tag:blogger.com,1999:blog-132215272024-03-07T18:20:07.192-05:00Development tipsDevelopment tips by Dennis GorelikDennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.comBlogger100125tag:blogger.com,1999:blog-13221527.post-35823104496984747842012-07-29T06:15:00.001-04:002012-07-29T06:17:44.252-04:00Proper error handling in ASP.NET Web Forms<br />
<div class="MsoNormal">
I want to show users two custom pages:<o:p></o:p></div>
<div class="MsoNormal">
1) Error500.aspx -- for uncaught exceptions.<o:p></o:p></div>
<div class="MsoNormal">
2) Error404.aspx -- for non-existing page.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The trick is that ASP.NET handles requests to *.aspx pages
differently than to other types of pages.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Here's how I do it.<br />
<br />
<div class="MsoNormal">
In Web.Config:<o:p></o:p></div>
<div class="MsoNormal" style="background: white; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="background: white; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"><</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">system.web</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> <</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">customErrors</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">mode</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">RemoteOnly</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">defaultRedirect</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">~/Error.aspx</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">redirectMode</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">ResponseRewrite</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> <</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">error</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">statusCode</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">404</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">redirect</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">~/Error404.aspx</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">/></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> <</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">error</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">statusCode</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">500</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">redirect</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">~/Error500.aspx</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">/></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></div>
<div class="MsoNormal" style="background: white; tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";"> <!--</span--><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">customErrors</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt; mso-fareast-font-family: "Times New Roman";">></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></span></div>
<pre style="background: white;"><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"><!--</span--><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">system.web</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></span></pre>
<div class="MsoNormal">
<br /></div>
<pre style="background: white;"><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"><</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">system.webServer</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></pre>
<pre style="background: white;"><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> <</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">modules</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt;">runAllManagedModulesForAllRequests</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">true</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></pre>
<pre style="background: white;"><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> <</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">add</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt;">name</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> PostJobFreeModule</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt;">type</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">PostJobFree.PostJobFreeModule</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt;">preCondition</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">managedHandler</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">/></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></pre>
<pre style="background: white;"><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> <!--</span--><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">modules</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></span></pre>
<pre style="background: white;"><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> <</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">httpErrors</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: red; font-family: Consolas; font-size: 11.5pt;">existingResponse</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">=</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">PassThrough</span><span style="font-family: Consolas; font-size: 11.5pt;">"</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"> /></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></pre>
<pre style="background: white;"><span style="color: blue; font-family: Consolas; font-size: 11.5pt;"><!--</span--><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">system.webServer</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">></span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></span></pre>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
In PostJobFreeModule.cs I use:<o:p></o:p></div>
<pre style="background: white;"><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">void</span><span style="font-family: Consolas; font-size: 11.5pt;"> application_EndRequest(</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">object</span><span style="font-family: Consolas; font-size: 11.5pt;"> sender, </span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">EventArgs</span><span style="font-family: Consolas; font-size: 11.5pt;"> e)<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;">{<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">PageNotFoundHelper</span><span style="font-family: Consolas; font-size: 11.5pt;">.ShowError404IfNeeded();<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;">}<o:p></o:p></span></pre>
<div class="MsoNormal">
<br /></div>
<pre style="background: white;"><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">public</span><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">static</span><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">class</span><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">PageNotFoundHelper</span><span style="font-family: Consolas; font-size: 11.5pt;"><o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;">{<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">public</span><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">static</span><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">void</span><span style="font-family: Consolas; font-size: 11.5pt;"> Set404StatusCode()<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> {<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">HttpContext</span><span style="font-family: Consolas; font-size: 11.5pt;">.Current.Response.StatusCode = (</span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">int</span><span style="font-family: Consolas; font-size: 11.5pt;">)System.Net.</span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">HttpStatusCode</span><span style="font-family: Consolas; font-size: 11.5pt;">.NotFound;<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">HttpContext</span><span style="font-family: Consolas; font-size: 11.5pt;">.Current.Items[</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">"Set404StatusCode"</span><span style="font-family: Consolas; font-size: 11.5pt;">] = </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">true</span><span style="font-family: Consolas; font-size: 11.5pt;">;<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> }<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">public</span><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">static</span><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">void</span><span style="font-family: Consolas; font-size: 11.5pt;"> ShowError404IfNeeded()<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> {<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">if</span><span style="font-family: Consolas; font-size: 11.5pt;"> (!</span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">HttpContext</span><span style="font-family: Consolas; font-size: 11.5pt;">.Current.IsCustomErrorEnabled) </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">return</span><span style="font-family: Consolas; font-size: 11.5pt;">;<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">if</span><span style="font-family: Consolas; font-size: 11.5pt;"> (</span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">HttpContext</span><span style="font-family: Consolas; font-size: 11.5pt;">.Current.Response.StatusCode == 404)<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> {<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">if</span><span style="font-family: Consolas; font-size: 11.5pt;"> (</span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">HttpContext</span><span style="font-family: Consolas; font-size: 11.5pt;">.Current.Items[</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">"Set404StatusCode"</span><span style="font-family: Consolas; font-size: 11.5pt;">] == </span><span style="color: blue; font-family: Consolas; font-size: 11.5pt;">null</span><span style="font-family: Consolas; font-size: 11.5pt;">)<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> {<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> </span><span style="color: #2b91af; font-family: Consolas; font-size: 11.5pt;">HttpContext</span><span style="font-family: Consolas; font-size: 11.5pt;">.Current.Server.Transfer(</span><span style="color: #a31515; font-family: Consolas; font-size: 11.5pt;">"~/Error404.aspx"</span><span style="font-family: Consolas; font-size: 11.5pt;">);<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> }<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> }<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;"> }<o:p></o:p></span></pre>
<pre style="background: white;"><span style="font-family: Consolas; font-size: 11.5pt;">}<o:p></o:p></span></pre>
<div class="MsoNormal">
<br /></div>
