Posts Tagged ‘.Net Framework’

Centralizing Users’ Authentication at Active Directory Level

December 23, 2011 Leave a comment

First of all, sorry for my long absence.

One month ago, I had a talk at TechInsights South East Asia, 2011 related to one of my favorite security topics for centralizing user management. I thought why not share it with you guys.

I hope you enjoy it.

Peace and love …


Web forms or ASHX (Handlers) (a short differentiation)

“What should I choose [Web-forms or Handlers] when I want a simple response from the server? “. After 6 years of development with I heard this question a lot. Due to this, I decide to answer it here.

Web forms VS ASHX

Fig 1.0

Assume that you are developing a JQuery AJAX based application that sends its requests to servers and receives a specific response from it. In this case the first solution that may strike you is using handlers. Maybe because of some features I list here:

–          It returns only a specific response; it is so light and is not derived from a heavy class that may have some performance penalties.

–          Unlike a web form it doesn’t need to compile its interface, generates HTML and returns the generated HTML to clients.

–          Unlike web services (mostly used before .Net 3.0), it returns almost all of request’s properties. One of the most prominent one is users’ identity.

Yes, using Handlers has many, many benefits but choosing to use them for such purpose may bring many problems as well.

In a standard web-form programming (I’d better say as a good OOP practice) you should implement a multi-layered

Web forms VS ASHX (Handlers)

Fig 2.0

inheritance for all of your web-forms. It is totally a beginner’s mistake to inherit a web-form directly from System.Web.UI.Page.

In this approach (Fig 2.0) you distribute each group of actions to separate layers. For instance, you place secure parts (handling authorized users) inside SecurityWeb class, non-secure parts placed into NonSecureWeb class etc. Finally, all of your customized classes can inherit from WebBase class which executes your common and shared operations. WebBase class is also derived from the built-in System.Web.UI.Page class.

Now, you have built a clean architecture for security, caching, common operations/properties and many more. Just assume that you want to enforce all of the functionalities you defined in your layered architecture take place in you AJAX handlers. Assuming that you handle the incoming requests with a handler class. A handler class that cannot inherit anything from a parent class. So there is almost no clean and neat way to have all of your efforts happen before executing the handler’s block. You have no choice to make external calls to other classes by passing heavy objects and parsing the return values!!

This is just duplicating many of your codes that results in inconsistent and non-secure consequences.

Better solution:
The alternative is to replace the handler class with a web-form one that inherits from an/other parent class/es. Now you can have all of the important actions happen in almost everywhere without any code duplication or security problem outcomes.

Indeed, Web forms are heavy, very heavy. Here I provided my common practice to decrease some weigh of this fatty class.

How to make web forms act close to handlers:

By adding the following code you can easily change the behavior of ASPX files to act similarly with ASHX files:

Response.ContentType = "text/html";
Response.Expires = -1;
Response.CacheControl = "no-cache";
Response.AddHeader("Pragma", "no-cache");
Line6: string response = "";</pre>
<pre>// your process over Request and generate the Response</pre>

Above, is a sample that returns a text. Obviously, you can change it to any desired return value. Line 6 is where you should place your operation to feed the response variable.

You reached the end:). I should thank for your attention, deeply appreciate your sharing thoughts about this post and looking forward to receiving them here 😉

Umbraco – A new taste of development

Niels Hartvig

Niels Hartvig - Founder

An open source CMS but this time in C#. I saw many applications on the web (refer to, or this one that offer many open source apps in .Net but can anyone of them run huge applications such as or

Umbraco is an open source CMS in C# which could run and and far too many other enterprise web apps (claiming more than 85000 installations). Yes it is based on open source license and it is chosen by many organizations such as Toyota and Microsoft.

Niels Hartvig, is the founder of this CMS. He was a simple Danish man who started changing his world by developing his idea. And again a developer made it.

This CMS can be easily used freely to start a personal web site, a business web site, a forum or … and also can be used by developers to build their own customized CMS based on their needs.

