|
What platforms does ASP.NET run on? Currently, it's supported on Windows 2000 and
Windows XP. ASP.NET integrates with Internet Information Server (IIS) and
thus requires that IIS be installed. It runs on server and non-server
editions of Windows 2000 and XP as long as IIS is installed. Microsoft
originally planned to support ASP.NET on Windows NT 4.0, but had to
reconsider due to time and technical constraints. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Can two different programming languages be mixed in a single
ASPX file? No. ASP.NET uses parsers to strip the code from
ASPX files and copy it to temporary files containing derived Page
classes, and a given parser understands only one language. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Why can't I put <%@ Page Language="C++" %> at
the top of an ASPX file and write my server-side scripts in C++? Because the parsers ASP.NET uses to extract code
from ASPX files only understand C#, Visual Basic.NET, and JScript.NET.
However, if you use code-behind to get your code out of the ASPX file and
into a separately compiled source code file. You can write server-side
scripts in any language supported by a .NET compiler. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Can I use code-behind with Global.asax files? Yes. Here's a simple Global.asax file that
doesn't use code-behind:
Here's the equivalent file written to use
code-behind:
And here's the MyApp class that it
references:
So that ASP.NET can find the MyApp class,
compile it into a DLL (csc /t:library filename.cs) and place it in the application root's bin
subdirectory. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Can you override method="post" in a <form
runat="server"> tag by writing <form method="get"
runat="server">? Yes. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Can an ASPX file contain more than one form marked
runat="server"? No. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to see the code that ASP.NET generates from an
ASPX file? Yes. Enable debugging by including a <%@ Page Debug="true"
%> directive in the ASPX file or a <compilation
debug="true"> statement in Web.config. Then look for the
generated CS or VB file in a subdirectory underneath
\%SystemRoot%\Microsoft.NET\Framework\v1.0.nnnn\Temporary ASP.NET Files. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Does ASP.NET support server-side includes? Yes. Server-side includes work the same in
ASP.NET as they do in ASP. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Does ASP.NET support server-side object tags? Yes. The following tag creates an instance of a
custom type named ShoppingCart and assigns it session scope (that is,
it creates a unique ShoppingCart instance for each and every session
created on the server):
Managed types created this way are identified by
class name. Unmanaged types (COM classes) are identified by CLSID or ProgID. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I comment out statements in ASPX files?
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Can I use custom .NET data types in a Web form? Yes. Place the DLL containing the type in the
application root's bin directory and ASP.NET will automatically load the DLL
when the type is referenced. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
How do I debug an ASP.NET application that wasn't written with
Visual Studio.NET and that doesn't use code-behind? Start the DbgClr debugger that comes with the
.NET Framework SDK, open the file containing the code you want to debug, and
set your breakpoints. Start the ASP.NET application. Go back to DbgClr,
choose Debug Processes from the Tools menu, and select aspnet_wp.exe from the
list of processes. (If aspnet_wp.exe doesn't appear in the list, check the
"Show system processes" box.) Click the Attach button to attach to
aspnet_wp.exe and begin debugging. Be sure to enable debugging in the ASPX file
before debugging it with DbgClr. You can enable tell ASP.NET to build debug
executables by placing a
statement at the top of an ASPX file or a
statement in a Web.config file. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
What event handlers can I include in Global.asax? Application start and end event handlers ·
Application_Start ·
Application_End Session start and end event handlers ·
Session_Start ·
Session_End Per-request event handlers (listed in the order
in which they're called) ·
Application_BeginRequest ·
Application_AuthenticateRequest ·
Application_AuthorizeRequest ·
Application_ResolveRequestCache ·
Application_AcquireRequestState ·
Application_PreRequestHandlerExecute ·
Application_PostRequestHandlerExecute ·
Application_ReleaseRequestState ·
Application_UpdateRequestCache ·
Application_EndRequest Non-deterministic event handlers ·
Application_Error ·
Application_Disposed Global.asax can also include handlers for events
fired by custom HTTP modules. The event handlers listed above are intrinsic
to ASP.NET. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to protect view state from tampering when it's
passed over an unencrypted channel? Yes. Simply include an @ Page directive
with an EnableViewStateMac="true" attribute in each ASPX file you
wish to protect, or include the following statement in Web.config:
This configuration directive appends a hash
(officially called the message authentication code, or MAC) to view state
values round-tripped to the client and enables ASP.NET to detect altered view
state. If ASP.NET determines that view state has been altered when a page
posts back to the server, it throws an exception. The hash is generated by appending a secret key
(the validationKey value attached to the <machineKey> element in
Machine.config) to the view state and hashing the result. An attacker can't
modify view state and fix up the hash without knowing the secret key, too. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to encrypt view state when it's passed over an
unencrypted channel? Yes. Set EnableViewStateMac to true and either
modify the <machineKey> element in Machine.config to look like this:
Or add the following statement to Web.config:
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
Can a user browsing my Web site read my Web.config or
Global.asax files? No. The <httpHandlers> section of
Machine.config, which holds the master configuration settings for ASP.NET,
contains entries that map ASAX files, CONFIG files, and selected other file
types to an HTTP handler named HttpForbiddenHandler, which fails
attempts to retrieve the associated file. Here are the relevant statements in
Machine.config:
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
Do Web controls support Cascading Style Sheets? Yes. All Web controls inherit a property named CssClass
from the base class System.Web.UI.WebControls.WebControl. The
following example defines a CSS class named Input and uses it to
modify a TextBox control to display text in red 10-point Verdana type:
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
Are ASP.NET server controls compatible with Netscape Navigator? Most are. Some controls, such as Label,
emit simple HTML tags that are compatible with virtually all browsers.
