Sunday, April 30, 2006

Microsoft Office Open XML Format

Microsoft “Office 12” the new version office will introduce new default XML file formats for Microsoft Office Word word processing, Excel spreadsheet, and PowerPoint presentation graphics programs, and will change the way developers can approach solutions based on Office documents.The new Microsoft Office Open XML Formats introduce a number of benefits like interoperable , robust , efficient ,secured that will accrue not only to developers and the solutions they build, but also to individual users and organizations of all sizes.

Here is a nice place to find resources about open xml format document
http://openxmldeveloper.org/

Saturday, April 29, 2006

Asp.Net 2.0 Tips&Tricks

1. App_offline.htm
It Enables you to gracefully take a server application “offline” for maintenance.It is very much useful when making big changes/upgrades.This feature can be enabled by adding a “app_offline.htm” file at the root of an applicationwhich causes ASP.NET app to shutdown and causes all dynamic requests to return app_offline.htm file contents

Tip: Make sure the app_offline.htm file is large enough (512 bytes) to disable the IE “friendly http errors” feature

2.Cross Page Post-backs
In asp.net 2.0 you can directly postback to another page from a server contro.You can do it by using “PostBackUrl” property .It can be declaratively or programmatically set.Another advantage is that Postback “target page” has full access to server controls for “originating page”.You can access controls via “Page.PreviousPage” property

3.Validation Groups
It Enable validation controls to only apply in response to a specific button/action by the use of “ValidationGroup” property

4.MaintainScrollBackPosition
It enable pages to automatically maintain the current scroll position across postbacks by using the following page directive attribute

5.Default Button
It Enable developers to identify default button behavior when the “enter” key is hit .It Can be set on control to identify default for the form.it Can also be set on control to override form behavior when an input control has focus in the browser

6.Default Focus.
It enable developers to identify default focus behavior when page is loaded .It can an be set on control to identify default for the form .it an also be programmatically set:
Page.SetFocus(control)TextBox.Focus()

7.SetFocusOnError
It enable developers to force focus on a control when a validation error occurs by setting as a property on the validation control

8.Client Script Handlers
In Asp.net 2.0 new features called client side script handler is introduce to wtite events on both clien and server site.

9.Web.Config Registration of Controls
Server controls can now be registered within web.config files instead of on every page

10.CSS Control Adapters
ASP.NET 2.0 supports a “control adapter” architecture that allows developers to customize and override rendering semanticsEg: use CSS instead of tables/inline-styles.It can be enabled by adding a .browser file within /app_browsers directory that maps a control to a control-adapter class

Analyze your .NET code using NDepend

NDepend is a free tool taht analyses .NET assemblies of an application and generates reports containing design quality metrics, warnings and diagrams.This tool also provides a graphical view of the analysis report.It supports code query language(CQL) to write the code quality constraint,code naming constraint,design constraint etc.It provides Application Metric,Assembly Metric,Assembly Abstracness vs. Instability,Assembly Dependency Diagram,Assembly build order and much more informations about the assembly.
You can download it from following URL.

Tuesday, April 25, 2006

Threat Analysis & Modeling

Application Security is very important for all the Applications .So it is a good idea to analyze the threats to the application at the design phase of the application.Recently Microsft has released a Threat Analysis & Modeling tool which can be used to analyze and model the threats in various phase of your software development life cycle.

Creating a threat model using the Microsoft Application Security Threat Analysis & Modeling tool is a three-phase process. First, you define your application context. Second, you model your threats on top of your application context. Third, you measure the risk that is associated with each threat. Once you have completed these phases, you can assimilate your threat models through analytics, visualizations, and reports.

The Threat Analysis & Modeling tool automatically generates potential threats to your software application, based solely on known information that you provide. The Threat Analysis & Modeling tool also has the capability to assimilate the information you provide to build security artifacts such as access control matrices, data flow and trust flow diagrams, and focused, customizable reports.

You can download it from Microsoft MSDN security center and try it .

Monday, April 24, 2006

Highway Code: The drive for safer coding!

Do you want to write safer code ? Do you want to build a secured Application using .NET platform ? Here is the book that gives you the checklists to check while developing a secured Application and also lot more about security.

