So one of my pet peeves in web development is mixed case URL’s. And I usually make sure that all my URL’s in my personal projects follow this standard. I also believe, contrary to my URL case standard, that my code should follow standards .NET naming techniques, such as Pascal casing for my method names.

These two naming standards come in to conflict with MVC because the name of the action method in the controller is used in its native Pascal case. Which generates URL’s that look like this:

/Home/Index
/Home/About

However I want them to be generated like this:

/home/index
/home/about

So I developed my own Route based off of the System.Web.Routing.Route to force everything to lowercase.

public class LowercaseRoute : System.Web.Routing.Route
{
	public LowercaseRoute(string url, IRouteHandler routeHandler)
		: base(url, routeHandler) { }
	public LowercaseRoute(string url, RouteValueDictionary defaults, IRouteHandler routeHandler)
		: base(url, defaults, routeHandler) { }
	public LowercaseRoute(string url, RouteValueDictionary defaults, RouteValueDictionary constraints, IRouteHandler routeHandler)
		: base(url, defaults, constraints, routeHandler) { }
	public LowercaseRoute(string url, RouteValueDictionary defaults, RouteValueDictionary constraints, RouteValueDictionary dataTokens, IRouteHandler routeHandler)
		: base(url, defaults, constraints, dataTokens, routeHandler) { }

	public override VirtualPathData GetVirtualPath(RequestContext requestContext, RouteValueDictionary values)
	{
		VirtualPathData path = base.GetVirtualPath(requestContext, values);

		if (path != null)
			path.VirtualPath = path.VirtualPath.ToLowerInvariant();

		return path;
	}
}

For anybody as anal as me about stupid stuff such as casing of URL’s you should find this class up above a welcomed addition to your MVC projects.

Tags: ASP.NET, C#, MVC

Posted in ASP.NET, C# | | | View blog reactions | 6 Comments »

I got a kick out of this video I found on YouTube. Take a look:

Tags: Programming

Posted in Programming | | | View blog reactions | 1 Comment »

I have upgraded my blog to WordPress 2.5. It is a very nice piece of software that the WordPress development team has done a great job on. Some of the new features include:

1. Cleaner, faster, less cluttered dashboard
2. Dashboard Widgets
3. Multi-file upload with progress bar
4. Bonus: EXIF extraction
5. Search posts and pages
6. Tag management
7. Password strength meter
8. Concurrent editing protection
9. Few-click plugin upgrades
10. Friendlier visual post editor
11. Built-in galleries

The upgrade this weekend turned up a Cookie bug in my URL Rewriter and Reverse Proxy software, that I use to host WordPress on my Windows 2003 server. There will be an updating to the URL Rewriter coming soon to MSDN Code and Codeplex as well as a release on my companies website.

Tags: URL Rewriter and Reverse Proxy, wordpress

Posted in News, Personal | | | View blog reactions | No Comments »

Three interesting things about Apple Safari came out this past week.

1. Apple Safari 3.1 passed the Acid 3 test
2. Apple Safari running on a Mac was hacked in 2 minutes flat at PWN To OWN and fell in the second round using a default install of Mac OS X software.  Even Vista made it to the third round where it was successfully hacked through the Adobe Flash plug-in for IE 7.
3. Apple is pushing Safari to Windows users with out their permission.

In my opinion it is great that the Apple Safari team is working very hard to support web standards. However that should be secondary to building a secure browser platform that is going to protect their user base.  This should be obvious to every developer with in Apple, because Acid 3 features aren’t currently out on the net, so support isn’t that critical, however browser exploits are out there right now just looking for prey.

Combine all that with Apple pushing Safari out to Windows with out asking for permission from the user of the computer.  Windows already has enough problems with security and doesn’t need a new one pushed on it by Apple.

