5 seconds for DotNetNuke.

Umbraco is built upon Microsoft's.NET Framework and more than 155,000 sites trust Umbraco. This CMS runs on cloud system and it supports multiple sites in a single instance of installation. There are more than 85000 installations of Umbraco which are active around the web. It gives out of box solutions, which means it gives you access to your google analytics statistics, has the ability to create your own reports from the metrics and dimensions, can implement the Umbraco ecommerce solution using only XSLT / Razor, HTML, CSS and JavaScript. Net solutions perform better when it comes to high volume of traffic/extensive use. It supports bigger sites on web. Commercial community support is on the rise with this CMS. No doubt, Umbraco CMS development is the buzzword in the CMS world.

These ASP.NET CMS options be it DotNetNuke or Umbraco are most popular ones on the market. We must ensure that we target specific needs and requirements when we decide to choose among them. Umbraco has an easy editor microsoft word, where users are most comfortable in. It provides a high-quality and highly functional CMS. Umbraco has high requirements for hosting, so it is difficult to find a "shared" hosting environment that will support it. Its newer versions better support various browsers like Safari and Firefox. There are good plugins available and a management system built into Umbraco. Umbraco is better than dotnetnuke in speed.

Well DotNetNuke is no less inferior. Based on Microsoft's ASP.NET it is the most popular web technology currently. It is cheap to use and reduces total development costs - no ongoing licensing fees required. It gives full access to source code so it can be altered to fit individual organizations. We can manage text, image, documents, links, events, news, banner ads and threaded info. It supports multiple, multilingual websites. And is scalable and provides user friendly interface which manage site hosting, content, security, web design, membership in one program. All these feature make both the CMS popular and in demand. It will be a tough phase for users to choose between these two CMS - DotNetNuke or Umbraco, which will be best to fit to their business.



ASP.NET 4.5 Hosting - Using Bundling and Minification in ASP.NET 4.5

clock April 25, 2013 09:12 by author andy_yo

Is it Important?
Minimising the number of requests the page has to perform can have a considerable effect on your site’s performance. IE6 and IE7 both limit the number of concurrent requests to 2, IE8 can handle up to 6. There is a lot you can to improve the initial load speed speed – one of which is bundling all your CSS and JS into two separate files. How much of a difference it could do. Well, as it turns out up to 30seconds on slower connections.

About ASPHostPortal.com

ASPHostPortal.com is Microsoft No #1 Recommended Windows and ASP.NET Spotlight Hosting Partner in United States. Microsoft presents this award to ASPHostPortal.com for ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2012, ASP.NET 4.5, ASP.NET MVC 4.0, Silverlight 5 and Visual Studio Lightswitch. Click here for more information

Bundled and Minified vs. Non-Bundled
This is the standard ASP.NET MVC4 app with all the initial JS libraries and CSS. Over a slower connection, the difference can be up to 30seconds. However, even on faster connections, you can save up two seconds just by combining and minifying your scripts.

Image 1 : Non Bundled

Image 2 : Bundled and Minified

Bundling and Minification in ASP.NET 4.5

Luckily for us, the ASP.NET now ships with a new library called System.Web.Optimization. It provides pluggable bundling and minification functionality for your scripts and styles.

It lets you define bundles at application start and pass them to the BundleCollection. Creating a basic new bundle is quite simple. Let’s assume we would like to combine few CSS files

protected void Application_Start()
{
    ... other startup logic
 
    var cssBundle = new StyleBundle("~/Content/themes/base/css")
            .Include("~/Content/themes/base/jquery.ui.core.css",
            "~/Content/themes/base/jquery.ui.resizable.css");   
    BundleTable.Bundles.Add(cssBundle);
}

You can also create bundles for your JavaScript.

protected void Application_Start()
{
    ... other startup logic
 
    var jsValidationBundle = new ScriptBundle("~/bundles/jqueryval")
              .Include("~/Scripts/jquery.unobtrusive*",
                        "~/Scripts/jquery.validate*"));
    BundleTable.Bundles.Add(jsValidationBundle);
}

Both StyleBundle and ScriptBundle take url of the bundled file as a constructor argument and use extension method .Include to add files. You can also use wildcard characters such as * in the include array. If you want to add the entire folder, use IncludeDirectory extension.