It is 100% based on .Net and was coded in MVC. It can be opened easily in VStudio or WebMatrix (there is a template for Umbraco in WebMatrix) to make any alteration. Furthermore, it can be connected to MSSql Server or MySql Server. You can also code for your own DBMS. Moreover, you can plan it over Windows Azure. For all you need to know about development, they have an active forum talking about development issues or just see this video to be shocked about the power of this CMS.

Umbraco and Azure Logo

There is a really nice section in their web site called [Make A Wish], in which you can post any idea that you think is missed.

The last thing you should know is Umbraco’s base application is 100% free of charge unless you prefer it can be bundled with guaranteed and professional support, bug fixing warranty and productivity enhancing add-ons.

Why waiting so long, download it and start your own web ;))

.Net Generics (Performance and flexibility)

April 17, 2011 2 comments

I discussed the reason of using Generics in another article. Here it’s aimed to talk about Generics in detail.

Generics are a part of CLR type system that allows you to develop your own types which are flexible in their parameters’ type. Therefore, it allows you to help your consumers feel comfortable while using your class. The most common use for Generics is data types such as lists, linked lists, stacks, trees etc where the operations on each item is done in the same way regardless of their types.

MS Generics

Fig 1

Why using Generics:

1-      Improve performance: As it’s discussed in my previous article, assume that you have a class that its parameters’ type is not specified. You have two choices to build it. One way is to use Object as your parameters’ type which in most cases it needs boxing and unboxing. The second way is to use Generics which has no boxing and unboxing but has almost the same flexibility as Object hast.

2-      Less runtime errors: While you are using Object you need to convert it in order to use it. And because it is not possible to check the parameters’ type in compile-time compiler needs to do type-checking in runtime. In this case, if you cast it to wrong type compiler raises type mismatch error. In contrary, using Generics doesn’t have this issue since its strongly-typed data type, compiler can catch this matching at compile-time.


Creating generics types:

It is quite a fun. You just need to specify the name of parameters that are type flexible. After that everything is done by .Net.

class GenericsTemplate<T, U>


T t;

U u;

public GenericsTemplate(T t, U u)


this.u = u;

this.t = t;


public string getT


get { return t.ToString(); }


public string getU


get { return u.ToString(); }



Here you have a flexible class which can accept all possible types! Isn’t it easy!! :D. It can be int, string, a custom class or any other type.

How to use it:

Parameters’ type are defined in class instantiation.

class Program


static void Main(string[] args)


GenericsTemplate<string, int> genClass = new GenericsTemplate<string, int>("Hello World", 560);

Console.Write(genClass.getT + Environment.NewLine + genClass.getU);




Since parameters’ type is specified in declaration, compiler can check for any mismatch error.

How to use constraints:

Did you find it useful? But I think you found some limitations in using these variables inside the generic class. You can only have capabilities of base Object data-type which are ToString() and GetHashCode() methods. To overcome this problem .Net introduces a key word called where. This key word can be used to limit the range of possible types that parameter’s can accept. This limitation may also reduce the complexity of consuming your generic class since developers (consumers) won’t be confused among too many possible types can be used.

This limitation can be applied for:

1-      Reference or value type: Forces a parameter to accept data-types which are either reference type or value type. (Key words are class for reference type and struct for value type)

2-      Interface: Parameter can accept types which have a specific implemented interface.

3-      Base class: Parameter can accept types which have a specific inherited interface.

4-      Constructor: Forces a parameter to accept data-types which has a default constructor (parameterless constructor). (Key word is new())

class Program


static void Main(string[] args)


System.Drawing.Bitmap bt = new System.Drawing.Bitmap(800, 500);

//Bitmap is an inherited class from Image and int is a value type which has implemented IComparable interface

GenericsTemplate<System.Drawing.Bitmap, int> genClass = new GenericsTemplate<System.Drawing.Bitmap, int>(bt, 560);

Console.Write(genClass.getT + Environment.NewLine + genClass.getU);




//T should be a reference type and an instance of Image class or any class inherited from Image. U sould be value type and has implemented IComparable interface

class GenericsTemplate<T, U> where T: class, System.Drawing.Image where U: struct, IComparable


T t;

U u;

public GenericsTemplate(T t, U u)


this.u = u;

this.t = t;


public string getT


//You can use all properties of Image base class while useing t

get { return t.Width.ToString(); }


public string getU


get { return u.ToString(); }



You should follow a correct order (order as listed above).

