July 10, 2012 07:39 by
Scott
How often do you just use an HTML comment to remove old code, or new functionality that isn’t ready yet? Are HTML comments effective for ASP.Net server controls? From a pure development context, they probably are. When we factor in security, they no longer provide the functionality that was intended. This post will explain an issue with how ASP.Net handles this situation and why it is not sufficient from a security perspective.
I am going to use a very simplistic example to make it easier to understand and to save space. Please do not let this simple example downplay the significance of this issue. In this example, I have added two label controls and a button control. I will walk through a few different scenarios to explain what is happening. Here is what the relevant part of the html page looks like:
1: <asp:Content ID="BodyContent" runat="server" ContentPlaceHolderID="MainContent">
2: <h2>
3: HTML Comment Test Page
4: </h2>
5: <p>
6: <asp:Label ID="lblUserName" runat="server" />
7: <asp:Label ID="lblAcctNum" runat="server" />
8: <asp:Button ID="cmdSubmit" runat="server" Text="Submit"
9: onclick="cmdSubmit_Click" />
10: </p>
11: </asp:Content>
Below is the relevant code from the default.aspx.cs code behind file. This is the code that contains the button click event that will be important throughout this post.
1: protected void Page_Load(object sender, EventArgs e)
2: {
3: lblUserName.Text = "joeUser";
4: lblAcctNum.Text = "933-3222222-939239";
5: }
6: protected void cmdSubmit_Click(object sender, EventArgs e)
7: {
8: lblUserName.Text = "This shouldn't have happened.";
9: }
When we run the page, the following output is exactly what we expect. The labels are populated with their respected values and the button is there.
1: <h2>
2: HTML Comment Test Page
3: </h2>
4: <p>
5: <span id="MainContent_lblUserName">joeUser</span>
6: <span id="MainContent_lblAcctNum">933-3222222-939239</span>
7: <input type="submit" name="ctl00$MainContent$cmdSubmit" value="Submit" id="MainContent_cmdSubmit" />
8: </p>
I would like to call out separately the EventValidation value. It is beyond the scope of this post to fully explain EventValidation within .Net, but the short explanation is that it is used to only allow expected events to be triggered on the server. The value is a hash of the allowed values and events. Here is the value for this page:
1: /wEWAgLFs4viAgKP5u6DCOTYhw/mo3AHFQHnB8XMEMHlrATJQZUNTjLevOMdQoay
Now lets comment out the button control and a label control and see what happens. I will comment out the account number because I realized there are some problems with it. It is displaying sensitive information and it is vulnerable to cross-site scripting. I want to remove the button, because it is old functionality and I don’t want anyone to be able to perform that action going forward. Here is what the new HTML data looks like:
1: <h2>
2: HTML Comment Test Page
3: </h2>
4: <p>
5: <asp:Label ID="lblUserName" runat="server" />
6:
7: <!--<asp:Label ID="lblAcctNum" runat="server" />-->
8: <!--<asp:Button ID="cmdSubmit" runat="server" Text="Submit"
9: onclick="cmdSubmit_Click" />-->
10: </p>
It is important to note that I did not make any changes to the code behind file, because it was a) easier to update the html document and b) it doesn’t require me to change compiled code. Although neither of these are good reasons, they are just used for the example.
Here is what the new HTML output looks like:
1: <h2>
2: HTML Comment Test Page
3: </h2>
4: <p>
5: <span id="MainContent_lblUserName">joeUser</span>
6:
7: <!--<span id="MainContent_lblAcctNum">933-3222222-939239</span>-->
8: <!--<input type="submit" name="ctl00$MainContent$cmdSubmit" value="Submit" id="MainContent_cmdSubmit" />-->
9: </p>
The good news is that the elements are commented out, as we expected, but do you see a problem? On line 7, the account number is still being populated and on line 8 the button was processed as well to a proper HTML button, rather than the asp:control that we commented out. I would have expected that the controls would not have been processed because they were commented out.
The .Net framework does not detect that the ASP.Net server controls are within HTML comments and still processes them as if they were not commented out. Now, that sensitive data I was trying to remove, is just not displayed on the page, but still available in the source of the page. All a user would have to do is View Source to see it.