One thing to note, is what version of the System.Web.Optimization you have. The older version that came with the MVC4 beta used AddFile() syntax to add files to the bundles. However, if you install VS 2012RC you get a newer version of the DLL, which is a bit neater and uses the syntax shown above.

Rendering Helpers

The library also comes with two awesome helpers. When you develop locally, you want to have all the bundling setup, but you don’t want the bundling and minification to happen – it’s much easier to debug. The System.Web.Optimization has two helpers that address exactly that issue.

  <head>

        ... other content
        @Styles.Render("~/Content/themes/base/css", "~/Content/css")
        @Scripts.Render("~/bundles/jqueryval")
  </head>

When you run the debug setting in the compilation element in your web.config as false, the Styles and Scripts helpers will render the bundled files. However, settings debug=”true” will render them unbundled. Pretty cool!

<system.web>

    .....
    <compilation debug="false" targetFramework="4.5" />
    ....
</system.web>

And that’s not everything, the minified files will also have cache busting string attached based on the files in the bundles.

<link href="/Content/themes/base/css?v=UM624qf1uFt8dYtiIV9PCmYhsyeewBIwY4Ob0i8OdW81" rel="stylesheet" type="text/css" />



ASP.NET 4.5 Hosting - Security Improvement in ASP.NEt 4.5

clock March 18, 2013 08:21 by author andy_yo

The .NET 4.5 framework was released a couple of months ago and it included several improvements in the security area. To benefit from these improvements you need to do a few changes to you application's configuration file.
There are some important improvement in ASP.NET 4.5:

  • There are changes to the ASP.NET request validation, it now supports deferred (lazy) validation, as well as giving the option to fetch data unvalidated.
  • The AntiXSS library is included in the framework.
  • There are significant Cryptographic Improvements in ASP.NET 4.5.
  • Windows Identity Foundation is now included in the framework, referred to as WIF 4.5.

About ASPHostPortal.com

ASPHostPortal.com is Microsoft No #1 Recommended Windows and ASP.NET Spotlight Hosting Partner in United States. Microsoft presents this award to ASPHostPortal.com for ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2012, ASP.NET 4.5, ASP.NET MVC 4.0, Silverlight 5 and Visual Studio Lightswitch. Click here for more information

To take advantage of these new bits you'll have to do a bit of configuration, we'll get into that right away:

Switching to 4.5
While retargeting a couple of MVC applications to the new framework version, I learned that it's not enough to install the 4.5 framework and change the "Target framework" accordingly. You'll find that a comment appears in the web.config file:
<!--
    For a description of web.config changes for .NET 4.5 see http://go.microsoft.com/fwlink/?LinkId=235367.       
    The following attributes can be set on the <httpRuntime> tag.      
     <system.Web>
        <httpRuntime targetFramework="4.5" />
     </system.Web>

-->
It's important that you set the targetFramework in your configuration file, else your application will run in "4.0" mode.

Enabling AntiXss
You'd want to set the AntiXss library as the default encoder — that can easily be done in the httpRuntime configuration element:

<httpRuntime targetFramework="4.5" encoderType="System.Web.Security.AntiXss.AntiXssEncoder,System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />

Note that there can be side effects to this, as AntiXSS takes a white list approach to encoding. That means that there may be characters that weren't encoded before, that will be encoded by AntiXSS.

Request validation
Lazy validation was introduced in ASP.NET 4.5, I just did some testing on it and it seems that lazy validation is the enabled regardless of how you set the "requestValidationMode", after you've installed the 4.5 framework. However, if you need access to any request parameters unvalidated, you'll need to set the validation mode to "4.5", as such:
<httpRuntime targetFramework="4.5" requestValidationMode="4.5" />
This will give you access to the unvalidated collections of parameters, e.g.:

Request.Unvalidated.QueryString["lastName"];
This is a much better approach than disabling request validation altogether. But use it with care, as always you should throroughly validate the input.

WIF 4.5
WIF is now part of the framework — that meant some breaking changes. It shouldn't take to much time to upgrade though,  particularly if you're concerned with RP's. There's a great article on MSDN with Guidelines for Migrating an Application Built Using WIF 3.5 to WIF 4.5.
There's two apparent changes I'd like to point out. First, you no longer need to set the "requestValidationMode" to "2.0" to cope with the request validation exceptions on the SignInResponseMessage's posted from an STS. WIF 4.5 plays nicely with the 4.5 request validation. Second, WIF now includes a MachineKeySessionSecurityTokenHandler which encrypts and MAC's WIF cookies based on the machine key. You'll find everything you need to set it up in: WIF and Web Farms.