Tags: Adobe Flash, IE7, OS X, PWN To OWN, Safari, Vista

Posted in Rant | | | View blog reactions | 5 Comments »

There is a simple way to tell if you can use MVC in your web application.  If any of the following are true, you probably shouldn’t:

1. You require the ViewState
   This includes any 3rd party control…  Quick way to check this is disable ViewState and check to see if you application works as expected.
2. You require post backs
   This usually is required by Web Forms or Microsoft AJAX Toolkit…  Fortunately most of the post back functionality can be duplicated on the client side with AJAX.  I fine jQuery makes a real easy job of this.

So that is all that you need to ask your self when thinking of upgrading or deciding which route to take when planning your new application.

Tags: AJAX, ASP.NET, jQuery, MVC, ViewState

Posted in ASP.NET, Programming | | | View blog reactions | No Comments »

So I just read Rob Conery’s blog post on Securing Your Controller Actions in MVC. I was a little perplexed about why guys at Microsoft love to reinvent stuff they have already done. I know Rob Conery is a really smart guy and has a wonderful grasp of the .NET framework, so I would have to assume he knows about what I have outlined below. My only guess is that he just wanted to re-invent something that is already built in to the framework using his own code.

Basically what Rob did was the following, created two attributes for attaching on the MVC Controller Action:

RequiresAuthenticationAttribute

[RequiresAuthentication]public void Index () {
    RenderView("Index");
}

RequiresRoleAttribute

[RequiresRole(RoleToCheckFor = "Member")]public void Index () {
    RenderView("Index");
}

I have accomplished the same thing using an attribute that has been apart of .NET since 1.0. The attribute is called PrincipalPermissionAttribute and is part of the System.Security.Permission namespace. The best thing about it is that it is integrated in to the run time, so there is no chance of unwanted people getting through. It also accomplishes both of Robs attributes up above, plus more. Using the examples up above I will demonstrate how to use PrincipalPermissionAttribute to secure and protect your Controller Actions.

RequiresAuthenticationAttribute

[PrincipalPermission(SecurityAction.Demand, Authenticated = true)]public void Index () {
    RenderView("Index");
}

RequiresRoleAttribute

[PrincipalPermission(SecurityAction.Demand, Role = "Member")]public void Index () {
    RenderView("Index");
}

In addition if you were inclined you can restrict things to just one user name with PrincipalPermissionAttribute. So for instance if you wanted to restrict adding and removing roles and their permissions to only the username “SiteAdmin”, you would do the following.

[PrincipalPermission(SecurityAction.Demand, Name = "SiteAdmin")]public void RolesAdmin () {
    RenderView("RolesAdmin");
}

As you can see this is very powerful. Built in to the run time, by extending the CodeAccessSecurityAttribute, so it operates at a lower level than Rob’s solution. Only requires the use of one attribute, and throws only one exception called SecurityException.

I really hope that ASP.NET MVC doesn’t turn in to a lets-redo-everything-that-already-works framework, because they still have many issues that they need to achieve before ASP.NET MVC is usable, and focusing on things that are already implemented in the .NET framework doesn’t seem like the right course of action when developing a new offering.

Read the rest of this entry »

Tags: ASP.NET, C#, CodeAccessSecurityAttribute, MVC, PrincipalPermissionAttribute, Security, SecurityException

Posted in ASP.NET, C#, How To, Programming, Rant | | | View blog reactions | 12 Comments »

I have been a huge fan of Fiddler the HTTP Debugging Proxy for a couple years now. However one thing that always bugged me about any network debugging tool was the fact that it could not debug localhost or 127.0.0.1. However I just found a solution while racking my brain for a way to debug one of my local projects.

I don’t know if many of you are aware but the website http://www.somesite.com points to 127.0.0.1 as a standard for URL examples.

C:\Users\Nick>ping somesite.com

Pinging somesite.com [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

So if somesite.com points to the same local IP address as localhost, I figured that I could just use somesite.com instead of localhost in my projects. I used the following setup:

With the above setup I was able to get Fiddler to monitor my localhost traffic my tricking the network card to go external for the somesite.com reference.

