ASP.NET Programming Tips - Tip #1

by agrace 26. September 2010 09:20

Google Cannot Solve your Coding Problems

Using GoogleStop and think before you do this. Googling for code samples is usually the final step when designing solutions. Start by defining the problem; if you can't define the problem, how can you solve it? Then, and only then, start working on a black-box solution of your own; identify the basic inputs, general logic (phrase it in a single sentence - this is the black box), and outputs of this black box. Even if you're not artistically inclined, always opt to take pencil to paper - it will help.

Finally, with a clearer perception of what it is you need to do, use Google to focus in on relevant code samples. Doing this in reverse order leads us to try and re-imagine the problem to fit somebody else's solution. I imagine 80/90% of programmers, myself included, are guilty of this everyday form of insanity.

kick it on

ASP.NET Security Alert

by admin 19. September 2010 10:02

ASP.NET Security AlertEarlier this week, on the lead up to the ekoparty Security Conference in Argentina, a pair of security researchers announced that they would demonstrate an attack to exploit the way that ASP.NET handles encrypted session cookies.

I first learned of this on Wednesday, when someone posted a question on Stack Overflow. Since then, Microsoft have issued a security alert and Scott Guthrie has put out a blog post giving a full explanation of how this works and how it may affect you. Scott's post includes a link to a script you can run on your servers to identify vulnerable sites. In short, you need to have a <customErrors> section in your Web.Config file and map all errors to a single error page.

As reported here, the attack is 100% reliable; any ASP.NET website can be "owned" in seconds. The longest it takes is less than 50 minutes. Confirm with your bank that this has been remedied before logging into your account (ASP.NET sites)!

Update to Security Advisory 2416728 (09-20-2010)

FAQ about the ASP.NET Security Vulnerability - Scott Guthrie (09-21-2010)

Update on ASP.NET Vulnerability - Scott Guthrie (09-24-2010)

ASP.NET Security Update Shipping Sept 28th - Scott Guthrie (09-27-2010)

Microsoft Security Bulletin MS10-070 (09-28-2010)

ASP.NET Security Fix Now on Windows Updates - Scott Guthrie (09-30-2010)


For some time now, I've been searching for a good ASP.NET Web Forms CMS. I had been working on a project with Sitefinity but they recently stopped supporting the free community edition and that took the sheen off it for me. In fairness to Telerik, they offered to provide free support for that project but I also found Sitefinity somewhat over-engineered and producing some pretty messy markup. I looked at Umbraco but its over-reliance on XSLT was a total turn-off. I've been criticized because as a developer I should embrace XSLT as an extra skill; well I do, and I choose not to use it when it's not needed or called for in a given situation.

Web Deployment Tool

The open source N2 CMS on CodePlex has been on my radar for a while now. There are both Web Forms and MVC versions available. I experienced some frustration in getting it up and running and vented my usual rants in the forums - but that's what they're for, right? ;-) I took one look at how the template code was created months ago and realized that was exactly what I was looking for. The documentation is lacking, but this is true of a lot of the projects on CodePlex, which is sad. That said, N2 is going to fill a glaring hole in the ASP.NET CMS market that has existed for a long time. Neither of Microsoft's efforts, MWPSK or Orchard, has gained a lot of traction or support in the community.

Installing Web Deployment Tool using Web Platform Installer

I'm going to outline the basic steps required to create a Web Forms version of the N2 CMS and how to import the downloaded zip file as a package in IIS7. The Web Deployment Tool gives us the ability to package our Web application or Web site as well as an associated database. The simplest aproach is to use the Web Platform Installer to install the Web Deployment Tool on your machine. Much thanks to Cristian Libardo for stepping me through this process.

If you haven't done so already, install the Web Platform Installer on your machine. After you run the MSI file, you should be able to see the WPI icon in IIS. Click on the icon and install the Web Deployment Tool. You should now be able to see a new Deploy panel in IIS with links to import and export site packages.

IIS Deploy Panel

Next step is to download the N2 Web Forms Template pack from CodePlex. You can save it anywhere convenient for now. Next, go to your wwwroot folder and create the top level empty folder for your new site. The N2CMS folder in the download will go directly under this top level folder. When you open IIS, you need to right-click on the new folder and select "Convert to Application".

Next, look to the new Deploy panel in IIS, in the actions column. Click on the "Import Application" link and use the wizard to pull in the zip file containing the downloaded project. If you are using SQL Server, you will need to be operating in mixed authentication mode. Create an account and password for site's DB and update the config file, I don't usually use a login when developing locally but the wizard insists on it; you can revert to integrated security afterwards, if you wish:

    <remove name="N2CMS"/>
    <add name="N2CMS"        
        connectionString="Initial Catalog=CMS;Data Source=MYMACHINE;Integrated Security=SSPI;" providerName="System.Data.SqlClient"/>


You should now be able to navigate to the new CMS site in your browser thus:



You can use the "Export Server Package" to create a zipped file to deploy to your server. When on the server use the same steps as before for importing the zip file, and don't forget to update your Web.config file with the live DB login details.

Project Structure in VS 2008N2 CMS


As a developer I need to have the ability to easily customize the different areas of the site using CSS. You can access the CSS for the existing themes in the App_Themes folder and use one of these as the basis for creating your own theme. The related master pages can be located in the Templates/UI/Layouts folder. I am currently working on a new CMS site for our local Farmers Market and plan to use the Stripes theme as a starting point. My first task is to widen the layout to 960px, get rid of the logo and flags and adjust the column width to fit the new layout.

I may come back and post again on the customization steps for N2 :-)

UPDATE 08-22-2010:
SQL Server sripts can be obtained here.


kick it on

Tags: , ,