When you are paying for SQL Server space in a hosting environment, it is often important to see which tables are taking up the most physical space. Sql Server has a stored procedure for this ‘sp_spaceused’, however, you need to run it for every table. Time consuming and fustrating.
Mitchel Seller came up with a really handy stored procedure to show you all the information at once in Query Analyzer…:
Those of us who have used Apache on a Unix platform are familiar with Apache Mod Rewrite, which allows urls to be rewritten using rules and regular expressions. This allows for “pretty urls” instead of long querystring urls that aren’t particularly user or search engine friendly.
A url such as
/index.aspx?type=blog&category=programming
can be rewritten to something like
/blog/programming/
Much easier to read and remember.
ASP.NET 2.0 introduced limited rewrite rules, basically static routes that can be configured in the web.config file.
Until version 7 of IIS, there really hasn’t been a native solutions(IIS 7 requires an extension to be installed) . So if you are using IIS < 7 then you will need to find a custom solution.
If you are using IIS7, it may not have the features that a PHP solution, using apache mod rewrite would need or use, which would force you to try to recreate the functionality. Apparently there is a script that will convert apache rules to IIS7 Rewrite rules, but I haven’t test it out.
Following are a couple of solutions that I have found:
This is a very easy to use solution. It an ASP.net module, so it relies on the .NET framework. I’ve used it on several sites and haven’t had any problem, that weren’t of my own making. Rules are stored in the web.config and the module files are simple put in the application in the “/bin” folder. You can even program against it with intellisense in Visual Studio.
Pros: Free, Easy to install, Good Docs, no need to configure IIS, Can program against it in asp.net
Cons: Only works for .NET enabled sites. All rewrites must point to a .aspx file since the process is part of the .Net pipeline. (so from the above example the rewrite would be: /blog/programming.aspx)
Supports regular expressions, and the syntax is very similar to Apache rewrite syntax found in .htaccess files. I ended up going with UrlRewritingNet since it was so easy to configure and I only wanted it for Asp.net applications.
Pros: Free, documentation is pretty good, syntax is very similar to Apache mod_rewrite rules.
Cons: Lack of good examples, separate copies of the dll must be used and configured to have different configurations per site.
This is a fantastic solution for running Open Source PHP apps, (like Joomla, Drupal, CMS Made Simple etc.), since after installing the ISAPI filter, .htaccess files are natively supported, little or no configuration required, and the software behaves exactly as designed. Supports virtually all the functionality of mod_rewrite, even writing scripts to do rewrites from database results.
Pros: mod_rewrite syntax and .htaccess support. Native IIS6 and IIS7 support. Can write scripts to extend the functionality.
Cons: Not free. Documentation is a bit sparse on the site,( but since it basically supports everything mod_rewrite can do, all the documentation for mod_rewrite comes into play.)
This software has been around for a long time. It was one of the only solutions available before IIS7. Powerful regular expression support and supports IIS permissions to control access to resources etc. Allows for proxying, redirection and conditional statements.
Pros: very powerful and flexible, price is fair, tech support
Cons: Not Free, documentation could certainly be better
When html is going to be submitted from a from, say from a “rich text box” textarea that might be in your code you will get an error page: “a potentially dangerous request.form value was detected…”. So you have to turn request validation off in the Page declaration on the .aspx page. This allows any html to be sent to the server.
Of course, this could allow a malicious user to submit CSS(Cross Site Scripting) attacks to your site. Request validation was put there for a reason 
Now most rich text boxes have some level of security, striping and cleaning up HTML, but I like to be sure.
One solution is to user Server.HtmlEncode() to encode all the submitted data that contains mark-up into HTML entities. But that defeats the purpose of having a rich text box in the first place.
So here is a couple quick regular expression replace to get rid of script tags in HTML that might be submitted via a form.:
Here is the Asp.net code:
1: Dim cleanHtml As String
2: cleanHtml = Regex.Replace(unfilteredHtml, "<script.*?>[\s\S]*?</.*?script>", "", RegexOptions.IgnoreCase)
remember: RegexOptions.IgnoreCase, to make the search case insensitive
These regular expressions shouldn’t break anything on the page, and prevent any code executing. You might still get Javascript errors if you have an event handler that calls a function that no longer exists. I haven’t been able to come up with a good regular expression to get rid of all event handlers in tags, but I’m working on it.
I found a great article on unhandled exception management.
http://aspnetresources.com/articles/CustomErrorPages.aspx
This is the best overview i’ve found of how to implement secure error handling, with solid examples.
Advances in browsers and JavaScript have allowed for some very nice text and image effects to be done without using additional software such as Flash, Silverlight or Java. One of the biggest advantages of this technique is that all the images and text are displayed in the source code, so search engines can find all the content. Also, you don’t have to buy any new software to develop a solution. This also allows for keeping more content in compact spaces.
JQuery Cycle Plug-in – This is a very well developed and maintained plug-in that has some very powerful effects. This plug-in displays one element at a time, “cycling” through each element that is in a parent container.
JCarousel Lite – Sometimes you want to create a carousel effect, displaying multiple items at one time, and being able to cycle though them, in a continuous loop(a circular carousel). There is a JCarousel plugin out there, the circular functionality wasn’t that well implemented.
I have personally used these 2 plug-ins extensively.
For the JQuery Cycle Plug-in, when the images are a bit bigger, sometimes they will display, one after the other, for a second or two, before they are hidden by the plug-in. I have a quick little JQuery solution to the problem.
