Hello world!

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

Posted in Uncategorized | 1 Comment

Infragistics grid – Part 2

Continuing my learning of the Xamdatagrid, there was a requirement to deferentially color all the cells based on the column values. The requirement stated that all the values below 1.0 will be in Green and all the values above 1.0 will be red. Also based on the range of values we used differential shades of red and green to differntiate the values.
 
Here is the IValueConverter that was used to create the color for the cells
 public class CellColorConverter : IValueConverter
    {        
        public object Convert(object value, Type targetType, object parameter, System.Globalization.CultureInfo culture)
        {
            if (value != null && value.ToString() != "Text")
            {
                double valueObj = System.Convert.ToDouble(value);
                string colorString = string.Empty;
                if (valueObj < 1.0)
                {
                    colorString = colorScale(valueObj, 0.01, "339900", 0.98, "33CC99");
                    return new SolidColorBrush((Color)ColorConverter.ConvertFromString(colorString));
                }
                else
                {
                    colorString = colorScale(valueObj, 1, "FFCCFF", 1.9, "FF9999");
                    return new SolidColorBrush((Color)ColorConverter.ConvertFromString(colorString));
                }
              
              
            }
            return new SolidColorBrush((Color)ColorConverter.ConvertFromString("#FFFFFF"));
       
        }
        public object ConvertBack(object value, Type targetTypes, object parameter, System.Globalization.CultureInfo culture)
        {
            throw new NotImplementedException();
        }
        private string colorScale(double value,double minValue, string minColor,double maxValue,string maxColor)
        {
            double scaleValue, r, g, b;
         byte  minR, minG, minB;
         byte  maxR, maxG, maxB;
            int pos = 0;
            if (value < minValue)
                value = minValue;
            if (value > maxValue || value == double.PositiveInfinity)
                value = maxValue;
         scaleValue = (value – minValue) / (maxValue – minValue);
              minR = System.Convert.ToByte(minColor.Substring(pos, 2), 16);
            pos = 2;
            minG = System.Convert.ToByte(minColor.Substring(pos, 2), 16);
            pos += 2;
            minB = System.Convert.ToByte(minColor.Substring(pos, 2), 16);
            pos = 0;
            maxR = System.Convert.ToByte(maxColor.Substring(pos, 2), 16);
            pos = 2;
            maxG = System.Convert.ToByte(maxColor.Substring(pos, 2), 16);
            pos += 2;
            maxB = System.Convert.ToByte(maxColor.Substring(pos, 2), 16);
         r = minR + ((maxR – minR) * scaleValue);
         g = minG + ((maxG – minG) * scaleValue);
         b = minB + ((maxB – minB) * scaleValue);
           
            string colorScale = string.Format("#{0:x2}{1:x2}{2:x2}", System.Convert.ToInt32(Math.Floor(r)), System.Convert.ToInt32(Math.Floor(g)), System.Convert.ToInt32(Math.Floor(b)));
            return colorScale;
                      
        }
    
    }
Here is an example of how I have applied the Converter to a Unbound field.
 
    <infragrid:UnboundField Name="CashFlow" Width="80" Label="P/Cash Flow" BindingPath="RelativeDataValues.CashFlow" BindingMode="OneWay" ColumnSpan="2" IsExpandable="False">
                            <infragrid:Field.Settings>
                                <infragrid:FieldSettings AllowEdit="False" CellValuePresenterStyle="{StaticResource ShowColorInCellStyle}" >
                                </infragrid:FieldSettings>
                            </infragrid:Field.Settings>
                        </infragrid:UnboundField>
Posted in Uncategorized | Leave a comment

Infragistics Grid – Part 1

I had a good opportunity working with the Infragistics grid for WPF called Xamdatagrid. The way of accessing the individual row and cell values is quite different. I will post a few examples from my learning.
 