</div>Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-90394491011122841652012-07-26T10:37:00.001-04:002017-06-08T18:19:25.715-04:00Drop orphaned user who holds SQL Server serviceIt's easy to google "The database principal owns a schema in the database, and cannot be dropped" error, but have you tried to google "The database principal owns a service in the database, and cannot be dropped."?
<br /><br />
I tried, and the results were miserable -- I could find only half-baked solutions.<br />
In my case I restored SQL Server backup database that had service broker turned on and then tried to drop orphaned user... unsuccessfully as you can guess.
<br /><br />
Here's the solution.
<br /><br />
1) Run this query:
<pre>select
'alter authorization on service::[' + name + '] to dbo;' as [SQL to execute prior to dropping user]
from sys.services
where principal_id = user_id('MyServer\MyOrphanedUser');</pre>
2) Execute SQL that you get as a result of the query above.
It would look something like that:
<pre>alter authorization on service::[SqlQueryNotificationService-25509d9f-4171-4701-817f-834f79a4a882] to dbo;</pre>
<pre>
3) Finally you can drop your orphaned user:</pre>
<pre>drop user [MyServer\MyOrphanedUser];</pre>
<br />
Credits:
<a href="http://social.msdn.microsoft.com/Forums/eu/sqlsecurity/thread/872980d3-ea1e-4848-b434-dbd4a06dd64a">How to disconnect service from orphaned user by Nimit Parikh</a>
<br/><br/>
P.S.: I also tried:
<pre>delete from sys.services where principal_id = user_id('MyServer\MyOrphanedUser')</pre>
and got: "Ad hoc updates to system catalogs are not allowed." error.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com2tag:blogger.com,1999:blog-13221527.post-35499806884749876732011-05-19T20:07:00.007-04:002011-05-19T20:24:44.998-04:00Role-based permissions vs. Enterprise permissions<h2>The problem</h2><br /><a href="http://www.postjobfree.com">My application</a> has multiple features. For example:<br />1) <a href="http://www.postjobfree.com/resume/mqnlee/postjobfree-net-developer-oracle-c-jacksonville-fl">View resume</a>.<br />2) Sending message to resume poster.<br />3) Viewing contact information on a resume.<br />My application has multiple users. For example:<br />1) Anonymous<br />2) Fred Lurker<br />3) Paul Generous<br />I want to allow some users to have access to one set of features and other users to have access to another set of features.<br />For example I want:<br />1) Anonymous users to have ability to view resume<br />2) Fred Lurker to be able to view resume and to send messages to resume poster.<br />3) Paul Generous to be able to see resume, send messages, and be able to see contact information on the resume.<br /><br /><h3>Direct Permissions Mapping</h3><br />The most direct approach would be to make every feature check a user who tries to access it. For example:<pre>If (User is “Fred Lurker” or User is “Paul Generous”)<br />{<br /> Allow user to send a message.<br />}<br />If (User is “Paul Generous”)<br />{<br /> Allow user to view resume contact information.<br />}</pre>That’s very direct and simple, but does not scale at all. My application has thousands of users, new users are added to the system, old users are deleted, and existing users are getting access more or less features over time. In order to deal with all that code would have to constantly change which is not feasible.<br /><br /><h2>Role-based Permissions</h2><br />Better approach would be to introduce roles. For example:<br />1) “Recruiters” role that has access to “Sending message to resume poster” feature.<br />2) “PayingUsers” role that has access to “Viewing contact information on a resume” feature.<br />Then:<br />1) Add “Fred Lurker” user to “Recruiters” role.<br />2) Add “Paul Generous” user to “PayingUsers” role.<br />With such approach software developers would define what roles have access to what features. They would define it in code (e.g. in C#, C++ or Java).<br />Application administrator would define roles that users have access to.<br />When Paul Generous pays his membership fee, administrator would simply add Paul to “PayingUsers” role. Administrator does not need to explicitly define what features Paul would have access to, because it’s already defined by developers in application code for “PayingUsers” role.<br />To summarize:<br />1) Roles introduce one intermediate step in mapping users to features.<br />2) Developers map roles to features<br />3) Administrators map users to roles.<br /><br /><h2>Enterprise Permissions</h2><br />What if I want my application to be more flexible and allow administrator to map groups of users to features without asking developers to modify code?<br />That could be setup like this:<br />1) My enterprise system would still have Users.<br />2) I’d add Groups, so administrator would be able to add users to groups.<br />3) Developer would add Privileges, so administrator would be able to map groups to privileges.<br />4) Developer would code features in such a way that one feature would be mapped to one privileges in my code:<pre>If (user.HasPrivilege(“ViewResume”))<br />{<br /> ShowResume()<br />}</pre>5) Administrator would create and delete Groups and map these groups.<br />Enterprise Permissions system gives lots of flexibility to application administrators. It’s very appealing for IT department management to be able to tweak users’ permissions without need to wait for developers releasing new version of the app. That’s why such enterprise permissions systems are so popular.<br /><br /><h2>Disadvantages of Enterprise Permissions</h2><br />Unfortunately in real life flexible enterprise permissions system causes nothing but pain.<br />Here’s why:<br /><b>1) With any flexibility comes added complexity.</b><br />Having “Users-Groups-Privileges-Features” chain instead of shorter “Users-Roles-Features” chain – significantly complicates the number of possible combinations of how permissions to access features can be granted to end users.<br />That means permissions could be granted to a user in several different ways through multiple groups. So it’s hard to revoke user’s permissions if necessary simply because it’s hard to figure out what permissions does the user really have.<br /><b>2) It’s very hard for administrators to grasp what group should map to what privileges.</b><br />Administrator focuses on the end user. Administrator knows what groups user should belong to. But administrators have only vague idea about what privilege allows user to do in the application. <br />End result: developer is setting up the permissions anyway. <br /><b>3) Enterprise permissions are much harder for developers.</b><br />Developers know what features should be available to what role (see Role-based Permissions above). Developers can map features to roles in their code.<br />Can developers map features to privileges and then map privileges to groups?<br />Yes, they can. But it’s harder. It’s more work. It requires both coding in C#/Java and scripting in SQL. Or even worse approach – mapping groups to privileges in the UI (error-prone deployment nightmare).<br />Administrators can setup new groups that developers do not know about. Administrators can delete groups that developers originally created. All that can quickly bring system to its knees. That’s why in the end administrators are afraid to create and delete groups and that defeats original purpose of enterprise system to give more flexibility to application administrators.<br /><b>4) It’s hard to trace changes in Enterprise Permissions.</b><br />In role based system roles-features mapping is coded in C#/Java and is stored under source control. Code changes history helps to find out when and why this role was mapped to that feature.<br />Not so with mapping between groups and privileges. Such mapping is stored in database and is wiped out without trace every time when administrator changes the mapping.<br />There are no comments on why groups-features mapping was done the way it was done. There is simply no place to put such comment (unlike roles-features mapping that can be commented in C#/Java code).<br /><br /><h2>Conclusion</h2><br />The most robust way of handing permissions in most of applications is with role-based permissions (Users-Roles-Features).<br />In spite of “flexibility” appeal of enterprise-based permissions (Users-Groups-Privileges-Features), such system has serious disadvantages and virtually no real advantages.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com3tag:blogger.com,1999:blog-13221527.post-69665152539658222402011-01-25T14:40:00.003-05:002011-01-25T14:49:57.684-05:00Fixed headers scrollable content in HTML tableIt's a tough problem to create HTML table in such a way that supports all of the following requirements simultaneously:<br />1) Has scrollable table body with content.<br />2) Has fixed table column headers.<br />3) Has header columns automatically aligned with body columns.<br /><br />I looked through multiple solutions on the internet, and the best option so far is <a href="http://farinspace.com/jquery-scrollable-table-plugin/">jquery.tablescroll.js plugin by Dimas Begunoff</a>.<br /><br />It allowed me:<br />1) Not to specify columns width explicitly.<br />2) Have multi-row headers with some cells spanning across several columns. The only trick is that first header row should have the same number of cells as body row.<br /><br />While it's the best solution I could find -- it's still not perfect.<br />If table is pretty busy, and table content pushes column borders pretty hard -- header columns do not align perfectly with body columns.<br /><br />If anybody knows better solution -- please let me know.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-73933504030849234302010-10-18T00:18:00.003-04:002010-10-18T00:59:29.312-04:00Boolean Search to SQL CONTAINSToday I rolled out <a href="http://postjobfree.blogspot.com/2010/10/boolean-search.html">Boolean Search</a> feature for <a href="http://www.postjobfree.com">PostJobFree</a>.<br />PostJobFree uses SQL Server backend, so it seems obvious to use Full-Text search that SQL Server have to process boolean search queries from users.<br />Unfortunately it's not as easy:<br />Full-Text search CONTAINS query is pretty strict, and crashes the whole SELECT statement if CONTAINS clause syntax is not correct. For example: <blockquote>asp sql</blockquote> query would crash SQL Server's SELECT command if the query would be passed into CONTAINS clause as-is. Correct syntax would be: <blockquote>asp AND sql</blockquote> So I need to write a parser that parses user's search input into boolean search query object hierarchy and then renders CONTAINS query for SQL Server from that hierarchy.