Saturday, 11 December 2010

Creating An ASP.NET RSS Feed, Using Data From SQL Server And HTTP WebHandler

There are a couple of ways to create an RSS feed from a SQL database store. Over at 4GuysFromRolla.com, there’s a post explaining how to create an RSS feed using a regular old ASP.NET Web Form.

Another option would be to write a script that creates an actual XML file on some periodic basis (probably just before the recommended “time to live” setting of the feed). The benefit of that is, one taxes the database server a little every now and then, and a “real” XML file does the work.

But as a rule, for ASP.NET applications, Microsoft recommends using HTTP handlers or modules whenever one wants to present data other than HTML.

A handler is a special ASP.NET Web page; a module is a plug-in one can install in Internet Information Server. If you’ve got a lot of different, special-case Web processing, or one need that is near-constant — such as processing images stored in a database every time a specific page is called — then you’ll want to consider a module. For occasional or lightweight processing, such as serving up a low-use RSS stream, a handler will do fine.

So that’s what we’ll use here. Let’s begin by creating an ASP.NET HTTP handler, which is written in the same way one would write the code behind for an ASP.NET page, but uses the file extension .ashx.
Continue reading: Creating An ASP.NET RSS Feed, Using Data From SQL Server And HTTP WebHandler »

Tuesday, 21 September 2010

FAQ Released For Microsoft ASP.NET CryptographicException Attack

Scott Guthrie, Microsoft’s corporate vice president for the .NET platform, posted on his blog late Monday a FAQ about the ASP.NET CryptographicException vulnerability.

Highlights:

  • All versions of ASP.NET are affected. That includes WebForms and MVC versions 1 and 2.
  • Sharepoint is affected, too. A workaround on how to employ a new generic error document for Sharepoint is detailed at that team’s blog.
  • Everyone should employ the recommended workarounds.
  • You have to route all HTTP errors to the workaround’s generic error page. Otherwise, the hack still works.
  • A patch will be released as a Windows Update hotfix, but no release date has been set yet.
  • Check your logs for CryptographicException errors. If you see them, it’s possible you are being probed.

I take this very seriously. There’s a tool and video tutorial out there detailing how to run this exploit, so every script kiddie in the world is looking for sites to exploit, I am sure.

All links in this post on delicious: http://www.delicious.com/dougvdotcom/faq-released-for-microsoft-asp-net-cryptographicexception-attack

Wednesday, 11 August 2010

The 2010 Social Networking Map (via tor.com, with OP credit to xkcd)

Check out this awesome thing (click for larger in new):

The 2010 Social Networking Map

Continue reading: The 2010 Social Networking Map (via tor.com, with OP credit to xkcd) »

Wednesday, 16 June 2010

New England GiveCamp 2010: What A Great Experience

New England GiveCamp 2010The first New England GiveCamp was this weekend at Microsoft’s Northeast Research and Development building in Cambridge, MA, and it was, by far, one of the most rewarding experiences I’ve had in the 15 years I have been professionally coding.

About 100 technical and non-technical volunteers spent the weekend of June 11-13 writing code for charities. Most projects were Web site upgrades — either installing a content management system, or extending that system to do something it didn’t do before, such as collecting very specific data, integrating with a customer relationship management tool, etc.

Other projects were more complex. For example, my project was data normalization and version control.

I was assigned to the Goshen Land Trust, a charity that protects open and green space in Goshen, CT. My team members were Kriss Aho and Pat Tormey, both from the Boston area; and Chris Craig, the president of GLT.

Prior to last weekend, GLT tracked all its customer relationships in Excel spreadsheets. They do their accounting in Quickbooks.

If someone was a volunteer, his name went into the volunteer spreadsheet. If he owned land, his name was in the landowner spreadsheet. If he was a land or money donor, his name went into another spreadsheet. And so on, and so on; this story has been told a thousand times before, we all know it by heart.

And, of course, there were several versions of each of these spreadsheets out there: They were exchanged back and forth via e-mail, meaning no two copies of the same spreadsheet were alike. Again, stop me if you’ve heard this one before.

Finally, donor payments are managed entirely separate from the spreadsheets, via entries into Quickbooks. So there’s a completely different store of around 800 mostly duplicate names in Quickbooks, too, which isn’t easily compared to a spreadsheet of about 2,000 names.

So we had to figure out a way to impose some version control on these sheets; we had to create a master data store, so we could have an authoritative source of customer relationship information; and we had to sync customer information in Quickbooks to match the master data store.

Sounds like fun, I know. It actually was, after it stopped being awful.
Continue reading: New England GiveCamp 2010: What A Great Experience »

Wednesday, 14 April 2010

Visual Studio 2010 / .NET 4 Events For Maine-Based Developers

On Monday, Microsoft set its Internet volume knob to 11, announcing the official release of Visual Studio 2010 and the .NET 4 framework. If you haven’t seen it, take a look at Scott Hanselman’s comprehensive rundown of where to get the tools (including free Express editions) and what those new tools have waiting for you. (Oh, and some guy named Scott Guthrie mentioned it in passing, too. {lulz})

Of course, no major Microsoft product release is complete without scads of in-person events to show them off, a trade show / seminar / reception for Partners to upsell you goods or services, and a little swag. In the case of Maine, we get two bites of the apple, as it were — that is, if you consider a day trip to Boston something that’s local to Maine (and trust me, you should.)

These events are free but do require registration.

On April 29, Microsoft conducts a day-long launch event at the Westin Copley Place hotel in Boston. (As of this writing, registration was still open for the Boston event. However, I would recommend acting yesterday if you want to attend; once word spreads, these events fill up quickly).

Labeled “Launch 2010 Technical Readiness Series,” the developer track of this event (there are IT professional and manager tracks, too) is actually more an overview of the new technologies. SharePoint / Office programming; Windows; ASP.NET (Web); Azure (cloud); and Windows 7 Phone (mobile) platforms development each get a one-hour overview, and Microsoft kicks in a free continental breakfast and box lunch.

While Microsoft is coy about the “giveaways” being offered at the end of the event, when I went to the Visual Studio 2008 / Windows Vista launch back in 2007, I received free, fully functional copies of VS 2008 Standard and Vista Ultimate, plus copies of the developer editions of Windows Server 2008 and and SQL Server 2008. I can’t be sure that such high-class swag will be offered this time around, but even if Microsoft sends me home empty-handed, I can’t miss this opportunity to shake hands and kiss babies.

Continue reading: Visual Studio 2010 / .NET 4 Events For Maine-Based Developers »