1. The requriement was to show the datagrid column values as graphical bars. For this I used a CellValuePresenter style so that all the columns values were displayed as scaled bars.  I used a Rectangle object and set its width to the column values. There were a few columns with very single digit values so I used a ultiValueConverter, purpose of which was to multiple the whole column with a certain multiplier. This was to make the columns more ligible.
<Style x:Key="ShowProgressBarInCellStyle" TargetType="{x:Type infragrid:CellValuePresenter}">
     <Setter Property="BorderThickness" Value="0,0,1,1" />
     <Setter Property="Padding" Value="0,0,0,0" />
     <Setter Property="VerticalContentAlignment" Value="Stretch" />
     <Setter Property="HorizontalContentAlignment" Value="Stretch" />
                    <Setter Property="BorderBrush" Value="LightGray" />
     <Setter Property="Template">
      <Setter.Value>
       <ControlTemplate TargetType="{x:Type infragrid:CellValuePresenter}">
                                <Border Style="{StaticResource SeparatorStyle}">
                                <Grid SnapsToDevicePixels="True"  Margin="2,4,2,4">
         <Grid.ColumnDefinitions>
          <ColumnDefinition x:Name="barColumn" Width="Auto"></ColumnDefinition>
          <ColumnDefinition Width="*"></ColumnDefinition>
         </Grid.ColumnDefinitions>
         <Grid.RowDefinitions>
          <RowDefinition></RowDefinition>
         </Grid.RowDefinitions>
                                        <Rectangle Grid.Column="0" Grid.Row="0"  HorizontalAlignment="Left" Height="15" VerticalAlignment="Top">
                                        <Rectangle.Width>
                                            <MultiBinding Converter="{StaticResource cellScale}">
                                                    <Binding RelativeSource="{RelativeSource TemplatedParent}" Path="Value" Mode="OneWay" />
                                                <Binding RelativeSource="{RelativeSource TemplatedParent}" Path="Field" Mode="OneWay" />
                                            </MultiBinding>
                                        </Rectangle.Width>
                                        <Rectangle.Fill>
           <SolidColorBrush Color="Blue"></SolidColorBrush>
          </Rectangle.Fill>
         </Rectangle>
            <ContentControl x:Name="mycontent" Margin="4,0,0,0" Grid.Row="0" Grid.Column="1" Width="20" Content="{Binding
                                 RelativeSource={RelativeSource TemplatedParent},
                                 Path=Value,
                                 Mode=OneWay, TargetNullValue=-}" ContentStringFormat="{}{0:#0.0;-#0.0;0}" HorizontalAlignment="Left"></ContentControl>
                                 </Grid>
                                </Border>       
       </ControlTemplate>
      </Setter.Value>
     </Setter>
    </Style>
 
2. There was a requriement to differentially color the whole data row based on a property. For this I used the DataRecordCellArea style
<Style TargetType="{x:Type infragrid:DataRecordCellArea}" x:Key="customCellArea">
     <Setter Property="BorderThickness" Value="0,0,1,1" />
                    <Setter Property="BorderBrush" Value="LightGray" />
     <Style.Triggers>
      <DataTrigger Binding="{Binding RelativeSource={RelativeSource Self}, Path=Record.DataItem.IsCurrentSymbol}" Value="True">
        <Setter Property="Background">
        <Setter.Value>                                   
                  <SolidColorBrush Color="PeachPuff"></SolidColorBrush>
        </Setter.Value>
       </Setter>
      </DataTrigger>
     </Style.Triggers>
    </Style>
3. The datasource for the Xamdatagrid was a collection which consisted of complex properties. For this I had to use
a UnboundField along with a BindingPath.
   <infragrid:UnboundField Name="EpsGrowth" Width="80" Label="EPS Growth F12M/T12M" BindingPath="AbsoluteDataValues.EpsGrowth" BindingMode="OneWay"  ColumnSpan="2" IsExpandable="False">
                            <infragrid:Field.Settings>
                                <infragrid:FieldSettings CellValuePresenterStyle="{StaticResource ShowProgressBarInCellStyle}">
                                </infragrid:FieldSettings>
                            </infragrid:Field.Settings>
        </infragrid:UnboundField>
 