<br />Here's how I designed it.<br />Search object hierarchy consist of the following parts:<br />1) Word. It consists only of letters, digits, dots, and dashes. Dashes can be only be inside the word, between letters/digits. Dash outside the word is considered as negation.<br />2) Phrase. Phrase can have any chars wrapped in quotes.<br />3) OrList. OrList consists from two or more elements, separated by "or". For example:<blockquote>("sql server" or oracle or DB2)</blockquote>4) AndList. AndList consists from two or more elements, separated by "and" or "and not" operators. For example: <blockquote>sql and asp and not oracle</blockquote>This query would be rendered into AndList that consists of 3 elements.<br />Both OrList and AndList could consist not only from atomic pieces (such as Word and Phrase), but also from OrList and AndList subelements.<br /><br />Parsing logic:<br />1) Split input query by quote char ('"'). Basically even elements in this split list are phrases. Everything else does not contain phrases.<br />2) After phrases are extracted, partially processed list consists of strings and Phrase objects.<br />3) Next step is to extract parenthesis that are not wrapped by other parentheses. Consider example:<blockquote>(one and (two or three)) or four</blockquote> "one and (two or three)" would be extracted from original query, and then recursively processed again.<br />The recursion ends when there are no more parentheses.<br />4) When recursion is so deep, that there are no parentheses left in a subquery, then that subquery is split by "or" word (or "|" char).<br />5) Last major step is to split remaining subquery into AndList. The trick here would be to appropriately assign negation if subquery was preceded by negation orerator "not", "!", or leading dash ("-").<br /><br />After query is fully parsed, it's time to get final CONTAINS query for SQL Server.<br />It can be accomplished by overriding ToString() method for Word, Phrase, OrList, and AndList:<br />1) Word just converting containing text to UpperCase.<br />2) Phrase's ToString() overload converts InnerText to UpperCase and wraps it by quotes.<br />3) AndList joins all elements into single string using "&" separator or "&!" separator if one of AndList's subqueries was negated.<br />4) OrList joins all elements into single string using "|" separator. Then it wraps the result by parenthesis.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com2tag:blogger.com,1999:blog-13221527.post-47351053633630298502010-09-23T10:00:00.002-04:002010-09-23T10:06:53.011-04:00How to set executionTimeout for individual requests?You probably know that you can change http request processing timeout for specific page like this:<br /><pre> <location path="MyLongRunningHttpHandler.ashx"><br /> <system.web><br /> <httpRuntime executionTimeout="600" /><br /> </system.web><br /> </location></pre>But what if you want to set it up for a control or just a function and do not have predefined list of pages to specify it in web.config?<br />Of maybe you don't want to pollute web.config with junk like that?<br /><br />There should be some way to do it in C# code, right?<br />Right.<br />Here's how you do it:<pre> HttpContext.Current.Server.ScriptTimeout = 600; // 10 minutes</pre>If that's what you were looking for, you probably want to test it.<br />I tried to test it too, and it turned out to be tricky.<br /><br />First I set web.config's timeout to 2 seconds:<br /> <httpRuntime executionTimeout="2" /><br /><br />Then I put 10 seconds delay to my ashx handler's code-behind:<br /> System.Threading.Thread.Sleep(10000); // 10 seconds<br /><br />Then I commented this line:<br /> // HttpContext.Current.Server.ScriptTimeout = 600; // 10 minutes<br /><br />and opened my ashx handler's url in browser.<br /><br />I expected it to crash with timeout error... but it did not happen.<br />:-O<br />Few experiments showed that executionTimeout works only if all of the following is true:<br />1) Domain name is not localhost (to test timeout you should use "YourComputerName" instead of "localhost").<br />2) Project is compiled in Release mode.<br />3) <compilation debug="false"><br />If any of the above is not true then executionTimeout length is virtually unlimited.<br />On top of that IIS typically times out later than executionTimeout limit asks it too.<br />When I set executionTimeout=2 and made my page request to sleep for 10 seconds, I was getting "Request timed out." response only in ~40% of requests.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com1tag:blogger.com,1999:blog-13221527.post-80136289509959730662010-09-13T15:34:00.005-04:002010-09-14T08:08:21.552-04:00Sneaky MaxItemsInObjectGraph attribute in WCFI spent almost couple of days trying to figure out what caused WCF service to crash (in a weird way) when it was tried to return large resultset.<br />Initially the problem expressed itself on the WCF client side. When number of records in returning results was close to 5000 – WCF client generated <br />Meaningless "An existing connection was forcibly closed by the remote host." exception.<br />Google search for '"An existing connection was forcibly closed by the remote host." WCF size' brought up<br /><a href="http://forums.asp.net/p/1517757/4075511.aspx">WCF issues sending large data</a> forum discussion.<br />The right answer (maxItemsInObjectGraph) was mentioned there, but it was buried under pile of misleading suggestions.<br /><br />One step toward the solution was to use soapUI utility to make the requests (instead of calling WCF service from another .NET client).<br />That helped to determine that the problem is on the WCF server side -- soapUI simply couldn't get any response (when number of returning dataset rows was ~5000+).<br /><br />What really helped to find the final answer -– was enabling WCF diagnostic by adding this to web.config on server side:<pre><system.diagnostics><br /> <sources><br /> <source name="System.ServiceModel" switchValue="Warning, ActivityTracing"<br /> propagateActivity="true"><br /> <listeners><br /> <add type="System.Diagnostics.DefaultTraceListener" name="Default"><br /> <filter type="" /><br /> </add><br /> <add name="ServiceModelTraceListener"><br /> <filter type="" /><br /> </add><br /> </listeners><br /> </source><br /> </sources><br /> <sharedListeners><br /> <add initializeData="app_tracelog.svclog"<br /> type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, <br /> Culture=neutral, PublicKeyToken=b77a5c561934e089"<br /> name="ServiceModelTraceListener" traceOutputOptions="Timestamp"><br /> <filter type="" /><br /> </add><br /> </sharedListeners><br /> </system.diagnostics></pre>Then app_tracelog.svclog revealed much more specific error message:<br />---<br />Maximum number of items that can be serialized or deserialized in an object graph is '65536'. Change the object graph or increase the MaxItemsInObjectGraph quota. '<br />---<br />Quick googling for "maxItemsInObjectGraph" brought me to <a href="http://blog.hill-it.be/2007/08/22/maxitemsinobjectgraph-and-keeping-references-when-serializing-in-wcf-2/">MaxItemsInObjectGraph and keeping references when serializing in WCF</a> blog post which recommended to add the following section to WCF server web.config:<pre><behaviors><br /> <serviceBehaviors><br /> <behavior name="LargeServiceBehavior"><br /> <dataContractSerializer maxItemsInObjectGraph="100000"/><br /> </behavior><br /> </serviceBehaviors><br /></behaviors></pre>and this section to WCF client web.config:<pre><behaviors><br /> <endpointBehaviors><br /> <behavior name="LargeEndpointBehavior"><br /> <dataContractSerializer maxItemsInObjectGraph="100000"/><br /> </behavior><br /> </endpointBehaviors><br /></behaviors></pre>That worked.<br />I used VS.NET 2008 / .NET Framework 3.5, but I think that is applicable to .NET 4.0 too.<br /><br />Enjoy.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-45319746669099176712010-09-09T10:36:00.001-04:002010-09-09T10:37:40.797-04:00How to allow multiple users in RDC in Windows 7 64 bit<a href="http://www.missingremote.com/index.php?option=com_content&task=view&id=3692&Itemid=232">Guide: How to Enable Concurrent Sessions in Windows 7 RTM</a>Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-69871564362552494522010-06-03T14:49:00.000-04:002010-06-03T14:59:43.687-04:00How to preserve data during processing HttpRequest in ASP.NET?The answer to it is <a href="http://www.mikeduncan.com/3-hot-uses-for-httpcontextcurrentitems-they-wont-tell-you-about/">HttpContext.Current.Items</a><br /><br />I'm planning to use HttpContext.Current.Items for preserving pointers to controls that would render final javascript on the pages.<br />Or may be preserve javascript itself and then make these controls to retrieve the javascript from HttpContext.Current.Items["BottomScriptBuilder"] and HttpContext.Current.Items["HeadScriptBuilder"]?<br /><br /><br /><a href="http://www.hanselman.com/blog/ATaleOfTwoTechniquesTheThreadStaticAttributeAndSystemWebHttpContextCurrentItems.aspx">System.Web.HttpContext.Current.Items is actually pretty old thing in ASP.NET</a>Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-74486287527386288442010-05-16T17:27:00.001-04:002010-05-16T17:42:43.272-04:00How to include JavaScript tracking code into head control in asp.netGoogle Analytics team recommends to include <a href="http://code.google.com/apis/analytics/docs/tracking/asyncTracking.html">Asynchronous Google Analytics tracking javascript code</a> right before closing </head> tag.<br />So, how to include that script into every page on your web site without modifying every page?<br /><br />I considered multiple solutions:<br /><br />1) Cut&paste into every page (the worst).<br /><br />2) Create HeadScriptControl.cs server control and cut&paste it into every page (slightly better, but still requires lots of cut&paste).<br />Here's an example of HeadScriptControl code:<pre>using System;<br />using System.Web.UI;<br />using System.Text;<br /><br />public class HeadScriptControl : Control<br />{<br /> private const string GoogleAnalyticsFirtsPartScript = @"<br /><script type=""text/javascript""><br />var _gaq = _gaq || [];<br />_gaq.push(['_setAccount', 'UA-XXXXXX-2']);<br />_gaq.push(['_trackPageview']);<br /></script><br />";<br /> protected override void Render(HtmlTextWriter writer)<br /> {<br /> writer.Write(GoogleAnalyticsFirtsPartScript);<br /> }<br />}<br /></pre><br />3) Create PageWithHeadScript.cs, inherit it from Page control, inherit every page on your web site from PageWithHeadScript.cs and render HeadScriptControl in PageWithHeadScript.cs like this:<pre>public class PageWithHeadScript : Page<br />{<br /> protected override void Render(HtmlTextWriter writer)<br /> {<br /> this.Header.Controls.Add(new HeadScriptControl());<br /> base.Render(writer);<br /> }<br />}<br /></pre>That approach requires even less cut&paste, but still every page on your web site needs to be touched.