ASP .NET Archive

.NET Framework Upgrade

by Mike Y

Microsoft upgraded their .Net Framework and Visual Studio. The upgrade should “‘significantly increase’ scalability of .Net applications for both client and server.” It will allow for applications to be 10 to 20 times larger than they used to be. It also adds extra features including “ASP.Net Dynamic Data. Dynamic Data allows developers to build a data model using Language Integrated Query, the ADO.Net Entity Framework, or LINQ to SQL.” The updated client side’s application’s load time will decrease by up to 45%. read more...

A Rise in SQL Injections in ASP.Net Websites

by Toan T
The article that I read talks about how there is report of spikes in mass SQL injection attacks in web applications especially sites that use ASP, ASP.Net and MS-SQL. These attacks are different from what seen in the past. Instead of seeking to extract data from commerce sites, these attacks are automated and can drop malicious code on the the website that it is attacking. This type of attack is also known as XSS or cross-site scripting attack. A research from Trustwave SpiderLabs describe it as “using SQL injection on the front end to inject in JavaScript code that results in sending regular users to a Web page that’s dynamically created based on different database components, pulling in malicious JavaScript into the browser that redirects to a malware site.” Hackers have now found a new way to infiltrate web site by targeting HTML tags that were dynamically create and then prepend a closing title HTML tag so when the tag gets into the browser, it will cleanly close the title content that was already there and inject from behind to execute the javascript. read more...

Insight to Namespaces

by Bernard T
This week’s blog’s assignment gave us a choice between several topics; I chose to do mine on Namespaces, more specifically .NET Namespaces. Namespaces, the article mentioned enables users to group logically related classes together but points out that classes are not required to be provided to use a Namespace. Namespaces are a collection of objects, each containing different sets of objects grouped according to their functionality. Advantages of Namespaces include preventing naming collisions; this means that if for example two or more companies produce a component with the same name, Namespaces will provide a way to distinguish them from each other. Namespaces also has the added benefit of making it easier to understand the purpose of a given class, grouping your classes that manipulate images together for example into a System.Drawing namespace makes it easier to remember what and where the classes are. The article gave numerous examples of Namespaces; System.Data is one that contains all the classes needed to interact with data sources and without it, it would be impossible for .NET to function compatibly with Active X Data Objects for .NET. The article also pointed out however, that some Namespaces are automatically imported into ASP.NET. read more...

AWS easier for developers.

by Gerardgon Z
This article talks about Amazon Web Services making it a lot easier for ASP.NET to roll out cloud-based applications for their cloud service. Elastic Beanstalk allows for easy and care free deployment of new ASP.NET applications onto Amazon’s cloud service. This allows developers to focus more of their time on actually developing their applications instead of worrying about the cloud infrastructure and its deployment and cloud environment. read more...

ASP.NET Makes Data Binding More Flexible!

by Jamal A
The article I read talks about the upcoming versions of Microsoft Web development tools, ASP.NET which makes data binding more flexible.  However, before the end of the year, Web developers will have a new version of Visual Studio (11), ASP.NET (4.5) and ASP.NET MVC (4). The author talks about what’s new in ASP.NET, followed by new features in ASP.NET MVC.  According to the article, In ASP.NET 4.5, one of the first things you’ll notice if you use the Web Application template project is that the content for the default.aspx page is now completely useless. However, the default login and change password pages are useful and the default master page is relatively innocuous. The good news is that Visual Studio 11 IntelliSense supports the new HTML5 tags out of the box. The new default.aspx page includes section tags, for instance, and IntelliSense shows that the related header, footer and article tags are also known to Visual Studio. These new tags mean you can stop using <span> and <div> tags with Cascading Style Sheet (CSS) classes to structure related elements on your page, and use tags dedicated to that task. ASP.NET 4.5 adds a new property called ItemType to DataView controls, which you can set to the name of some class in your application. Once you do that, the syntax for data binding not only gets simpler but you also get IntelliSense support for the data item to which you’re binding. read more...

