ASP.NET Security Update Shipping [MS11-100]

December 30, 2011 at 10:11 AM
Vulnerability in ASP.NET Could Allow Denial of Service Security Vulnerability On Dec 28th 2011, details were published at a security conference describing a new method to exploit hash-table data-structures used in web frameworks.  Attacks targeting this type of vulnerability are generically known as “hash collision attacks”. Hash collision attacks attempt to populate a hash-table within a server app with large numbers of items whose keys resolve to the same hash code.  These key collisions can significantly slow down operations on the hash-table, and with enough elements can cause a server to spend minutes (or even hours) processing them.  This can block a web server from processing requests from other users, and cause a denial of service (meaning the web site becomes unresponsive or slow). Attacks such as these are not specific to any particular language or operating system.  Presenters at the security conference discussed how to cause them using standard HTTP form posts against several different web frameworks (including ASP.NET).  Because these attacks on web frameworks can create Denial of Service issues with relatively few HTTP requests, there is a high likelihood of attacks happening using this approach.  We strongly encourage customers to deploy the update as soon as possible. The security update we are releasing on Thursday, December 29th updates ASP.NET so that attackers can no longer perform these attacks.  The security update does not require any code or application changes.  More info : http://technet.microsoft.com/en-us/security/advisory/2659883 Download Update 1. Windows Update (KB2656356)   2. Microsoft Download Center - http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=28573

Posted in: MVP | Technical Stuff

Tags: ,


Extensionless URLs do not find .cshtml/.vbhtml files on IIS 7 or IIS 7.5

June 18, 2011 at 8:21 PM
Issue: Extensionless URLs do not find .cshtml/.vbhtml files on IIS 7 or IIS 7.5 On IIS 7 or IIS 7.5, requests with a URL like the following are not able to find pages that have the .cshtml or .vbhtml extension:http://www.example.com/ExampleSite/ExampleFileThe issue arises because URL rewriting is not enabled by default for IIS 7 or IIS 7.5. The likeliest scenario is that you do not see the problem when testing locally using IIS Express, but you experience it when you deploy your website to a hosting website. Workaround If you have control over the server computer, on the server computer install the update that is described in A update is available that enables certain IIS 7.0 or IIS 7.5 handlers to handle requests whose URLs do not end with a period. If you do not have control over the server computer (for example, you are deploying to a hosting website), add the following to the website's Web.config file: <system.webServer> <modules runAllManagedModulesForAllRequests="true"/></system.webServer> Issue: Using WAP or MVC and ASP.NET Web pages in the same application If you were using ASP.NET Web Pages in a WAP or MVC application, you might see an error that WebPageHttpApplication can not be found.

Posted in: MVP | Technical Stuff

Tags: ,


Visual Studio Update for HTML5 & CSS3 (Free)

June 16, 2011 at 4:00 PM
  The Web Platform and Tools team is very pleased to announce the first Web Standards Update for Visual Studio SP1. It updates the HTML5 intellisense and validation to reflect the latest W3C specifications and fixes some bugs bugs in the current SP1 support for HTML5. Also JavaScript intellisense it updated to reflect many of the new browser capabilities such as Geolocation and DOM storage. Finally, this update adds comprehensive CSS3 intellisense and validation based on the latest specifications from W3C.   While waiting for the update....so What's New ? HTML 5 features   Video & related tags Audio & related tag New input types like email, url, date etc Drag & Drop support Accessibility standard WAI-ARIA Microdata Schema.org & more SEO friendly goodness Browser APIs Geo-Location - Location aware websites are a clear, growing trend and now you've got full intellisense and validation within Visual Studio.  For a nice sample, view source on the IE9 test drive demo. Local Storage – IE has been supporting local storage from IE8, so now Visual Studio will provide you with full-fidelity intellisense to create sites which can save state within the browser.  For sample of this, do a view source on HTML5 Demo Site CSS3 2D Transforms 3D Transforms Animations Background & Borders Basic Box Model Basic UI Behavior Color Flexible Box Layout Fonts Generated Content for Paged Media Hyperlink Presentation Line Lists Marquee Media Queries Multi Column Namespaces Paged Media Presentations Levels Ruby Selectors Speech Syntax Template Layout Text Transitions Additionally, if you are trying to make websites which work on a variety of platforms and browsers you will love the fact that Web Standards Update not only supports IE specific prefixes like –ms; but also other vendor prefixes like –webkit and –moz. Read More : ·         Download URL - http://visualstudiogallery.msdn.microsoft.com/a15c3ce9-f58f-42b7-8668-53f6cdc2cd83 ·         VWD Team Announcement post by Mads - http://blogs.msdn.com/b/webdevtools/archive/2011/06/15/web-standards-update-for-visual-studio-2010-sp1.aspx ·         Walkthrough post by Hanselman - http://www.hanselman.com/blog/AnnouncingTheWebStandardsUpdateHTML5SupportForTheVisualStudio2010Editor.aspx ·         Reference post by Vishal - http://vishaljoshi.blogspot.com/2011/06/announcing-html5-css3-support-for.html  *P/S : Content taken from various source."P.P.S. No, that logo to the right isn't official anything and yes, it's fun. " -  Scott Hanselman’s :D    