<br /><br />4) Using HttpHandler.<br />I think that's the best approach, because it's not necessary to modify pages at all.<br />Here’s how I do it.<br /><br />4.1. Create HttpModule:<pre>public sealed class MyHttpModule : IHttpModule<br />{<br /> void IHttpModule.Init(HttpApplication application)<br /> {<br /> application.PreRequestHandlerExecute += new EventHandler(application_PreRequestHandlerExecute); <br /> }<br /><br /> void application_PreRequestHandlerExecute(object sender, EventArgs e)<br /> {<br /> RegisterPagePreRenderEventHandler();<br /> }<br /> private void RegisterPagePreRenderEventHandler()<br /> {<br /> if (HttpContext.Current.Handler.GetType().ToString().EndsWith("_aspx"))<br /> { // Register PreRender handler only on aspx pages.<br /> Page page = (Page)HttpContext.Current.Handler;<br /> page.PreRender += new EventHandler(page_PreRender);<br /> }<br /> }<br /><br /> void page_PreRender(object sender, EventArgs e)<br /> {<br /> System.Web.UI.Page page = (Page)sender;<br /> page.Header.Controls.Add(new PostJobFree.WebUI.Controls.HeadScriptControl());<br /> }<br /><br /> void Application_BeginRequest(object sender, EventArgs e)<br /> {<br /> DosAttackAnalyzer.AnalyzeHttpRequest(Ijs.Misc.BrowserIPAddress);<br /> // DenyIpAddress.DenyAccessToCurrentIpAddressIfBlacklisted();<br /> }<br /> void IHttpModule.Dispose()<br /> {<br /> }<br />}<br /></pre><br />4.2. Register HttpModule in web.config:<pre><?xml version="1.0"?><br /><configuration><br /> <system.webServer><br /> <modules><br /> <remove name="DenyIpAddressModule"/><br /> </modules><br /> </system.webServer><br /></configuration><br /></pre><br /></pre><br />Note that it's <a href="http://forums.asp.net/t/1439126.aspx">impossible to add controls into page straight in PreRequestHandlerExecute event handler</a>.<br />That's why I subscribe for Page.PreRender event.<br /><br />Please let me know what you think.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-12313536811701107272010-05-16T00:08:00.000-04:002010-05-16T00:22:13.579-04:00ValidationSummary control is not red anymoreWe upgraded <a href="http://www.postjobfree.com">PostJobFree.com</a> to ASP.NET 4.0.<br />Then we discovered that ValidationSummary controls are not red anymore.<br /><br />It turned out that <a href="http://www.asp.net/%28S%28ywiyuluxr3qb2dfva1z5lgeg%29%29/learn/whitepapers/aspnet4/breaking-changes">The BaseValidator class and validation controls that derive from it no longer render red text by default</a>.<br /><br />Why did ASP.NET team make that breaking change?<br />Because they wanted to <a href="http://blog.hmobius.com/post/2010/03/03/ASPNET-Part-9-Rendering-Cleaner-HTML.aspx">render cleaner and more CSS compliant HTML</a><br /><br />Anyway, here's the solution:<br />Add ~/App_Themes/Default/Default.skin<br />Put there: <pre> <asp:ValidationSummary runat="server" ForeColor="Red" /></pre><br /><br />That worked for PostJobFree.<br />Hope it would help you too.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-63259901954305351252010-05-15T13:49:00.009-04:002014-10-01T00:04:50.188-04:00ASP-NET-SQL-XML-Dennis-Gorelik-Resume<div class="c1">
<br /></div>
<table cellpadding="0" cellspacing="0" class="c2"><tbody>
<tr><td class="c3"><div class="c5">
<img src="http://docs.google.com/File?id=dfxd8zqg_9g7wg7brx_b" height="104.0" width="224.0" /></div>
</td><td class="c3"><div class="c5">
<span class="c0">Dennis Gorelik</span></div>
<div class="c5">
<span class="c0">E-mail: </span></div>
<div class="c5">
<span class="c0">blogresume @ dennisgorelik.com</span></div>
</td></tr>
</tbody></table>
<br />
You describe your business problem – I deliver technical solution<br />
Objective<br />
<br />
Team Lead / Architect / Senior Software Developer for the position that requires deep technical knowledge as well as good understanding of underlying business processes.<br />
<br />
Please ask me:<br />
- How to deploy program changes without interruptions in web site work (which is 24/7 service).<br />
- How to improve web site usability.<br />
- How to use A/B testing in Google WebSite Optimizer.<br />
- How to track web site performance and usage (Google Analytics, IIS Logs, custom logs, …).<br />
- How to use Google AdSense and Google AdWords.<br />
- How to integrate your solution with Google Checkout (payment system).<br />
- How to add maps to your web site using Google Maps API.<br />
- How ASP.NET Membership provider helps to keep users passwords reliably encrypted.<br />
- Practical way to setup data exchange with other web sites using XML web services.<br />
- How to quickly implement Full-Text search using SQL Server 2008.<br />
- How to make Web Application and background Windows Service to communicate with each other using WCF.<br />
- What physical tiers and logical layers I recommend to use for your application and why.<br />
Background<br />
<br />
Team Lead / Architect / Senior ASP.NET Developer. Over 10 years of experience in analysis, design and software development.<br />
Full system life cycle experience: design, coding, testing, bug fixing, deployment, documentation and maintenance.<br />
Preferences in Agile/RAD methodologies.<br />
Technical skills<br />
<br />
Languages: C# 4.0, VB.NET, T-SQL (DDL, DML), VB script, JavaScript, JQuery, HTML/DHTML, XML, ...<br />
<br />
Technologies: ASP.NET 4.0, ADO.NET, WCF (Windows Communication Foundation), XML Web Services, Unit test, WPF …<br />
<br />
Databases: MS SQL Server, Oracle, DB2 …<br />
Development Tools: Google Search, Visual Studio.NET 2005 Team Edition, Microsoft SQL Server Management Studio, Nant, Toad VI, MS Visio, Google Docs, MS Office, Google Maps API.<br />
Web Development: ASP.NET, XML Web Services, IIS, JavaScript, HTML, DHTML, CSS, ...<br />
Reporting Tools: Microsoft Reporting Services, Crystal Reports.<br />
Version and Source Control: TFS, Visual Source Safe, Subversion, VisualSVN, ...<br />
Operating Systems: Windows 7, Windows Server 2008, MS Windows XP/2000/NT, Windows 95/98/Me, Windows 3.xx, MS DOS.<br />
Projects history<br />
<br />
May 2008 - Present. Team Lead, www.postjobfree.com, Jacksonville, FL<br />
<br />
Tools and technologies: VS.NET 2010 (ASP.NET, WCF, AJAX, JQuery, Unit Tests, Web Tests, MembershipProvider …), C# 4.0, SQL Server 2008, VisualSVN, NDepend, Reflector, Google Analytics, AdWords, AdSense.<br />
<br />
- Architected and implemented www.postjobfree.com.<br />
- Integrated PostJobFree with external systems: job search aggregators, Google and search engines, Twitter, … (XML Services, API calls).<br />
- Designed and lead implementation of search alerts, including immediate match delivery.<br />
- Analyzed users’ feedback and prioritized development features.<br />
- SEO (Search Engine Optimization):<br />
- Implemented RESTful architecture: Made all content available through direct HTTP GET requests (direct URLs to every bit of information without need to clicking buttons (HTTP POST)).<br />
- Exposed PostJobFree web content through Site Maps to Google and Yahoo search engines.<br />
- Designed & implemented strategy to fight spam and duplicates.<br />
- Designed database structure to accommodate business requirements.<br />
September 2010 - December 2010. Senior ASP.NET developer, Lender Processing Services, Jacksonville, FL<br />
<br />
http://www.lpsvcs.com - Tax Desktop application -- tax oriented component of Loan Processing System.<br />
Tools & Technologies: ASP.NET 3.5, C#, VS.NET 2008, MS SQL Server 2008, T-SQL Stored Procedures, WCF web services, JavaScript, JQuery, TFS.<br />
Accomplishments:<br />
Extended business functionality (Loan details, Tax Lines).<br />
Refactored spaghetti code into object oriented muti-tier/multi-layer solution with:<br />
- DAO (Data Access Object -- client consuming WCF service)<br />
- WCF service (Windows Communication Foundation)<br />
- BLL (Business Logic Layer)<br />
- DAL (Data Access Layer) that faces LINQ-to-SQL designer.<br />
Eliminated the need of updating web references and minimized WCF client footprint in web.config, which improved code maintainability.<br />
Identified SQL Connection leak and implemented solution that fixes it.<br />
<br />
- September 2005 – May 2008. Senior ASP.NET & database developer, National Flood Services, Kalispell, MT<br />
http://www.nfsmt.com/ - the company works in flood insurance business.<br />
Conversion from Legacy system (AS-400/DB2/VB6/ASP/ASP.NET/MS SQL2000) to new ASP.NET 2005 / MS SQL 2005 application.<br />
<br />
Tools & Technologies: ASP.NET 2.0, VS.NET 2005, C# 2.0, SSRS (SQL Server Reporting Services), Generics, Provider Model, User Controls, Master pages, GridView, Web parts, ADO.NET, Web Forms, XML Web Services, MS SQL Server 2000, Validation controls, JavaScript, Telerik controls, HTML/DHTML, CSS, VSS, Web Forms.<br />
<br />
Achievements:<br />
<br />
- Data Warehouse: Architected and developed system that imports data from legacy database (DB2) in form of flat files. Incoming data is parsed, scrubbed for errors, and loaded into final database in denormalized form for fast reports performance.<br />
<br />
Data Correction Application: Designed and developed application that allows to review and fix incorrect data that was imported into Data Warehouse (Winforms, C#, Web Services, SQL Server 2005).<br />
<br />
Insight Reports: Architected and developed web application for report requests – users can customize reports according to their requirements (ASP.NET 2.0, MS SQL 2005, SSRS (SQL Server Reporting Services), Web Services, JavaScript, HTML/DHTML, Telerik controls,<br />
DB2, SQuirreL SQL 2.1).<br />
- Developed custom Membership and Role providers to access legacy database (ASP.NET 2.0, Provider Model, MS SQL 2000, DB2).<br />
- Developed custom localization provider (C# 2.0, Reflector. Namespaces: System.Reflection, System.Resources, System.Web.Compilation, System.IO).<br />
Developed User Management system + Web site administration (MS SQL 2005, ASP.NET 2.0 Login controls).<br />
- Developed several Flood Service providers (C# 2.0, HttpWebRequest).<br />
- Developed UI for testing various Flood Service providers (ASP.NET, C# 2.0, GridView, ObjectDataSource, Session, ViewState).<br />
- Helped others to solve technical problems.<br />
June 2005 – August 2005. Senior ASP.NET developer, IBM Global Services, Indianapolis, IN<br />
<br />
http://www.ibm.com/services/<br />
This is fast paced project for Wells Fargo bank (http://www.wellsfargo.com/). The project was about making web portal for managing vendor evaluation scorecards.<br />
