Anas Ghanem

Microsoft Community Contributor Award for year 2011

Thu, 28 Apr 2011 22:04:00 GMT

Today I was very surprised when I found an email from Microsoft awarding me one of the Community Contributor awards.This is really great and I would like to thank Microsoft for honoring me with such an award!

I hope I can help and contribute more on Microsoft forums and especially on the ASP.NET forums.

Thanks Microsoft!

You may get "A potentially dangerous Request.QueryString value was detected from the client" after upgrading to ASP.NET 4

Mon, 10 May 2010 13:54:00 GMT

I was upgradting one of the DNN portals to ASP.NET 4.After Upgrading completed and when i configured it to run under asp.net 4 in iis, I started to get that exception on every postback.

The mentioned exception is happening because in ASP.NET 4, the request validation is now being called for every asp.net resource like web services and other httphandlers.As a result, you may get that exception even if you turned off the RequestValidation via: <pages validateRequest="false" .... section.

This is one of the breaking changes that were mentioned here.

So the solution is to set the new HttpRuntime "RequestValidationMode" property to "2.0" and it should take care of that exception.

.NET Framework 4 Migration Issues

Mon, 26 Apr 2010 17:00:00 GMT

Before you start the migration, i suggest to read .NET 4 migration issues and breaking changes which can be found here.

Wow ! “Add reference” dialog in VS 2010 is showing up quickly

Sat, 24 Apr 2010 15:55:00 GMT

I just wanted to mention that one of the cool enhancements in VS 2010 is that the “Add reference “ dialog will show up quickly and will load the assemblies on demand.

Thanks For VS team for this enhancement !

Solving “The Select operation is not supported by .. unless the SelectMethod is specified.”

Tue, 20 Apr 2010 18:38:00 GMT

In most cases, You will get that error when you are using a data source control(like ObjectDataSource) without setting it’s SelectMethod as data source for the DetailsView control.

If you want to display one record in the detailsView control to allow the user to edit it, then you should set the SelectMethod for the DataSource control,otherwise the detailsView control will not be able to get the record from the underlying datasource.

But what if you are only using the DetailsView for only inserting the records; in that case, you will need to set the DetailsView DefaultMode property to “Insert” and also you will need to set it’s AutoGenerateRows to "false" because by default the detaisView will try to execute the select method of it’s underlying datasource to generate the columns/fields dynamically for you.

Hope it helps.

Anas

Tip of the day: Don’t misuse the Link button control

Mon, 19 Apr 2010 22:09:00 GMT

Misuse ? Yes it is !

I have seen a lot of developers who are using the LinkButton to do redirection only !

They are handling it’s click event to just write Response.Redirect("url”) like this:

 
protected void LinkButton1_Click(object sender, EventArgs e)
{
    Response.Redirect("~/ForgotPassword.aspx");
}

Ok so to understand why it’s not a good practice let’s discuss the redirection steps involved when using the mentioned method:

User submits the page by clicking on the LinkButton control.
The LinkButton click event is fires which will cause the execution of Respose.Redirect.
When the server code executes Response.Redirect, it will send redirection request for the browser.
Browser understand the redirection message and issue a new request for “ForgotPassword.aspx” page.
Server receive the request and send back the “ForgotPassword.aspx” to the browser.

As you can see, using Response.Redirect involves a lot of requests which can be avoided if you only use a HyperLink control like this:

 
<asp:HyperLink ID="hypForgotPassword" runat="server" NavigateUrl="~/ForgotPassword.aspx">
 Forgot your password?
</asp:HyperLink>

This way, when the user click “Forgot password?” link, the browser will just request the “ForgotPassword.aspx” page,Hence it will skip step 1,2,3 and just go through step 4 and 5.

Summary:If you want to do redirection without doing any server side calculation, you can avoid all of the mentioned extra requests by using the HyperLink control instead of the LinkButton or the standard Button control.

Hope it helps.

Anas

Helper class to dynamically modify the Location configuration element

Fri, 12 Mar 2010 22:09:05 GMT

The location element is used to restrict user or role access on a specific path.The path could be a folder,aspx page,ashx,axd or any other file that is handled by ASP.NET runtime.