 

 



DotNetNuke 7 Hosting - DotNetNuke 7 Key Features

clock January 22, 2013 08:04 by author andy_yo

DotNetNuke 7 provides support for active directory authentication and includes a SharePoint connector which enables fast and secure publishing of SharePoint documents to websites, intranets and extranets. It also includes a brand new intuitive control panel and now provides support for SharePoint Lists.

The DotNetNuke 7 professional and enterprise editions now ships with an auto save feature which provides the ability to automatically save the content in the background. This will enable users to recover the content in the event of a browser crash.

DotNetNuke 7 includes drag and drop modules, cross site module sharing, actions menu instead of manage button as in previous version, a new data access layer named DAL2 which includes micro-ORM and support for ASP.NET Razor in addition to a brand new simplified installer.

About ASPHostPortal.com

ASPHostPortal.com is Microsoft No #1 Recommended Windows and ASP.NET Spotlight Hosting Partner in United States. Microsoft presents this award to ASPHostPortal.com for ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2012, ASP.NET 4.5, ASP.NET MVC 4.0, Silverlight 5 and Visual Studio Lightswitch. Click here for more information

The difference can DotNetNuke 7 make in the development of websites

There are a number of features that differentiate DotNetNuke 7.0 for website development which ultimately enable a broad range of users to be more productive:

Web content editors

A rich text editor with a new auto-save and recover feature prevents editors from losing their work. It also enables them to easily track content changes and compare versions of both rich text and HTML content. DNN 7.0 allows modules to be shared between multiple DotNetNuke websites for greater consistency and ease of maintenance.

Enterprises

DNN 7.0 makes it easier for enterprise users to log in to their DotNetNuke sites with new support for Active Directory authentication. It also now enables bi-directional support for popular Microsoft SharePoint Lists, which are used widely by businesses to improve operations, promote team project collaborations, keep employees up to date on current business projects and tasks, manage employees more effectively, and improve business productivity.

Developers

Web developers can build and expose secure web services through the DNN Services Framework, which is now based on Microsoft’s web API. Data access has been simplified through the introduction of a micro-ORM, allowing simpler and more elegant database interactions with less code.

ASP.NET Razor is now optimized for developing dynamic extensions, combining code and content in a fluid and expressive manner. The included jQuery, jQueryUI and Knockout.js libraries make it even easier for developers to consume Web services and create modern, interactive client-side applications.

The newest release has graduated to ASP.NET 4.0 as its baseline platform requirement but is also fully compatible with latest generation Microsoft technology including Windows 8, Windows Server 2012, IIS8, ASP.NET 4.5, Visual Studio 2012 and SQL Server 2012.

Designers

An overhauled Cascading Style Sheets (CSS) foundation makes it easier for designers to create beautiful and engaging websites, enabling improved cross-browser compatibility, extending standards compliance and increasing site performance. Additionally, DNN 7.0 includes standard form patterns that designers can reuse or extend to build frequently used user interface elements.

The DNN 7 different from previous versions

DotNetNuke 7.0 provides a revamped UI/UX that makes it easier for content editors to build and manage websites. It also provides a suite of new features that improve productivity through a drag and drop and an updated rich text editor that includes auto-save and version comparison features.

It  improves enterprise integration with an active directory authentication provider and by adding support for SharePoint List to our SharePoint Connector. This latest version provides our most advanced development framework with a web serves framework built on Microsoft's Web API.

The opportunity that DotNetNuke provide to ASP.NET developers

DotNetNuke provides a robust and powerful web development framework for ASP.NET developers. DNN7 provide support for the most recent versions of ASP.NET, and enable developers to embrace both Web Forms and WebAPI development methods.

The development framework greatly reduces the amount of code required to build applications by providing support for tasks like Security, Authentication, Installation and Upgrades. Developers can also distribute applications commercially on the DotNetNuke store where thousands of modules and skins are for sale.

The different of DotNetNuke with open source platforms like DotNetBlogEngine, Joomla and WordPress

DotNetNuke (DNN) is the most widely deployed content management platform and web development framework for Microsoft .NET. Organizations that have standardized on Microsoft technologies and have Microsoft development skills often prefer DNN over open source CMS offerings like Joomla and Wordpress which are built on the LAMP technology stack. These organizations also need a full featured Web CMS that provides features beyond blogging.