Snapshots: http://www.dennisgorelik.com/resume/IbmGlobalServices<br />
Tools & Technologies: ASP.NET, C#.NET, ASP.NET User Controls, ADO.NET, Web Forms, MS SQL Server 2000, Validation controls, JavaScript, HTML/DHTML, CSS, VSS, RapTier codegenerator.<br />
<br />
Achievements:<br />
- Analyzed business requirement.<br />
- Defined technical details of the solution.<br />
- Developed scorecard template functionality edit/view/report (ASP.NET, C#, MS SQL, Stored Procedures, RapTier, CSS, HTML).<br />
- Implemented making and handling web-page snapshorts in “Web archive, single file (*.mht)” format:<br />
- Developed functionality for saving web pages snapshots into database (used CDO functionality).<br />
- Developed functionality for viewing saved snapshots.<br />
Saved images into database and showed images from database on web pages.<br />
Implemented Scorecard View with dynamical load of heterogeneous user controls into the web page.<br />
Developed several appendices for Scorecard functionality:<br />
- Designed database tables.<br />
- Created stored Procedures / Views / User defined functions<br />
- Created middle-tier DB classes (C#).<br />
- Created AppendixControl_Base.cs as a base for “Appendix” user controls. This base class was used by me and other developers in the team.<br />
- Created user controls (*.ascx / C#).<br />
Tested, fixed, and modified application according to changes in user requirements.<br />
December 2004 – June 2005. Senior ASP.NET developer, Cendant Mobility, Danbury, CT<br />
<br />
http://www.cendantmobility.com/<br />
<br />
Tools & Technologies: ASP.NET, C#.NET, ASP.NET User Controls, ADO.NET, Web Forms, Win Forms, MS SQL Server, Remoting, Validation controls, JavaScript, HTML/DHTML, CSS, Nant, VSS.<br />
Analyzed business requirements.<br />
- Developed Template Request module (ASP.NET, C#, JavaScript, ADO.NET) and integrated it with existing application https://atlas.cendantmobility.com/.<br />
- Template finder.<br />
- Multiple container pages.<br />
- Various template list screens with "multiple rows add" and "multiple rows remove" functionality (ASP.NET, JavaScript). (“Template associations”, “Template list”).<br />
- “Update” screens (document template update, package template update).<br />
- Developed ASP.NET User controls, including:<br />
- Template list ASP user control - with Middle tier call, page navigation (paging), and sorting all columns.<br />
- Navigation ASP user control.<br />
- Created unit tests (WinForms).<br />
- Used the following techniques:<br />
- Nested pages (iframe), including nesting iFrames.<br />
- Popup pages (Template finder, Product selection)<br />
- Style sheets (*.css)<br />
- Wrote stored procedures.<br />
- Set up Nant --- tool for automatic build generation (for daily build).<br />
- Helped other developers to solve technical problems.<br />
<br />
August 2004 – December 2004. Senior ASP.NET developer, MPS Group, Jacksonville, FL<br />
http://www.mpsgroup.com/<br />
“Knowledge Spring” web portal project development.<br />
Developed portlets(ASP.NET user controls) for multi-tier web system.<br />
Tools & Technologies: VS.NET, ASP.NET, User Controls, Portlets, Repeater, DataList, Validator Controls, JavaScript, C#.NET, VB.NET, WebForms, WinForms, Oracle 9.2, LLBLGen Pr- Engine, Toad VI, SQL Plus, VB Script, PL/SQL script, ADO.NET, XML Web Services, MS VSS 6.0d, ComponentArt TreeView.<br />
<br />
Projects:<br />
- Directory Browser (recursive browsing through database items + Properties PopUp)<br />
- MessageSet Editor & Message Editor (used repeater and Cute Editor control)<br />
- Role Editor, UserSelectionControl, Actions Editor PopUp<br />
- Attribute Editor, Portlet type editor, User Control editor, Item Types editor, DomainMappings editor, Audiences editor, Actions editor (repeater, JavaScript including passing data between main and popup windows, Web Validation Controls)<br />
- SubstitutionVariables editor (used RegEx expressions)<br />
- FileReportViewer (including NTFS permissions check through Advapi32.dll and Kernel32.dll API)<br />
- Developed Windows services (C#).<br />
- Developed win forms test app.<br />
- Site Directory View 3-layers tree (ComponentArt TreeView).<br />
- Configurations loading (VB Script, PL/SQL script, *.lst files).<br />
May 2004 – July 2004. .NET architect, Yellow Pepper, Boston, MA<br />
<br />
http://www.yellowpepper.com/<br />
Tools & Technologies: VS.NET, ASP.NET, C#.NET, VB.NET, WebForms, WinForms, MS SQL 2000, ADO.NET, XML Web Services, MS Visual Source Safe, Groove.<br />
<br />
Projects:<br />
- Shazam web service wrapper.<br />
- SMS Tracker – tracks information about SMS messages delivery.<br />
- SMS Games – games based on sending/receiving SMS text messages to/from cell phone.<br />
- Phone number look up – look up information about specified phone number (Carrier, Gate, IsWireless, City, State, Country, Switch).<br />
August 2003 – April 2004. Senior .Net Software developer, Wurzburg, Memphis, TN<br />
<br />
Tools & Technologies: ASP.NET, C#.NET, WebForms, WinForms, MS SQL 2000, ADO.NET, Microsoft Application Block, Remoting, Crystal Reports, XML Web Services, User controls, Server Controls, MS Visual Source Safe, MS Project, MS Visio.<br />
<br />
Projects: <br />
Development of various functionalities for warehouse project.<br />
<br />
Web-site security<br />
Designed and developed security framework for the web application: User authentication and authorization, Cross-applications calls.<br />
<br />
UPS address validation project<br />
Designed and developed mail address validation program. The program interface is exposed through web-page interface (and .csv file) and through XML Web Service (http://www.wurzburg.com/UPS/UpsValidation.asmx).<br />
Technologies: ASP.NET, IIS, C#, XML, XML Web Services.<br />
The program prepares XML-request and send it to UPS.<br />
<br />
The program is based on UPS EDI functionality exposed here:<br />
https://www.ups.com/ups.app/xml/AV<br />
<br />
Reports project<br />
Developed various business reports. Reports are provided in PDF-format, HTML-format, and can be printed directly to the specified printer. Reports functionality is exposed as to end users (through web-pages) as to other developers (in form of XML web services).<br />
Technologies: IIS, ASP.NET, C#, Crystal Reports, ADO.NET, MS SQL Server 2000 (stored procedures, views, functions), XML Web Services, IE 6.<br />
<br />
Catalogue project<br />
Designed catalogue module, including ASP.NET and MS SQL database design. Developed shopping card functionality.<br />
<br />
Label printing project<br />
Designed and developed program to print bar-code labels. Program is tightly integrated with the company’s database. For instance, user which prints a label is associated with it’s own label printer.<br />
Technologies: IIS, ASP.NET, C#, Crystal Reports, ADO.NET, MS SQL Server 2000 (stored procedures, views, functions), IE 6.<br />
<br />
Deployment<br />
Worked out fast and reliable deployment method. This method allows to deploy development changes to Production every day. Automated deployment SQL-script preparation.<br />
In case of emergency deployment can be made even more often (in extreme cases up to 4 times per day).<br />
Technologies: VS.NET, Database project, VSS, ASP.NET.<br />
Performance<br />
After initial prototyping and user evaluation I improved performance of "bottle-neck" applications. Modified SQL-queries, used MS SQL Query analyzer and SQL Profiler.<br />
<br />
Other responsibilities<br />
Was responsible for managing project documentation and for Visual Source Safe administration.<br />
<br />
April 2003 – August 2003. Team leader. Global Consulting Group, Cincinnati, OH<br />
<br />
Tools & Technologies: Visual Studio .NET, VB.NET, C#.NET, WebForms, WinForms, ADO.NET, MS SQL 2000, MS Visual Source Safe, MS Project, MS Visio.<br />
<br />
Responsibilities: Lead team of 3 developers.<br />
Achievements:<br />
<br />
- Analyzed business requirements.<br />
- Designed application architecture.<br />
- Wrote technical specification.<br />
Coached team members.<br />
- Implemented logical and physical database design.<br />
- Created SQL-queries (T-SQL).<br />
- Developed web UI forms (ASP.NET, WebForms).<br />
- Implemented data exchange (ADO.NET).<br />
- Created business components (C#.NET).<br />
- Created reports (Crystal Reports 9.0).<br />
- Created XML Web services.<br />
- Created XSL transformations.<br />
May 2002 - April 2003. Application Developer, Scala<br />
<br />
http://www.scala.net/<br />
Tools & Technologies:<br />
<br />
Visual Studio.NET, VB.NET, ASP.NET, WinForm, WebForms, Visual Basic 6.0, MS XML Parser, SOAP, Crystal Reports, MS SQL Server, Oracle, VC++, VB Script, Syncr- VSS, Source of Site and Visual Source Safe for version control.<br />
MS Project for time tracking.<br />
Benjamin (http://benjamin.scala.se/) - for tracking bugs and features.<br />
MS Office, Rational Rose diagrams – for documentation purposes.<br />
<br />
Responsibilities: Migration of legacy VB6 application into new .NET application. Reports development, XML services development for ERP (Enterprise Resource Planning) system. Retail sales, Warehousing, and Accounting modules development.<br />
<br />
Achievements:<br />
- Converted existing VB6 application into VB.NET application.<br />
- Developed WinForms (VB.NET).<br />
- Developed WebForms (ASP.NET).<br />
- Implemented business logic (VB.NET).<br />
- Created and modified SQL-queries.<br />
- Developed several XML services for iScala (see: http://www.scala.net/scalasap/scalasap.asp):<br />
- Created XSD, XDR schemas and XML samples. (Used XML Spy http://www.xmlspy.com/).<br />
- Created XSLT transformations. Used Xselerator http://www.vbxml.com/xselerator/.<br />
- Created business reports (Crystal Reports).<br />
- Created and maintained tools for development process:<br />
- Universal AutoTest program for testing iScala XML-services.<br />
- Wrote documentation for AutoTest program.<br />
- XML validator – allows quick checking is XML document valid or not.<br />
- XML service registrator – copies all necessary components of specified XML service on tester’s computer and registers them under COM+ server.<br />
- Created and modified type libraries (*.idl, *.tlb).<br />
- Designed Work Flow diagrams for iScala.<br />
October 2001 - April 2002: System analyst/Software developer, Egar Technology Corporation<br />
<br />
http://www.egartech.com/<br />
Tools & Technologies: MS SQL 2000, VB 6.0, Data Environment, ADO, Far Point Spread 2.5 (data grid), Crystal Reports 8.0, VSS 6.0, Visual InterDev 6.0, ASP, Rational ClearQuest and MS Outlook.<br />