In most cases, you use that element declarativley in the web.config file of your website.In this case, you are declaratively telling the ASP.NET runtime and specifically the UrlAuthorizationModule or the FileAuthorizationModule(depending on the Authentication Mode) to grant/deny the access to that path for the specified users/roles.

Sometimes, you will need to allow the administrator to change that using some setting screen and without touching the webiste files, in that case , you will have two options:

If you can live with the application restarts , then you can using the Configuration class to modify location element using the code.I will show you how to do that using my Helper class.
Depending on your site,if you don’t think that it’s ok to restart the application every time you modify the location element using that screen, then you can rollout your custom HttpModule and you could handle one of it’s events like AuthenticateRequest to intercept the incoming request and depending on some database table , you decide if that user is allowd to see that path.

In this post, i will assume that you chose the first option and decided to modify the location element dynamically.

Since i had to do it myself, i decided to create a Helper class that can be used to allow/deny a specific user/role on the given virtualPath.

Class in c#:

 public class LocationElementHelper
{
    private Configuration LocationElementConfiguration = null;
    private AuthorizationSection _AuthorizationSection = null;
    private string _configPath = null;
    private string _path = null;
    public LocationElementHelper(string webconfigVirtualPath, string locationElementPath)
    {
        _configPath = webconfigVirtualPath;
        _path = locationElementPath;
        PopulateInternalVariables();
    }
    private void PopulateInternalVariables()
    {
        Configuration config = WebConfigurationManager.OpenWebConfiguration(this._configPath);
 
        if (config.Locations.Count == 0)
            throw new ArgumentException("There is no location element in the specified web.config file");
 
        foreach (ConfigurationLocation loc in config.Locations)
        {
            if (loc.Path.Equals(this._path, StringComparison.InvariantCultureIgnoreCase))
            {
                LocationElementConfiguration = loc.OpenConfiguration();
 
                _AuthorizationSection = (AuthorizationSection)LocationElementConfiguration.GetSection("system.web/authorization");
                if (_AuthorizationSection == null)
                    throw new ArgumentException("Unable to locate the given Location element path in the specified web.config");
 
            }
        }
    }
    public void AddUserToPath(string userName, AuthorizationRuleAction action)
    {
        AuthorizationRule targetRule = null;
        foreach (AuthorizationRule authRule in _AuthorizationSection.Rules)
        {
            if (authRule.Action == action)
            {
                targetRule = authRule;
                break;
            }
        }
        // not fund , we add it.
        if (targetRule == null)
        {
            targetRule = new AuthorizationRule(action);
        }
 
        // add  the user
        if (!targetRule.Users.Contains(userName))
            targetRule.Users.Add(userName);
 
        LocationElementConfiguration.Save();
    }
    public void AddRoleToPath(string roleName, AuthorizationRuleAction action)
    {
        AuthorizationRule targetRule = null;
        foreach (AuthorizationRule authRule in _AuthorizationSection.Rules)
        {
            if (authRule.Action == action)
            {
                targetRule = authRule;
                break;
            }
        }
        // not found , we add it.
        if (targetRule == null)
        {
            targetRule = new AuthorizationRule(action);
        }
 
        // add the role
        if (!targetRule.Roles.Contains(roleName))
            targetRule.Roles.Add(roleName);
 
        LocationElementConfiguration.Save();
    }
    public void RemoveUserFromPath(string userName, AuthorizationRuleAction action)
    {
        AuthorizationRule targetRule = null;
        foreach (AuthorizationRule authRule in _AuthorizationSection.Rules)
        {
            if (authRule.Action == action)
            {
                targetRule = authRule;
                break;
            }
        }
        // not found, we do nothing
        if (targetRule == null)
        {
            return;
        }
 
        // remove the user
        if (targetRule.Users.Contains(userName))
            targetRule.Users.Remove(userName);
 
        // if the Rule has no more users/roles , we remove it.
        if (targetRule.Roles.Count == 0 || targetRule.Users.Count == 0)
            _AuthorizationSection.Rules.Remove(targetRule);
        
        LocationElementConfiguration.Save();
    }
    public void RemoveRoleFromPath(string roleName, AuthorizationRuleAction action)
    {
        AuthorizationRule targetRule = null;
        foreach (AuthorizationRule authRule in _AuthorizationSection.Rules)
        {
            if (authRule.Action == action)
            {
                targetRule = authRule;
                break;
            }
        }
        // not found , we do nothing
        if (targetRule == null)
        {
            return;
        }
 