After defining constraints for generic class you can use added capabilities of parameters inside the class. Here I used Width property of base Image class.

Boxing and Unboxing (A key reason to use Generic)

April 7, 2011 2 comments

This article is a discussion about boxing and unboxing in .Net and also the ways to overcome it.

This term is mostly used when we want to convert value types to reference types or vice versa. We really should care about it in development of critical systems, web applications with high traffic or using classes or methods with frequent use.

Boxing: This is the process of converting the value of a value type variable to a reference type variable.

Assume that you want to store a user-defined type (struct) into an ArrayList (As you know user-defined/struct types are value type). Now let’s know what is stored in this ArrayList?

If you take a look at the Add() method of ArrayList, it has only one overload for this method which is Add(Object object) [and Object is a reference type]. It is good news due to the possibility of storing totally different types into each index of an ArrayList. However, it has some bad news too because it needs to convert your value type variable to a reference type variable. It means that it needs a boxing to fulfill this need.

struct TypeA


public int VarA;

public int VarB;

public TypeA(int VarA, int VarB)


this.VarA = VarA;

this.VarB = VarB;



public void TestBoxingAndUnBoxing()


TypeA typeA = new TypeA(10, 20);

System.Collections.ArrayList arrList = new System.Collections.ArrayList();

//Boxing occures here 



What Happens when a boxing occurs:

1- Because value-typed variables are stored in stack, a new memory cell in heap must be allocated to store this object. Reference types use heap (dynamic memory space) to be stored.

2- The value type’s bits are copied from stack to their new location in heap.

3- The new address is returned to be stored in ArrayList. So we now have a reference type instead of a value type.

Therefore, boxing can be very expensive and sometimes harmful.

Unboxing: is, of course, exactly opposite to boxing, it is the time when a reference type is converted to a value type.

After storing value types into ArrayList, they are wanted to be used somewhere. In other words, you should convert them to their original type in order to use them.

typeA = (TypeA)arrList[0];


What happens in unboxing?

1- It Checks whether it is null or not, then it checks whether the specified type is convertible or not. If both of the above conditions fail it returns an exception.

2- The reference of the object inside the ArrayList is returned. Then bits are copied into the value typed variable.

It has some penalties again. To overcome this problem .Net suggests using Generics when time is totally eminent (But it is a better to consider it always).

Generics is out of scope of this article; however, I describe it briefly in a sample code to show its power and its immense difference compared with objects.

Generics classes/methods are similar to type-less ones but they are not. You can specify their types before compile time when you are coding. For example for classes their types must be specified during their instantiation. Therefore, it gives you the flexibility to have different types in each instance of a class.

Code below is a comparison between a Generic class and an Object one.

//T and U are generic types. It means that you can specify their types in class instantiation. So

class GenericClass
public T t;
public U u;

 public GenericClass(T t, U u)
this.t = t;
this.u = u;

//An object class that may cause boxing and unboxing during run-time
class ObjectClass
public object t;
public object u;


 public ObjectClass(object t, object u)
this.t = t;
this.u = u;

Now I want to show you the time it takes to work with each one of them for ten million iterations.

protected void Page_Load(object sender, EventArgs e)
DateTime dt1 = DateTime.Now;
ObjectClass ObjClass;
for (int i = 0; i &lt; 10000000; i++)
ObjClass = new ObjectClass(10, "Peace");
DateTime dt2 = DateTime.Now;

TimeSpan tsDef = dt2.Subtract(dt1);
Response.Write("Object: " + tsDef.TotalMilliseconds.ToString() + "

 dt1 = DateTime.Now;
GenericClass GenClass;
for (int i = 0; i &lt; 10000000; i++)
GenClass = new GenericClass(10, "Peace");
dt2 = DateTime.Now;
tsDef = dt2.Subtract(dt1);
Response.Write("Generic: " + tsDef.TotalMilliseconds.ToString());
Boxing and Unboxing

Fig 1, the result of comparision

The result clearly shows this difference. (Of course, you get different results each time you run the program but the ratio remains almost the same)

As you see, it is near to two times faster by using the Generic types.