<br />
Responsibilities:<br />
Development of the Collateral module for financial system. Data Modeling. ER-diagrams (ERwin).<br />
Full Application consists of more than 300 database tables, 200 views, 500 stored procedures, 1000 VB-forms and modules<br />
<br />
Achievements:<br />
- Developed Back End of the Collateral module (tables, constraints, views and stored procedures).<br />
- Developed VB user interface (Designed client forms and wrote VB-code).<br />
- Created various financial reports (Crystal Reports 8.0).<br />
- Developed Web interface (ASP).<br />
- Wrote SQL-script for database deployment on customer computer.<br />
- Used Rational ClearQuest to track defects and change requests.<br />
- Used Visual InterDev for DB-scripts (SP and view) handle and version tracking and control via VSS.<br />
November 2000 – September 2001: Software developer, Granat International Inc., Cleveland, OH<br />
<br />
http://www.granatinternational.com/<br />
Tools & Technologies:<br />
VB 6.0, MTS, Visual Source Safe 6.0, InterDev, IIS, ADO, MS SQL 7.0 (MS SQL Query Analyzer, MS SQL Enterprise manager), Microsoft Transaction Server 2.0, Crystal Reports 8.0, VB-script (MS-Word 2000), Windows 2000.<br />
<br />
Project: Loan Inventory Control System. Migration from Clipper to VB6.<br />
Application consists of more than 200 forms and reports. It is 3-tier application.<br />
<br />
Responsibilities:<br />
The task was complete transferring the business logic from the existing file-server application (AS400, Clipper) to the Windows 3-tier architecture. Customer is the “Leader Mortgage” co., USA, OH (http://www.mortgagemag.com/guide/c008/c008630.htm).<br />
<br />
Achievements:<br />
- Investigated behavior of DOS-application and its source code (Clipper).<br />
- Created DTS-package for conversion *.dbf into MS SQL database.<br />
- Developed SQL-queries and business logic (COM+ components).<br />
- Created reports (Crystal Reports 8) and forms for view and update database information.<br />
- Developed VB-script (MS Word 2000), which helps to convert large fragments of clipper source code to VB code.<br />
- Developed Web interface (ASP).<br />
Certification<br />
<br />
Microsoft<br />
<br />
http://www.microsoft.com/learning/mcp/transcripts<br />
Transcript ID: 663106<br />
Access Code: dennisgorelik<br />
- 070-320 exam (Developing XML Web Services and Server Components with Microsoft Visual C#.NET and the Microsoft .NET Framework).<br />
Score: 981.<br />
- 080-316 exam (Developing and Implementing Windows-based Applications with Microsoft Visual C#.NET and Microsoft Visual Studio.NET).<br />
Score: 917.<br />
- 080-315 exam (Developing and Implementing Web Applications with Microsoft Visual C#.NET and Microsoft Visual Studio.NET).<br />
Score: 916.<br />
Brainbench<br />
<br />
- 2004 Brainbench certification ASP.NET.<br />
- 2004 Brainbench certification C#.NET.<br />
- 2004 Brainbench certification VB.NET.<br />
http://www.dennisgorelik.com/resume/BrainbenchNetCertification.htm<br />
- 2000 Brainbench certification in MS SQL 7.0.<br />
- 2000 Brainbench certification in VB 6.0.<br />
- 2000 Brainbench certification in Active Server Pages (ASP).<br />
- 2000 Brainbench certification in MS Visual Interdev 6.0.<br />
Education<br />
<br />
1997 - 2000 MS degree in Economic and Management. South-Ural State University, Chelyabinsk, Russia.<br />
1991 - 1997 MS degree in Automatic Control Systems. Chelyabinsk State Technical University, Chelyabinsk, Russia.<br />
Personal<br />
<br />
Excellent analytical, problem solving, technical, interpersonal and communication skills with a strong entrepreneurial drive.<br />
References<br />
<br />
Wurzburg<br />
<br />
Keywords<br />
ASP.NET, C#, SQL, MS SQL Server, Microsoft SQL Server, Visual Basic, VB, JavaScript, JQuery, Microsoft developer, Microsoft technologies, Visual Studio 6.0, Visual Studio.NET, VC++, XML, MS XML Parser, XML services, XML Web Services, SOAP, EDI (Electronic Data Interchange), BizTalk, XSLT, XPath, XSD schemas, XDR schemas, OAGIS, Active Server Pages, ASPX, Visual InterDev, Visual Source Safe, VSS, VSS 6.0d, IIS, Internet Information Server, MS Office, Microsoft Office, Perl, Microsoft Access, Microsoft Word VBA, Microsoft Excel VBA, Outlook VBA, Windows 2000, Windows XP, Windows NT, Windows 98, Windows 95, Object Orienting Programming, OOP, Component Object Model, COM, COM+ Server, MTS Server, RDBMS, UML, Rational Rose, Rational ClearQuest, Crystal Reports 9.0, MSDN Library, AS400, XML Spy, ERP, Microsoft Office VBA, Microsoft Query Analyzer, Microsoft Enterprise Manager, Profiler, XSelerator, OAGIS, *.idl, *.tlb, mIDL, DLL, VB6, VB.NET, ASP.NET, User controls, Server Controls, Portlets, Repeater, DataList, DataGrid, Components, ActiveX controls, ADO, OLE DB, MS Project, MS Visio, Work Flow diagrams, The Far manager, The Bat, Grid, True DB grid, FarPoint Spread, MSN, ICQ, Email, VB script, Java script, HTML, DHTML, programmer, data modeling, ER-diagrams, Erwin, Database technologies, Database developer, System Analyst, DBA, stored procedures, SP, Views, Triggers, MS IE, eCommerce, Microsoft Internet Explorer, MCAD, NTFS permissions check, Oracle 9.2, Toad VI, SQL Plus, ComponentArt TreeView, LLBLGet, RapTier codegenerator, mht, CDO, WCF, WPF.<br />
<br />
Willing to relocate to: Tampa, FL; Saint Petersburg, FL; Orlando, FL; Jacksonville, FL; Miami, FL; Atlanta, GA; Dallas, TX; Houston, TX; Austin, TX; San Antonio, TX; Raleigh, NC; Memphis, TN; Chattanooga, TN; Nashville, TN, Phoenix, AZ; Kansas, KS; San Diego, CA; San Francisco, CA; Oakland, CA, Los Angeles, CA; Orange County, CA; SC; AL; LA; CO; AR; MS; NM; OK and some other warm places.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-82887218295605830492010-04-13T13:47:00.002-04:002010-04-13T13:51:19.438-04:00Extreme intellisenseScott Guthrie's team is working on <a href="http://weblogs.asp.net/scottgu/archive/2010/04/08/javascript-intellisense-improvements-with-vs-2010.aspx">technology that allows to build intellisense based on executing underlying JavaScript code</a>.<br />It's not available in Visual Studio yet, but looks like it would be available soon.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-87278673471744622102010-04-11T22:49:00.003-04:002010-04-11T23:02:51.427-04:00Cast from float to double errorI was surprised to find out that this line of code fails:<br /><pre><br /> Assert.AreEqual(0.1d, (double)0.1f);<br /></pre><br />(double)0.1f is actually the same as ... drumbeat ... 0.100000001490116<br /><br />Why does it happen?<br />Because float and double do NOT represent fractions precisely.<br />Rounding is always going on.<br /><br />How to deal with this?<br />There are several options:<br />1) Round double after converting float number into it.<br />For example:<br /><pre><br /> float f = 0.1f;<br /> double d = Math.Round(f, 8);<br /></pre> would assign 0.1d to d.<br /><br />2) Don't use float/Single and use double only.<br /><pre><br /> double d = 0.1;<br /></pre> would assign exactly 0.1d to d.<br /><br />3) Use decimal or bigdecimal if you are dealing with money.<br /><pre><br /> decimal m = 0.1m<br /></pre><br />Hope it helps.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-69186517718421743042010-01-23T21:15:00.008-05:002010-01-25T12:19:51.645-05:00ASP.NET: MVC Framework vs Web Forms FrameworkIt looks like <a href="http://codebetter.com/blogs/karlseguin/archive/2010/01/22/the-webforms-rant.aspx">"MVC vs Web Forms" debate heats up</a>.<br /><br />Here's my take on it:<br />1) Last time I checked, MVC required 50+% overhead (relative to Web Forms) in terms of the amount of code required to implement the same functionality.<br />Was that fundamental problem fixed yet?<br /><br />Let's consider an example of business requirements:<br />Create a page that allows user enter text, click "Save" button, and then call existing business layer method BusinessLayer.Save().<br />With Web Forms approach it would take:<br />- 1 line of ASPX code for textbox <br />- 1 line of ASPX code for Save button (including Save_Click() call).<br />- 3 lines of code-behind:<br />void Save_Click() {<br />BusinessLayer.Save(Input.Text);<br />}<br />Total: 5 lines of code.<br /><br />How many lines of code that task would get in MVC?<br /><br />2) Now about why it's important to minimize number of lines of code:<br />Lines of code is the best available metric of project complexity.<br />Yes I know that different lines have different complexity attached to it, but by default I assume that complexity of Web Forms’ line is about the same as complexity of MVC's line of code.<br /><br />3) Many developers say that it's good to know MVC even if you don't use it (just to be familiar with available options to be ready to jump on it).<br />I agree. Sort of.<br />The trick is to know what to learn. There are so many technologies out there so it's not possible to learn them all.<br />How do I know that MVC would have good return on my time invested?<br />I don't know it yet. Many developers are passionate about MVC, but relying just on buzz around new technology methodology is too risky: for example, RUP (Rational Unified Process) is nowhere now after all that buzz 10 years ago. Learning it (aside of the most basic concepts) would be mostly waste of time.<br />And lines of code overhead really kills my enthusiasm about MVC.<br /><br />I'm open to change my mind though. Especially considering that MVC is getting more mature every year.<br /><br />See also: Scott Guthrie chimed in with great <a href="http://weblogs.asp.net/scottgu/archive/2010/01/24/about-technical-debates-both-in-general-and-regarding-asp-net-web-forms-and-asp-net-mvc-in-particular.aspx">"About Technical Debate" post and even better follow up comments about advantages of Web Forms vs Advantages of MVC Framework</a><br /><br />-Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com6tag:blogger.com,1999:blog-13221527.post-78306188405368140992009-09-26T22:24:00.003-04:002009-09-26T22:34:18.859-04:00Unable to obtain public key for StrongNameKeyPairYou are using Visual Studio 2008 (SP1 or not -- doesn't matter).<br />You have test project that is signed with strong key and that strong key has a password on it.<br />You are trying to create a unit test for private method and are trying to create accessor.<br />You have an error like that:<br />"Creation of the private accessor for Xyz failed"<br /><br />You have that error because you excluded "Test References" folder and YourProject.accessor file from your test project.