Kajax.net

scroll helper

noreply@blogger.com (Anonymous) — Mon, 14 Apr 2014 21:59:00 +0000

There was an error processing the request

noreply@blogger.com (Anonymous) — Thu, 19 Aug 2010 07:27:00 +0000

If you get that above error.. and you have no idea what's wrong with it just put change "CustomError='Off'"

WebForm_... is not Defined error

noreply@blogger.com (Anonymous) — Tue, 17 Aug 2010 02:51:00 +0000

If you get this error "WebForm_ is not defined error..."
and previously you never get this problem...

---
you may install a plugin which compress the .axd file...

---

solution:
you need to exclude them on the compression module...
please check your .axd name.. and exclude them on your HTTP compression module

it needs this 2 file not to be compressed
System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions

and

System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions

Protect yourself from XSS attack with new ASP 4.0 nuggets

noreply@blogger.com (Anonymous) — Sun, 01 Aug 2010 12:13:00 +0000

In ASP.NET 4.0, you can replace your usually habit to use <%=%> with this new nuggets <%: %>
This will automatically protect your applications against cross-site script injection (XSS) and HTML injection attacks and avoid duplicate encoding.

So you don't need to worry if you forget to encode your string in the aspx files. or protect it using AntiXSS.

It's very usefull in combination of MVC framework 2.0

IsCallBack VS IsPostback

noreply@blogger.com (Anonymous) — Fri, 23 Jul 2010 02:16:00 +0000

I just looking in couple framework. and just curious what they use to bind the UI is using
! IsCallback instead of ! IsPostback

Why ?

Just making summary out of this
http://msdn.microsoft.com/en-us/library/ms178141.aspx

IsCallBack will be set to true if you doing a partial postback.

if you checking using IsCallBack and there is no ajax call , it will not affect anything. Just similar like you don't use the checking which is doesn't improve your performance.

But there should be a reason behind it, or probably they have a mistype because of Autocomplete provided by VS =p

Protect your apps from ClickJacking

noreply@blogger.com (Anonymous) — Thu, 15 Jul 2010 06:31:00 +0000

Here an interesting video which I recently lookat.

http://www.youtube.com/watch?v=gxyLbpldmuU

To protect your apps

put this code

if (top != self)
{
self.location.href = "http://yoursite.com";
}

CSRF Attack Prevention on .NET

noreply@blogger.com (Anonymous) — Tue, 13 Jul 2010 00:24:00 +0000

In Addition to Rob's AntiXSS, we also need to secure CSRF Attack in Defence Jobs.

Here is what I found :

* Check this video to understand how the CSRF works & How you check your site if it is secure.

http://www.securitytube.net/Discovering-CSRF-with-OWASP%27s-CSRFTester-Tool-video.aspx

* Prevention

- ViewStateUserKey in (ASP.NET)

If you use viewstate in ASP.NET. it is recommended that you include ViewStateUserKey and Encript them

*(Include this on your base page)

protected override OnInit(EventArgs e)

{
base.OnInit(e);
if (User.Identity.IsAuthenticated)
ViewStateUserKey = Session.SessionID;

}

* Encript your viewstate in web.config (ViewStateEncriptionMode="Always")
http://msdn.microsoft.com/en-us/library/aa479501.aspx

Note:
However ViewStateUserKey this is not fully protect you from CSRF. This just to add an addition security layer to your application.
http://keepitlocked.net/archive/2008/05/29/viewstateuserkey-doesn-t-prevent-cross-site-request-forgery.aspx

* Recommended Prevention

Because ViewStateUserKey is not completely protect you from the CSRF Attack, You need to protect your application using per-request nonce to hidden form / URL

There are framework which can automatically done this.

* .NET CSRF GUARD http://www.owasp.org/index.php/.Net_CSRF_Guard

- This .NET version unfortunately only supply protection using URL method. (Nonce token is added on URL). This version doesn't support the hidden field method.

* ANTICSRF for ASP.NET (RECOMMENDED) http://idunno.org/archive/2008/12/14/announcing-anticsrf-for-asp.net.aspx

This framework (.NET HTTPModule) will added the per-request nonce to hidden field & cookies and validate it when post method or postback triggered.