It involves 2 steps: 1) place the images in a hidden layer, then 2) append the images to the Cycle layer, as follows:
<script language="javascript">1:2: $(document).ready(function(){3: $('#hidden_images img').appendTo("#header_banner");4:5: $('#image_cycle').cycle('fade');6: })7:</script>
<body>
<div id="hidden_images">
<img src="imageone.jpg" alt="" />
<img src="imageone.jpg" alt="" />
<img src="imageone.jpg" alt="" />
</div>
<div id="image_cycle"></div>
Our clients started to receive spam from their contact forms and wanted to curb it. I looked for a free(clients love “free”) captcha control for ASP.net, and found the following solutions
Free Captcha control:
This is the solution I like the best. Just download the source and build the solution, include the dll in your /Bin folder
CodeProject Article and Download
The original article, with recent comments
ReCaptcha (Free)
ReCaptcha is a project by Carnegie Mellon University which provides a free captcha service for use on websites. The fun thing about it is that users that are solving captchas visual and audio are actually helping to digitize public domain books/radio shows etc. for distribution. There is a .Net wrapper control for it as well. It has several default templates for the look and feel of the captcha and supports custom templates as well, although I wasn’t entirely able to get the custom template to work. There is also a nice script for hiding your email address on the page to prevent it from being picked up by bots.
Lanapsoft BotDetect Captcha Control (Pay)
I played with the free trial and it seems to work fine, although I find the implementation of the free control from nicer. But this one has a tonne of options, settings and support.
I hope this helps in keeping the spam down . We could all use a bit of that.
I often have to integrate applications into pure html websites, maintained with a content creation system. I usually throw the application into a separate folder, and make that folder an application in IIS. I then create a master-page and throw their site’s template in it.
The problem I was having was managing paths to css and images within the template when developing the application using the local file system. I wanted to use all their image resources and the existing scripts and CSS and view all these together when I was developing.
The trick is to use the “Local IIS” functionality of Visual Studio to develop your application. Here are the steps I follow:
I create a directory in my “Projects” folder, we’ll call it “Website1”. I download the relevant graphics/css files from the website, sometimes the entire website, if it isn’t too big, to the same locations as on their server. This mimics their site structure (eg. Website1/Style Website1/Images)
Then I create my sub directory within this structure, “Website1/MyApplication”.
I then go to my local instance of IIS. I create a virtual directory to Website1. In IIS, I then navigate to the application directory, and make it an application (right click->properties->home directory->create application) making sure to select the correct version of ASP.net.
Now in Visual Studio, choose “Open Website” and on the left choose “Local IIS”. Choose the Website1 vDir you created and open it. You will be prompted about making it an application, just say ok.
In the solution explorer, double click on the vDir you created for your application. You will be prompted to open the application as another solution or to add it to the current solution. Choose the latter.
Now simply work from the project that was just added to your solution, as usual.
When you debug, all the images/styles in the master page will be in place and you can accurately build your application so it looks exactly like the rest of the website.
Because browsers, even standards compliant ones, interpret web standards differently and/or have different defaults for margins/padding/default font sizes, it is often good to have a baseline set of CSS styles that “reset” everything to common values. These style sheets are often called “Reset” or “Base” CSS.
Now there is some debate whether this technique is necessary with semantically correct, fluid style web pages (basically pages that adjust the content based on screen size, text size etc. I personally feel that layout predictability is important. I also know that most corporate customers want their site to look “brochure” like, and obviously, paper isn’t fluid. Not to mention that they often want their marketing materials to reflect the same look an feel.
I’ve found some articles and examples of various CSS Reset style sheets online, that will suit just about anyone’s needs:
Basically the suggestion is to place your choice of one of these style sheets on your page before any other style sheet then begin your design.
Obviously if you are already working from a template that has already been developed, it may mess up the layout.
Some of the servers I work on are in the U.S., but I work from Canada and have my PC set to locale en-CA. This locale inverts the month and day in the short date string. For example May 1st 2009 would be written as 5/1/2009 in the US, 1/5/2009 in Canada, as per the locale. SQL Server is usually setup as US as the locale for storing dates regardless of where the server is.
This has led to wasted time trying to figure out why I’m not getting results back from the database, when the date is passed around as a string, say in a querystring. Usually this involved a lot of head scratching until there was a “Arithmetic overflow error converting expression to data type datetime” exception.
So why don’t I set the page to locale en-US? Well, I use the locale to control localization.
There are 2 solutions:
1. Format the date in a very specific fashion either by using date format strings, or by breaking the month,day,year components out of the date object and rebuilding them into a string. This assumes we know all the variables that may change the formatting.
2. (the one I prefer) is to throw in the formatting information into the Date.ToString and Date.Parse/Date.Tryparse functions like this:
Dim someDate As Date = Now() Dim cultureUS As System.Globalization.CultureInfo cultureUS = New System.Globalization.CultureInfo("en-US") Dim dateString As String = someDate.ToString("d", cultureUS) 'To parse the information back into a date object Dim readDate As Date Date.TryParse(dateString, cultureUS, Globalization.DateTimeStyles.NoCurrentDateDefault, readDate)
This way, we make sure everything is constant and follow the localization paradigm.
One of the SQL servers I help maintain was being “brute-force” attacked. We decided to change the default port for SQL Server, close that port down on the firewall, which basically solved our problem, while maintaining the flexibility we needed for distributed development of the applications.
I had to go through and change all our connection strings for our applications. We had recently changed to SQL 2005, and I wasn’t sure how to take into account custom ports.
ConnectionString.com has all your answers. Very helpful