<br /><br />The reason why you excluded YourProject.accessor file from your project is that you were getting a compilation error:<br />"Unable to obtain public key for StrongNameKeyPair".<br /><br />The reason why you are getting that error is that VS 2008 SP1 and even VS 2010 Beta 1 have a bug.<br /><br />Workaround for that bug is to turn off strong key signing on your test project.<br /><br />Read more here:<br /><a href="http://social.msdn.microsoft.com/Forums/en-US/tfsbuild/thread/d07846c8-0644-44a0-925e-79da02608485">Unable to obtain public key for StrongNameKeyPair</a>Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-60309625516637537112009-05-29T15:49:00.005-04:002009-06-19T17:32:15.475-04:00SQL_Latin1_General_Cp850_BINWhile working on <a href="http://postjobfree.blogspot.com/2009/06/postjobfree-automoderator.html">Auto-Moderator</a> for <a href="http://www.postjobfree.com">PostJobFree.com</a> I encountered the following problem: my C# code considered ‘3’ and ‘3’ as different words, but SQL Server considered them the same.<br />That expressed itself in the following error:<br /><pre>Cannot insert duplicate key row in object 'dbo.Word' with unique index 'IX_Word'.</pre><br />That was a little bit surprising, considering that I defined Word as Unicode column (nvarchar).<br /><br />While searching for the solution, my first thought was to make 'IX_Word' index not unique. That worked, but would have introduced other problems with spam filtering business logic down the road.<br /><br />The solution should have been about making SQL Server to compare strings exactly the same way C# code does.<br /><br />I started to look into SQL Server Collations, and finally found the solution: use SQL_Latin1_General_Cp850_BIN collation.<br /><br />Basically the solution is about to declaring 'Word' column with SQL_Latin1_General_Cp850_BIN collation:<br /><pre>Create Table Word(<br /> WordId bigint identity(1,1) not null,<br /> Word nvarchar(50) COLLATE SQL_Latin1_General_Cp850_BIN not null,<br /> JobPostCount int not null DEFAULT 0,<br /> JobLogSpamCount int not null DEFAULT 0,<br /> CreateDate datetime not null,<br /> UpdateDate datetime not null,<br /> CONSTRAINT PK_Word Primary Key Clustered<br /> (<br /> WordId ASC<br /> )<br />)<br />GO<br /><br />Create Unique Index IX_Word ON Word<br />(<br /> Word<br />)<br />GO</pre><br />Possible drawbacks of the solution: using SQL_Latin1_General_Cp850_BIN collation may cause weird sorting in SQL queries, but sorting collation can be easily redefined like this:<br /><pre>select * from Word<br />order by Word COLLATE SQL_Latin1_General_CP1_CI_AS</pre><br /><br />Moreover, the sorting it provided by binary collation (SQL_Latin1_General_Cp850_BIN) looks quite reasonable. <br /><br />You may also use SQL_Latin1_General_Cp850_BIN2 collation for better sorting.<br /><br /><br />Here’s SQL sample to you to play with:<br /><pre>--drop table t;<br />select N'3' as Word<br />into t;<br /><br />insert into t<br />select '3' as Word;<br /><br />select * from t<br />where Word = N'3';<br /><br />select * from t<br />where Word = N'3' <br /><br />select * from t<br />where Word = N'3' collate SQL_Latin1_General_Cp850_BIN;<br /><br />select * from t<br />where Word = N'3' collate SQL_Latin1_General_Cp850_BIN</pre><br />Enjoy!Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-26657462617532977022009-04-05T17:30:00.003-04:002009-04-05T17:52:05.036-04:00web.config in IIS 7.0IIS 7.0 treats Web Application differently from how IIS 6.0 treats Virtual Directory connected to Application pool.<br />The difference is in how web.config properties are inherited from parent application.<br />If Virtual Directory in IIS 6.0 is physically located outside of parent web application, then web.config properties are not inherited. Even if logically Virtual Directory is inside parent web application.<br />So, even if from end user URL looks like this:<br />http://www.parentwebapp.com/virtualdirectory -- virtualdirectory web app does not inherit web.config properties from parentwebapp.com<br /><br />IIS 7.0 is smarter than IIS 6.0.<br />Even if parentwebapp.com and virtualdirectory from above example are mapped to different physical folders like this:<br />http://www.parentwebapp.com/ -- c:\parentwebapp<br />http://www.parentwebapp.com/virtualdirectory/ -- c:\virtualdirectory<br /><br />IIS 7.0 still recognizes that http://www.parentwebapp.com/virtualdirectory/ inherits all web.config settings from http://www.parentwebapp.com/<br /><br />Such inheritance sometimes causes undesired effects.<br />For example, if you added HttpModules to parent web app code, but didn't add them to child virtual directory, you may end up with "Could not load type ..." run-time error.<br /><br />In order to get rid of this error you need from inherited settings.<br />You can do it like this:<br /><pre><br /> <system.web><br /> <httpModules><br /> <remove name="DenyIpAddressModule"/><br /> </httpModules><br /> </system.web><br /> <system.webServer><br /> <pages theme=""><br /> <modules><br /> <remove name="DenyIpAddressModule" /><br /> </modules><br /> </system.webServer><br /></pre><br />Note, that in this example I remove "DenyIpAddressModule" twice.<br />The reason for that is that I added "DenyIpAddressModule" module to parent web.config twice: once as regular httpmodule, and another time as integrated pipeline module.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-65962584237482033682009-04-01T15:10:00.003-04:002009-04-01T15:19:04.784-04:00Google Maps API team jokeGoogle Maps API rolled out unpleasant joke on April 1st day.<br />Google Maps javascript stopped working today.<br /><br />There is a quick fix available: switching back to older, more carefully tested version.<br />(from "v=2.x" to "v=2").<br /><br />There is a good lesson here: don't use the latest "bleeding edge" version of the code in production environment. Even if it comes from Google.<br /><br />Technical details are here:<br /><a href="http://groups.google.com/group/Google-Maps-API/browse_thread/thread/193fbebd8066f19f/7fecbfed5908d29e">http://groups.google.com/group/Google-Maps-API/browse_thread/thread/193fbebd8066f19f/7fecbfed5908d29e</a>Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-20458514122876649672009-03-03T12:36:00.007-05:002009-03-03T13:20:34.739-05:00Serialize and Deserialize objects in .NETI'm not sure why XML standard doesn't allow certain characters to be encoded into XML... and it causes problems.<br /><br />This C# code:<pre class="csharpcode"><br /> XmlSerializer xs = <span class="kwrd">new</span> XmlSerializer(<span class="kwrd">typeof</span>(T));<br /> <span class="kwrd">using</span> (MemoryStream memoryStream = <span class="kwrd">new</span> MemoryStream(StringToUTF8ByteArray(objString)))<br /> {<br /> obj = xs.Deserialize(memoryStream);<br /> }</pre><br />crashes with exception:<blockquote>System.InvalidOperationException: There is an error in XML document (1, 50). ---> System.Xml.XmlException: ' ', hexadecimal value 0x0C, is an invalid character. Line 1, position 50.</blockquote><br />Here's the fix and the fully working version (note that XmlTextReader is used in between MemoryStream and XmlSerializer:<!-- code formatted by http://manoli.net/csharpformat/ --><br /><style type="text/css"><br />.csharpcode, .csharpcode pre<br />{<br /> font-size: small;<br /> color: black;<br /> font-family: Consolas, "Courier New", Courier, Monospace;<br /> background-color: #ffffff;<br /> /*white-space: pre;*/<br />}<br /><br />.csharpcode pre { margin: 0em; }<br /><br />.csharpcode .rem { color: #008000; }<br /><br />.csharpcode .kwrd { color: #0000ff; }<br /><br />.csharpcode .str { color: #006080; }<br /><br />.csharpcode .op { color: #0000c0; }<br /><br />.csharpcode .preproc { color: #cc6633; }<br /><br />.csharpcode .asp { background-color: #ffff00; }<br /><br />.csharpcode .html { color: #800000; }<br /><br />.csharpcode .attr { color: #ff0000; }<br /><br />.csharpcode .alt <br />{<br /> background-color: #f4f4f4;<br /> width: 100%;<br /> margin: 0em;<br />}<br /><br />.csharpcode .lnum { color: #606060; }<br /></style><br /><pre class="csharpcode"><br /> [TestMethod()]<br /> <span class="kwrd">public</span> <span class="kwrd">void</span> SerializeDeserializeObjectTest()<br /> {<br /> SerializeDeserializeObjectTest(<span class="str">"test"</span>);<br /> SerializeDeserializeObjectTest(<span class="str">"\f"</span>);<br /> }<br /><br /> <span class="kwrd">private</span> <span class="kwrd">void</span> SerializeDeserializeObjectTest(<span class="kwrd">string</span> input)<br /> {<br /> <span class="kwrd">string</span> serialized = Serializer.SerializeObject(input);<br /> <span class="kwrd">string</span> deserialized = Serializer.DeserializeObject<<span class="kwrd">string</span>>(serialized);<br /> Assert.AreEqual(input, deserialized, input);<br /> }<br /><br /><br /> <span class="kwrd">public</span> <span class="kwrd">static</span> <span class="kwrd">class</span> Serializer<br /> {<br /> <span class="kwrd">public</span> <span class="kwrd">static</span> <span class="kwrd">string</span> SerializeObject(Object obj)<br /> {<br /> MemoryStream memoryStream = <span class="kwrd">new</span> MemoryStream();<br /> XmlSerializer xs = <span class="kwrd">new</span> XmlSerializer(obj.GetType());<br /> XmlTextWriter xmlTextWriter = <span class="kwrd">new</span> XmlTextWriter(memoryStream, Encoding.UTF8);<br /> xs.Serialize(xmlTextWriter, obj);<br /> memoryStream = (MemoryStream)xmlTextWriter.BaseStream;<br /> <span class="kwrd">return</span> UTF8ByteArrayToString(memoryStream.ToArray());<br /> }<br /><br /> <span class="kwrd">public</span> <span class="kwrd">static</span> T DeserializeObject<T>(<span class="kwrd">string</span> objString)<br /> {<br /> Object obj = <span class="kwrd">null</span>;<br /> XmlSerializer xs = <span class="kwrd">new</span> XmlSerializer(<span class="kwrd">typeof</span>(T));<br /> <span class="kwrd">using</span> (MemoryStream memoryStream = <span class="kwrd">new</span> MemoryStream(StringToUTF8ByteArray(objString)))<br /> {<br /> XmlTextReader xtr = <span class="kwrd">new</span> XmlTextReader(memoryStream);<br /> obj = xs.Deserialize(xtr);<br /> }<br /> <span class="kwrd">return</span> (T)obj;<br /> }<br /><br /> <span class="kwrd">private</span> <span class="kwrd">static</span> <span class="kwrd">string</span> UTF8ByteArrayToString(<span class="kwrd">byte</span>[] characters)<br /> {<br /> UTF8Encoding encoding = <span class="kwrd">new</span> UTF8Encoding();<br /> <span class="kwrd">return</span> encoding.GetString(characters);<br /> }<br /><br /> <span class="kwrd">private</span> <span class="kwrd">static</span> <span class="kwrd">byte</span>[] StringToUTF8ByteArray(<span class="kwrd">string</span> xmlString)<br /> {<br /> UTF8Encoding encoding = <span class="kwrd">new</span> UTF8Encoding();<br /> <span class="kwrd">return</span> encoding.GetBytes(xmlString);<br /> }<br /><br /> }<br /></pre><br /><br /><br />Thanks to Tom Goff for <a href="http://tjoe.wordpress.com/2007/08/23/xml-serialization-sorrows/">XML Serialization Sorrows</a> article.