Others, such as Calendar, emit a mix of HTML and client-side
JavaScript. Fortunately, that JavaScript is simple enough to work with any
browser that supports client-side scripting. The exception is the validation
controls, which emit complex JavaScript that integrates intimately with the
browser's DHTML Document Object Model (DOM). Because the DOMs used by
Navigator and IE are so different, the ASP.NET validation controls don't work
with Navigator. They can still validate input on the server, but they don't
even attempt to validate on the client in Navigator. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
What namespaces are imported by default in ASPX files? The following namespaces are imported by default.
Other namespaces must be imported manually using @ Import directives. ·
System ·
System.Collections ·
System.Collections.Specialized ·
System.Configuration ·
System.Text ·
System.Text.RegularExpressions ·
System.Web ·
System.Web.Caching ·
System.Web.Security ·
System.Web.SessionState ·
System.Web.UI ·
System.Web.UI.HtmlControls ·
System.Web.UI.WebControls |
|
||||||||||||||||||||||||||||||||||||||||||||
|
What assemblies can I reference in an ASPX file without using @
Assembly directives? ASP.NET links to the following assemblies by
default: ·
Mscorlib.dll ·
System.dll ·
System.Data.dll ·
System.Drawing.dll ·
System.Web.dll ·
System.Web.Services.dll ·
System.Xml.dll This list of "default" assemblies is
defined in the <assemblies> section of Machine.config. You can modify
it by editing Machine.config or including an section in a local Web.config
file. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
How does setting a Web control's AutoPostBack property to true
cause a page to post back to the server? With a sprinkle of JavaScript and a dash of
Dynamic HTML (DHTML). Enter this into a Web form:
And the control returns this:
The <input> tag includes an onchange
attribute that activates a JavaScript function named __doPostBack on
the client when the control loses the input focus following a text change. __doPostBack
programmatically posts the page back to the server by calling the Submit
method of the DHTML object that represents the form (theform). |
|
||||||||||||||||||||||||||||||||||||||||||||
|
I sometimes see ASP.NET apps that include ASHX files. What are
ASHX files? ASHX files contain HTTP handlers-software modules
that handle raw HTTP requests received by ASP.NET. The following code
institutes a simple HTTP handler:
If this code is placed in an ASHX file named
Hello.ashx and requested using the URL http://.../hello.ashx?Name=Jeff, it
returns "Hello, Jeff" in the HTTP response. ASHX files provide
developers with a convenient way to deploy HTTP handlers without customizing
CONFIG files or modifying the IIS metabase. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
Can I create ASP.NET server controls of my own? Yes. You can modify existing server controls by
deriving from the corresponding control classes or create server controls
from scratch by deriving from System.Web.UI.Control. Although a full
treatment of custom controls is beyond the scope of this FAQ, here's a simple
custom control that writes "Hello, world" to a Web page:
A custom control emits HTML by overriding the
virtual Render method it inherits from Control and using the
provided HtmlTextWriter to write its output. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
What does the System.Web.UI.Page.RegisterClientScriptBlock
method do, and do I need it when I write custom ASP.NET server controls? RegisterClientScriptBlock enables a custom control to register a block of
client-side script that the control returns to a browser. Why does it exist?
So the same script block doesn't get returned multiple times if the page
contains multiple instances of a control that emits client-side script.
Here's the source code for a custom control called AlertButton that
renders itself an as <input type="submit"> tag with an onclick
attribute that displays a message using a JavaScript alert:
If the control's register tag prefix is win,
then the following statement declares an AlertButton control that,
when clicked, displays "Hello, world" in a message box:
The control uses RegisterClientScriptBlock
to register the client-side script block that it returns. That script block
contains the __doAlert function referenced by the <input> tag's onclick
attribute. It's returned only once no matter AlertButtons a page contains. RegisterClientScriptBlock
should always be called from the control's OnPreRender method so
ASP.NET can control the script's position in the output. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
What's the difference between Page.RegisterClientScriptBlock
and Page.RegisterStartupScript? RegisterClientScriptBlock is for returning blocks of client-side script
containing functions. RegisterStartupScript is for returning blocks of
client-script not packaged in functions-in other words, code that's to
execute when the page is loaded. The latter positions script blocks near the
end of the document so elements on the page that the script interacts are
loaded before the script runs. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
Can a calendar control be customized so that it limits users to
selecting certain days of the week, and only dates that fall on or after
today's date? Yes. The secret is to customize the control by
processing DayRender events, which are fired as the calendar renders
each and every cell. Here's an example that limits selections to future
Fridays and Saturdays:
The DayRenderEventArgs passed to a DayRender
event handler has a property named Day that identifies the day being
rendered. This example sets Day's IsSelectable property to true or
false depending on whether the day currently being rendered represents a
legitimate selection. Setting IsSelectable to false prevents the
control from placing a hyperlink in the corresponding cell, effectively
making that cell unselectable. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
Is it necessary to lock application state before accessing it? Only if you're performing a multistep update and
want the update to be treated as an atomic operation. Here's an example:
By locking application state before updating it
and unlocking it afterwards, you ensure that another request being processed
on another thread doesn't read application state at exactly the wrong time
and see an inconsistent view of it. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
The ASP.NET application cache doesn't have Lock and UnLock
methods as application state does. Does this mean I never need to lock it? No. It means you have to come up with your own
mechanism for locking. System.Threading.ReaderWriterLock is the
perfect tool for the job. Assuming rwlock is an instance of ReaderWriterLock,
here's how you'd lock the application cache during an update:
And here's how you'd read "ItemsSold"
and "ItemsLeft" values from the cache:
As with application state, locking the
application cache is only necessary when performing multistep updates that
are to be treated as atomic operations. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
If I update session state, should I lock it, too? Are concurrent
accesses by multiple requests executing on multiple threads a concern with
session state? Concurrent accesses aren't an issue with session
state, for two reasons. One, it's unlikely that two requests from the same