Can DotNetNuke run on MySQL backend?

DNN support Microsoft SQL Server out of the box. Third party providers for other databases are available and developers can create their own providers.



Visual Studio 2012 Hosting - Visual Studio 2012 and .NET 4.5 Features

clock January 22, 2013 06:27 by author andy_yo

New versions of Visual Studio usually coincide with updates to the .NET Framework, and this continues with the release of .NET 4.5 (.NET Framework 4.5). Here’s a quick review of what Visual Studio 2012 and .NET 4.5.

.NET Framework 4.5

The .NET Framework has exploded to include so many technologies (WCF, WPF, ASP.NET, etc.), features, and options. With .NET 4.5, there have been many updates to the core languages, with the asynchronous programming receiving lots of coverage.

If you plan to build Windows 8 applications, then you want .NET 4.5, because it has a subset called .NET for Windows Store. Building Windows 8 applications means you will be using HTML5 and CSS3, which are embraced by ASP.NET 4.5 and Visual Studio 2012. Web Sockets support has been added, as well as the ability to bundle JavaScript libraries/code and minimize the size of its download. ASP.NET Web Pages 2 provides more features for building pages on the fly, and improvements have been made to Web Forms and MVC. These features and more can be used to build powerful applications via the Visual Studio 2012 IDE. However, you can still target any version of the framework — that’s right, you are not forced to upgrade to .NET 4.5.

About ASPHostPortal.com

ASPHostPortal.com is Microsoft No #1 Recommended Windows and ASP.NET Spotlight Hosting Partner in United States. Microsoft presents this award to ASPHostPortal.com for ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2012, ASP.NET 4.5, ASP.NET MVC 4.0, Silverlight 5 and Visual Studio Lightswitch. Click here for more information

The IDE

Figure A shows the welcome screen of Visual Studio Ultimate 2012 installation. Microsoft stated performance improvements are a key goal of Visual Studio 2012; this includes reducing the clutter of the developer’s workspace, which theoretically allows them to better focus on their work. The IDE now loads solutions asynchronously with key parts loaded first. Visual Studio 2012 does start up faster than Visual Studio 2010, but I’m not sure Microsoft succeeded in its goal to reduce clutter. The IDE opens with fewer windows like errors, classes, server explorer, and so forth, but these can easily be opened via the View menu, which was an option in previous versions of Visual Studio. There are indeed useful features that are designed to make things like previewing files without opening them easier.

Figure A


The Visual Studio Ultimate 2012 welcome page

Another interesting feature of Visual Studio 2012 is the inclusion of LightSwitch, Silverlight, and Expression Blend. The first two are project types within the IDE as shown in Figure B (among the many other project options). Expression Blend is installed as a separate application in the Visual Studio 2012 directory, but it is available only for Windows Store app development on Windows 8.

Figure B

Options for creating a new Web application in Visual Studio 2012

Figure C shows an ASP.NET Web Pages project opened in Visual Studio 2012. It is not a major shift from Visual Studio 2010, but you may notice the browser and DocType options just below the main menu. For this project, Google Chrome is selected as the target browser, but this drop-down list is populated with the browsers installed on the development machine so you can test with a variety of browsers. The DocType allows you to choose the target standard; HTML5 is the default for new projects, but you can target others depending on the project. In the IDE, you might also notice the menu options along the top — Website, Build, Debug, Team, SQL, Tools, and more; these options may change depending on the version of Visual Studio installed, but they do give a glimpse of the many things you can do within Visual Studio 2012.

Figure C

Working with an ASP.NET Web Pages 2 project within Visual Studio 2012

Integration with other Microsoft products

A key aspect of developing with Microsoft technologies is the tight integration with other Microsoft products. Visual Studio 2012 simplifies this by providing the environment to build applications that use these products. The following list provides a sampling of the possibilities:

PowerPoint: Use PowerPoint to begin the development process according to Agile methods with storyboarding (Microsoft has wholeheartedly embraced Agile). PowerPoint Storyboarding is a selection in the Visual Studio 2012 installation folder. In addition to PowerPoint, the complete Microsoft Office suite is available programmatically to use as needed in your code.