        // remove the role
        if (targetRule.Roles.Contains(roleName))
            targetRule.Roles.Remove(roleName);
 
        // if the Rule has no more users/roles , we remove it.
        if (targetRule.Roles.Count == 0 || targetRule.Users.Count == 0)
            _AuthorizationSection.Rules.Remove(targetRule);
 
        LocationElementConfiguration.Save();
    }
}
 

Assuming that we have the following location elements in web.config file:

 <location path="admin">
  <system.web>
    <authorization>
      <allow users="user1" />
    </authorization>
  </system.web>
</location>
<location path="acct">
  <system.web>
    <authorization>
      <deny users="user1" />
        <allowroles="Accountants"/>
    </authorization>
  </system.web>
</location>
 

To add access to the administrators role on the admin path:

 LocationElementHelper helper = new LocationElementHelper("~/", "admin");
  helper.AddRoleToPath("administrators", AuthorizationRuleAction.Allow);
 

After executing the mentioned code, the admin location will become:

 <location path="admin">
  <system.web>
    <authorization>
      <allow users="user1" roles="administrators" />
    </authorization>
  </system.web>
</location>
 

Another example about removing the <deny users=”user1” /> from the acct.

  LocationElementHelper helper = new LocationElementHelper("~/", "acct");
        helper.RemoveUserFromPath("user1", AuthorizationRuleAction.Deny);
 

Hope that helps

Anas

Automatic creation of membership users and saving the result to csv file

Sat, 02 Jan 2010 19:13:00 GMT

While working with Membership and roles providers, you may need to create the users based on your data and give them a random password.For example, you may have a table with customers and you want to give each customer a user/password to login to your system.

You can manually create a user for each of your customers, but sometimes you will need to automate the process especially when :

You don’t want to enable public user registration.
You have a large set of customers ( or whatever type of stakeholders you have), and you don't want to create a user to each of them manually.

I just did an example which create a user for each customer (based on the customer id ), and then save all the generated users and their passwords in a csv file.

You may ask “why i need the csv file, i can go to the database and get the generated users”.The problem here is that by default the membership will store the passwords in hashed format and so you will not be able to know the actual password that was assigned to the user when calling Membership.GeneratePassword method.Of course,you can change the membership settings to store the passwords in clear format, this way you can go directly to the membership tables in your database.

The code that will create the users is simple:

 public void CreateUsers()

        //FileStream to the CSV file that will holds the genrated users

        //in this example, the csv file will be placed in app_data folder, but you may want to change that location...

        System.IO.FileStream fs = System.IO.File.Open(Server.MapPath("~/App_Data/users.csv"), System.IO.FileMode.OpenOrCreate);

        System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, Encoding.UTF8);

        // write the header of the csv file

        sw.WriteLine("Customer name,UserName,Password");

        List<Customer> customers = Customer.GetAllCustomers();

        foreach (Customer c in customers)

            string password = Membership.GeneratePassword(10, 3);

            MembershipCreateStatus status = new MembershipCreateStatus();

            string customerUserName = GetCustomerUserName(c);

            // you may need to generate the security questiomn/answer based on the customers data ?

            //or maybe disable the question/answer through mebership section in web.config and just pass null for both question and answer.

            MembershipUser muser = Membership.CreateUser(customerUserName, password, c.Email, "security question here", "security asnwer", true, out status);

            if (status == MembershipCreateStatus.Success)

                // add the user to customers role.

                Roles.AddUserToRole(muser.UserName, "customer");

                // write the created user to csv file

                sw.WriteLine(c.CustomerName + "," + muser.UserName + "," + password);

            else

                // write to output window to dispaly the failed user

                Debug.WriteLine("user creation failed for customer" + c.CustomerName + " reason: " + status.ToString());

        sw.Close();

        fs.Close();

    private string GetCustomerUserName(Customer c)

        // just consider the customerId as the username , you can use customername or whatever you want

        return c.CustomerId;

The customer class:

public class Customer

    public string CustomerId

        get;

        set;

    public string CustomerName

        get;

        set;

    public string Address

        get;

        set;

    public string Email

        get;

        set;

    public static List<Customer> GetAllCustomers()