user will overlap. Two, if they do overlap, ASP.NET locks down session state
during request processing so that two threads can't touch it at once. Session
state is locked down when the HttpApplication instance that's
processing the request fires an AcquireRequestState event and unlocked
when it fires a ReleaseRequestState event. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
ASP.NET's application cache supports expiration policies and
cache removal callbacks. Expiration policies are based on time dependencies
and file dependencies. Are database dependencies supported, too? In other
words, can I have an item automatically removed from the cache in response to
a database update? In ASP.NET version 1.x, no. However, you can
forge a link between databases and the ASP.NET application cache by combining
file dependencies with database triggers. For details, and for working sample
code, see Jeff Prosise's Wicked Code column in the April 2003 issue of MSDN
Magazine. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
Do ASP.NET forms authentication cookies provide any protection
against replay attacks? Do they, for example, include the client's IP address
or anything else that would distinguish the real client from an attacker? No. If an authentication cookie is stolen, it can
be used by an attacker. It's up to you to prevent this from happening by
using an encrypted communications channel (HTTPS). Authentication cookies
issued as session cookies, do, however, include a time-out valid that limits
their lifetime. So a stolen session cookie can only be used in replay attacks
as long as the ticket inside the cookie is valid. The default time-out interval
is 30 minutes. You can change that by modifying the timeout attribute
accompanying the <forms> element in Machine.config or a local
Web.config file. Persistent authentication cookies do not time-out and
therefore are a more serious security threat if stolen. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
By default, a persistent forms authentication cookie issued by
ASP.NET is valid for 50 years. Is it possible to shorten that? Yes. Unfortunately, there is no configuration
setting you can tweak to customize the lifetime of a persistent authentication
cookie, but you can customize it programmatically. Here's a snippet of code
that returns a persistent authentication cookie from a forms login page and
limits the cookie's lifetime to 7 days:
To set the cookie's lifetime to something other
than 7 days, simply modify the TimeSpan value. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I wrote an HTTP handler and registered it in the
<httpHandlers> section of a local Web.config file, but the handler
never gets called. What could be wrong? In addition to being mapped to a file type (or
specific file name) in a CONFIG file, an HTTP handler has to be registered in
the IIS metabase. For example, if you register an HTTP handler with the
Web.config file shown below, you also have to map *.igen to Aspnet_isapi.dll
in the IIS metabase. Otherwise, ASP.NET doesn't see the request and can't
forward it to the handler.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I send e-mail from an ASP.NET application?
MailMessage and SmtpMail are classes defined in the .NET Framework Class
Library's System.Web.Mail namespace. Due to a security change made to
ASP.NET just before it shipped, you need to set SmtpMail's SmtpServer
property to "localhost" even though "localhost" is the
default. In addition, you must use the IIS configuration applet to enable
localhost (127.0.0.1) to relay messages through the local SMTP service. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I read an image from a database using ADO.NET and display
it in a Web page? The following ASPX file reads and displays an
image from the Pubs database that comes with Microsoft SQL Server.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Some Web service classes derive from System.Web.WebServices;
others do not. What's the deal? WebService contributes properties named Application, Session, Context,
Server, and User to derived classes enabling Web services to
access the ASP.NET objects of the same name. If you don't use these objects
in your Web service-for example, if you don't use application state or
session state-then you don't have to derive from WebService, either.
Incidentally, if you want to use ASP.NET session state in a Web method, use
the following WebMethod attribute to enable session state for that
method:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
What are VSDISCO files? VSDISCO files are DISCO files that support
dynamic discovery of Web services. If you place the following VSDISCO file in
a directory on your Web server, for example, it returns references to all
ASMX and DISCO files in the host directory and any subdirectories not noted
in <exclude> elements:
How does dynamic discovery work? ASP.NET maps the
file name extension VSDISCO to an HTTP handler that scans the host directory
and subdirectories for ASMX and DISCO files and returns a dynamically
generated DISCO document. A client who requests a VSDISCO file gets back what
appears to be a static DISCO document. Note that VSDISCO files are disabled in the
release version of ASP.NET. You can reenable them by uncommenting the line in
the <httpHandlers> section of Machine.config that maps *.vsdisco to System.Web.Services.Discovery.DiscoveryRequestHandler
and granting the ASPNET user account permission to read the IIS metabase.
However, Microsoft is actively discouraging the use of VSDISCO files because
they could represent a threat to Web server security. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How does a Web service client call Web methods asynchronously? Web service proxy classes generated by Wsdl.exe
contain asynchronous as well as synchronous versions of the Web service's
methods. Suppose a Web service implements the following Add method:
A proxy generated by Wsdl.exe has BeginAdd
and EndAdd methods for calling Add asynchronously. Assuming calc
is an instance of the proxy class, here's how a client calls Add
asynchronously:
If the call hasn't completed when EndAdd
is called, EndAdd blocks until it does. If desired, a client can ask
to be notified when an asynchronous call returns by providing a reference to
an AsyncCallback delegate wrapping a callback method. In the next
example, EndAdd won't block because it isn't called until the client
is certain the method call has returned:
Another option is to use the IsCompleted
property of the IAsyncResult interface returned by BeginAdd to
determine whether the call has completed and avoid calling EndAdd
until it does:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I wrote code that uses the SmtpMail and MailMessage classes to
send e-mail from an ASP.NET application. The code worked fine in beta 2, but
it throws an exception in the release version of ASP.NET. What's wrong? Please see FAQ "How do I send e-mail from an
ASP.NET application?" (http://www.wintellect.com/resources/faqs/default.aspx?faq_id=1&page=4#4) |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I upload files to Web pages in ASP.NET? Use the HtmlInputFile class, which you can
declare an instance of with an <input type="file"
runat="server"/> tag. The following example is a complete ASPX
file that lets a user upload an image file and a comment descibing the image.