Remember I also mentioned I wanted to remove this label because it was vulnerable to cross-site scripting. Well, unfortunately, it still is. Just because it lives inside of HTML comments doesn’t mean if the proper values are sent down it is still protected. It is possible for an attacker to submit data that will break out of the comment and then add their own execution steps.
Also, notice that the button looks valid. What would happen if the end user decided to remove the comments around the button? In this case, the button would still fire as it did in the first example. There are other ways to trigger this button, but re-enabling it with a proxy or browser add-in is the easiest. Lets take another look at our EventValidation value:
1: /wEWAgLFs4viAgKP5u6DCOTYhw/mo3AHFQHnB8XMEMHlrATJQZUNTjLevOMdQoay
This value is the same as the last time we checked it before commenting out the button control. Since it is the same, we know that the same events are available to us and the button will be accepted. This could cause a problem if the code is not ready for prime time, or has been removed due to issues of some sort.
A better way to resolve this issue is to set the Visible property for each of the server controls you no longer want to exist on the page, or just remove them if you are using source control. By setting the visible property to “False”, the .Net framework will not process that control and send it to the browser. This also effects the EventValidation. Lets look and see what happens when we set the Visible property in the HTML.
1: <h2>
2: HTML Comment Test Page
3: </h2>
4: <p>
5: <asp:Label ID="lblUserName" runat="server" />
6:
7: <asp:Label ID="lblAcctNum" Visible="false" runat="server" />
8: <asp:Button ID="cmdSubmit" runat="server" Visible="false" Text="Submit"
9: onclick="cmdSubmit_Click" />
10: </p>
Here is the output:
1: <p>
2: <span id="MainContent_lblUserName">joeUser</span>
3:
4:
5:
6: </p>
Notice how the button and label are no longer being output to the browser at all. This is much better and more secure. Lets check the EventValidation value just to make sure it has changed. Oh, wait, because there are no other events on this page, EventValidation not longer exists. That means that no events would be accepted by our page. If other events existed, or if a listbox existed, then our value would have been different. If we tried to then submit the button click event, an ASP.Net error would have been raised.
As you can see, there are some issues when just using HTML comments for your server controls. ASP.Net has an issue, maybe a bug, that doesn’t detect this behavior and processes the controls as if they were allowed. Remember, it is easy to re-enable a commented out control, so make sure you avoid that situation. Just because a controls is commented, doesn’t mean it will represent a security risk, but any instance of this should be examined for potential security problems.
July 4, 2012 08:14 by
Scott
For Microsoft, 2012 is the Year of New Releases. Major releases of Windows 8, Windows Server 2012, System Center 2012, and SQL Server are all due. Not to be left out, Visual Studio (VS) 2012 will also be released this year, and Microsoft recently made the Visual Studio 2012 Release Candidate (RC) available. You can download it from the Visual Studio 2012 RC downloads page. Here are some of the most important new features in this VS 2012 release.
Revamped UI
The UI is probably the first thing you’ll notice about VS 2012 RC. The monochrome scheme in earlier versions of VS 2012 was met with a bitter backlash as developers took an instant dislike to it. In fairness, the idea was to deemphasize the UI and make the code stand out more. However, that was a bad idea. VS 2012 RC reintroduces color, and once again you can tell the difference between the icons on the toolbars. That said, personally, I prefer the VS 2010 UI and colors (except for the cool game-like installer in VS 2012 RC).
Ability to Build Metro-style Applications
Without a doubt this is the most important new feature in VS 2012. VS 2012 lets you build Metro apps using HTML, JavaScript or XAML and VB, C# or C++, and it includes a new set of Metro-style app templates. It also supports building Windows Phone applications.
Microsoft.NET Framework 4.5
While it’s not technically a part of VS 2012, every new release of Visual Studio is accompanied by a new release of the .NET Framework. In this case, it's the new .NET Framework 4.5. Its big changes include improved support for parallelism and IPv6, support for zip compression, HTML 5, WebSockets, and WPF Ribbon bar support. ASP.NET Web Forms has been updated to support the asynchronous modules and handles, lots more.