        // for the sake of demonstration, we just return a dummy list of customers

        return new List<Customer>() {

            new Customer() { CustomerId = "c1", CustomerName = "cusomter 1", Address = "address 1",Email="Email@customer1company.com" },

            new Customer() { CustomerId = "c2", CustomerName = "cusomter 2", Address = "address 2",Email="Email@customer2company.com" },

            new Customer() { CustomerId = "c3", CustomerName = "cusomter 3", Address = "address 3" ,Email="Email@customer2company.com" },

};

Anas Ghanem

Programmatically Modifying the HyperLinks in the DataPager control

Thu, 08 Oct 2009 18:17:00 GMT

Hi,

As you know,the DataPager control can be used to Implement data paging in any data Control that implements the IPageableItemContainer interface.

For now,the only control that implements that interface(In .NET 3.5 sp1) is the ListView ASP.NET control.

By default the DataPager control will use the postback to pass the page index of the DataPager control.

However,the DataPager can be configured to use the QueryString to pass the PageIndex for the Paged control, this can be done by setting it’s “QueryStringField” property to the name of the Query string field that you want.

Developers may use the QueryStringField option to when they want to :

Implement outputCache for the ListView pages based on the QueryStringField,I explained this in this post.
Implement a more user and SEO friendly Urls by using Url Rewriting.

You can implement Url Rewriting in asp.net by using the new Routing features which were introduced in ASP.NET 3.5. You can also use the urlrewrite.net tool if you like.

But when you will need to modify the Generated Url in the page of DataPager control ?

When you use Url Rewriting, you will need to modify the Urls of the Pager HyperLink controls in a way that can work with your Url Rewriting scheme.
By default,the DataPager control will not include the SessionId in it’s HyperLinks when you use cookie less session mode.This of course will cause a session loss when you navigate through the ListView pages using the Pager

Technorati Tags: ListView,DataPager

links.You can fix that by using the Response.ApplyAppPathModifier function which will take the Url and correctly append the sessionId to it.

Modifying the HyperLink in the DataPager will only require to handle the ListView DataBound event and loop though the HyperLinks of the DataPager control:

 protected void ListView1_DataBound(object sender, EventArgs e)

        DataPager pager = ListView1.FindControl("DataPager1") as DataPager;

        // this check is important to avoid touching the Hyperlinks if the Pager doesn't configured to use Query string Field

        if (!string.IsNullOrEmpty( pager.QueryStringField))

            foreach (DataPagerFieldItem Pitem in pager.Controls)

                foreach (Control c in Pitem.Controls)

                    if (c is HyperLink)

                        HyperLink tmp = c as HyperLink;

                        tmp.NavigateUrl = "....";

Anas Ghanem.

Request.Browser.Version is returning 7 when browsing with IE8

Wed, 26 Aug 2009 18:19:00 GMT

Hi,

I noticed that some developers are getting the value 7 from Request.Browser.Version property when testing the page with IE8.

If you are one from those guys, then you are viewing the page in the IE8 “compatibility mode”.By using that mode, you are telling IE8 to behave as IE7.

Regards,

Anas Ghanem

Adding custom properties to the Membership user , what are the options?

Fri, 14 Aug 2009 18:21:00 GMT

One of a frequently asked questions is “how to add a custom columns/properties to the MembershipUser class?”.

Based on my experience , there are many ways to do that :

You can use the user profile services to store those custom properties, article [here].
Create a custom database table with a 1-1 relationship with the membership users table and handle the read/write operations on that custom table using ADO.NET or any other data access technology, article [here]
Create a custom MembershipUser that inherits the MembershipUser class and add the new properties.articles [here] and video.

