And you thought only MSN has cool DHTML or JavaScript stuffs

Everytime you think of cool CSS or dhtml tricks You had to quote MSN but not any more!!!. The google guys are really testing the limit of clientside javascript dHTML with following sites


http://maps.google.com

http://www.google.com/webhp?complete=1&hl=en

Custom Hybrid (Form+ Windows) authentication in asp.net

Out of the box .net gives numerous authetication models which are sufficient enough for most application but not for all application. In one of our application we had to design a combination of "Form" + "Windows" authentication. We tried to workaorund all build in authentication but none of the authetication worked for us. Finally we wrote our custom "HttpModule" to authenticate. Another reason we had to take this route was that our authetication layer was written as COM object and we could not pass the windows credentials to this COM layer directly. So Here is what we did

1. Change the authentication mode to "None" in web.config

2. Wrote a delegate for "OnState" event

3. In the OnState delegate - based on custome config we check if we need Windows authenication or custom authentication. If we need Windows authentication we return the status code "401" to the browser so that browser can show the NT chanllenge/response dialog to the user.

4. Once we get the credentials the trick was how to pass them to COM layer so we came up with this

HttpContext.GetService(typeof (HttpWorkerRequest).GetUserToken()

GetUserToken will give us an pointer to the user authetication token which we can pass to COM layer which in turn can call MFC functions to validate the ownership of current thread.

The Sites you MUST visit if you are serious about CSS

Here are some of the sites I think one must browse if you want to get your hands dirty in CSS world.

http://www.csszengarden.com - the mecca of CSS

http://www.alistapart.com - lots of great articles and techniques

http://www.digital-web.com - Many great articles

http://www.meyerweb.com/eric/css/edge/

http://www.stopdesign.com - Douglas Bowman - the great CSS guru - though I don't agree with him on "throwing table out of the window" CSS has long way to go to replace the <table > completely across all browsers.

Preventing user from downloading your config.xml files using HttpForbiddenHandler in asp.net

So you have some config.xml files (other than web.config) and you want to give atleast "read" permisson to ASPNET/anonymous user. The downsize of giving "read" permisson is that now user can download your file directly from the browser i.e. lets say your file name is "websettings.xml" user can type http://yourserver/yoursite/yourfolder/websettings.xml and they will be able to download this file -

You can prevent this by using "System.Web.HttpForbiddenHandler" You can add an entry in your web.config file to prevent user from downloading this file.


<httphandlers>
<add verb="*"
path="yourfolder/websettings.xml" type="System.Web.HttpForbiddenHandler, System.Web" validate="true"/>
</httphandlers><>


All we are saying here is if there is any request coming for websettings.xml send this request to
HttpForbiddenHandler class which in turn will send "forbidden" HTTP status code to the browser.


Thanks Rahul for reminding me about this HttpForbiddenHandler in our last conversation.

Uploading large file in asp.net

So this application We are working on needs to upload large files from browser. We use applet to upload the file. The old application which was in classic asp didn't have any such problem. After hours of frustrations we figure out that by default the .net framework does not let you upload files more than 4MB. The setting is in machine.config as follow

<httpRuntime executionTimeout="90" maxRequestLength="4096" useFullyQualifiedRedirectUrl="false" minFreeThreads="8" minLocalRequestFreeThreads="4" appRequestQueueLimit="100" enableVersionHeader="true"/>

All you have do is to overwrite this setting in your web.config. You can copy the same <httpRunTime> Element in your web.config and overwrite the maxRequestLength attribute to whatever maximum limit you want to set.

I think this is a nice feature in asp.net which can atleast minimize upto some extend the "service denial attacks"