- Windows 8: Build applications for the new version of Windows.
- Windows Phone: Visual Studio 2012 allows you to target multiple platforms such as Windows Phone.
- SharePoint: Visual Studio 2012 allows you to build and test SharePoint applications.
- Team Foundation Server (TFS) 2012: Large scale projects require teamwork and source code control, both of which are readily provided in TFS 2012, which seamlessly integrates with Visual Studio 2012.
- System Center 2012: This can be used with TFS 2012 to automate the identification of production errors/bugs and to create tasks to fix these issues.

 



IIS 8 Hosting - 3 Huge Improvements in IIS 8

clock January 21, 2013 08:20 by author andy_yo

Internet Information Services (IIS) 8 includes many new and improved features that make moving to Windows Server 2012 compelling for organizations that rely on Windows Servers as their web server. For developers and system administrators that are looking to mirror that IIS environment on their workstation for development or testing, IIS 8 gives another reason to move your workstation to Windows 8.

About ASPHostPortal.com

ASPHostPortal.com is Microsoft No #1 Recommended Windows and ASP.NET Spotlight Hosting Partner in United States. Microsoft presents this award to ASPHostPortal.com for ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2012, ASP.NET 4.5, ASP.NET MVC 4.0, Silverlight 5 and Visual Studio Lightswitch. Click here for more information

Improvement 1: Centralized SSL Certificate Management

With IIS on Windows 8 or Windows Server 2012, you can take advantage of the SSL certificate management console. This is a central management console that is able to install certificates and work with certificates across all IIS 8 web servers.

This includes the ability to more rapidly bring new servers online by being able to import all certificates that are needed. If a certificate needs to be renewed on multiple systems, it can be done through the IIS 8 certificate management console. You no longer have to log onto each system to update the certificate.

 

Note: Centralized SSL Certificate management is installed as a separate feature. You can install IIS without Centralized SSL Certificate Support. Centralized SSL Certificate Support is in the security section of “Windows Features.”

Improvement 2: Application Initialization

One frustrating problem that many web server admins face is the problem of slow-responding sites as web applications are initializing. A common workaround is to use tools and scripts to “cold start” the applications early in the morning so that the sites are ready to perform: The in-memory cache is loaded, and in some cases the content must be generated, before the IIS server is ready to respond to HTTP requests.

With IIS 8, Application Initialization lets you establish rules for “warming up” sites. For example, you can have larger applications begin the initialization process earlier than smaller applications. You can also configure through application initialization a new splash screen to be displayed in case people find themselves waiting while the application is initializing.

I can see a much better user experience by logging onto a SharePoint site early in the morning and having the first page displayed being a simple “Please wait while this application is being prepared for use” splash screen instead of just a blank page and a spinning circle.

Improvement 3: Dynamic IP Address Restrictions

Restricting access to a website by its IP address is nothing new -- admins have long been able to do that. You can even restrict by a block of IPs in an address range.

The problem that persists is tracking down all of the IP addresses to block. This would usually take a long time of parsing through logs, and even if going through the logs and filtering out the IP addressed were scripted, it is done in a reactive manner.

Instead, using the Dynamic IP Address Restrictions feature in IIS 8 for Windows 8 and Windows Server 2012, you can specify on a per web application level the maximum number of connections that an IP address can create within a certain time frame. And you can also specify the maximum number of attempts that can be made into the IIS 8 server from an IP address within a specific time. Any attempts beyond what is allowed are automatically filtered out, making your web applications and your web server much more resistant to malicious activity.

Dynamic IP Address Restrictions is added as an additional feature of IIS that is not installed by default. To install the feature, open Windows Features, then place a check in the box to select Web Server (IIS) -> Web Server -> Security -> IP and Domain Restrictions. After all that, click Finish.



Cheap ASP.NET 4.5 Hosting

We’re a company that works differently to most. Value is what we output and help our customers achieve, not how much money we put in the bank. It’s not because we are altruistic. It’s based on an even simpler principle. "Do good things, and good things will come to you".

Success for us is something that is continually experienced, not something that is reached. For us it is all about the experience – more than the journey. Life is a continual experience. We see the Internet as being an incredible amplifier to the experience of life for all of us. It can help humanity come together to explode in knowledge exploration and discussion. It is continual enlightenment of new ideas, experiences, and passions


Author Link


 

Corporate Address (Location)

ASPHostPortal
170 W 56th Street, Suite 121
New York, NY 10019
United States

Tag cloud

Sign in