========================================================

Installation of ANTICSRF http://anticsrf.codeplex.com/

- Add AntiCSRF.dll to Bin Folder

- Register AntiCSRF HttpModule on web config


 ....
 
   
  
 ....

- Configure Settings


   ....
   
       ....
         
       ....

    - If you don't want to proptect your page,
        you can add class attribute [Idunno.AntiCsrf.SuppressCsrfCheck]
        or page interface <%@ Implements Interface="Idunno.AntiCsrf.ISuppressCsrfCheck" %>


==================================================================

 How it works (ANTICSRF)
 
    * HTTP MODULE on PreSendRequestHeaders and PreRequestHandlerExecute
               context.PreSendRequestHeaders += PreSendRequestHeaders;
        context.PreRequestHandlerExecute += PreRequestHandlerExecute;

   * Adding pre-request nonce token
        - Add nonce on hidden field __CSRFTOKEN and cokkie __CSRFCOOKIE (configurable on settings)
    
     * Validate nonce token on hidden field with cokkie
 
        - It will validate the token when (POST Request or Postback)

 
        - Get Request will NOT be validated unless it is Postback
 
        - It will NOT validate any SuppressCsrfCheck class attribute or any class which inherits Idunno.AntiCsrf.ISuppressCsrfCheck
 
     * If Attack detected
        -When
            - hidden field or cookkie token are null/empty
        - hidden field and cookkie token is not match
     -ACTION (based on configuration setting detectionResult)
      - Throw an exception
        - Or redirect to other page based on configuration setting (errorPage)

==================================================================

Limitations of ANTICSRF

Non-ASP.NET forms are not protected with this module.

You, the developer, must ensure your GET requests are idempotent (i.e. the side-effects of multiple identical requests are the same as for a single request). GET requests are not protected with this module. See http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.2.

---------------------

* This Framework will not protect the GET Request (Except if it is postback).

For example
- when you use AJAX call using GET Request, It will not validate the token.

- But if you want to use AJAX call using the POST Request,
You must Suppress the AntiCSRF validation by what I mention above on the Intallation. by adding the attribute or page attribute.

Because If you don't suppress the AntiCSRF validation, it will detect as AntiCSRF Attack, because they can't find the token located on your hidden field.

Please have a read on How It Works explanation above.

---------------------

XSS Prevention attack

noreply@blogger.com (Anonymous) — Mon, 12 Jul 2010 23:31:00 +0000

Most web developer must know about RequestValidation configuration in .NET
which we can disable the XSS attack.

But If we want to disable 'RequestValidation' it so we can have flexibility to handle it, We can use Server.HtmlEncode(). to display it.

However this still not enough. This will expose to XSS attack.
My college (Rob) find a utility which nice to replace Server.HTMLEncode().

Download AntiXSSLibrary.dll
and replace Server.HTMLEncode() with AntiXss.UrlEncode();

http://msdn.microsoft.com/en-us/library/aa973813.aspx
http://blogs.msdn.com/b/cisg/archive/2008/08/26/what-is-microsoft-antixss.aspx

Remember clientaccesspolicy

noreply@blogger.com (Anonymous) — Wed, 23 Jun 2010 01:03:00 +0000

Remember to have clientaccesspolicy.xml

to enable your WCF to be consumed by silverlight

http://videos.visitmix.com/MIX09/T42F
http://community.dynamics.com/blogs/cesardalatorre/comments/9579.aspx

Calling SP using NHibernate with IDBCommand

noreply@blogger.com (Anonymous) — Thu, 10 Jun 2010 05:03:00 +0000

If there is transaction open.
you need to supply the transaction by enlist it in NHibernate

iSession.Transaction.Enlist(sqlComm);

inject javascript in bookmark

noreply@blogger.com (Anonymous) — Thu, 10 Jun 2010 00:31:00 +0000

Get stuff from GBone..

it's pretty amazing that we can inject javascript to debug on browser

put this bookmark..
javascript:
var b=document.body;
if(b)
{
void(z=document.createElement('script'));
void(z.src='http://www.company.com/somescript.js');
void(b.appendChild(z));
}

this will run that script on your browser

Jquery.Data

noreply@blogger.com (Anonymous) — Wed, 09 Jun 2010 23:57:00 +0000

Learning new stuff today..from Rob...

It's better to use Jquery.Data instead of custom attribute in element.
because it will break some browser for custom attribute which not standard.