Download it from following URL.
http://www.microsoft.com/uk/msdn/security/dev_highway.mspx

Tuesday, April 18, 2006

What is the difference between Asp.Net 1.1 and 2.0 Paging Model ?

There is a mojor difference between asp.net 2.0 and 1.1 paging model. In 2.0 the aspx markup file and code beside class compiles at same time due to the nice feature partial class.The compilation model produces a comfortable coupling between the declarative markup and the class in the code-beside file. This is ‘vertical coupling’.

In 1.1 there is unwanted coupling between types in the code-behind files. This is ‘horizontal coupling’. Instead of using a layer of indirection, like an interface, base class, delegate, or event, types in the code-behind files can reference each other directly and produce brittle code.

So definitely 2.0 compilation model is better thean 1.1 compilation model.

Microsoft has released Web application project Add-ons same like that in ASp.NET 1.1.Please check y previous post.

HTML spell checker add-on to Visual Studio

Do you want to check spell in your Asp.Net HTML editor .Visit following url and and download the Add on.Spell checker works in Source view.It is able to extract text from markup elements and use Office 2003 spell checker to check the text.You can also configure it check for specific elements .

http://blogs.msdn.com/mikhailarkhipov/archive/2006/04/17/577471.aspx

Monday, April 17, 2006

Are you missing Asp.Net Web Application in 2.0 ?

In Asp.Net 2.0 the ASP.Net web application has been replaced by asp.net website.But still we are missing the web project that was available in VS.Net 1.1 .But good news is that microsoft has released the Web Application project add-in for 2.0 with new features.

Download it from following URL and try it today.
http://msdn.microsoft.com/vstudio/default.aspx?pull=/library/en-us/dnvs05/html/WAP.asp

Sunday, April 16, 2006

Membership Provider source code released

The source code for the built-in providers for ASP.NET 2.0 has now been released. Learn how they were built, and how to create your own providers

Please visit following link to see more details.
http://weblogs.asp.net/scottgu/archive/2006/04/13/442772.aspx

Tuesday, April 04, 2006

why we need to switch into VS.NET 2005?

Have a look at 400 difference..A nice animated site...

http://www.400plusdifferences.com/

Monday, April 03, 2006

Microsoft Application Verifier

The Microsoft® Application Verifier (AppVerifier) is a runtime verification tool for unmanaged code that assists in finding subtle programming errors, security issues and limited user account privilege problems that can be difficult to identify with normal application testing techniques.

To Know more about Microsoft Application verifier visit following URL..

http://msdn.microsoft.com/security/default.aspx?pull=/library/en-us/dnsecure/html/appverifier_sdl.asp
http://www.microsoft.com/technet/prodtechnol/windows/appcompatibility/appverifier.mspx

You can download this tool from following URL.
http://www.microsoft.com/downloads/details.aspx?FamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&DisplayLang=en

Sunday, April 02, 2006

Cross Site Scripting

Cross-site scripting is a potentially dangerous security exposure that should be considered when designing a secure Web-based application

Coss-site scripting poses server application risks that include, but are not limited to, the following:
  • Users can unknowingly execute malicious scripts when viewing dynamically generated pages based on content provided by an attacker.
  • An attacker can take over the user session before the user's session cookie expires.
  • An attacker can connect users to a malicious server of the attacker's choice.
  • An attacker who can convince a user to access a URL supplied by the attacker could cause script or HTML of the attacker's choice to be executed in the user's browser.
  • Using this technique, an attacker can take actions with the privileges of the user who accessed the URL, such as issuing queries on the underlying SQL databases and viewing the results and to exploit the known faulty implementations on the target system.

To know more about Cross site scripting visit following URL

http://www.cgisecurity.com/articles/xss-faq.shtml

Microsoft has realeased a anti-cross site scripting Library which can be used to provide comprehensive protection to Web-based applications against Cross-Site Scripting (XSS) attacks.

It can be downloaded from following link

http://www.microsoft.com/downloads/details.aspx?FamilyID=9A2B9C92-7AD9-496C-9A89-AF08DE2E5982&displaylang=en