Dear Microsoft,
I'd like CTRL+X (remove an entire line – as per Visual Studio) added to all programs you make.
Thanks,
--Mike
Dear Microsoft,
I'd like CTRL+X (remove an entire line – as per Visual Studio) added to all programs you make.
Thanks,
--Mike
Posted on April 21, 2009 | Permalink | Comments (0) | TrackBack (0)
If you're interested in ASP.NET MVC and Search Engine Optimization, check out one of my recent articles/newsletters up at WinDevPro.com on ASP.NET MVC and Search Engine Optimization.
I've been using this approach now for a while, and I've been very happy with the flexibility and results it offers.
Posted on March 11, 2009 | Permalink | Comments (0) | TrackBack (0)
Could you possibly suck any more than you currently do?
This is a great error message, with PLENTY of decent details:
But without the name of the flipping file where the error occurred, what use is all that info?
And you've been like this for like 4+ versions now. (And I don't even have the energy to point out that lines and chars would be different even IF you were able to give me a file name. *sigh*)
Sheesh,
--Mike
Posted on November 26, 2008 | Permalink | Comments (0) | TrackBack (0)
If you like Visual Studio, and you like free, then you need to check out two really killer FREE extensions, or plugins, out on the Visual Studio Gallery.
The first one, Source Code Outliner PowerToy, is a great tool that gives you a full-blown outline of the code in whatever file you're currently using. The best way to describe it is to liken it to a document-outline when working with HTML in something like DreamWeaver, or to contrast it to that nasty-little drop down you get at the top of your code window in VB.NET - only this isn't a drop down (but double-clicking on anything takes you to its exact location in the code). (And, before I get flamed by VB users, I'm NOT saying VB's nasty - i'm saying that little drop down is nasty because it provides GREAT functionality, but I hate that all of the contents are in a tiny little drop down).
The second one, PowerCommands for Visual Studio 2008, is just a motley collection of various power-tools and augmentations for Visual Studio. But it offers over 20 different little tweaks, improvements, and options that will make your life tons easier. Fact is, I'm sure that just about everyone that uses this tool will find 4 or 5 different things that they've wanted their entire adult life...
Best of all, both plugins are not only free, but they're both just a few MBs each, and both have an MSI installer - so you can download them and install them in just seconds.
Posted on November 05, 2008 | Permalink | Comments (1) | TrackBack (0)
There are oodles of pages out on teh intarwebs that will tell you how to set up custom error handling for your ASP.NET site. If that's what you're looking for, this post isn't for you. However, if you're looking to see how to take complete control over what your custom error pages do, and how they report back to clients, then read on.
404s with all the Guts and Glory
One great approach is to wire up error handling logic in your Global.asax's Application_Error event. I took this approach and was able to get it to work flawlessly with some 'spoofed' 404s that I recently created on one of my sites (i.e., I'm using tons of url-rewriting and needed to be able to discern when a path looked correct (had the right format), but didn't actually map to something in the Database or on the site - so throwing my own NotFoundExceptions was a great way to redirect to my own custom 404 page).
When I tried this same approach with actual 'errors' though I ran into a massive problem. My root problem in this case is that when I really encounter an exception, I want the HTTP STATUS CODE for the page in question to be a 500. If you use the customErrors configuration in the web.config, that works out as an HTTP 302, and if you're just doing Server.Transfer("myCustom500Page.aspx") from you Global.asax, you end up writing an HTTP 200 - which isn't something you want a robot to encounter when the page is obviously broken.
With my custom 404Handler.aspx page I was able to parse info about the exception being thrown to dynamically generate a helpful HTML page, and then spit out a 404. This was perfect - as it let me handle stupid user errors, as well as potential 'real' problems on the site with some decent markup on a custom error page without sending out an HTTP 200 which will cause the page to be indexed by robots should they happen upon it somehow.
What's Good for the Goose doesn't work for the Gander
But if you try the same thing with a custom error page (by doing Response.StatusCode = 500;) you run into a massive problem. What happens first is that it appears that ASP.NET sees the 500 error, assumes that something is wrong, and will attempt to redirect to your custom 500 page specified in the customErrors section of your web.config. (I'll spare you the story of the joy I had watching my site go into an infinite loop on those requests.)
But even worse than that is that once ASP.NET sees the ResponseCode get set to 500, it will try to hand off processing to the custom error page used by IIS. The pisser is that you can't get around this. I tried ApplicationInstance.CompleteRequest() immediately after setting Response.StatusCode = 500 - but that didn't do it. Neither did trying to override or piggy-back on to my custom error page's OnError (because, obviously, no error is being encountered - though the status code is being set to 500).