LightSwitch
In earlier releases of Visual Studio, LightSwitch was a separately purchased product. The VS 2012 release includes LightSwitch in the VS 2012 Professional editions and above. I always said LightSwitch was a developer tool and not a user tool, and it seems that Microsoft now agrees. The VS 2012 LightSwitch has a new theme, support for branding, and improved performance.
IIS Express
Visual Studio used to use its own ASP.NET Development Server as the default web server for locally running and testing web applications. However, that meant you often ran into a variety of differences and incompatibilities when you went to deploy your applications on IIS. VS 2012 solves this problem by using IIS Express as the default local web server. IIS Express is a lightweight, self-contained version of IIS. It has all of the core capabilities of the full-fledged IIS, but it doesn't run as a service.
Support for WinRT
In conjunction with the new support for Windows 8 and Metro, VS 2012 also includes support for the new WinRT subsystem. WinRT (Windows RunTime) is the new programming model used by Metro. VS 2012 supports WinRT development in C++, C#, VB, and JavaScript. Programs written using WinRT should run on both Intel and ARM processors.
New Solution Explorer
As you begin to use VS 2012, you’ll definitely notice the new Solution Explorer. It's like a cross between the old Object Browser and Class View. You can navigate your project’s objects and drill down into methods and properties. It also enables you to search and preview file, objects and external items.
New SQL Server Object Explorer
Visual Studio has always been weak in the area of SQL Server navigation. VS 2012 improves its SQL Server integration with the new SQL Server Object Explorer, which is more like SQL Server Management Studio than the old Server Explorer. The new SQL Server Object Explorer shows column data types as well as primary and foreign keys.
Visual Studio 2012 Hosting with HostForLIFE.eu with only 2.45 euros/month.
June 22, 2012 08:26 by
Scott
Microsoft has released developer previews for Visual Studio 2011 and .Net framework 4.5. There are lots of new features available in the developer preview. One of the most interested things for web developers is the support introduced for new HTML 5 form controls.
The following are the list of new controls available in HTML 5
- email
- url
- number
- range
- Date pickers (date, month, week, time, datetime, datetime-local)
- search
- color
Describing the functionality for these controls is not in the scope of this article. If you want to know about these controls, refer the below URLs
http://msdn.microsoft.com/en-us/magazine/hh547102.aspx
http://www.w3schools.com/html5/html5_form_input_types.asp
ASP.Net 4.5 introduced more possible values to the Text Mode attribute to cater the above requirements. Let us evaluate these. I have created a project in Visual Studio 2011 developer preview, and created a page named “controls.aspx”. In the page I placed on Text box control from the toolbox
Now select the control and go to the properties pane, look at the TextMode attribute.
Now you can see more options are added here than prior versions of ASP.Net. I just selected Email as TextMode. I added one button to submit my page. The screen shot of the page in Visual Studio 2011 designer is as follows
See the corresponding markup
<form id="form1" runat="server">
<div>
Enter your email:
<asp:TextBox ID="TextBox1" runat="server" TextMode="Email"></asp:TextBox
</div>
<asp:Button ID="Button1" runat="server" Text="Submit" />
</form>
Now let me run this page, IE 9 do not have the support for new form fields. I browsed the page using Firefox and the page appears as below.
From the source of the rendered page, I saw the below markup for my email textbox
<input name="TextBox1" type="email" id="TextBox1" />
Try to enter an invalid email and you will see the browser will ask you to enter a valid one by default.
When rendered in non-supported browsers, these fields are behaving just as normal text boxes. So make sure you are using validation controls with these fields.
See the browser support compatability matrix with these controls with various browser vendors.
ASP.Net 4.5 introduced the support for these new form controls. You can build interactive forms using the newly added controls, keeping in mind that you need to validate the data for non-supported browsers.
June 8, 2012 08:06 by
Scott
The working of Asynchronous Handler can be shown as
As we know if we need to create a normal custom HTTPHandler. We need to implement IHTTPHandler interface and if we want to create a custom Asynchronous HTTPHandler, we need to implement IHttpAsyncHandler.