Posted in: MVP | Technical Stuff

Tags: , ,


[How-to] Passing value within 2 WebPages using Razor syntax

June 12, 2011 at 11:48 PM
Following will be the example if you would like to use Request QueryString to pass value between 2 CSHTML page.We have have 2 web pages, Page.cshtml and Page2.cshtml. Under Page.cshtm, there will be a textbox and a button, whatever user enter in the textbox, it will be pass over to Page2.cshtml. Here the code on Page.cshtml. We use the Request.Form to capture the input by the user from the textbox. The value then store in the variable "formValue" which will be pass over to Name under Response.Redirect. @{     var formValue = Request.Form["myTextBox"];      if (IsPost)      {                  Response.Redirect("Page2.cshtml?name=" + formValue);               } } <!DOCTYPE html>  <html lang="en">     <head>         <meta charset="utf-8" />         <title>Page 1</title>     </head>     <body>  <form action="" method="post">         <input type="text" id="myTextBox" name="myTextBox"/>                     <input type="submit" value="submit"/> </form>              </body> </html> Here's the code on Page2.cshtml, please take note on the previous code Response.Redirect("Page2.cshtml?name=" + formValue); we actually pass the value to the variable named "NAME". so in Page2.cshtml, we will capture the value NAME. We used Request.QueryString to capture the value from the URL which will be http://localhost/page2.cshtml?name=WHATEVERUSERINPUT. @{      var queryValue = Request.QueryString["name"];     }  <!DOCTYPE html>    <html lang="en">      <head>          <meta charset="utf-8" />          <title>Page 2</title>      </head>      <body>          @queryValue      </body>  </html>  For this example, queryValue will return the value of "WHATEVERUSERINPUT". Happy coding.*This blog post is available also at : http://wiki.asp.net/page.aspx/1672/passing-value-within-2-webpages-using-razor-syntax/

Posted in: MVP | Technical Stuff

Tags: , ,


MSDN Malaysia - Orchard in the Cloud Contest

May 9, 2011 at 5:50 PM
Hi Everyone, MSDN Malaysia has announced the competition to host the best Orchard in the cloud. Exciting prizes awaits those who participates. Prizes* Week 1 Arc Touch Mouse + Arc Keyboard Week 2 Wireless Xbox controller Week 3 Crumpler Bag Week 4 Microsoft Sidewinder X3 + X4 (mouse + keyboard) Week 5 USB 3.0 External Hard Disk Drive What is this contest about? MSDN Malaysia are looking out for the best Orchard on the Windows Azure platform, literally. So, in 3 simple step, you can get yourself started. 1. Get yourself a FREE 30 Days Azure account with the promo code "APMY2011".*Azure account will take 24-48hours to activate, strongly suggest your apply your Azure account before you participate. 2. Get a copy of Free WebMatrix thru Microsoft Platform Installer and, 3. Download Orchard thru your WebMatrix interface-> Site from Web Gallery.   For more details, visit MSDN Malaysia blog here.      

Posted in: MVP | Technical Stuff

Tags: ,


Final Release of ASP.NET MVC 3, IIS Express, SQL CE 4, Web Farm Framework, Orchard, WebMatrix

January 14, 2011 at 10:15 AM
After a long waiting, finally, the release of following product had just been made by ASP.NET Team ! ASP.NET MVC 3 NuGet IIS Express 7.5 SQL Server Compact Edition 4 Web Deploy and Web Farm Framework 2.0 Orchard 1.0 WebMatrix 1.0 You can download and install ASP.NET MVC 3 here.  The ASP.NET MVC 3 source code (released under an OSI-compliant open source license) can also optionally be downloaded here.

Posted in: MVP | Technical Stuff

Tags: , ,