Will post some more examples later
Posted in Uncategorized | Leave a comment

B.NET TechED 2009

Posted in Uncategorized | 19 Comments

Microsoft releases Web 2.0 Developer Kit

KOBE – Web 2.0 Service Development Resource Kit

The much avaited Web 2.0 Developer kit is out. This is a good resource for the Web Developer Community

Kobe is a getting started resource kit on planning, architecting, and implementing Web 2.0 style apps and services using the Microsoft Web Platform. The kit includes presentations, white papers, and a sample application with source code. The sample app is built using the ASP.NET MVC framework and other MSFT web platform assets and illustrates a number of patterns that are common in Web 2.0 apps today

Link for it : http://msdn.microsoft.com/en-us/architecture/bb194897.aspx

Posted in Uncategorized | 2 Comments

Top 25 dangerous programming errors

(January 12, 2009) Today in Washington, DC, experts from more than 30 US and international cyber security organizations  jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.

What Errors Are Included in the Top 25?

The Top 25 Errors are listed below in three categories:

Category: Insecure Interaction Between Components (9 errors)

Category: Risky Resource Management (9 errors)

Category: Porous Defenses (7 errors)

Clicking "MORE" in any of the listings takes you to the relevant spot in the MITRE CWE site where you will find the following:

links to the full CWE entry data,

data fields for weakness prevalence and consequences,

remediation cost,

ease of detection,

attack frequency and attacker awareness

related CWE entries

related patterns of attack for this weakness.

Each entry at the Top 25 Errors site also includes fairly extensive prevention and remediation steps that developers can take

to mitigate or eliminate the weakness.

CATEGORY: Insecure Interaction Between Components

CWE-20: Improper Input Validation

It’s the number one killer of healthy software, so you’re just asking for trouble if you don’t ensure that your input conforms to

expectations… For more see: http://cwe.mitre.org/top25/#CWE-20

 

CWE-116: Improper Encoding or Escaping of Output

Computers have a strange habit of doing what you say, not what you mean. Insufficient output encoding is the often-ignored

sibling to poor input validation, but it is at the root of most injection-based attacks, which are all the rage these days… For

more see: http://cwe.mitre.org/top25/#CWE-116

 

CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)

If attackers can influence the SQL that you use to communicate with your database, then they can… For more see:

http://cwe.mitre.org/top25/#CWE-89

 

CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)

Cross-site scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications…If you’re

not careful, attackers can… For more see: http://cwe.mitre.org/top25/#CWE-79

 

CWE-78: Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)

When you invoke another program on the operating system, but you allow untrusted inputs to be fed into the command string

that you generate for executing the program, then you are inviting attackers… For more see:

http://cwe.mitre.org/top25/#CWE-78

 

CWE-319: Cleartext Transmission of Sensitive Information

If your software sends sensitive information across a network, such as private data or authentication credentials, that

information crosses many… For more see: http://cwe.mitre.org/top25/#CWE-319

 

CWE-352: Cross-Site Request Forgery (CSRF)

With cross-site request forgery, the attacker gets the victim to activate a request that goes to your site. Thanks to scripting

and the way the web works in general, the victim… For more see: http://cwe.mitre.org/top25/#CWE-352

 

CWE-362: Race Condition

Attackers will consciously look to exploit race conditions to cause chaos or get your application to cough up something

valuable… For more see: http://cwe.mitre.org/top25/#CWE-362

 

CWE-209: Error Message Information Leak

If you use chatty error messages, then they could disclose secrets to any attacker who dares to misuse your software. The

secrets could cover a wide range of valuable data… For more see: http://cwe.mitre.org/top25/#CWE-209

 

CATEGORY: Risky Resource Management

CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer

Buffer overflows are Mother Nature’s little reminder of that law of physics that says if you try to put more stuff into a

container than it can hold, you’re… For more see: http://cwe.mitre.org/top25/#CWE-119

 

CWE-642: External Control of Critical State Data

There are many ways to store user state data without the overhead of a database. Unfortunately, if you store that data in a

place where an attacker can… For more see: http://cwe.mitre.org/top25/#CWE-642

 