In this post, I will be discussing, How we can write Asynchronous HTTPHandlers with the help of new features introduced in .NET 4.5 framework.
In the example, I’ll create an asynchronous HTTPHandler with the help of asp.net 4.5 that downloads rss feed.
To create Asynchronous HTTPHandler in asp.net 4.5, we need to implement the method ProcessRequestAsync of new abstract class HttpTaskAsyncHandler that got newly introduced.
For that I created a class library named AsyncHandlerLibrary , which has a Handler class CustomAsyncHandler which implements HttpTaskAsyncHandler.
So the class CustomAsyncHandler will be as
public class CustomAsyncHandler : HttpTaskAsyncHandler
{
public override async Task ProcessRequestAsync(HttpContext context)
{
string url = context.Request.QueryString["rssfeedURL"];
if (string.IsNullOrWhiteSpace(url))
{
context.Response.Write("Rss feed URL is not provided");
}
WebClient webClient = new WebClient();
//It starts downloading the rss asynchronously and the asp,net thread become free
//and become available in threadpool
//once the the it load the rssfeed loading completes it get assigned to another ASP.NET thread from the threadpool
var rssfeed = await
webClient.DownloadStringTaskAsync(url);
// Writing the rss on the screen
context.Response.Write(rssfeed);
}
public override bool IsReusable
{
get { return true; }
}
public override void ProcessRequest(HttpContext context)
{
throw new Exception("The ProcessRequest method has no implementation.");
}
}
Now if you see the above code, I have implemented ProcessRequestAsync , in which I read the rss url from query string. And asynchronously downloaded the rss feed and later wrote it in response.
Now you can see, with help of new keywords async keyword and await operator of .NET 4.5, it is extremely easy to write asynchronous code. It also got ensured that same can be used in asp.net with the introduction of new APIs.
Now build the project and add the reference in your web application. Also add this in your web.config file as
<system.webServer>
<handlers>
<add name="myHandler" verb="*" path="*.rss" type="AsyncHandlerLibrary.CustomAsyncHandler"/>
</handlers>
</system.webServer>
Then run your application. Now you can see it has never been so easy to write Asynchronous HTTPHandler. Now enjoy coding with ASP.NET 4.5.
May 28, 2012 09:25 by
Scott
In an effort to start blogging more about the "helpful" items that I have encountered over the years this is one of my first "Quick Tips" related to improving the life of the developer. We all have had those times where we are tracking down a complex problem within an application and all along the way we have to spend endless time mousing over individual classes to find out what their values are when most commonly we just want to know about one or two key values. Well in this post, I'll show you a neat trick using the "DebuggerDisplay" attribute to help make this process easier.
The Code
To get us started I'm going to just dive into the code, consider the following super condensed code sample.
1: static void Main(string[] args)
2: {
3: var badSampleInstance = new BadSample()
4: { Name = "John Smith",
5: Address = "123 Main Street",
6: Phone = "515-555-1212" };
7: var goodSampleInstance = new GoodSample()
8: { Name = "John Smith",
9: Address = "123 Main Street",
10: Phone = "515-555-1212" };
11: Console.ReadLine();
12: }
13:
14: public class BadSample
15: {
16: public string Name { get; set; }
17: public string Address { get; set; }
18: public string Phone { get; set; }
19: }
20:
21: [DebuggerDisplay("{Name} ({Phone})")]
22: public class GoodSample
23: {
24: public string Name { get; set; }
25: public string Address { get; set; }
26: public string Phone { get; set; }
27: }
From here we can see a very simple set of code with two classes. If you notice I have added an attribute "DebuggerDisplay" to the top of the GoodSample class. The value used for the display contains a few substitutions "{Name}" and "{Phone}". What this does is update all of the display areas in the debugger, that would typically show the type name for the value which isn't helpful to show the formatted value we supplied. An example of this can be seen here.
So as you can see this can help to get a good glance into your custom objects, and reduce a lot of the "mouseover" action that is common while debugging.
I hope that this content was helpful.
May 21, 2012 08:20 by
Scott
This article Illustrate How to read mails from ASP.Net. Using POP commands you can access you email inbox from ASP.Net. Basic POP commands are USER, PASS, LIST, QUIT, RETR.