The OnUpload method writes the image and the comment to a table named
Pictures in a SQL Server database named MyPictures.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I create an ASPX page that periodically refreshes itself? Most browsers recognize the following META tag as
a signal to automatically refresh the page every nn seconds:
Here's an ASPX file that displays the current
time of day. Once displayed, it automatically refreshes every 5 seconds:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How can an ASP.NET application determine whether cookies are
enabled in a browser? Determining whether cookies are enabled requires
a round trip to the browser and back. If you can live with an extra round
trip, the basic strategy is to return a cookie in an HTTP response and
redirect to a page that checks for the cookie. Here's a page that does just
that:
And here's the page that it redirects to
(OtherPage.aspx). This page uses the presence or absence of the cookie to
determine whether cookies are enabled and displays the result:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to prevent a browser from caching an ASPX page? You bet. Just call SetNoStore on the HttpCachePolicy
object exposed through the Response object's Cache property, as
demonstrated here:
SetNoStore works by returning a Cache-Control: private, no-store header
in the HTTP response. In this example, it prevents caching of a Web page that
shows the current time. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I create a DataGrid with Delete buttons and pop up a
message box asking the user for confirmation before deleting a record? The ASPX file below demonstrates the proper
technique. It populates a DataGrid with content from the Titles table
of the Pubs database that comes with Microsoft SQL Server. The DataGrid's
leftmost column contains a row of Delete buttons. The OnDeleteRecord
method simulates a record deletion by writing the Title field of the record
to be deleted to a Label control. The OnAttachScript method, which is
called once for each row in the DataGrid in response to ItemCreated
events, attaches to each button an OnClick attribute that activates a
bit of client-side JavaScript. That script displays a confirmation dialog and
prevents the page from posting back to the server (thus preventing OnDeleteRecord
from being called) if the user clicks Cancel rather than OK.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I localize an ASP.NET application so that it formats
dates and times based on the requestor's locale? Deploy the following Global.asax file in the
application's virtual root:
Application_BeginRequest executes at the beginning of each and every
request. This example reads the requestor's preferred language from the Request
object's UserLanguage property (which is populated with information
found in the request's Accept-Language header), creates a CultureInfo
object from it, and assigns the CultureInfo object to the CurrentCulture
property of the thread that's processing the request. FCL methods that are
culture-aware (such as DateTime.ToShortDateString) will format dates,
times, currency values, and numbers accordingly. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
What does AspCompat="true" mean and when should I use
it? AspCompat is an aid in migrating ASP pages to
ASPX pages. It defaults to false but should be set to true in any ASPX file
that creates apartment-threaded COM objects--that is, COM objects registered
ThreadingModel=Apartment. That includes all COM objects written with Visual
Basic 6.0. AspCompat should also be set to true (regardless of threading
model) if the page creates COM objects that access intrinsic ASP objects such
as Request and Response. The following directive sets AspCompat
to true:
Setting AspCompat to true does two things. First,
it makes intrinsic ASP objects available to the COM components by placing
unmanaged wrappers around the equivalent ASP.NET objects. Second, it improves
the performance of calls that the page places to apartment-threaded COM
objects by ensuring that the page (actually, the thread that processes the
request for the page) and the COM objects it creates share an apartment.
AspCompat="true" forces ASP.NET request threads into
single-threaded apartments (STAs). If those threads create COM objects marked
ThreadingModel=Apartment, then the objects are created in the same STAs as
the threads that created them. Without AspCompat="true," request
threads run in a multithreaded apartment (MTA) and each call to an STA-based
COM object incurs a performance hit when it's marshaled across apartment
boundaries. Do not set AspCompat to true if your page uses no
COM objects or if it uses COM objects that don't access ASP intrinsic objects
and that are registered ThreadingModel=Free or ThreadingModel=Both. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I've developed a custom Windows Forms control that I'd like to
use in a Web Form. I've heard that ASP.NET can use Windows Forms controls. Is
that true? If so, how do I create a Windows Forms control in a Web Form? You can embed Windows Forms controls in Web pages
using <object> tags similar to those that declare ActiveX controls. To
demonstrate, here's the source code for a very simple slider control-one that
derives from the FCL's TrackBar class:
Compile this source code into a DLL with the
following command (assuming the source code file is named Controls.cs):
Copy the resulting DLL (Controls.dll) to the
virtual directory of your choice on your Web server. Now create a text file
named Slider.aspx in the same directory and add the following HTML:
The <object> tag declares an instance of
the control and names it Slider. It also uses <param> tags to
initialize some of the control's properties. Open the ASPX file in your
browser and the slider control should be displayed. IE downloads the control
implementation from the Web server, so you don't have to install Controls.dll
on the client. The client must, however, have the .NET Framework installed.
Internet Explorer 5.01 or higher is required on the client, too. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
If I use the slider control in the previous example in a Web
page, what must I do to allow a server-side event handler to determine the
position of the slider's thumb? The trick is to intercept the form submit event
fired before the form posts back to the server and add the thumb position to
the form's postback data. Here's a modified version of the ASPX file in the
previous example that does just that. The onsubmit attribute in the
<form> tag calls the JavaScript function SubmitForm before the
form posts back to the server. SubmitForm writes the slider's thumb
position to a hidden <input> control named __THUMBPOS. The browser
submits the __THUMBPOS control's value to the server, and the server-side
event handler extracts the value from the request. In this example, the event
handler writes the thumb position to the Web page.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
If I use the slider control in the previous example in a Web
page, the slider's thumb snaps back to its default position each time the
page posts back to the server. Is there a way to make the thumb stay put? The ASPX file below shows one way to do it. The
<param> tag that controls the slider's thumb position is no longer
embedded in the page's HTML; instead, it's output programmatically with
Response.Write. That enables the page to emit a <param> tag containing
a default value if the page is fetched outside of a postback, or a
<param> tag containing the __THUMBPOS value submitted in the request if
the page is being returned following a postback. It's not pretty, but it
works.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How can I create a DataGrid that displays a column of images
obtained from a database? The following ASPX file demonstrates how:
This ASPX file contains a DataGrid that displays
data from the Employees table of SQL Server's Northwind database. Each row
rendered by the DataGrid represents one employee, and each row's leftmost
column contains the employee's picture. The picture comes from the table's
Photo field. The image is rendered by the <ItemTemplate> tag, which
emits an <img> tag accompanied by a src attribute that points to a file
named NorthwindImageGrabber.ashx. Inside the ASHX file is an HTTP handler
that retrieves an image from the database. A query string appended to the URL
tells the handler which image to retrieve. Here's
NorthwindImageGrabber.ashx's source code:
The ProcessRequest method, which is called
every time the ASHX file is requested, retrieves the image from the database
and returns it to the client as a JPEG. For good measure, it also shrinks the
image down to thumbnail size using Image.GetThumbnailImage.