So basically that is all that I needed to do and it make pretty quick work of getting around the localhost problem.

Tags: 127.0.0.1, Fiddler, How To, localhost, Ping, somesite.com

Posted in How To | | | View blog reactions | 13 Comments »

My last article on ASP.NET MVC CAPTCHA was very well received by many of my readers and it even caught the eye of the DotNetKicks crowd. Now that MVC Preview 2 was released last week, many new features make encapsulating my CAPTCHA control even easier. Most notably is the ActionFilterAttribute which allows you to override the Pre and Post action events for any action the attribute is applied to.

Basically everything works the same as it did in the previous article. I just modified things for MVC Preview 2. To validate the CAPTCHA you add the attribute CaptchaValidation to the action.

[CaptchaValidation("captcha")]
public void Register(string userName, string password, string email, string question, string answer, bool captchaValid){
    // do stuff
}

You still need to register the CAPTCHA image handler.

<httpHandlers>
    <add verb="GET" path="captcha.ashx" validate="false" type="ManagedFusion.Web.Handlers.CaptchaImageHandler, ManagedFusion" />
</httpHandlers>

I added an extension to HtmlHelper that generates a text box with autocomplete=”off”.

<label for="captcha">Enter <%= Html.CaptchaImage(50, 180) %> Below</label><br />
<%= Html.CaptchaTextBox("captcha") %>

Which generates the following.

You can view the source code for this on my Google Code Project, everything is available through SVN.

1. CaptchaValidationAttribute.cs
2. CaptchaHelper.cs
3. CaptchaImage.cs
4. CaptchaImageHandler.cs

Or you can download the project for you own personal use.

•  ASP.NET MVC CAPTCHA Project

Tags: ASP.NET, C#, CAPTCHA, Microsoft, MVC

Posted in ASP.NET, C#, Programming | | | View blog reactions | 25 Comments »

Today Apple had their big iPhone SDK press release. They opened up the phone and added a bunch of Enterprise features that many small to large corporate customers have been asking for. But they still haven’t implemented the features I am looking for in a smart phone, and until they do, they will not see my money.

1. Microsoft Exchange Direct Push
2. Tethering
3. 3G Network (I currently use Verizon)

I know #2 will be coming, if not through Apple somebody else will do it, since Apple has unlocked the iPhone to developers.  However #3 is the one that I may have to wait for Verizon to switch to GSM in the distant future.  Other than my last 2 requirements I am sold on the iPhone.

Tags: Apple, iPhone, News, Verizon, Windows Mobile

Posted in News, Personal | | | View blog reactions | No Comments »

So today it was brought to my attention that the design of my blog needed work. Since good design is a very subjective term, much like good programming:

your program (n): a maze of non-sequiturs littered with clever-clever tricks and irrelevant comments. Compare MY PROGRAM.

my program (n): a gem of algorithmic precision, offering the most sublime balance between compact, efficient coding on the one hand, and fully commented legibility for posterity on the other. Compare YOUR PROGRAM.

Please tell me your impressions, of my blog, in the comments below. I would like to see constructive actionable comments, that I can work toward implementing, around the ease of reading, layout, and usability.  That is what I am really interested in hearing about.

You can tell me what you think of the colors but honestly much like personal tastes in cars, food, and everything else, it is usually very superficial and relies on personal preferences more than industry recognized usability problems.  My personal preferences, since it is my blog, is to use strong colors right next to each other to show strong lines, instead of gradients, because strong lines give the sense of strength and professionalism.

Honestly, if I was to break it down, I just like the look of a Orange, Blue, and Brown, I believe they provide nice contrast to each other and have an almost academic look.  If I was to sum up my style I would say the Power Point Theme Median, as seen below, is the closest I have ever seen to My Personal Style Tastes.

So please let me here your comments, about my blog, on:

1. Ease of Reading
2. Layout
3. Usability

I will take them all very seriously.

Tags: Blog, Coder Journal

Posted in Personal | | | View blog reactions | No Comments »