ASP.NET AJAX Control Toolkit – Basic Sample For DynamicPopulate Control

How to dynamically populate the content of a control based on Web Service call triggered by another control? DynamicPopulate extender to the rescue: DynamicPopulate is a simple extender that replaces the contents of a control with the result of a web service or page method call. The method call returns a string of HTML that…


Basic HttpModule Sample (Plus Bonus Case Study – How HttpModule Saved Mission Critical Project’s Life)

This post to describe basic steps to write HttpModule and how it rescued mission critical application from not hitting the dead line. HttpModule is the mechanism that facilitates implementing cross cutting logic for incoming ASP.NET requests. ASP.NET uses it extensively under the covers for its needs too – Session management, Authentication to mention a few….


ASP.NET 3.5 Extensions: Basic Steps To Create Dynamic Data Web Application – Focus On Security and Performance

This post walks through the steps I’ve taken to create simple Dynamic Data Web Application. I just loved the development model for DTO [Data Transfer Object] and Input Validation options. Summary of steps Step 1 – Download and install ASP.NET Extensions. Step 2 – Create New Dynamic Data Web Application in VS2008 Step 3 -…


Avoid Manipulating Passwords In Memory – It Is Easy To Reveal

Revealing clear text passwords in memory seems to be a trivial task. This post describes how to reveal clear text passwords and what countermeasures to apply. Summary of steps: Install WinDbg Attach to process or open dump file Load SOS .Net extensions for WinDbg Enumerate threads Enumerate objects in thread Dump object’s values Countermeasures and…


VS 2005 Web Application Project – Resources

It is a bundle of resources for VS 2005 Web Application Project feature. It should explain its advantages and differences over Web Site Project that was introduced in VS 2005 and not available in VS 2003 VS 2005 Web Application Project V1.0 Released Introduction to Web Application Projects Upgrading VS 2003 Web Projects to be…


Use DIR Command To Generate List Of Files And Store It In File

DIR /S /B /A:-D I use simple DIR command to generate file lists. It serves me in many scenarios. For example, I use it to generate .Net assemblies list when I conduct preliminary scan as part of code inspection process. Here are the explanations to the switches: /S – search sub folders /B – bare…


ASP.NET 2.0 Internet Security Reference Implementation – Have It Handy

JD Meier writes in his blog: The ASP.NET 2.0 Internet Security Reference Implementation is a sample application complete with code and guidance.  Our purpose was to show patterns & practices security guidance in the context of an application scenario. We used Pet Shop 4 as the baseline application and tailored it for an internet facing scenario. …


TechEd 2007 Barcelona – Web Application Security Session Sum Up

This post summarize few stats and lessons I learned after giving my Web Application Security presentation during TechEd Developers Barcelona this November 2007. 500 attendees. 221 responded to evaluation form. Overall quality of the session – 7.71 [out of 9] Speaker’s knowledge of the subject – 8.29 [out of 9] Speaker’s presentation skills – 7.41 [out…


Identify ASP.NET, Web Services, And WCF Performance Issues By Examining IIS Logs

Simple examination of IIS logs can reveal potential performance issues related to ASP.NET web applications, ASP.NET web services, and IIS hosted WCF services. Fast, easy, cheap. These are the simple steps I take: Time-Taken & W3C Logs: Turn it on… Collect the data in the IIS logs Open IIS logs in MS Excel 2007 Analyze…