NorthwindImageGrabber.ashx discards the first 78 bytes of each image because
the Northwind database's Photo field doesn't store raw images; it stores BMP
bitmaps prefixed by 78 bytes of unrelated header information. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to write an ASP.NET handler that works like an
ISAPI filter-that is, that sees requests and responses and perhaps modifies
them, too? You can do it by writing an HTTP module-a class
that implements IHttpModule-and registering it in Web.config. Here's a
simple HTTP module written in C# that appends "Hello, world" to
every response:
Here's how you register it if MyModule is in an
assembly named CustomModules:
An HTTP module can handle the per-request events
fired by HttpApplication instances, and it can fire events of its own
that can be processed in Global.asax. To deploy the module, simply drop the
DLL containing MyModule into the application root's bin subdirectory. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How can ASP.NET apps transmit data from one page to another? One way to transfer data from page to page is to
have the sending page encode the data in a query string and the receiving
page read the data from the request. Here's the source code for a page named
PageOne.aspx that encodes a string typed by the user in a query string and
passes it to PageTwo.aspx:
And here's the page it redirects to, which echoes
what the user typed:
Another way to pass data from one page to
another--a technique that has the added benefit of keeping the data on the
server and not exposing it to the user--is to pass the data in session state,
as demonstrated here:
If you use Server.Transfer rather than Response.Redirect
to transfer control to another page, you can use public fields in the sending
page's code-behind class to transmit data. The following example demonstrates
how:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I display an ASPX or HTML page in a new browser window in
ASP.NET? The following tag creates a hyperlink that, when
clicked, opens an ASPX file in a new window:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I initialize a TextBox whose TextMode is
"password" with a password? Initializing the TextBox's Text
property doesn't seem to work. This won't work:
But this will:
The latter code fragment manually adds a
value="imbatman" attribute to the <input> tag output by the TextBox
control, causing the specified text to appear in the TextBox. You can also initialize a password TextBox
by including a Value attribute in the control tag, as demonstrated below:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I know I can write custom server controls by deriving from
Control or WebControl. But can I modify the behavior of existing controls by
deriving from them and modifying their output? You bet. Here's a custom control named NumTextBox
that derives from TextBox and adds an onkeydown attribute to
the <input> tag that TextBox outputs. That attribute references
a local JavaScript function that filters out non-numeric keys, producing a TextBox
that accepts only numbers. For good measure, NumTextBox senses the
browser type and renders differently to Internet Explorer and Netscape
Navigator, enabling it to work in either browser. It also overrides TextBox's
Text property and implements a set accessor that throws an exception if a
non-numeric string is written to it.
Here's an ASPX file you can use to test the
control. It assumes that the control is compiled into an assembly named
NumTextBoxControl.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to associate hidden values--say, values from an
identity field in a database table--with items in a DataGrid? You bet. Just declare a BoundColumn in the
DataGrid and set its Visible property to false, like so:
The column won't show up in the DataGrid,
but you'll be able to read data from it following a postback just as if it
were visible. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I configure a DataGrid to show a column of row numbers:
1, 2, 3, 4, and so on? The easiest way to do it is to use a TemplateColumn.
The following ASPX file demonstrates how. The TemplateColumn displays
the value of a rownum field that is incremented each time a row is
output.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to call Fill on a DataAdapter and fill two
DataTables in a DataSet with a single call? You bet. Here's a sample that demonstrates how by
performing a double query and binding each of the resulting DataTables
to a different DataGrid.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I'm trying to use Server.CreateObject to instantiate a legacy
COM component in an ASPX page. If I use VB.NET, I can create and call the COM
object just fine. But the same code written in C# doesn't compile. The
compiler complains that the method I'm calling isn't a member of Object. What
gives?
You've discovered an interesting feature of
VB.NET--namely, that it trades type safety for simplicity when late binding
to COM objects. Check out the following VB.NET code sample, which
instantiates a COM object (ProgID="Wintellect.Math") and calls its Add
method to add 2 and 2:
This code works just fine, despite that fact that
Add is not a member of System.Object. The VB.NET compiler
relaxes its type-checking rules to simplify your code. The C# compiler,
however, does not. The following code won't compile:
The solution for C# programmers is to late-bind
to the COM object using System.Type.InvokeMember. Here's the C#
equivalent of the VB.NET code above:
It's not pretty, but it works, and it perfectly
illustrates the extra effort required to accomplish late binding in C#. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I'm trying to use ASP.NET's HtmlInputFile control to upload
files to a Web server, but the control's PostedFile property is always
null—even after I select a file and post back to the server. What am I doing
wrong?