Reference: Jeffrey Richter, MSPress: MCTS Self-Paced Training Kit (Exam 70-536)

JQuery Autocomplete with ASP.Net

March 29, 2011 4 comments

In this article I want to describe combination of Autocomplete of JQuery and ASP.Net web service. Up to now I really couldn’t find a good article about this issue so it can be useful in the web.

Autocomplete is a plugin of JQuery that you can be used to implement autocomplete with the least efforts. You can find it here.

JQuery Autocomplete plugin has a property called source, in Ajax based programming you should change its source regarding what is entered into the textbox. Assume that you enter “ala” after that a callback is generated that sends some parameters to the web service (textbox.text and other parameters that you want) then in the response data you can feed source property of Autocomplete plugin. I think this stage can be your unique part of your job.


Fig 1

In this article I’ll discuss about generating a new callback on typing each new word and how to assign the returned value with the source property of Autocomplete plugin. You then can change the web service section with your desired code such as connecting to database and retrieving data on what is sent as parameter to the web service.

Web Service:

I start with web service because it is really simple.

using System;

using System.Collections.Generic;

using System.Linq;

using System.Web;

using System.Web.Services;

using System.Xml;

using System.Text;

using System.Web.Script.Services;

namespace ArticleDean.web.Service


/// <summary>

/// Summary description for WSDataService

/// </summary>

[WebService(Namespace = "")]

[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]


// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.


public class WSDataService : System.Web.Services.WebService



public string GetStates(string typedValue, string test)



return test;




The first parameter that web service gets is typedValue. This parameter returns the typed value in textbox. The second parameter is a test one; it is just to show how to send more than one parameter in JSON datatype. You can use them to retrieve your desired data from database but here we just return a long text with ‘:’ separator (This is for training purpose).

ASPX file:

Sorry that it is Image, because of the problem of wordpress to accept html and aspx code, I have to publish this section in image

In the front of the source, there is a function that returns the callback result. It has two parameters, the second one is a method called response (this is a key note) that you should pass the resulting data from callback to it.

In data section of Ajax, I wrote a JSON data, JSON is a pair of key, value that is separated by a ‘:’.


returns the typed words in text box

In success section, I splited the resulting string with ‘:’ character and assigned it an array (because JavaScript is a dynamic type checker you don’t need to specify the variable as array, it detects it automatically). Then I sent it to the response method as parameter. This is the only way to return data to the source property of Autocomplete. [return] keyword can’t do this (I wasted a lot of my time to return a value from return keyword, so you can save yours).

Among Autocomplete properties I’m going to discuss some of them. First delay, this parameter is to postpone the callback request to the server. It is very important to do this because ignoring it causes a lot of overhead on the server (it would be a self Denial of Service attack :D). The next is minLength, it depicts that your Autocomplete sends the request after typing a specific number of characters. It also reduces the overhead if you increase it to a meaningful number according to your need.

In header of your form I included JQuery file (jquery-1.5.1.min.js), Autocomplete plugin file (jquery-ui-1.8.custom.min.js) this is a customized file; you can generate it at this address. And also a CSS file that is the official released theme for Autocomplete; you can download and edit it.

Should you have any questions comment me.

Love and peace for you all.

MS Chart with C#

March 27, 2011 8 comments

In this article I’d like to describe MS Chart (.Net 4.0) through an example. The picture below is the final result.

MS Chart

Fig 1


1-      Create a temp folder to store temp image files (c:\TempImageFiles) and add some codes to your web config file.
<compilation debug="true" targetFramework="4.0">


<add assembly=”System.Web.DataVisualization, Version=, Culture=neutral, PublicKeyToken=31BF3856AD364E35″/>




<add key=”ChartImageHandler” value=”storage=file;timeout=20;dir=c:\TempImageFiles\”/>




<add path=”ChartImg.axd” verb=”GET,HEAD,POST” type=”System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ validate=”false” />


In .Net 4.0 edition you don’t need to download and install any control to use MSChart, you just need to drag and drop it from Data section of MS Visual Studio 2010 toolbox to your form (But I really dislike doing this, it’s better to write code in source tab of your form). In order to code it, add System.Web.UI.DataVisualization.Charting namespace to your form.