More details POP command help you can check these links
//Creating Object for POPHelper
//Parameters are Gmail,Yahoo or MSN Pop Server,
//Port number
//bool isSSL
POPHelper objPopHelper = new POPHelper("pop.gmail.com", 995, true);
objPopHelper.UserName = "Your Gmail Username eg:[email protected]";
objPopHelper.Password = "GmailPassword";
objPopHelper.Connect();
GridView1.DataSource = p.DataSource;
GridView1.DataBind();
Code Of Connect Method
public void Connect()
{
string response = string.Empty;
ArrayList arrList = new ArrayList();
try
{
//Connect to Host server
#region Connect Host
TcpClient _tcpClient = new TcpClient();
try
{
_tcpClient.Connect(_hostname, _port);
//if login is ssl
if (_isSsl)
{
_stream = new SslStream(_tcpClient.GetStream());
((SslStream)_stream).AuthenticateAsClient(_hostname);
}
else
{
_stream = _tcpClient.GetStream();
}
}
catch (Exception ex)
{
throw new POPCommandException("Connection to " + _hostname + " Port: " + _port + " failed. Error Details"+ex.Message);
}
#endregion
// Send POP Commands (USER, PASS, LIST) to Host
#region POP Commands
_streamWriter = new StreamWriter(_stream, Encoding.ASCII);
_streamReader = new StreamReader(_stream, Encoding.ASCII);
//POP command for send Username
_streamWriter.WriteLine(POPCommands.USER.ToString()+" "+ UserName);
//send to server
_streamWriter.Flush();
//POP command for send Password
_streamWriter.WriteLine(POPCommands.PASS.ToString() + " " + Password);
//send to server
_streamWriter.Flush();
//POP command for List mails
_streamWriter.WriteLine(POPCommands.LIST.ToString());
//send to server
_streamWriter.Flush();
#endregion
//Read Response Stream from Host
#region Read Response Srteam
//Read Response Stream
response = null;
string resText = string.Empty;
while ((resText = _streamReader.ReadLine()) != null)
{
if (resText == ".")
{ break; }
if (resText.IndexOf("-ERR") != -1)
{ break; }
response += resText;
arrList.Add(resText);
}
#endregion
//Binding Properties
#region Bindings
//Bind Message count
BindMailCount(arrList);
//mails returns List
_mail = ReadMail(messagecount);
//get mails Subjects returns List
_mailsub = FilterContent(_mail,FiltersOption.Subject);
_from = FilterContent(_mail, FiltersOption.From);
_to = FilterContent(_mail, FiltersOption.To);
SetDataSource(_mailsub, _from);
#endregion
}
catch (Exception ex)
{
errors.Add(ex.Message);
}
}
Class Diagram of POPHelper
Reading Mails Using POP Command RETR from ASP.NET
private List ReadMail(int Count)
{
List lst = new List();
try
{
for (int i = 1; i <= Count; i++)
{
_streamWriter.WriteLine(POPCommands.RETR+" " + i.ToString());
_streamWriter.Flush();
string resText = string.Empty;
while ((resText = _streamReader.ReadLine()) != null)
{
if (resText == ".")
{ break; }
if (resText.IndexOf("-ERR") != -1)
{ break; }
lst.Add(resText);
}
}
}
catch(Exception ex)
{
errors.Add(ex.Message);
}
return lst;
}
Enumerates for Filer message subject and From Address and ToAddress
Method for Filer Content
private List FilterContent(List Mails,FiltersOption filter)
{
List filterItems = new List();
try
{
for (int i = 0; i < Mails.Count; i++)
{
if (Mails[i].StartsWith(filter.ToString() + ":"))
{
string sub = Mails[i].Replace(filter.ToString() + ":", "");
filterItems.Add(sub);
}
}
}
catch (Exception ex)
{
errors.Add(ex.Message);
}
return filterItems;
}
Creating DataSource for GridView
private DataTable SetDataSource(Listsubject,Listsender)
{
int messageCount = messagecount;
dataTab = new DataTable();
DataRow drow;
DataColumn Sender = new DataColumn("Sender", typeof(string));
DataColumn Subject = new DataColumn("Subject", typeof(string));
dataTab.Columns.Add(Sender);
dataTab.Columns.Add(Subject);
for (int i = 0; i < subject.Count; i++)
{
drow = dataTab.NewRow();
dataTab.Rows.Add(drow);
dataTab.Rows[i][Sender] = sender[i].ToString();
dataTab.Rows[i][Subject] = subject[i].ToString();
}
return dataTab;
}
May 4, 2012 08:40 by
Scott
In this article I will explain how to read or write connection strings in web.config file using asp.net.
