Adnan Rashid » asp.net

Multiline TextBox Length Validation

admin — Sat, 10 Jan 2009 04:00:40 +0000

Unlike the normal TextBox, the MaxLength property doesnt work for MultiLine TextBox. Heres a small trick to solve the problem:

The above markup validates the revExample TextBox / textarea and limits the max characters to 200. By modifying the regular expressions, we can validate fields for any scenario. If you are looking for some Regular Expressions to get started out, just point your browser to http://regexlib.com/

Cheers!

Asp.Net Read Reciept Request

admin — Sun, 28 Sep 2008 04:00:30 +0000

Here’s a quick tip. If you need to include a request for read receipt like Microsoft Outlook while sending mails through Asp.net, just add the Disposition-Notification-To Header to the MailMessage.

The MailMessage class does not have a corresponding attribute and thus it has to be set through the Header.

MailMessage mm = new MailMessage(fromAddress, toAddress);
mm.Subject = subject;
mm.Headers.Add("Disposition-Notification-To", sendReadReceiptToAddress);

Please keep in mind that this is only a request, and can be rejected/ignored by the Mail Client/User configuration.

Generic Handler – Session State

admin — Fri, 26 Sep 2008 04:00:42 +0000

In my current project I needed to access the Session state in a Generic Handler. To my dismay, i realized that the Session StateBag was null. The StateBag class is sealed and manages the Viewstate of the Asp.net server controls and pages.

Upon discussion with my colleague, Mr. Hamed, we found the solution to my problem. Using the IRequiresSessionState interface in System.Web.SessionState, we got access to Session state.

According to Microsoft “Specifies that the target HTTP handler requires read and write access to session-state values. This is a marker interface and has no methods.”

Another option was to use the IReadOnlySessionState interface (Specifies that the target HTTP handler requires only read access to session-state values. This is a marker interface and has no methods.)

Needless to say, there is a performance increase in the latter case and if your requirement is only to read Session state, then that would be the right choice

Encypting query string in Asp.Net

admin — Tue, 08 Jul 2008 04:00:15 +0000

When you pass information from one page to another, you are passing information that anybody can sniff. For example consider a scenario, in which you pass the customer id as a query string:

http://www.yourapplication.com?customer_id=15

Now if somebody replaced 15 with say 10 or any other number, they can pull up other customer information. And that’s bad for security.

One solution to this problem is to use encryption using a secret key. So lets use a hard-to-crack 8 byte key like $zm0!qp?

To accomplish this here is a code snippet

using System;
using System.IO;
using System.Xml;
using System.Text;
using System.Security.Cryptography;

public class Encryption64
{
    private byte[] key = {};
    private byte[] IV = {18, 52, 86, 120, 144, 171, 205, 239};

    public string Decrypt(string stringToDecrypt, string sEncryptionKey)
    {
		byte[] inputByteArray = new byte[stringToDecrypt.Length + 1];
		try
		{
			key = System.Text.Encoding.UTF8.GetBytes(sEncryptionKey, 8);
			DESCryptoServiceProvider des = new DESCryptoServiceProvider();
			inputByteArray = Convert.FromBase64String(stringToDecrypt);
			MemoryStream ms = new MemoryStream();
			CryptoStream cs = new CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write);
			cs.Write(inputByteArray, 0, inputByteArray.Length);
			cs.FlushFinalBlock();
			System.Text.Encoding encoding = System.Text.Encoding.UTF8;
			return encoding.GetString(ms.ToArray());
		}
		catch (Exception e)
		{
			return e.Message;
		}
    }

    public string Encrypt(string stringToEncrypt, string sEncryptionKey)
    {
		try
		{
			key = System.Text.Encoding.UTF8.GetBytes(sEncryptionKey, 8);
			DESCryptoServiceProvider des = new DESCryptoServiceProvider();
			byte[] inputByteArray = Encoding.UTF8.GetBytes(stringToEncrypt);
			MemoryStream ms = new MemoryStream();
			CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write);
			cs.Write(inputByteArray, 0, inputByteArray.Length);
			cs.FlushFinalBlock();
			return Convert.ToBase64String(ms.ToArray());
		}
		catch (Exception e)
		{
			return e.Message;
		}
    }
}

The end user will get to see a random text in the query string, something like

http://www.yourapplication.com/Receive.aspx?key=a2f5ckj?h79#8dd3

Remember stay secure stay safe.

Asp.Net Reset Password

admin — Sun, 06 Jul 2008 04:00:42 +0000

If you are using Membership Provider in your ASP.net application, you might come across a scenario in which you need to have both Security Question and Answer feature and would also like to pro-grammatically reset the password for an account.

So if you run the code

string username = "user";
string password = "password";
MembershipUser mu = Membership.GetUser(username);
mu.ChangePassword(mu.ResetPassword(), password);

You will get an error when you try to reset the password. A solution is to add another Membership provider having all the same settings as the default provider with only one exception:

For all Membership functions, you the default Membership provider will be used, but when you need to reset the password, you must reference the new Provider. Here’s a code excerpt to help you out:

string username = "user";
string password = "password";
MembershipUser mu = Membership.Providers["NewMembershipProvider"].GetUser(username, false);
mu.ChangePassword(mu.ResetPassword(), password);

So now your application can use both the Security feature to recover password and pro-grammatically Change/Reset the password when required.