ASP .NET

Data Cache from Classic ASP to ASP.NET {3}

by Antonio M
This article talks about Data Caching and the different kinds of caching techniques that a
web developer can use. In a nut shell caching is when data is stored “in memory for quick
access”. When data is cached the demand on the web server along with its resources are
decreased to allow for faster access to a web page. Caching is also used to retain the pages
and data across a HTTP request and has the ability to be reused. The author also talked about
the differences of Classic ASP and ASP.NET 2.0 (during the time of this article). In classic
ASP.Net there wasn’t anything as sophisticated as the ability to cache data using the catching
API in as in ASP.NET. The way that classic ASP would cache its data is through the use of
session, application and cookie objects. Cookie objects are stored in a  users browser and
are about 4,096 bytes containing only string information. The problem with this is that some
user can configure their browsers to no accept cookies. Session variables are also used to
cache info, each session variable is specific to a particular user. The disadvantage with this
is the same as cookies, the users browser must be configured to accept them. As for application
variables, they can be used globally for the entire web application. As for caching in ASP.NET 2.0
it still supports the ability to cache through using cookies, session and application variables but
now their is a data cache API. With this new API if server memory becomes scarce data that has
been cached can be removed to free up space and cache dependencies can be assigned. The author
further shows examples of you can use the Cache API in web applications to further enhance a users
experience. read more...

Things to know about Web.Config inheritance and Overrides in ASP.NET {1}

by Davina V
Galloway gives readers tips regarding that curious thing in Visual Studio that says web.config whenever you start a new blank web page. Tip 1 is about  using the config in subfolders and the laws of inheritance. In this case parent config are that aren’t over written are general and the child configs are generally small. Tip 2 says to understand how Web.config inherits its settings, a simplified version is explained on his webpage boils down to that the web configuration is actually inheritance from some of the settings at the server level. Which makes some things more easier like reading the files and overwriting when needed. His other tips were very informative and some did no go into web.config but more into inheritance and override like tips 4 through 6.  He has some other details that he did not explain fully in his blog for the purpose is to understand how to use configuration changes on a more basic level. read more...

ASP.NET Web Forms versus MVC Framework {Comments Off on ASP.NET Web Forms versus MVC Framework}

by Han C

Web developers have a choice between using ASP.NET Web Forms or ASP.NET Model-View-Controller. ASP.NET Web Forms is an older but faithful option for developers to work with in creating websites. The Model-View-Controller is essentially a newer way for developers to structure their design patterns by dividing an application up into more concise areas of focus. The article talks about the popularity and adoption of the MVC framework in IT organizations and the impact on Microsoft’s ASP.NET development platform. As usual, companies must take into consideration the costs associated with startup costs but benefits for developers start with the power of flexibility. For example, flexibility to enable development “of pure Ajax solutions without typing .a. site to a specific commercial framework. What this means is that instead of having to deal with a “thick abstraction layer built on top of Web Forms (view state, server controls, page controllers, event based page life cycle)”, MVC permits developers to build more interactive and responsive applications with components they are comfortable with such as Ajax. Furthermore, it allows programmers to have more control over the code they write. read more...

Amazon Web Services Announces New ASP.Net Services For Developers Worldwide {Comments Off on Amazon Web Services Announces New ASP.Net Services For Developers Worldwide}

by Toan T
This article simply talks about what Amazon has recently announced about their implementation of a new service for Windows developers along with the launch of their new database services for Microsoft SQL Server and ASP.Net support of their proprietary cloud service known as Elastic Beanstalk. Amazon RDS purpose is to remove the complexity of deploying and managing databases and makes it much more simple and easier for developers to set up and operate relational databases by only managing administration tasks because developers can now just upload their application and Elastic Beanstalk will automatically handles the deployment operations. Elastic Beanstalk is also built upon ISS 7.5 software stack so existing ASP.Net applications can easily be deployed with very minimal changes in the code which saves time and money. Elastic Beanstalk is free for everyone which other premium features that customers can choose pay for it if they need to. It is also very easy to get started, AWS simply has it own toolkit that will work with Visual Studio or AWS Management Console. read more...

ASP.NET DoS Vulnerability {2}

by Alexander H
There has been controversy over recently a discovered vulnerability in Microsoft’s ASP.NET Web development platform. A new exploit code has emerged and been published online, increasing the risk of potential attacks on users. The patched denial-of-service (DoS) vulnerability was first announced last December at the Chaos Communication Congress, Europe’s largest and oldest hacker conference. “This vulnerability could allow an anonymous attacker to efficiently consume all CPU resources on a web server or even on a cluster of web servers” (Constantin). In ASP.NET, a single specially crafted 100kb HTTP request can consume anywhere upwards of 100% for one CPU core ranging from 1-2 minutes. An attacker can also repeatedly issue such requests on the server, causing CPU performance to diminish substantially, causing a denial of service condition for even multi-core servers. Recently, an anonymous hacker who goes by the name of HybrisDisaster, published a proof-of-concept exploitation for the ASP.NET vulnerability online. He encourages users to download it, use it how they see fit and spread it. With the high likelihood of someone releasing attack code for this DoS vulnerability played a significant role in Microsoft’s decision to release an out-of-band patch. It is highly recommended that Webmasters that use ASP.NET Web applications immediately deploy the Microsoft patches, which also address other ASP.NET vulnerabilities. read more...