Thanks Rob..

Here is the example

jQuery.data(div, "test", { first: 16, last: "pizza!" });
$("span:first").text(jQuery.data(div, "test").first);
$("span:last").text(jQuery.data(div, "test").last);

System.Web.Extension conflicting with the GAC

noreply@blogger.com (Anonymous) — Fri, 04 Jun 2010 06:26:00 +0000

Be careful when you upgrade the site into 3.5
if you get this error about ambigous with GAC version.
then you need to take this out from your bin folder.

because It may be your version in bin folder is different. 1.1
but in GAC version is 3.5.

Without Postback with disable your browser Javascript

noreply@blogger.com (Anonymous) — Thu, 03 Jun 2010 02:17:00 +0000

Postback is very heavy code to load (viewstate,etc).
such as you want to get rid of this from your form .

So the solution is you can use AJAX.. to handle all this postback to make your page still dynamic or more responsive that before.

But how about if the client browser disable their javascript..
Your page will be static.

so you need to consider this as well.

So the big picture of this solution is to put ajax as common.
but on the event onclick or href.. you can't just call that function to call an ajax.

for example
href="javascript:CallPostbackFunction();"

you need to change this to
href="/page/ajax/somePage.aspx" class="AjaxCall"

then.. in you can check .. if the browser is enabled the javascript..
then you can call your ajax function.

If the javascript is disabled from your browser then you still can load to the proper page. instead of just do nothing.

//check if browser enabled their javascript
jQuery(document).ready(function() {
//perform init and replace to an proper javascript
var ajaxCalls = $('#ajaxCall');
ajaxCalls.unbind('click', this.addClick);
ajaxCalls.bind('click', this.addClick);
});

Here a good reference for Object Oriented Programming in Javascript
http://devedge-temp.mozilla.org/viewsource/2001/oop-javascript/

response.d in .net 3.5 JSON

noreply@blogger.com (Anonymous) — Mon, 29 Mar 2010 05:00:00 +0000

Migrate Json .Net 2.0 to .Net 3.5

Here need to be note...
================
response.d

While I wish this unexpected change had been more clearly announced, it’s a good one. Here’s how Dave Reed explained it to me:

{"d": 1 }

Is not a valid JavaScript statement, where as this:

[1]

Is.

So the wrapping of the "d" parameter prevents direct execution of the string as script. No Object or Array constructor worries.

[] is JavaScript’s array literal notation, allowing you to instantiate an array without explicitly calling a constructor. To expand on Dave’s explanation, simply consider this code:

=====================
make sure you change web.config to use ScriptService of v 3.5 in HttpHandlers

add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"

Jquery AJAX impacted on document.write

noreply@blogger.com (Anonymous) — Tue, 04 Aug 2009 03:39:00 +0000

just find a solution, when you use jquery ajax, and there is document.write after that, it will clear all your content..

all u need to do is create a span, where you want to write that content. then.. overwrite document.write function to write into that span instead doing document.write..

here is the sample

span id="test" /span
script document.write = function(text){ jQuery('#test').append(text) }
/script

=D
Here is the reference
http://javascript.about.com/library/blwrite.htm

--------
Huh.. but this still have a problem.. in IE.. if you overwrite into different holder.

so the best solution at this moment is using iframe...

Change culture without changing deployment Server

noreply@blogger.com (Anonymous) — Mon, 11 May 2009 05:33:00 +0000

Add globalization tag inside System.web tag in Web.Config

globalization requestEncoding="utf-8" responseEncoding="utf-8" culture="en-AU"

1st NHibernate.LINQ Limitation

noreply@blogger.com (Anonymous) — Thu, 02 Apr 2009 03:34:00 +0000

Just found Nhibernate Linq limitation.

It can't translate toLower() on string but luckily, it has compare in case sensitive.

it throws weird error if you use this.
q = q.Where(c => c.firstName.Contains(flter) || c.lastName.Contains(flter) || c.email.Contains(flter));

says
----
Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index
----

Restricting Text box (Multiline) using Javascript

noreply@blogger.com (Anonymous) — Tue, 03 Mar 2009 07:04:00 +0000

//Restrict Length
function restrictLength(e,ctl,maxLength)
{
var evt = e ? e : window.event;

//check the length for copy paste
if (ctl.value.length >= maxLength)
{
//only character
if (e.keyCode == 0)
{
return false;
}
}
return true;
}
-- don't for get to called using (RETURN)
javascript:return restrictLength(event,this,10);

Sending Email from HTML

noreply@blogger.com (Anonymous) — Tue, 03 Mar 2009 07:02:00 +0000

I decide to use File rather then web request coz some server are restricted to loopback.