I have one web application that contains many pages and each page contains relationship with database connection to get data from database and display it on page because of that I need to write database connections for each page to interact with database. Now the server name or credentials of database server has changed in that situation it will create problem because we need to modify the database connections of each page using asp.net.
To avoid this situation it would be better if we place connection string in one place and reuse it in every page wherever we need to connect to SQL Server. Web.config is the best place to store the connection strings in asp.net and it would be safer place to store the connection strings instead of writing connection strings in every web page.
Now we want to add connection string in web.config file for that first create new website using visual studio after that create new website open web.config file and search for “connectionStrings” and add new item in connectionStrings section
After open web.config file in application and add sample db connection in connectionStrings section like this
< connectionStrings>
< add name="yourconnectinstringName" connectionString="Data Source= DatabaseServerName; Integrated Security=true;Initial Catalog= YourDatabaseName; uid=YourUserName; Password=yourpassword; "
providerName="System.Data.SqlClient"/>
</ connectionStrings >
Example of declaring connectionStrings in web.config file like this
< connectionStrings>
< add name="dbconnection" connectionString="Data Source=Scott;Integrated Security=true;Initial Catalog=MySampleDB" providerName="System.Data.SqlClient"/>
</ connectionStrings >
Here to access my database server there is no need of username and password for that reason I didn’t enter username and password in connection string.
After add dbconnection in connectionString we need to write the some code in our codebehind file to get connection string from web.config file for that add following namespace in codebehind file and write the following code
using System.Configuration;
This namespace is used to get configuration section details from web.config file.
After add namespaces write the following code in code behind
C# code
using System;
using System.Data.SqlClient;
using System.Configuration;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
//Get connection string from web.config file
string strcon = ConfigurationManager.ConnectionStrings["dbconnection"].ConnectionString;
//create new sqlconnection and connection to database by using connection string from web.config file
SqlConnection con = new SqlConnection(strcon);
con.Open();
}
}
VB.NET
Imports System.Data.SqlClient
Imports System.Configuration
Partial Public Class _Default
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
'Get connection string from web.config file
Dim strcon As String =
ConfigurationManager.ConnectionStrings("dbconnection").ConnectionString
'create new sqlconnection and connection to database by using connection string from web.config file
Dim con As New SqlConnection(strcon)
con.Open()
End Sub
End Class
OK, finish.
April 25, 2012 08:07 by
Scott
The above error message indicate that you haven’t configured your ASP.NET 4 on your IIS. To configure IIS7.0 to use ASP.NET 4, please follow this steps:
- Open command prompt under Administrative privileges.
- Navigate to this location C:\Windows\Microsoft.NET\Framework\v4.0.30319.
- Locate aspnet_regiis.exe file.
- Run the utility with –i switch to register ASP.NET 4.0 with IIS7
And you can see it will work now.
April 23, 2012 07:40 by
Scott
HostForLIFE.eu was established to cater to an under served market in the hosting industry; web hosting for customers who want excellent service. HostForLIFE.eu – a cheap, constant uptime, excellent customer service, quality, and also reliable hosting provider in advanced Windows and ASP.NET technology. We proudly announces the availability of the SQL 2012 hosting in our entire servers environment. HostForLife customer can choose SQL 2012 when creating a database from inside HostForLife hosting control panel.
The first new option is Windows SQL Server 2012, which is available to customers from today. With the public release just last week of Microsoft’s latest version of their premier database product, HostForLife has been quick to respond with updated their shared server configurations. SQL Server 2012 Web Edition is available for the same low monthly rental price as the previous SQL 2008, as well as Express Edition, which is a basic version of Microsoft’s SQL Database product, available for free.