ASP.NET DoS Vulnerability {1}

by Mike Y
Microsoft’s ASP.NET web development platform had its vulnerability, CVE-2011-3414, patched. The “vulnerability could allow an anonymous attacker to efficiently consume all CPU resources on a web server, or even on a cluster of web servers,” according to Suha Can and Jonathan Ness, who are Microsoft Security Response Center engineers. An anonymous user, HybrisDisaster, “published a proof-of-concept (PoC) exploit for the ASP.NET vulnerability on GitHub.” read more...

ASP.Net upgrades for Mobile {Comments Off on ASP.Net upgrades for Mobile}

by Robert L
Microsoft is upgrading its ASP.Net MVC software, adding mobile Web functionalty and capabilities for building Web applications that load faster, a company official said. ASP.Net MVC 4 Beta was released earlie. ASP.Net MVC enables development of Web applications via the popular Model-View-Controller architectural pattern. The beta release will be built into the beta version of Visual Studio 11/Net Framework 4.5, due to be released. read more...

Hacker Proof ASP.NET Applications with SecurityChecker 1.0 {2}

by Antonio M
The author of this article talks about a Microsoft plug-in called SecurityChecker 1.0 by
Compuware’s DevPartner. This plugin pretty much verify your source-code, a run-time analysis
and integrity checking. This particular plug-in is for Microsoft Visual Studio .Net 2003
at the time. The way this plug-in works is it can make a “discovery map” of all your web pages
and connect them similar to a spider-web. Once the discovery map has been made there are
three security tests that can be run. The first test is an analysis of the actual source-code
which the user can select over 300 pre-selected rules to test for with in the source-code.
Their are 4 primary languages that can be tested and they include C#, Visual Basic.NET, ASP.NET
and HTML. Once your source checking has been completed you will get a list of errors ranked
by based on the error severity. There is also the ability to get a detailed explanation of
each error and as well as its solution. The second test is an analysis that is done during
run-time. During this test the plug-in will look for an excessive use of process privilege,
access to privileged files, incorrect use of the system registry and any operational problems.
These errors will also be shown up on a listed report similar to that of the source-code analyses.
On the third test, which is an Integrity analysis, this will test the applications overall
security. In doing so it will pretty much try to atomattically hack your application.
It does this by entering multiple SQL injections, cross-scripting attacks and buffer overflows.
It can also verify any of your error messages that you have made for you application. All of these
errors during integrity analysis is of course put in a list just like the previous reports.
There are of course some downside or new features that can be implemented with this plug-in and
that is it can not run all three tests simultaneously at the same time. If they were to ever
come out with a new upgrade they should try to implement this new feature. Not to mention their
is a pretty big price to pay to use such a feature. It costs about “$12,000 per concurrent user”.
To sum it all up, the author explains how it is a really useful plug-in and is highly configurable
and how it is a very good security analysis engine for ASP.NET applications. read more...

ASP.net… a must in education! {Comments Off on ASP.net… a must in education!}

by Evin C
Having just began our journies into ASP.net and Visual Basic framework, it’s still amazing that we have the opportunity to learn these skills and apply them to our futures. The article I have found this week shares a view on incorporating ASP.net into Information Systems Curriculum. The author points out, “Information systems curriculums should accommodate both the traditional mainframe as well as the Internet client/server environments to best serve their graduates and the information technology field. With the increasing importance of the Internet in the communications, commerce, and entertainment sectors, academic institutions should incorporate bridging software, such as ASP.NET and the IDE Visual Studio, and expand their curriculum to allow for the integration of Internet client/server technologies and traditional mainframe technologies.” Going on to explain the capabilities of ASP.net and the application of the resource, it only further shows just why our university offers this course. It goes to point out that we might need to incorporate even more information into our programs and that might be what we need as students. The information technology world is so rapidly changing that having a good foundation in most aspects of technology would prove extremely useful. read more...

How Secure is the Information when Passing Between ASP and ASP.NET? {6}

by Jamal A
The article I read talks about how user can transfer information between systems using ASP.NET in multiple ways; however, many are complicated, or insecure. For example, many data transfer methods pass information in plain text, which makes the data vulnerable to both interceptions. However, some methods were introduced in this article that interact with data used in both ASP and ASP.NET applications. According to the author, developer can achieve this by using the same methods of encrypting and data-packaging in ASP.NET as in classic ASP in other words, by calling .NET code via COM from classic ASP pages. The article further explained, how ASP and ASP.NET data sharing works. According to the article, there are two most common ways to transfer data in an ASP/ASP.NET. The first is a system in which servers transfer data based on a key provided by clients. This unique key identifier allows the two servers to contact each other directly and exchange the necessary information. However, the way second method was explained in this article was slightly difficult to comprehend. It says that instead of passing a unique token through the client, the data itself will be encrypted and transferred via the client to its destination server. Which was slightly unclear for me to fully understand how? However, the article explained that DataManager. DLL is the central part of this type of application that manages the setting and encryption of key value pairs. The article further explained that the Inside of the DataManager.dll file, the Encryption class contains all the methods needed to encrypt data that will be transferred via the client. read more...