Most likely you forgot to include an enctype="multipart/form-data"
attribute in your <form> tag. The following HTML form doesn't support
file uploads:
But the next one does. Decorate the <form>
tag as shown here and file uploads will work just fine:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
ASP.NET's @ OutputCache directive lets me cache different
versions of a page based on varying input parameters, HTTP headers, and
browser types. I'd also like to be able to cache based on varying session
IDs. Is that possible? You bet. Here's a sample page that uses a VaryByCustom
attribute to cache different versions of a page based on session IDs:
In order for VaryByCustom="SessionID"
to work, you must include in the application root a Global.asax file
containing the following GetVaryByCustomString method:
GetVaryByCustomString is a mechanism for extending ASP.NET's page
output cache. This implementation of GetVaryByCustomString, which
overrides the one inherited from HttpApplication, responds to a VaryByCustom="SessionID"
attribute in an @ OutputCache directive by returning the current
session ID, if present. ASP.NET responds by caching different versions of the
page if the session IDs differ. Note that GetVaryByCustomString extracts
the session ID from the session cookie, not from the session's SessionID
property. That's because the request has yet to be associated with a session
when GetVaryByCustomString is called. An unpleasant side effect is
that this technique doesn't work with cookieless session state. Also note
that the page won't be cached until a user requests the page for the second
time, because the first request lacks a valid session cookie. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I've noticed that DataGrids round-trip tons of information in
view state, decreasing the effective bandwidth of the connection. Is there
anything I can do to reduce the DataGrid's view state usage? You bet. Set the DataGrid's EnableViewState
property to false, as shown here:
Once you make this change, you'll also have to reinitialize
the DataGrid in every request (even during postbacks), because the DataGrid
will no longer retain its state across postbacks. In other words, instead of
doing this:
Do this:
The performance you lose may be more than compensated
for by the effective bandwidth you gain--especially if instead of querying a
database on every request, you query once, cache the data, and initialize the
DataGrid from the cache. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to create a DataGrid that uses scrolling rather than
paging to provide access to a long list of items? With a little help from a <div> tag, yes.
The following ASPX file displays the "Products" table of SQL
Server's Northwind database in a scrolling table:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
By default, ASP.NET's worker process uses the identity of a special
account named ASPNET that's created when ASP.NET is installed. By including a
user name and password in Machine.config's element, I can configure ASP.NET
to run using an account of my choosing. However, my company has a strict
policy against encoding plaintext passwords in configuration files. I want to
specify the account that ASP.NET uses, but I also need to secure the
password. Is that possible? Out of the box, ASP.NET 1.0 requires the user
name and password to be encoded in plaintext in Machine.config. However, you
can obtain a patch from Microsoft that allows the user name and password to
be stored in encrypted form in a secure registry key that's off limits to
non-administrators. The hotfix also allows you to secure the credentials used
to access ASP.NET's ASPState database when using SQL Server to store session
state. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I want to make DataGrid paging more efficient by using custom
paging. Oracle makes custom paging easy by supporting query-by-row-number.
SQL Server is just the opposite. There's no obvious way to ask SQL Server
for, say, rows 101-150 in a 500-row result set. What's the best way to do
custom paging when you have SQL Server on the back end? You can use a query of the following form to
retrieve records by row number from Microsoft SQL Server:
Replace {0} with the page size (the number of
records displayed on each page), {1} with the page size * page number
(1-based), {2} with the name of the table you wish to query, and {3} with a
field name. The following example retrieves rows 41-50 from the
"Products" table of the Northwind database:
You can combine this query technique with custom
paging to make DataGrid paging more efficient. With default paging, you must
initialize the data source with all records displayed on all pages. With
custom paging, you can initialize the data source with just those records
that pertain to the current page. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to prevent a Web form from scrolling to the top
of the page when it posts back to the server? One way to do it is to add a SmartNavigation="true"
attribute to the page's @ Page directive. That requires Internet
Explorer 5.0 or higher on the client. To prevent unwanted scrolling in a
wider range of browsers, you can use a server-side script that generates
client-side script. The first step is to replace the page's <body> tag
with the following statements:
Step two is to add the following line somewhere
between the <form runat="server"> and </form> tags:
How does it work? The server-side script block
outputs a <body> tag containing an onscroll attribute that keeps
tabs on the scroll position and an onload attribute that restores the
last scroll position following a postback. The scroll position is transmitted
to the server in a hidden <input> control named __SCROLLPOS. Note that
this technique is compatible with Internet Explorer but not with Netscape Navigator. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
If I use the same user control in two different pages and
include an @ OutputCache directive in the ASCX file, will the user control be
cached once or twice? In ASP.NET version 1.0, the control will be
cached twice. In version 1.1, you can include a Shared="true"
attribute in the @ OutputCache directive to cache the control just
once. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
What's the best source of in-depth information on ASP.NET
security? Go to http://www.microsoft.com/downloads/release.asp?ReleaseID=44047
and download a free book (in PDF format) from Microsoft entitled
"Building Secure ASP.NET Applications." At 608 pages, it's packed
with more than you'll probably ever need to know about ASP.NET security. An
awesome resource for ASP.NET developers! |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
How do I set the focus to a specific control when a Web form
loads? With a dash of client-side script. Upon loading,
the following page sets the focus to the first of its three TextBox controls:
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to post a page containing a
runat="server" form to a page other than itself? Adding an action
attribute to the <form> tag is futile because ASP.NET overrides it with
an action attribute that points back to the same page. ASP.NET forbids a runat="server"
form from posting back to another page, but you may be able to accomplish
what you're after by taking a slightly different approach. It turns out that
if you remove runat="server" from the <form> tag,
ASP.NET won't alter the tag's action attribute. The bad news is that a
form lacking a runat="server" attribute can't host Web
controls. The good news is that it can host HTML controls, which means
that if you can do without DataGrids and other rich controls, you can
post back to other pages just fine. The following page contains a login form that
hosts three HTML controls. Note the runat="server"
attributes adorning the controls but the absence of runat="server"
in the <form> tag:
Clicking the Log In button submits the form to
Welcome.aspx, which reads the user name that the user typed from the HTTP
request and outputs it to the page. Here's Welcome.aspx:
Do the runat="server" attributes
on the <input> tags do anything useful? You bet. They make the controls
visible to server-side scripts. |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
When configured to store session state in a SQL Server database,
ASP.NET stores sessions in the Tempdb database, which means sessions are lost
if the database server is rebooted. Is it possible to configure ASP.NET to
store session in the ASPState database instead for added robustness? You bet. Read Microsoft Knowledge Base article
311209, which is titled "Configure ASP.NET for Persistent SQL Server
Session State Management" and located at http://support.microsoft.com/default.aspx?scid=kb;EN-US;q311209.