Amazon Web Services Aides Developers

by Alexander H
Amazon Web Services (AWS) has recently released Elastic Beanstalk, which has been developed to assist ASP.NET developers in implementing cloud-based applications. Developers can upload their ASP.NET applications to AWS’s cloud using the AWS toolkit for Visual Studio, and Elastic Beanstalk will then automatically deploy details such as capacity provisioning, load balancing, auto-scaling and application health monitoring. In order to enable these features, developers must first install the Visual Studio toolkit, as well as sign up for an AWS account. Although there are no additional charges for using Elastic Beanstalk, enterprises still have to pay for the AWS resources needed to store data and run their applications. There are even trial versions of the toolkit available for users who are interested in acquiring the tool for development purposes. read more...

ASP.NET DoS Vulnerability

by Quoc L
A recently discover vulnerability within the ASP coding that let hacker overload the CPU core with HTTP request.  By sending in specially coded  ~100kb HTTP request, it will consume 100% of the core processing power. Sending those in multiples time can easy cog up server resources. This exploit was first identified at the Chaos Communication Congress, called CVE-2011-3414. Later on a user on GitHub(open source community) called HybirsDisaster release actual poof of this exploit. read more...

Your Choice of Which is Better!

by Jasmine C
Why do developers think it’s better to use ASP.NET MVC? Well, even though MVC provides developers with goodies, ASP.NET Forms may still be useful to some developers. Why is it that ASP.NET MVC was created in the first place?  Well according to the article I read, from the time period that ASP.NET Forms was released to when ASP.NET MVC was released, MVC addressed the technical and business changes that were occurring in that time period between the two release dates.  Even though ASP.NET MVC makes sites easier to test, easy to modify and much more, both ASP.NET MVC and ASP.NET Forms contain the same core functions.  The article also talks about ASP.NET MVC offers developers total control over HTML and the interaction with inline JavaScript is cleaner.  When ASP.NET Forms was first release, developers were shielded from the dirty details of HTML so this control allows developers to comfortably build Ajax applications and give existing apps more responsiveness and interactivity.  Another great thing about ASP.NET MVC is that Web standard compliance is easier and since the Web is always evolving, this is a great asset for developers.  All in all, even though the use of ASP.NET Forms is still acceptable in today’s society, ASP.NET MVC allows for a cleaner more testable code with added benefits and thus should be used once ASP.NET Forms no longer services you, as the developer, at the level you’re used to. read more... & SQL Injection Exploits… Again?

by Evin C
According to an article presented late last year, hackers of the world are attempting to use a technique referred to as “SQL Injection” on Microsoft’s ASP.Net platform. The troubling thing is, they have been wildly successful. The author states, “About 180,000 pages have been affected so far, security researchers say ‘attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: and www2.safetosecurity.rrnu.’” Using this technique they have been able to exploit this iframe and attempt to plant malware on visiting PC’s via “a number of browser drive-by exploits”. Having seen a trend in the exploitation of SQL Injection, Microsoft has released information to programmers on how to protect again such attacks since at least 2005 and the attacks continue to occur. read more...

Authorization Service for Web Services

by David H
The article that I found this week talked about the design issues for an authorization framework for Web Services. In the article, the author also emphasizes the features that required for authorization policy language for Web Services. In the design for authorization, the author addresses that there are some fundamental issue that we need to take into consideration. First step that we need to do is choose what types of information that used in the decision making process. It goes from static and generic information to specific information then to dynamic and specific information. These range was depend on system state. The second steps that we need to consider is the class of authorization policies that need to support in the Web Services architectures. The range is from identity based to role based to delegation to joint action then to dynamic separation of duty. Depend on types of information there can be different places which checks need to be performed by different authorities. For policy language features, the author mentions that using XML technology with own namespace and schemas it will help in a heterogeneous environment of We Service. For standard specifications, the author mentions that XML have encryption and signature. read more...