But which method is the best for you ?

every method has proc/cons , i will list them all in the table below:

Storage method	Pros	Cons
User’s profile	Doesn’t require any additional code, just you need to declare the custom properties in web.config and you can then use the Profile class to read/write or manipulate these values	not suitable if you are going to display the user information via an external reporting tool like Reporting services.
Custom database table	Very flexible and can be displayed using any external reporting tool.	Needs more work to handle the data access code and write some helper classes to manipulate the custom user properties.
Custom MembershipUser and MembershipProvider	Cleaner,maintainable and flexible solution.Also integrates with the current Login controls.	It needs more more effort because it will requires to write custom membershipUser and MembershipProvider …

Getting the user Login date and time when using FormsAuthentication

Fri, 17 Jul 2009 18:23:00 GMT

Hi,

When you want to get the user login date/time you can follow one of the following ways :

Through the user Ticket:

Get the current ticket of the logged in user and through it’s IssueDate property , you will get what you are looking for :

if (HttpContext.Current.User.Identity is FormsIdentity)

            // get the identity of the user

            FormsIdentity identity = (FormsIdentity)HttpContext.Current.User.Identity;

            // if authenticated ,

            //get the login date/time which is exactly the same as the authentication ticket issue date.

            if (identity.IsAuthenticated)

                DateTime loginDate = identity.Ticket.IssueDate;

Through the membership Provider :

If you are using the Membership provider, you can get that user login date as follows:

 if (Request.IsAuthenticated)

            MembershipUser muser = Membership.GetUser();

            DateTime LoginDate = muser.LastLoginDate;

Do you have to migrate from .NET 2.0 Ajax extensions to .NET 3.5 Ajax ?

Sat, 11 Jul 2009 19:08:00 GMT

While i was reading the unanswered posts on the forms.asp.net, i came across a post that asks about whether we should migrate to .NET 3.5 Ajax or just stay using the .NET 2.0 Ajax extensions?

.NET 3.5 Ajax is better because it provided many additional features like script combining and Ajax history.Also,to be able to use the latest Ajax toolkit controls (like the HtmlEditor, Combobox and ColorPicker), you should be using .NET 3.5 Ajax features.

My advice is to migrate as soon as possible because by keeping your self with .NET 2.0, you may get more limitations in the future.

Migrating from .NET 2.0 to 3.5 may requires some little work.You have to take care of some breaking changes like the new “d” character(that will prefix the json serialized objects in .NET 3.5) .Also you will have to make some changes in the registered Ajax dlls versions to use the new 3.5 Ajax extensions dlls.And if you are using Ajax toolkit for .net 2 , you will have to replace that Ajax toolkit dll with the suitable Ajax toolkit version for .NET 3.5 .

The following are some resources on migrating your Ajax enabled sites/applications from .NET 2.0 to 3.5 :

Regards,

Anas Ghanem.

Applying custom styles for the GridView sorted Columns in .NET 4 beta1

Fri, 10 Jul 2009 19:09:00 GMT

Hi,

Before .NET 4 ,when the developer wants to provide a custom style for the column that is currently sorted (like adding “sort arrow” in the header of the sorted column) , the developer was have to handle the GridView sorted event and apply some custom styles to that column, see Scott Mitchell article for more information .

.NET 4 beta 1 introduced a new styling features which allows the developers to specify a custom style for the column that the data is sorted by.

The following are a list of the new GridView properties which can be used to apply custom styles for the sorted columns:

For more information , check the MSDN documentation [here].

Regards,

Anas Ghanem.

'System.Data.Entity.Design.AspNet.EntityDesignerBuildProvider' cannot be instantiated under a partially trusted security policy

Sat, 27 Jun 2009 19:12:00 GMT

Hi,

After finishing one of the websites that were developed using Entity framework , I published it to hosting company server.When i tried to open the newly published site, i got the following error:

Parser Error Message: Type 'System.Data.Entity.Design.AspNet.EntityDesignerBuildProvider' cannot be instantiated under a partially trusted security policy (AllowPartiallyTrustedCallersAttribute is not present on the target assembly).

After some investigation , I found that the mentioned error was caused by the following build Provider section that were placed in web.config by VS 2008:

The “EntityDesignerBuildProvider” class is contained in System.Data.Entity.Design.dll which does not have the AllowPartiallyTrustedCallersAttribute and so any call to it in the partial trust will fail.

when i removed the mentioned “buildProviders” section and refreshed the site, i got the following error:

The specified default EntityContainer name 'entity model name here' could not be found in the mapping and metadata information.
Parameter name: defaultContainerName.

After that i started to think that removing the mentioned section prevented the complier from compiling the entity model.