The article contains a link for downloading InstallPersistSqlState.sql, an
installation script that creates the ASPState database and configures it to
store session data in ASPState tables rather than Tempdb tables. This simple
configuration change enables session state to survive server restarts and is
a boon for small- and medium-size sites that can't justify building clustered
arrays of database servers on the back end. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
I'm using an <error> element in Web.config to redirect to
a custom error page when a 404 error occurs. Inside the error page, I want to
retrieve the URL that caused the 404 error so I can write it to a log file.
How do I get that URL? When ASP.NET redirects to a custom error page, it
passes the original URL (the one that caused the error) in a query string.
Here's an example in which PageNotFound.aspx is the custom error page and
foo.aspx is the page that produced the error: http://localhost/PageNotFound.aspx?aspxerrorpath=/foo.aspx PageNotFound.aspx can therefore obtain the URL of
the page that generated the error (in your case, the nonexistent page that
resulted in a 404 error) like this:
If you'd like to retrieve the IP address from
which the request originated for logging purposes as well, read it from Request.ServerVariables["REMOTE_ADDR"]
or Request.UserHostAddress. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
How does System.Web.UI.Page's IsPostBack property work? How does
it determine whether a request is a postback? IsPostBack checks to see whether the HTTP request is accompanied by postback
data containing a __VIEWSTATE or __EVENTTARGET parameter. No parameters, no
postback. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
Forms authentication protects ASPX files and other resources
owned by ASP.NET, but it does not restrict access to HTML files and other
non-ASP.NET resources. Is it possible to extend forms authentication to
protect ordinary HTML files and other resources that don't belong to ASP.NET? The best way to do it is map *.htm, *.html, and
other file name extensions to Aspnet_isapi.dll in the IIS metabase. (You can
use the IIS configuration manager to do the mapping.) Transferring ownership
of these resources to ASP.NET degrades performance a bit, but it might be
worth it for the added security. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
How do I build a DataGrid that contains a column of check boxes?
The column of check boxes is created easily
enough with a TemplateColumn. What's not so obvious is how to read the
state of the check boxes following a postback. The solution is to reach into
the DataGrid and extract references to the check boxes. The sample
below, which uses the "Titles" table of SQL Server's pubs database
to populate a DataGrid, demonstrates how it's done. Click the push
button and a list of all the titles with check marks next to them appears at
the bottom of the page.
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
I'm dynamically adding columns to a DataGrid at run-time, but am
finding that the DataGrid's events don't fire properly. Interestingly, if I
define the columns statically, the events work just fine. Any idea what I'm
doing wrong? You're probably adding the columns to the DataGrid
in Page_Load. Add them in Page_Init instead and the events will
fire just fine. In general, Page_Init is the ideal place to modify the
page and its controls, while Page_Load is the place to modify control
state. Keep this simple dictum in mind and you'll save yourself a lot of
headaches down the road. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
When hosting a Windows Forms control in a Web page, is it
possible to connect the control's events to a handler implemented in
client-side script? You bet. But you, the control developer, have to
do a little work to allow it to happen. Here's a summary of the steps
required: 1) Declare in the control DLL an interface
containing methods whose names and signatures match the events you wish to
expose to client-side script. Attribute the interface [InterfaceType
(ComInterfaceType.InterfaceIsDispatch)] so the Framework will expose it as an
IDispatch interface to COM clients. Use [DispId] attributes to assign each of
the interface's methods a unique dispatch ID. 2) Adorn the control class with a
[ComSourceInterfaces] attribute naming the interface defined in step 1. This
instructs the Framework to expose the interface's methods to COM clients as
COM events. 3) Grant the assembly containing the control (the
control DLL) full trust on the client. You can use the Microsoft .NET
Framework Wizards found in Control Panel/Administrative Tools to grant the
assembly full trust. To demonstrate, here's a WebSlider control whose
Scroll events (which are inherited from and fired by the TrackBar base class)
can be processed in a browser:
And here's a Web page that you can use to test
the control and prove that you can respond to its events in client-side
script:
As you move the slider's thumb, the client-side
event handler continually updates the positional value beneath the slider to
reflect the thumb's latest position. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
How does ASP.NET generate session IDs? Are they random?
Predictable session IDs increase the risk of session hijacking. Relax: ASP.NET uses random, non-sequential
session IDs. Specifically, it uses the FCL's System.Security.Cryptography.RNGCryptoServiceProvider
class to generate highly random 120-bit session IDs. Sessions can still be
hijacked by stealing session cookies or, if cookieless session state is being
used, by reading session IDs from the browser's address bar. But ASP.NET's
use of random session IDs should preclude the possibility of hijacking
sessions by guessing session IDs. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
Running ASP.NET on a Web farm requires you to configure each
server to use identical validation and encryption keys. Is there a tool
available for producing those keys? You can get the tool you're looking for right
here. KeyGen is a command-line utility for producing validation and
encryption keys of any length. Click here to download it, and here to download the C# source code. To run it,
simply type KeyGen followed by a key length in bytes. The following command
produces a 24-byte key:
KeyGen uses the .NET Framework Class Library's System.Security.Cryptography.RNGCryptoServiceProvider
class to generate cryptographically strong keys. As such, it only runs on
machines equipped with the .NET Framework. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
How can I get the name of the Windows security principal that a
request is executing as? Page.User.Identity.Name is no help at all when forms
authentication is used. The best way to do it is to use P/Invoke to call
the Win32 GetUserName function. The ASPX file below demonstrates how.