“We’re proud to be at the cutting edge for new technologies. With these additions, customers have the option to explore these new products in the safe environment of their own shared server. Developers and IT Managers can research the potential impact of next-generation software without risking current infrastructure. With Microsoft’s announcement of the general availability of their new SQL server, we are proud to launch SQL 2012 hosting along with a suite of SQL 2012 management tools." Said John Curtis, VP Marketing and Business Development at HostForLIFE.eu.
John added, “It’s very important to our customers that we support their current deployments; we want to make sure that our customers have their good opportunity to test this new technology."
“HostForLIFE customers can now take advantage of SQL Server 2012’s advanced BI capabilities, We’re excited to see the benefits of this release add value to the energy management and manufacturing arena. Ensuring compatibility with Microsoft’s new SQL Server 2012 demonstrates how HostForLife and Microsoft remain committed together to providing leading edge technology for the benefit of our shared customers." Said CEO of HostForLIFE.eu, Anthony Johnson.
For more information about this new product, please visit http://www.hostforlife.eu/SQL-2012-European-Hosting.aspx.
About us:
We are European Windows Hosting Provider which FOCUS in Windows Platform ONLY. We support Microsoft technology, such as the latest ASP.NET 4, ASP.NET MVC 3, SQL 2008/2008 R2, and much more.
Our number one goal is constant uptime. Our data center uses cutting edge technology, processes, and equipment. We have one of the best up time reputations in the industry.
Our second goal is providing excellent customer service. Our technical management structure is headed by professionals who have been in the industry since it's inception. We have customers from around the globe, spread across every continent. We serve the hosting needs of the business and professional, government and nonprofit, entertainment and personal use market segments.
April 16, 2012 11:05 by
Scott
WebSockets enables the real-time web where the information is available to the user the moment it is published. WebSockets are standard based, Interoperable across browsers and very simple to use. We got the WebSockets support everywhere it is available on browsers, windows run time, WCF, ASP, IIS etc. This post gives you the basic idea about WebSockets and the technicalities behind this concept.
There is a deep desire for speed to get the information as quickly as possible.
Typical examples where user wants to see the information in real time
- Stock Market data
- Live Scores
- Airline Location
- Twitter Search Results
- Interactive games
The Problem
HTTP is a state less protocol where server can communicate with client only once per request received. Real time web needs asynchronous communication with client.
In the above example when you are 7 letters of text and sending to the server , it actually sending the 4kb of data to the server. We can do better and it clearly tells us the HTTP is not adequate for the real-time web.
Solution
WebSocket – is an enabler of the real-time web. Sockets are full-duplex bi-directional protocol. These Sockets are not directly available to the developers. So we need richness of Sockets and reach of Web. All together called WebSockets.
WebSockets Characteristics
- Full duplex bidirectional communication
- Supports unsecure(TCP) and secure(HTTPS) channels
- It can traverse proxies and firewalls
- It keeps the connection alive
Step1: You start the communication with HTTP and tells the server you want to do the communication using sockets.
Step2: The server checks and accepts the request then it starts the socket communication. At this stage both of them drop-down to start communication using sockets.
How the protocol operates?
The request from client looks like as below
It basically saying it supports websocket communication. The security key in the header is to both side to understand the sockets.
The Response from the server looks like below
WebSocket API it is defined in W3C Primary methods and events are as below
You have the call-back method if connection is opened or if you connection is closed or message is received.
The request URI in this communication looks as below
notice it has a special scheme name WS , ws indicates to the browser this is not something that not goes through the wire and says it is web sockets request is coming on and you need to do the HTTP hand shake down before actual communication start. ws never goes on the wire, it is HTTP that goes on the wire.
Creating a WebSocket is simple
Sending a Text message using this socket
Capturing the server response in onmessage event as below
WebSockets is an emerging standard which enables secure, real-time , bi-directional communication across the web. Microsoft supporting this in IE10, Windows 8 Apps, IIS, ASP.NET and WCF.