CWE-73: External Control of File Name or Path

When you use an outsider’s input while constructing a filename, you’re taking a chance. If you’re not careful, an attacker

could… href="http://cwe.mitre.org/top25/#CWE-73

 

CWE-426: Untrusted Search Path

If a resource search path is under attacker control, then the attacker can modify it to point to resources of the attacker’s

choosing. This causes the software to access the wrong resources at the wrong time… For more see:

http://cwe.mitre.org/top25/#CWE-426

 

CWE-94: Failure to Control Generation of Code (aka ‘Code Injection’)

For ease of development, sometimes you can’t beat using a couple lines of code to employ lots of functionality. It’s even cooler

when… For more see: http://cwe.mitre.org/top25/#CWE-94

 

CWE-494: Download of Code Without Integrity Check

You don’t need to be a guru to realize that if you download code and execute it, you’re trusting that the source of that code

isn’t malicious. But attackers can perform all sorts of tricks… For more see: http://cwe.mitre.org/top25/#CWE-494

 

CWE-404: Improper Resource Shutdown or Release

When your precious system resources have reached their end-of-life, you need to… For more see:

http://cwe.mitre.org/top25/#CWE-404

 

CWE-665: Improper Initialization

Just as you should start your day with a healthy breakfast, proper initialization helps to ensure… For more see:

http://cwe.mitre.org/top25/#CWE-665

 

CWE-682: Incorrect Calculation

When attackers have some control over the inputs that are used in numeric calculations, this weakness can lead to

vulnerabilities. It could cause you to make incorrect security decisions. It might cause you to… For more see:

http://cwe.mitre.org/top25/#CWE-682

 

CATEGORY: Porous Defenses

CWE-285: Improper Access Control (Authorization)

If you don’t ensure that your software’s users are only doing what they’re allowed to, then attackers will try to exploit your

improper authorization and… For more see: http://cwe.mitre.org/top25/#CWE-285

 

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

You may be tempted to develop your own encryption scheme in the hopes of making it difficult for attackers to crack. This

kind of grow-your-own cryptography is a welcome sight to attackers… For more see: http://cwe.mitre.org/top25/#CWE-327

 

CWE-259: Hard-Coded Password

Hard-coding a secret account and password into your software’s authentication module is… For more see:

http://cwe.mitre.org/top25/#CWE-259

 

CWE-732: Insecure Permission Assignment for Critical Resource

If you have critical programs, data stores, or configuration files with permissions that make your resources accessible to the

world – well, that’s just what they’ll become… For more see: http://cwe.mitre.org/top25/#CWE-732

 

CWE-330: Use of Insufficiently Random Values

If you use security features that require good randomness, but you don’t provide it, then you’ll have attackers laughing all the

way to the bank… For more see: http://cwe.mitre.org/top25/#CWE-330

 

CWE-250: Execution with Unnecessary Privileges

Spider Man, the well-known comic superhero, lives by the motto "With great power comes great responsibility." Your software

may need special privileges to perform certain operations, but wielding those privileges longer than necessary can be

extremely risky… For more see: http://cwe.mitre.org/top25/#CWE-250

 

CWE-602: Client-Side Enforcement of Server-Side Security

Remember that underneath that fancy GUI, it’s just code. Attackers can reverse engineer your client and write their own

custom clients that leave out certain inconvenient

 

Posted in Uncategorized | Leave a comment

Html Helper classes in MVC toolkit

The MVC toolkit bits were part of the ASP.NET 3.5 release. When we create a view using ASP.NET MVC,  the view is inheirted from System.Web.Mvc.ViewPage<>. At the HTML part there is a set of Extension methods called the MVC Toolkit. The toolkit is used to push the data from the controller to the screen wrapped in HTML controls.  The UI helper library called System.Web.Mvc.Toolkit extends the HTMLHelper class which hangs from ViewPage.HTML.   To use this new UI bits we just need to include the System.Web.Mvc namespace in the web.config.