ASP.NET 3.5 and IIS7 to the Rescue
Just as I was starting to contemplate stuffing the Exception from Server.GetLastError() into Context.Items[], and then pulling it out in my custom errors page, I thought I'd take a peek at Response in IntelliSense to make sure I wasn't missing anything.
Sure enough, there's a new property that INSTANTLY caught my attention: Response.TrySkipIisCustomErrors. It's brand-new, and only works on IIS7 with ASP.NET 3.5. That, however, happened to be the exact platform that I'm on.
More importantly, it lets me:
a) Capture unhandled exceptions in my Global.asax's Application_Error Event Handler
b) Capture the exact error/exception with Server.GetLastError() (note that you'll want to grab that Exception's .InnerException if the Type is of Type HttpUnhandledException)
c) Programatically let me determine which error page to route to in order to handle the exception (depending upon type/details/etc)
d) Do more processing in the page that handles the error (such as enabling/disabling various error descriptions/panels/etc.)
e) Throw an HTTP 500 (or whatever) without getting my response-stream hijacked by IIS.
In other words, this gives me the best of everything: intelligent and dynamically generated custom error pages, and HTTP response codes that give me the control over robots/indexing that I need.
Posted on March 18, 2008 | Permalink | Comments (2) | TrackBack (0)
Imagine my surprise when playing around with the recently released ASP.NET MVC Preview2 bits, and finding that one of my hidden form fields wasn't being mapped on the server because the form field only included an id attribute - and not a name attribute.
In other words, I had rendered markup that looked like this:
<input id="objectId" type="hidden" value="3">
When I really needed this:
<input id="objectId" name="objectId" type="hidden" value="3">
But, that threw me for a bit of a loop. See, I've been spending so much time playing around with client-side stuff (i.e. the DOM) for so many years now that I had begun to think that name didn't mean anything anymore.
In fact, the W3C has effectively depricated the name attribute for HTML/DOM interaction. This I knew. But that was only part of the problem. Because the W3C still favors the name attribute for HTTP interactions. So, with POSTed forms, you'll want to make sure you use id and name attributes if you plan on doing client side interactions.
At any rate, I found all of this a bit ironic because years ago much of my markup ONLY used the name attribute. Somehow between then and now I managed to forget all of that. So, I'm just glad to see that you can teach this old dog new tricks - even if the old dog is old enough to have forgotten that he knew the tricks once before...
Posted on March 06, 2008 | Permalink | Comments (0) | TrackBack (0)
There's a great discussion going on over at Rob Conery's blog - where he's asking for feedback on how to handle encoding options to prevent XSS when using the new ASP.NET MVC. In my mind this is a BIG deal because of just how well traditional ASP.NET (that's weird to say) has handled the task of squelching XSS in the past. It's also a big deal because I really want the MVC to remain as absolutely 'clean' as possible - as in free from 'magic' and other "we're helping you" type of stuff that addresses 90% of use-cases but shoots experienced web developers in the foot on 'edge cases' surrounding standards support and the likes.
So, since Rob is asking for feedback, I thought I'd provide in the form of a blog post (where I can more easily whip-up my thoughts without having to fight inside of a textbox).
What shapes my thoughts/rationale:
Most people interested in using the MVC are going to be more advanced ASP.NET users (and real-life web developers) that are looking for two key things:
a) Greater control over emitted markup (while still being able to leverage the .NET Framework) and
b) Greater separation of data, presentation, and logic. In other words: less intermingling, and less coupling between those realms. Or, stated differently, less 'magic'.
It's also a no-brainer that MVCs are HIGHLY reliant upon convention (at least initially) - which means that co-opting security practices into the convention should be the best way to attack this issue.
My Preferences for handling XSS Encoding:
1) Leave the responsibility for encoding entirely up to developers. But make it part of the convention. And provide some decent syntax support that makes it logical and easy. In my mind this would allow the greatest degrees of control and separation - yet still make it possible to achieve good security. (Me, I want ALL THREE options (control, separation, and security) - one or two of the three just isn't good enough.)
2) A slightly less perfect approach would be to Encode everything on the way out - as long as there's a way for developers to turn that off (without too much hassle) in the few cases where they'll actually want to do so. That would be tolerable in my mind as it would let MS feel like they had done their best to protect dumber web developers from shooting themselves in the foot, but wouldn't make the rest of us pay too steep of a price. (I still maintain that any time you try to make something more fool-proof you sadly just end up creating better idiots.)