I think the problem is that since i didn’t precompiled the website and just copied it to the hosting server(using “copy website” option), the runtime will try to compile it dynamically (including the entity model “edmx" file) hence the first mentioned error will occur.

many solutions comes to my head, like pre-compiling the website to avoid dynamic compilations on the hosting server, or just moving the entity model from App_code to a separate class library project which allow me to only build the class library project and publish the dll to the website Bin directory.

precompiling the website wasn’t an option for me because i know that i still need to apply partial updates to it and so i can’t re-upload the whole stuff every time i change something in the website.

So i selected the second solution.I goes a head and moved the entity model file “edmx” from the website App_Code to a separate class library project.then compiled entity model project and added it’s resulted dll to the website Bin directory.

Problem solved :)

Hope that help you !

Entity Framework:What’s new in .NET 4 and VS 2010

Fri, 22 May 2009 13:15:00 GMT

For the list of updates and enhancements , checkout this post from ADO.NET team.

Displaying the text that was originally stored using multi line TextBox

Tue, 14 Apr 2009 19:14:00 GMT

One common problem that face the developers is that when they store a text using Multiline text box ,and try to dispaly that text using the label ( or any other control) on the form, they will find that the line breaks and spaces is not being rendered with in the text.

This is because the line break character in text box text is the .NET newline character which is “\n” or Envirnment.NewLine,and the same for the space which is “\t”.And since the browsers can’t understand those characters,they will not displayed in the rendered text. hence the rendered text will look messy.

One simple solution is to replace those characters with there equivalent html tags that can be understood by the browsers.

So the “\n” can be replaced by “<br/>” and the “\t” with “   ” ( three space characters in html).

The .NET code for this could be :

  string OrginalTextFromDataBase=TextBox1.Text;        
  Label1.Text = OrginalTextFromDataBase.Replace("\n", "<br/>").Replace("\t","&nbsp;&nbsp;&nbsp;");

So, you don’t have to worry about the stored text , just format it correctly when you want to dispaly it as html.

Note:If you want to dispaly the text in the textbox for further editing , then there is no need to replace those characters because the textbox control will recognize them.

Anas Ghanem

Microsoft Free Web Platform Installer (WEB PI)

Mon, 13 Apr 2009 23:05:18 GMT

Web platform installer is a small application that allow you to stay update to date with the latest .NET tools,updates and additions that is being added to the framework.Developers may not have enough time to search and read the latest releases and updates.And so the purpose of this tool is to server as a “single-place” for the developers to check the last updates and new releases that is related to .NET and Microsoft tools in generals.

So what you have to do is to install the “WEB PI” software and when you want to check the latest updates,tools and other stuff, you just need to open it and it will automatically update itself and show you the latest additions and tools.

There is currently two versions from the software :

Version 1 : which provide the mentioned things.
Version 2( Beta): In addition to those things, this version also includes the popular open source asp.net projects(like DNN,Blog engine, ….) and also the PHP popular projects like(word press,wiki media …) which allow you to stay update with the latest updates and the latest releases of these projects.

Hope it helps.

Did you know that there is a VS 2008 sp1 Offline installer

Mon, 13 Apr 2009 19:17:00 GMT

Hi,

If you tried to install VS 2008 , you will notice the the download button will install a small exe file which will connect to Microsoft servers to install the sp1 using online mode.

What i didn’t noticed is that there is a small note in the download page which is under the instructions sections(one of my friends told me about it) , the note is :

“Note: this service pack is also available in .iso format.”

Which means that you can download the service pack as offline copy from the SP1 installer so that you don’t have to install the SP from the internet every time you need it.Also i find that the offline installer is more practical because my internet connection is not stable.

Hope it help someone.

Birzeit university - Practical ASP.Net development session

Fri, 10 Apr 2009 19:22:00 GMT

Hi everyone.

This will provide some information's about my second session in birzeit university.

We announced for that session at PalDev.NET announcements page .The session was held on Saturday, April 4, 2009 and was from 11:00 to 12:00 AM. During the session , i used the various asp.net features to build a fully workable website.I used the Master pages,Login controls, data controls and VS 2008 to build the site.

The attendees was very Excited when they saw the power features of asp.net and VS 2008.

This session was held as an activity of PalDev.NET community, we in PalDev.Net promise to give more advanced topics about the latest asp.net technologies.

I attached the presentation slides.

Best regards,

Anas Ghanem.

Session 2.pptx (198.64 kb)