A few Examples of the Helper methods are as follows :
 If we want to create a form on a page it is as simple
  <form action="<%=Url.Action(new{controller="Home", action="Index"})%> method=post>

If we want to get data from the form

  <%using(Html.Form("Home","Index"), FormExtensions.FormMethod.get)%>

<%}%>

If we want to submit the form

  <%=Html.Submit()%>

We can also configure the UI controls easily

Eg: We can populate a ListBox using a string array as
    <%=Html.ListBox("Books",BooksArray) %>

    We can populate a checkboxlist using
     <%= Html.CheckBoxList("Books", BooksArray).ToFormattedList("<li>{0}</li>") %>

   We can give a name and size to a textbox as
   <%= Html.TextBox("txtName",20) %>

  Password textbox
  <%= Html.Password("myPassword",50) %>

  We can configure a ActionLink as 
  <%=Html.ActionLink<HomeController>(x=>x.Index(),"Home, using Action<T>") %>

  We can configure a navigation button as
  <%=Html.NavigateButton("cmdNav","GoTo MSN","http://www.msn.com") %>

  We can assign a click method to a Button as
  <%=Html.Button("cmdJS","Click Me","DoTheClickThang()")%>

 
Posted in Uncategorized | 11 Comments

ASP.NET 3.5 Extensions II

ADO.NET Entity Framework

The Entity Framework  is a set of  technologies that simplify the  development of flexible data-oriented applications .Provides an intrinsic layer of abstraction over a database called the Entity Data Model(EDM)
  –  Developers code against conceptual entities representing the data
   – Conceptual entities are mapped to the database schema
   –  Mapping is explicit and can be changed

Benefits:
     – Abstracts developers from the underlying database tables and columns where the data is stored.
     – Exposes Data in the form of domain specific object
     –  Isolates the minimizes impact of changes between app and data
     –  Decreases the amount of code and maintenance required 

ADO.NET Data Services

     ADO.NET Data Services provides the ability to create and consume data-centric, RESTful services.  Exposes data as a URI-addressable resources
 i.e http://host/NorthwindDataService.svc/Customers(492)/Orders
  –  Services use URIs to locate and identify data
  – URIs can be used to traverse associations
  – Clients can filter, page & sort data by specific parameters on the URI 
  – Apps can interact with the resources using the HTTP verbs GET, PUT, POST or DELETE
  – Data can be represented in JSON or ATOM Publishing Protocol (AtomPub) formats – as specified by the client

Posted in Uncategorized | Leave a comment

ASP.NET 3.5 Extensions – I

Dynamic Data :
 
 ASP.NET Dynamic Data provides the Web App Scaffolding that enables you to build rich, data-driven Web Applications. We can build a working website with very little manual effort.
 
Features:
1. Dynamically constructs pages based on the data model of the underlying database.
2. Provides a usable application with no code, but it can be customized
3. Dynamic data App consists of three components:
       Data Model – LINQ to SQL mapping file
       Page Templates – ASPX pages that provide default views of data
       Dynamic Data fields – user controls for rendering individual fields
4.  Provides a view of the data based on the default templates
      Templates use the data model to determine the correct controls to display and their behavior
      AJAX-enabled templates provide filtering, paging and validation
 
This is different from the traditional web page creation approach where we had to:
1. First create a model :Eg: A LINQ to SQL model
2. Then create ASP.NET pages
3. Add data controls and data source controls to the web page
4. Add some validation like the regular expression validation or the required field validation
 
The disadvantage of this approach is a lot of work had to be done to create a web page. Since all the validation had to be done manually the logic resided in a wrong place. The database schema information was not used. If we had another web page using the same database field then all the validation has to be repeated. So reuse and customization is difficult.
Posted in Uncategorized | Leave a comment

Features of ASP.NET 3.5 – Part II

New controls in ASP.NET 3.5
ListView control as explained before combines many aspects of the existing data controls. It displays data in a repeatitive but in a customizable fashion like the datalist, repeater and formview. But it also has some extra features of a gridview like the sorting and paging capabilitites and edit, delete, insert and update operations. It has many templates to accomplish this functionalities. It has the Layout template, Item Template, Group Item Template, EditTemplate, InsertItemTemplate.
 