///

/// Get Email Body from file
///

///
public static string GetEmailBodyFromFile(string filePath)
{
string emailMasterBody = "";

Encoding encode = System.Text.Encoding.GetEncoding("utf-8");
using (System.IO.StreamReader objReader = new StreamReader(filePath, encode))
{
emailMasterBody = objReader.ReadToEnd();
}

return emailMasterBody;
}

PL-SQL Looping

noreply@blogger.com (Anonymous) — Wed, 03 Dec 2008 05:53:00 +0000

DECLARE CursorTemplate CURSOR
FAST_FORWARD FOR
SELECT Val1, Val2, Val3 FROM Table1

OPEN CursorTemplate

FETCH NEXT FROM CursorTemplate
INTO @Var1, @Var2, @Var3

WHILE (@@FETCH_STATUS = 0)
BEGIN
--do something here w/ your data

FETCH NEXT FROM CursorTemplate
INTO @Var1, @Var2, @Var3

END

CLOSE CursorTemplate
DEALLOCATE CursorTemplate

Fix Calendar Extender on IE 6

noreply@blogger.com (Anonymous) — Thu, 27 Nov 2008 05:20:00 +0000

add this style
.ajax__calendar_container { z-index : 1004 ; }

add this javascript
function dateEditor_OnShown(dateControl, emptyEventArgs)
{
var shimWidth = dateControl._width;
var shimHeight = dateControl._height;

// Open current popup
// Create the popup element
var dateEditorShim;
dateEditorShim = document.getElementById("dateEditorShim");
dateEditorShim.style.width = dateControl._popupDiv.offsetWidth;
dateEditorShim.style.height = dateControl._popupDiv.offsetHeight;
dateEditorShim.style.top = dateControl._popupDiv.style.top;
dateEditorShim.style.left = dateControl._popupDiv.style.left;
dateControl._popupDiv.style.zIndex = 999;
dateEditorShim.style.zIndex = 998;
dateEditorShim.style.display = "block";

}

// Function: dateEditor_OnShown
// Summary: Handles the OnShown event of the dateEditor control.
// Inputs: dateControl -> The date control object
// emptyEventArgs -> Empty event arguments raised by the date control
// Remarks: Make sure to insert a shim of an empty iframe underneath the calendar popup container
function dateEditor_OnHiding(dateControl, emptyEventArgs)
{
var shimWidth = 0;
var shimHeight = 0;

// Open current popup
// Create the popup element
var dateEditorShim;
dateEditorShim = document.getElementById("dateEditorShim");
dateEditorShim.style.width = 0;
dateEditorShim.style.height = 0;
dateEditorShim.style.top = 0;
dateEditorShim.style.left = 0;
dateEditorShim.style.display = "none";
}

//add this in code
calDOB.OnClientShown = "dateEditor_OnShown";
calDOB.OnClientHiding = "dateEditor_OnHiding";

Error in Calendar Extender because the master page has asp tag <%%>

noreply@blogger.com (Anonymous) — Wed, 26 Nov 2008 02:48:00 +0000

Today, I just annoyed with this error.
Every form which using Calendar extension works fine before.
and somehow after I change the master page, it start to show an error said :

=================
System.Web.HttpException: The Controls collection cannot be modified because the control contains code blocks (i.e. ).
=================

Luckily, with Tom's Help, I found the problem.
It was on the master page on the header java script which use <%= ... %> to get the content from server....

Pomegranate Phone

noreply@blogger.com (Anonymous) — Fri, 21 Nov 2008 03:39:00 +0000

http://www.pomegranatephone.com/default.html

Url Rewriting VS Postback

noreply@blogger.com (Anonymous) — Thu, 20 Nov 2008 03:58:00 +0000

To Resolve a problem in postback for url rewriting,
you can use control adaptor and rewrite the form.

public class FormRewriter : System.Web.UI.Adapters.ControlAdapter

more information : visit : http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx