Web developers notes,programming tutorials.

.NET Security Tips

# Keep “Persist Security Info” as false in the connection string.

# Remove the authentication cookie in Session_End event or application specific logout event.

# Security decisions should not rely only on client-side validations – they should be verified on the server side too!

# Hashed password format should be specified in provider configuration.

# The website should be partitioned into public access areas and restricted areas that require authentication access. Navigation between these areas should not flow sensitive credentials information.

# Protect your website against Cross-Site Scripting or XSS attacks

# Dynamic queries that accept user input should be used only if stored procedures cannot be used. Even these queries should use parameters.

# Ensure that utilizing the “View source” option does not divulge any sensitive information.

# Set mode attribute in customErrors to On to prevent displaying detailed error messages to the caller.

# Ensure that utilizing the “View source” option does not divulge any sensitive information.

SqlCacheDependency using Asp.net 2.0 and sqlserver 2005 is a beautiful thing

Although getting SqlCacheDependency to work with SQL Server 2000 have to add some additional step.

Now we will go with Asp.net 2.0 with sqlserver 2005

Enable Service Broker

Before SqlCacheDependency will work with SQL Server 2005, you first have to enable Service Broker, which is reponsible for the notification services that let the web cache know a change has been made to the underlying database and that the item in the cache must be removed.

ALTER DATABASE Store SET ENABLE_BROKER;
GO
–SqlCacheDependency.Start() in Global.asax

SqlCacheDependency in ASP.NET 2.0 Example
Now you can just create your SqlCacheDependency as normal in your ASP.NET 2.0 page. Here is a simple example:
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
DataTable categories = (DataTable)Cache.Get(”Categories”);
if (categories == null)
{
categories = GetCategories();
Label1.Text = System.DateTime.Now.ToString();
}
GridView1.DataSource = categories.DefaultView;
GridView1.DataBind();
}
private DataTable GetCategories()
{
string connectionString = WebConfigurationManager.
ConnectionStrings[”Catalog”].ConnectionString;
DataTable categories = new DataTable();
using (SqlConnection connection =
new SqlConnection(connectionString))
{
SqlCommand command = new SqlCommand(
“SELECT CategoryID,Code,Title
FROM dbo.Categories”, connection);
SqlCacheDependency dependency =
new SqlCacheDependency(command);
SqlDataAdapter adapter = new SqlDataAdapter();
adapter.SelectCommand = command;
DataSet dataset = new DataSet();
adapter.Fill(dataset);
categories = dataset.Tables[0];
Cache.Insert(”Categories”, categories, dependency);
}
return categories;
}
}

1)Implicit typed local variables

Local variables can be declared as type var, whose actual type of the variable is determined by the compiler based on the data schema.It’s mainly used to store anonymous types in LINQ.

// This is an integer
var nId = 1234567;
//This is a string
var strFullname = “Chrisranjana Developers”;