ASP.NET 2.0 Security Reference Implementation

 I wasn’t aware of this until I saw Don’s article:

Fortunately, Microsoft has committed to providing a steady stream of documentation and educational materials to help solve the problem. Their latest ASP.NET security freebie has the rather unwieldy moniker of ASP.NET 2.0 Security Reference Implementation. This product is a combination of documentation and source code that is worthwhile to study to get right at the best practices that you can implement in ASP.NET 2.0 Web sites. The package itself is a bit daunting, but it doesn’t take long to figure out what’s what.

There are two Word docs and 17 projects, released under a GotDotNet license so you can lift entire projects for your own needs.  I found MS’s P&P guides absolutely essential for working with .NET 1.1, so I’m glad to see some updated material.

kick it on

ASP.NET 2.0 UrlRewriting Fix

There is a bug in the URL Rewriting engine of ASP.NET 2.0 which leads to
search engines dropping (or not indexing) sites using URL Rewriting.  While
not specific to Community Server, it maniftested itself more so in CS
communities at first.  Here, Scott Watermasysk presents a workaround. 
Links to the original problem are included.

Full story at

kick it on

Remote Web Administration Tool

Recently, a question came
up in the ASP.NET security forums about the lack of a remote membership/role
configuration tool in ASP.NET 2.0.  Being able to remotely manage users is
important in pretty much any site where you have users.  Fortunately, QualityData has stepped in and developed
that plus a little more in their Membership
Manager Control
.  Apparently works in AJAX and exposes an API as
well.  At $59, it’s pretty darn cheap, too.

If you need a free license (beyond the trial version) for your needs, they
also have a link-for-license program.  Add a link like Asp.Net Server Controls by Quality Data,
and let them know.

URL Rewrite Issue in ASP.NET 2.0 (Serious Effects Upon Community Server)

The result of the problem is that search engines won’t index the content on
your Community Server based site.  That’s bad if you’re counting on being
found in the SEs.

The problem appears to be a bug (or a feature nobody wants) in the URL
Rewriting part of ASP.NET 2.0.  When the URL is rewritten and the response
is redirected to the destination URL, a result code of 302 (temporary redirect)
is returned, instead of 200 (destination found OK).  Most SEs won’t index
pages that return a 302, since that is a trick heaviliy used by SE spammers.

Matt Cutts has a post about this at,
and there’s discussion at Telligent at

This isn’t to call out Telligent, since anyone using the built-in URL
Rewriting will be affected.  I just think the thread on their site is a
good one to watch.

ASP Alliance Article: Getting Started with the Club Site Starter Kit

My latest ASP Alliance article has been
published, titled Getting Started with the
Club Site Starter Kit

Since the release of ASP.NET 2.0, several starter
kits have been released as examples of programming practices. These kits are
also good starting points for actual websites and can be valuable to novice
webmasters. This article will demonstrate how to download and install the Club
Site Starter Kit, configure a different database to prepare for a production
site and change the appearance by modifying the master

There is one correction to the article–Listing 4 is incorrect. 
The MasterPage filename in Figure 20 should be “caddyshack.master”, and Listing
4 should then read:

<%@ Page Language=”VB” MasterPageFile=”~/caddyshack.master”
Title=”Untitled Page” %>

Find the full article at


Easily Create a Timestamped Filename in .NET

Eric says crazy filename parsing is something else you should stop doing.  If you’re creating output files, you probably need to timestamp the file name to keep the files separate.  Step away from the keyboard before you do anything crazy–you can do this in one line of VB.NET:

Dim _filename As String = String.Format(“MyFile.{0}.xml”, Now.ToString(“yyyyMMddHHmm”))


Typed Datasets and .NET 2.0

For the next few months, I will be middleware.  I will be everywhere in our enterprise, integrating systems.  One of the Prime Directives is “get it done fast!”  We’re not looking for beautifully architected n-tier solutions that can be abstracted and inherited ad infinitum.  Just make the ERP talk to the WMS, and back again.  It doesn’t need to last forever, we’re going to rip everything apart and implement the latest best solutions again in a few years anyway.

There are about as many ways to get retrieve and handle data as there are developers with string opinions–object-relationship mappers, custom business objects, strongly typed datasets, etc.

In Visual Studio 2005, MS really improved the designers for strongly-typed datasets.  These aren’t everyone’s favorite method of handling data, but they work, and they can be put together quickly, and I like them for some purposes.  Here are three excellent articles on using strongly-typed datasets in an application.

Build a Data Access Layer with the Visual Studio 2005 DataSet Designer, Brian Noyes

A good data access layer is critical for most business applications, whether that layer resides on a middle tier application server, a web server or on the client. Data access layers tend to involve a lot of error-prone, repetitive coding if you try to do it by hand. You can alleviate some of that by designing a good set of base and helper classes to encapsulate the repeating patterns, or by using a code generation tool. However, you still usually have to write all the data access methods by hand for the ad-hoc queries that service large parts of your application.

If you are using Visual Studio 2005, that does not have to be the case. Some significant improvements have been made to the Visual Studio 2005 DataSet designer and the code that it generates that make it so you will rarely have to write your data access methods by hand of you choose to work with DataSets. In this article, I’ll walk you through what those features are and how to use them. I’ll also discuss some of the pros and cons of using the new features and give some guidance on when you might want to do something different.

Building a DAL using Strongly Typed TableAdapters and DataTables in VS 2005 and ASP.NET 2.0, Scott Guthrie

Using the data designer and ASP.NET 2.0 together, you should be able to create a core DAL implementation and build from scratch a data-driven UI web app on top of an existing database very quickly (~10-15 minutes to build an application from scratch that supports master/details filtering along with data paging, sorting, insertion, and editing).

Using Strongly-Typed Data Access in Visual Studio 2005 and ASP.NET 2.0, Joseph Chancellor

Specifically, we will see how to create and use strongly-typed DataSets in Visual Studio 2005. As this article explores, strongly-typed DataSets offer a number of advantages over alternative, loosely-typed data access techniques and, with Visual Studio 2005, creating and using strongly-typed DataSets has never been easier. Read on to learn more!

Validators for Windows Forms

For those of you who don’t know, those sweet validators we use in WebForms are not available in Windows Forms.  Greg Duncan has a post today that shows how to use an ExtenderProvider to create a RegEx validator in the same vein as the web one.  MVP Billy Hollis had a similar article in 2003, and shows how to create several validators.  For the time-pinched, you can find a current version of the sample at