3) The worst option, in my mind, would be to encode on the way in. That quickly shoots clean separation out of the water, and assumes that you'll only ever be using your input data in another web application - which represents HORRIBLE coupling. I think everyone can see that - even if the argument could be made that you're potentially opening yourself up to a 2nd-Order attack by persisting XSS or SQL Injected code.
That said, I'm certainly LOVING the MVC. It's honestly one of the best things to happen to ASP.NET ever. (I get clean separation, complete markup control, and all the benefits of sitting on top of the ASP.NET and .NET framework - all in one tidy little package.) I also think that the learning curve it presents is significantly less than the jump from say Classic ASP to ASP.NET, but I also think that it will result in developers writing CONSIDERABLY less code to get well-functioning apps up and running. More importantly, I finally feel like Microsoft has addressed real-life web-developer needs with a flexible framework - instead of focusing so intently on creating tools for applications developers to make web applications. In other words, I 'feel' like the focus here is more on web sites than on intranet applications - which is VERY exciting to me as I spend most of my dev energy working on sites instead of clunky/massive/enterprise-y intranet applications. (Though, that said, intranet developers should rejoice as well - as the MVC should make their lives easier too if they're looking for standards-compliant markup and cleaner separation as well as a less-monolithic approach to application testing and maintenance.)
Posted on January 01, 2008 | Permalink | Comments (0) | TrackBack (0)
This looks pretty interesting: ParallelFX for .NET.
I'm too busy at the moment to try and play with it. (That, and there's a part of me that just LOVES asynchronous programming.)
But it's no secret that apps/solutions are going to have to take advantage of multi-core machines in order to see noticeable perf boosts in the future.
Frankly, one of the things that I _love_ about SQL Server is that it has been SMP capable for YEARS. Better yet, that capability is largely hidden from developers. Ideally this ParallelFX CTP is a step in making the same type of SMP benefits available (almost transparently) to .NET developers.
Posted on November 30, 2007 | Permalink | Comments (0) | TrackBack (0)
No, I'm not an actor. No, I don't even play one on TV. I'm also not a paid spokesman for Hosted-Projects.com, but I just needed to give them a shout out for providing such excellent service.
I've posted about them before (back when I did my brief series on products/services that rock), and if you don't remember, they provided hosted Subversion (along with project and bug tracking) at great prices with excellent up-times and speeds.
I'm grand-fathered into one of their older packages (300 MB with three repositories for $10/month - more than ample for my needs), but their new plans start at between $7-$15/month and offer a lot of bang for the buck.
What makes them so great? Awesome service. I've been working on a dev project for VSSDK.com for a while now and had an SVN repository hosting source control for that project on a different server. This week I was able to get a .dump of that Repository (shout out to Kris Hering on the quick turn-around for that one), and then wanted to upload it to Hosted-Projects.com to move the entire repository over there.
Not only was Hosted-Projects.com able to import my entire Repo in literally a matter of minutes after my request, but they also completely re-purposed one of my existing repositories in order to meet my finicky requests in easing the transition.
In short, if you're using SVN and need hosting, you're stupid if you don't look into using Hosted-Projects.com. You can't beat them for the price (I've never had a problem with them being down or unavailable), and their service rocks.
Posted on June 15, 2007 | Permalink | Comments (1) | TrackBack (0)
So, what's Mikeey doing to keep himself occupied of late? Well, other than the Longhorn Roadshow (which has been a hoot), I'm busily working on a bunch of stuff focused around Visual Studio Extensibility.
Keep tabs on my efforts here: www.vssdk.com.
Posted on April 25, 2007 | Permalink | Comments (0) | TrackBack (0)
connect
contact
syndication
archives
index
January 2012
September 2011
May 2010
September 2009
July 2009
June 2009
May 2009
April 2009
March 2009
January 2009
December 2008
November 2008
October 2008
September 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
November 2006
October 2006
September 2006
categories
.NET
AngryPets Tools
Annoyances
Development
I've got issues
Link Love
Misc.
MS Office Sux
News / Politics
Rants
Raves
Servers
SQL Server
Stupidities
Testing
That Internet Thing
Tutorials / Info
Virtualization
blogroll
Better Lemonade Mousetraps
Blue Phoenix
Eric.Weblog()
Frog Blog!
RepeatableRead
Robert Hensing's - Security
Seth's Blog
Slow and Tired
Structure Too Big
Technology Evangelism
recent comments
ben
eric
proviron
Oyunlar
Kendra Little
Dio
Ryan
Mark Boughter
Mike
Andrew
Anne
James
Michael K. Campbell
James
HH
SQL Server Hosting
Artur Emil
Michael R Roberts
eve isk
Md. Golam Rabbani