Showing posts from August, 2010

User Saved Safe URL without security risks

Often there is a need to have a url like: https://myhost/AccountStatement.aspx?accountId=0392342&Date=20111109 Unfortunately this opens a security risk. The https protects the page contents but not the URL. The URL is sent as open text. The above URL tempts hackers that may also be users of the system to try enumerating various accountId in the hope that someone has forgotten to check the access permission against the user for each account (A naive assumption is that you don’t know the account number unless you are the owner…).   One solution is to put put the data in a post back and thus take it off the URL line – unfortunately it is not friendly because it prevents a user from saving the URL for quick reference.  You can have both friendly and secure by encrypting the arguments.   If you use a Membership Provider you have a key that you can use for encrypting, using the user name or host name results in a second key so you can now well encrypt the URL Parameters. I us

A Generic GetProperty

Bill from shipped me a generic version of the code that I forgot initially on my prior post. Here it is.   You need to include: Code Snippet using System; using System.ComponentModel; The code Code Snippet /// <summary>      /// Gets the property value.      /// </summary>      /// <typeparam name="T"> The type of the property value to get. </typeparam>      /// <param name="dataItem"> The data item. </param>      /// <param name="field"> The field. </param>      /// <param name="defaultValue"> The default value. </param>      /// <returns> The property value. </returns>      public static T GetProperty<T>( this object dataItem, string field, T defaultValue = default (T))     {        if (dataItem == null )       {          throw new ArgumentNullException ( "dataItem" );       }      

Adding a DataDefaultField to a DropDownList

At times you want to return the default to show in an asp:DropDownList from the DataSource. Normally you have only two items: DataTextField DataValueField. I will illustrate how you can add and use a DataDefaultField (boolean) to select a specific item without needing to do any C# in the page.   The steps are: Create a class that inherits from DropDownList Add in two private variable, defaultValue, isPostBack Code Snippet public class DropDownList : System.Web.UI.WebControls. DropDownList {    private string defaultValue;    private bool isPostback ; Do an override as shown below to detect PostBacks Code Snippet protected override void RaisePostDataChangedEvent()  {    isPostback = true ;     base .RaisePostDataChangedEvent();  } Add a new Property Code Snippet public virtual string DataDefaultField { get ; set ; } Add another override (this picks up the (last) default

Time to figure out your Christmas List Wish…

There are trial (fully functional) versions of software that I would recommend at: Typically 30 days. In your spare time you may wish to try - UML, Diagramming (Beats Visio), Sequence diagrams, State diagrams, Importing of code (JAVA,C#, SQL) etc. "Rationale Rose" at 1% of the per seat price... C# code analysis C#   (FREEWARE Version available) C#   C# C# You may wish to download, install and "use the beegeeves out of each for 30 days" and then send summary to your significant others…. It is good to get your Christmas Wish List in early,,,,

Linq DateTime.UtcNow and SQL DateTime Datatype

Recently I have being using SQLMetal that generates dbml and the backing code. I encountered a problem that was obtuse, apparently good code was failing to execute. The message from Linq was "Row not found or changed".   Launching SQL Profiler showed me the SQL   exec sp_executesql N ' UPDATE [WebApp].[OperationInfo] SET [WorkflowResultsID] = @p8 WHERE ([MachineVersionID] = @p0) AND ([OperationID] = @p1) AND ([ExecutionDate] = @p2) AND ([OperationType] = @p3) AND ([WorkflowResultsID] IS NULL) AND ([ConfigurationResultsID] IS NULL) AND ([SequenceResultsID] IS NULL) AND ([ExecutionGuids] IS NULL) AND ([WorkRequestID] IS NULL) AND ([LastStep] = @p4) AND ([TrafficRuleCommitStatus] = @p5) AND ([CreatedUTC] = @p6) AND ([LastModifiedUTC] = @p7) ' , N ' @p0 bigint,@p1 bigint,@p2 datetime,@p3 smallint,@p4 varchar(12),@p5 smallint,@p6 datetime,@p7 datetime,@p8 bigint ' , @p0 = 1 , @p1 = 6 , @p2 = ' 2010-08-05 09:56:47.2470000 ' , @p3 = 1 , @p4 =