In order for this to work, your code must be running with a high-enough trust
level to permit callouts to unmanaged code.
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
Is it possible to generate the source code for an ASP.NET Web
service from a WSDL contract? Yes. Begin by running the Wsdl.exe tool that
comes with the .NET Framework SDK with a /server switch and pointing it to
the WSDL document, like this:
Wsdl.exe responds by generating a CS file
containing a WebService-derived base class that you can further derive
from to implement a Web service. The Wsdl.exe-generated class contains
abstract methods representing the Web methods described in the WSDL document;
you'll need to override and implement these methods in your derived class.
You must also manually copy the attributes in the Wsdl.exe-generated source
code file to the corresponding elements in your source code file. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
When I call DataAdapter.Fill to fill a DataTable, the data comes
back just fine, but any constraints placed on that data in the database do
not. For example, if the table I query contains a unique key constraint, the
resulting DataTable does not. If I modify the DataTable and violate a
constraint, I don't learn about my mistake until I call DataAdapter.Update.
Is there a reasonable way to read constraints from a database and apply them
to a DataTable? There is: it's called FillSchema. The page
below demonstrates its use. The record added to the DataTable violates
a uniqueness constraint because the "title_id" of the Pubs
database's "titles" table is a primary key and it already contains
a record with a "title_id" value of TC7777. Thanks to FillSchema,
the call to Rows.Add throws an exception.
As an aside, you generally want to call FillSchema
after DataAdapter.Fill, not before. Placing constraints on a DataTable
before filling it slows down the query. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
I'm using Windows authentication in an ASP.NET intranet app to
identify callers, and Windows authentication to authenticate callers to a
back-end SQL Server database. However, it doesn't work: the caller's
credentials are apparently not being propagated to the database. What's
wrong?
I'll bet you're using Integrated Windows
Authentication (IWA) to authenticate callers, and if that's the case, you've
encountered the famous Windows "one-hop" problem. By default,
Windows only allows security credentials to travel one hop over the network.
If you're using IWA, you use up your one hop going from the browser to the
Web server. Several solutions exist, but none are perfect. The best solution,
assuming you want to continue using IWA, is to enable delegation. Here are
some links to articles with more information: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_security_2gmm.asp |
|
||||||||||||||||||||||||||||||||||||||||||||
|
I'm using a SqlDataAdapter to update my database and a
SqlCommandBuilder to generate INSERT, UPDATE, and DELETE commands. Everything
works fine until I try to update a table that has spaces in its name. Then,
SqlDataAdapter.Update throws a SqlException. Why does this happen, and how do
I fix it? The problem is that CommandBuilder isn't
smart enough to figure out that table names with embedded spaces must be
delimited with special characters such as [ and ], even if your SELECT
statement contains a table name surrounded by those characters. The solution
lies in CommandBuilder's QuotePrefix and QuoteSuffix
properties. A CommandBuilder used this way will fail when it
encounters a table whose name includes spaces:
But a CommandBuilder used this way will
work just fine with most databases:
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
How can I use ASP.NET validation controls to check for leading
and trailing spaces in user input and display an error message if either is
present? Here's a CustomValidator that checks a
control named "Input" for leading and trailing spaces:
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
Why do uploads fail when I use an ASP.NET file upload control to
upload large files? ASP.NET limits the size of requests (and
therefore file uploads) as a precaution against denial-of-service attacks. By
default, ASP.NET won't accept requests whose size exceeds 4 MB. You can
change that by modifying the maxRequestLength attribute of
Machine.config's <httpRuntime> element. The following maxRequestLength
attribute expands the permissible request size to 8 MB (8192K):
|
|
||||||||||||||||||||||||||||||||||||||||||||
|
Can ASP.NET 1.0 and 1.1 coexist on the same server? Yes. Installing version 1.1 of the .NET Framework
doesn't wipe out version 1.0; both versions remain resident on the machine.
Version 1.0 lives in the %Windows%\Microsoft.NET\Framework\v1.0.3705
directory, while version 1.1 lives in
%Windows%\Microsoft.NET\Framework\v1.1.4322. By default, installing version
1.1 upgrades all ASP.NET apps to use ASP.NET 1.1. If you want certain apps to
revert to ASP.NET 1.0 instead, you must configure them accordingly (see
below). |
|
||||||||||||||||||||||||||||||||||||||||||||
|
I upgraded my company's Web server to ASP.NET 1.1 and it broke
one of my apps. Can I revert to ASP.NET 1.0 for that application and leave
others running under 1.1? You bet. Simply modify the IIS metabase to point
that application to version 1.0.3705 of Aspnet_isapi.dll instead of version
1.1.4322. The easy way to do it is to run the Aspnet_regiis utility that came
with version 1.0 of the .NET Framework. The following command uses
Aspnet_regiis to configure the application in the virtual directory named
MyApp to use ASP.NET 1.0:
If you later decide to migrate the application to
ASP.NET 1.1, simply repeat the command, but this time use the Aspnet_regiis
utility that came with version 1.1. For additional information, refer to the
article entitled ASP.NET Side-by-Side Execution of .NET Framework 1.0 and
1.1 on the ASP.NET team's Web site. |
|
||||||||||||||||||||||||||||||||||||||||||||
|
Can an ASP.NET app figure out at run-time what version of
ASP.NET it's hosted by? Yes, by reading the static Version
property of the Framework's System.Environment class. Here's a page
that demonstrates how. When executed, the page displays the version of
ASP.NET that it's running under:
Should you need them, build and revision numbers
are also present in the System.Version object returned by the
property's get accessor. |
|
||||||||||||||||||||||||||||||||||||||||||||