In this sample I will go through coding MSChart at runtime. Once you learned this, you learned static one also.

Start Coding:

ASPX Form:

Add this code to your form, this is the only thing you need to have in your aspx form:

<asp:Chart ID="MSChart" runat="server">


Code Behind:

Below codes are clear, you just add them in your cs file:

MSChart.Width = 900;

MSChart.Height = 600;

//It renders chart as an image and places it into an &lt;img&gt; html tag.

MSChart.RenderType = RenderType.ImageTag;

//Adds title to chart

Title t = new Title("Sample Chart", Docking.Top, new System.Drawing.Font("Tahoma", 14, System.Drawing.FontStyle.Bold), System.Drawing.Color.FromArgb(26, 59, 105));


Chart Sections:

MS Chart has two primary sections, Series and CharArea. You can either have a design time data in these two sections or add data programmatically during runtime.

–          Series are the most important part of each chart. Every chart has at least one series. A chart is a series of numbers which can be plotted into space as X and Y points. These numbers are dependent and depict a concept together regarding an issue. Assume that this series build a sine shape line, so this sine shape line is a series then you can add another series in the same chart to depict another meaning. These two series can be used to compare two different data of the same concept.

Fig 2

Fig 3

–          ChartArea: Is a place that you want to plot your series (so it contains series). It is a collection; therefore your chart can contain multiple ChartAreas.


MSChart.Series["Series1"].ChartType = SeriesChartType.Column;

MSChart.Series["Series1"].Color = System.Drawing.Color.Goldenrod;

MSChart.Series["Series1"].YValueType = ChartValueType.Int32;

Series1 is added to the collection of MSChart.Series. Each series has some important properties. ChartType that specifies the type of chart which can be Column (Same as ours), Pie, Doughnut etc. Color is to specify color of series and YValueType is the type of values in Y axis.


After defining Series you should define ChartArea. You can easily add a chart area to the CharAreas collection.


Legend leg = new Legend("Legend1");


MSChart.Legends[0].Alignment = System.Drawing.StringAlignment.Near;

In order to describe each series in a chart, Legends are used. To add them you can write the above code. Each ChartArea needs a legend; it automatically detects your series in a ChartArea.

Now it’s time to add data to our series:

Random _r = new Random();
for (int i = 10; i &lt; 100; i+=10)

int n = _r.Next(0, 100);
MSChart.Series["Series1"].Points.AddXY(i, n);


is a fast method to specify data of each point directly.

Up to now the below picture is created.

MS Chart

Fig 4

Theming and Appearance:

MSChart has some appearance properties that help your chart look more attractive. (Since chart is only for reporting purpose, either management or customer will see it, so make it the most beautiful :D, don’t forget the power of feelings).

You have definitely seen 3D charts. We want to develop one.

ChartArea3DStyle chartArea3DStyle = new ChartArea3DStyle();

chartArea3DStyle.Enable3D = true;

chartArea3DStyle.LightStyle = LightStyle.Realistic;

chartArea3DStyle.Rotation = 5;

chartArea3DStyle.Inclination = 40;

chartArea3DStyle.PointDepth = 50;

MSChart.ChartAreas["ChartMainArea"].Area3DStyle = chartArea3DStyle;

ChartArea3DStyle class has some properties to style a 3D chart. Then Area3DStyle property should be assigned with a ChartArea3DStyle object. After these simple changes you’ll have the below picture.

MS Chart

Fig 5

Adding more series:

It is really easy to add more series. Just write the following code:


MSChart.Series["Series2"].ChartType = SeriesChartType.Column;

MSChart.Series["Series2"].BorderWidth = 2;

MSChart.Series["Series2"].YValueType = ChartValueType.Int32;

for (int i = 15; i <= 100; i += 10)


MSChart.Series["Series2"].Points.AddXY(i, i);

MS Chart

Fig 6

It adds a new series and adds some points to it.

Wish you enjoyed it.

Peace and love for you all