DataPager control supports built in paging UI. The DataPager can work with any control that displays IPageableItemContainer like the ListView Control. It has the NumericPagerField object that lets the user select a page by the page number or the NextPreviousPagerField object which lets the user  navigate one page at a time or to jump to first or last page. We also have a TemplatePagerField object for defining customizable Pagining.
 
We can use the LINQDataSource when creating a web page that retrivies and modifies data and we want to use the programming model provided by LINQ. The amount of code needed to perform the operation is less compared to using the SqlDataSource or the ObjectDatasource. WE can use this a s a declarative mark up control that connects to data from either database or any data collection. In the markup we have keys to support filtering , grouping, sorting facilities. If the datasource is a SQL datasource sepate commands are there to perform edit, delete, insert or update operations What are the advantages of using the LINQDatasource compared to the other object sources: SQLDatasource works on only relational data and we must explicitely set the  selectcommand, UpdateCommand, InsertCommand and DeleteCommand to sql queries. But LInqDataSource uses LINQ to SQL to create them automatically. IF the datasource is a Object Data source then we must manually create objects that represent data and then write methods for interacting with the data. In LinqDataSource we have the O/R designer to automatically create the classes the represent the data and no need to write methods to insert, update, delete or edit data.
LINQ:Or .net Langauge Integrated querying. Using LINQ we can query on any IEnumerble data source, by that we mean any sql server datasource, xml file or objects. The Objects could be a collection or an array. We have compile time syntax checking in LINQ. If we write a sql statement. We will not know of the errors until runtime, but using linq we have intellisense for writing queries. LINQ is an extendable API. This API can be futhur extended to any IENumerable data source. A LINQ query is formed of Where, select and orderby clauses. These operators have the same functionality as they have in a sql statement. LINQ is based on Deferred query execution, the complete query is evaluated and executed at runtime.
 
ASP.NET AJAX
Over the few years the concept of using Javascript to make asynchrounous postbacks to the web servre that only transmit and receive the necessary data has been termed as AJAX. AJAX enabled web applications have a rich user interactive and responsive user interfaces.The microsoft ajax framework was designed to work with ASP.net 2.0 and future versions. The asp.net 2.0 developers need to download and install the framework, whereas the framework comes integrated with VS 2008. The integral part of asp.net ajax is the ScriptManager control that adds references to the client-side script in the page, so that the browser requesting the ASP.NET page downloads the appropriate JavaScript libraries as well.  The other server controls are the UpdatePanel, Timer and UpdateProgress control. The UpdatePanel control allows you to define a portion of the page that will be updated by an asynchronous request. i.e it allows us to do a partial page postback rather than an full page postback. Once an UpdatePanel has been added to a page, you can add the standard ASP.NET web controls – TextBoxes, Buttons, GridViews, DropDownLists, and so on – and they will automatically take advantage of AJAX techniques.
 
AJAX Control Toolkit
The ASP.NET AJAX Control Toolkit is a free download and contains more than 40 additional AJAX controls and components that work on top of the core ASP.NET AJAX functionality now built-into .NET 3.5. It is a codeplex project that needs to be downloaded and installed into the toolbox. This project was first started as an initiative from the microsoft developers but now it is open for all the non-microoft developer community as well. The purpose of this project is to add ajax based funnctionality to commonly used server controls.The ASP.NET control extenders are controls that derive from the ExtenderControl base class which can be used to add additional functionality to existing controls declared on a page. The AJAX control toolkit is  an example of a project that takes advantage of the control extender functionality. It includes more than 40+ free control extenders we can download and use to add ajax functionality.
 
Javascript Support
Visual Studio 2008 adds support for type inference, which means that it evaluates and computes how a JavaScript block is being used and dynamically infers the variable usage and type information of the code to provide accurate intellisense support. There is intellisense support not only for in-line script for also extenally referenced javascript files. We also have support for Build time syntax checking. The output of an AJAX Web Service method call can now be a JSON object also. The enhanced debugging support for the Javascript also helps in asp.net ajax development.
Posted in Uncategorized | Leave a comment