<br /><br />Thanks to Andrew Gunn for <a href="http://andrewgunn.blogspot.com/2008/06/xml-serialization-in-cnet.html">XML Serialization in C#</a> article.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com5tag:blogger.com,1999:blog-13221527.post-25840142756923361472009-01-09T00:31:00.010-05:002009-01-09T11:07:33.217-05:00Troubleshooting SqlCacheDependency in SQL Server 2008 and SQL Server 2005"Getting immediate notification from SQL Server when data changes" is a very attractive feature, but unfortunately it's not easy to implement.<br />(It took me full day to identify and fix all issues...).<br /><br />SQL Server Query Notification framework is quite fragile and may not work for multiple reasons.<br />If you get error messages -- consider youself lucky. Sometimes there will be no error messages, but notifications simply would refuse to work.<br /><br />There are two major steps in troubleshooting SqlCacheDependency notifications:<br />Step 1: Make SqlCacheDependency clean up ASP.NET Cache item.<br />Step 2: Prevent SqlCacheDependency from cleaning up ASP.NET Cache item when it's inapropriate.<br /><br />Both steps are hard, but Step 1 is the hardest.<br /><br />I strongly recommend iterative approach: implement the easiest possible solution first, and then make it more advanced one small step at a time. Test every little step.<br /><br /><br /><h4>Business context</h4><br />In this example I use SqlCacheDependency in order to get list of blocked IP addresses on my web site <a href="http://www.postjobfree.com">PostJobFree.com</a>.<br />From time to time I delete bad users and write their IP addresses into BlackListIpAddress table.<br /><br />I can retrieve the list of recently blocked IP addresses like that:<blockquote><br />CREATE Procedure spGetBlockedIpList<br /> @cutDate datetime<br />AS<br /><br />set nocount on<br />select IpAddress<br />from BlackListIpAddress with (nolock)<br />where (DecisionDate > @cutDate)<br />group by IpAddress<br />having count(1) > 1<br />GO</blockquote><br />When anybody opens web page -- I check if current web page request came from that list of blocked IP addresses.<br />I created C# function that does that check:<blockquote>public static bool IsBlackListed(string ipAddress)<br /> {<br /> bool cached;<br /> if (GetBlockedIpAddresses(out cached).Contains(ipAddress)) return true;<br /> return false;<br /> }</blockquote><br />Because I run IsBlackListed() on every page, I don't want to run spGetBlockedIpList without need.<br />So, I keep database results in ASP.NET Cache object and use SqlCacheDependency to clean up Cache object as soon as new IP address is blacklisted in BlackListIpAddress table.<br /><br /><br /><br /><h4>Implementation</h4><blockquote>public static List<string> GetBlockedIpAddresses(out bool cached)<br />{<br /> HttpContext context = HttpContext.Current;<br /> List<string> blockedIPs = (List<string>)context.Cache["BlockedIPAddresses"];<br /> if (blockedIPs == null)<br /> {<br /> SqlCommand cmdDependency = new SqlCommand(@"select IpAddress from dbo.BlackListIpAddress where DecisionDate > @cutDate",<br /> SqlUtilities.GetSqlConnection("PostJobFreeConnectionString"));<br /> SqlUtilities.AddInputParameter(cmdDependency, "@cutDate", DateTime.UtcNow.AddMinutes(-1), SqlDbType.DateTime);<br /> SqlCacheDependency dependency = new SqlCacheDependency(cmdDependency);<br /> SqlUtilities.ExecuteNonQuery(cmdDependency, "PostJobFreeConnectionString");<br /> blockedIPs = LoadBlockedIPsFromDatabase();<br /> // Cache retrieved blockedIPs in ASP.NET Cache object:<br /> context.Cache.Insert("BlockedIPAddresses", blockedIPs, dependency);<br /> cached = false;<br /> }<br /> else<br /> {<br /> cached = true;<br /> }<br /> return blockedIPs;<br />}</blockquote><br /><br />Note, that almost always blockedIPs will be retrieved from ASP.NET Cache.<br />But if Cache["BlockedIPAddresses"] is empty -- I execute two SQL queries instead of one query.<br /><br />I run simple query "select IpAddress from dbo.BlackListIpAddress where DecisionDate > @cutDate" in order to make SqlCacheDependency work.<br />I then run more complex query LoadBlockedIPsFromDatabase() (it runs spGetBlockedIpList) in order to get data I need.<br />spGetBlockedIpList is too complex to work with SqlCacheDependency.<br /><br />Simple query is not smart enough to give me the data I need.<br /><br />When you debug your own code -- dump more complex query and use only simple one.<br />Remember -- first step is to make SqlCacheDependency clean up ASP.NET Cache item.<br />If SqlCacheDependency cleans up your ASP.NET Cache -- you are about 70% done.<br /><br />You may even start with even simpler SQL query. For example: "select IpAddress from dbo.BlackListIpAddress". You would polish it later.<br /><br /><h4>Preparations</h4><br />1) Make sure that when your Web Application start, you run SqlDependency.Start().<br />I do it this way:<blockquote>public sealed class DenyIpAddressModule : IHttpModule<br />{<br /> void IHttpModule.Init(HttpApplication application)<br /> {<br /> string connectionString = WebConfigurationManager.<br /> ConnectionStrings["PostJobFreeConnectionString"].ConnectionString;<br /> SqlDependency.Start(connectionString);<br /> }<br />}</blockquote>If you forget to do that, you would get "When using SqlDependency without providing an options value, SqlDependency.Start() must be called prior to execution of a command added to the SqlDependency instance." error message.<br /><br />2) Enable Service Brocker on your database.<br />I do it like this in SQL Server Management Studio (SSMS):<blockquote>use PostJobFree;<br />alter database PostJobFree set ENABLE_BROKER;</blockquote><br />The trick here is to kill all existing connections prior to altering your database.<br />Use these SQL commands in SSMS:<blockquote>sp_Who2<br />kill 52 -- or whatever SPID is</blockquote><br /><br />You may check your Service Broker setting like this:<blockquote>use PostJobFree;<br />select is_broker_enabled from sys.databases where database_id=db_id()</blockquote><br />1 - Enabled; 0 - Disabled (default).<br /><br />3) Make sure that permissions in your database are not out of whack. SQL Server 2005 and SQL Server 2008 have unpleasant bug that [almost] silently kills Queue Notifications:<br />"You cannot run a statement or a module that includes the EXECUTE AS clause after you restore a database in SQL Server 2005" http://support.microsoft.com/kb/913423<br /><br />I fixed it by running this command:<blockquote>use PostJobFree<br />GO<br />sp_changedbowner [MyServerName\dennis]</blockquote><br />You may check current database settings by this command:<blockquote>sp_helpdb PostJobFree</blockquote><br /><br /><h4>Troubleshooting</h4><br />1) If you are still unable to make SqlCacheDependency to invalidate your ASP.NET Cache, I recommend you great article "Using and Monitoring SQL 2005 Query Notification"<br /><a href="http://www.simple-talk.com/sql/sql-server-2005/using-and-monitoring-sql-2005-query-notification/<br />">http://www.simple-talk.com/sql/sql-server-2005/using-and-monitoring-sql-2005-query-notification/</a><br />Sanchan explains how to use SQL Profiler to see what's going on with query notifications.<br />2) Using Profiler helped me to find the following errors in SQL Profiler:<br />- An exception occurred while enqueueing a message in the target queue. Error: 33009, State: 2. The database owner SID recorded in the master database differs from the database owner SID recorded in database 'PostJobFree'. You should correct this situation by resetting the owner of database 'PostJobFree' using the ALTER AUTHORIZATION statement.<br />- Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.<br />That gave me an idea to run:<blockquote>sp_changedbowner [MyServerName\dennis]</blockquote><br /><br />3) These couple of queries would let you take a look at what active Query Notification Subscriptions you currently have:<blockquote>select * from sys.dm_qn_subscriptions<br />select * from sys.transmission_queue</blockquote><br />4) I didn't need that step, but while troubleshooting I did it anyway.<br />Grant these permissions to the user account that runs your web application (it's usually either "aspnet" or "NT AUTHORITY\NETWORK SERVICE").<blockquote>use PostJobFree<br />GRANT CREATE PROCEDURE TO [MyServerName\aspnet]<br />GRANT CREATE QUEUE TO [MyServerName\aspnet]<br />GRANT CREATE SERVICE TO [MyServerName\aspnet]<br />GRANT SUBSCRIBE QUERY NOTIFICATIONS TO [MyServerName\aspnet]<br />GRANT SELECT ON OBJECT::dbo.BlackListIpAddress TO [MyServerName\aspnet]<br />GRANT SELECT ON OBJECT::dbo.T TO [MyServerName\aspnet]<br />GRANT RECEIVE ON QueryNotificationErrorsQueue TO [MyServerName\aspnet]<br />ALTER DATABASE PostJobFree SET TRUSTWORTHY ON</blockquote><br /><br /><h4>Clean up Cache only when needed</h4><br />I assume that at this point you are done with the hardest part ("Make SqlCacheDependency object clean up Cache").<br />There is still some work ahead.<br />For example I noticed that my SqlCacheDependency code when I was playing with it -- always invalidated ASP.NET Cache. It didn't matter if I updated underlying BlackListIpAddress table or not.<br />By using trial & error approach I found that the problem was caused by using inapropriate version of SQL query.<br />I found that:<br />- "group by" doesn't work no matter what.<br />- "top 10" doesn't work.<br />- "with (nolock)" hint doesn't work.<br />- passing @cutDate parameter to the query _does_ work.<br /><br />See documentation on SELECT statements that are supported by Query Notification: <a href="http://msdn.microsoft.com/en-us/library/ms181122(SQL.90).aspx">http://msdn.microsoft.com/en-us/library/ms181122(SQL.90).aspx</a><br /><br /><br /><h4>Other useful resources</h4><br />1) More tips about SQL Server Query Notification:<br /><a href="http://rusanu.com/2006/06/17/the-mysterious-notification/">http://rusanu.com/2006/06/17/the-mysterious-notification/</a><br /><br />2) Troubleshooting Query Notifications <br /><a href="http://msdn.microsoft.com/en-us/library/ms177469.aspx">http://msdn.microsoft.com/en-us/library/ms177469.aspx</a><br /><br />3) If you are lucky and expect everything to go smooth - use this articles:<br /><a href="http://davidhayden.com/blog/dave/archive/2006/04/29/2929.aspx">SqlCacheDependency using ASP.NET 2.0 and SQL Server 2005</a><br /><a href="http://moshiur.wordpress.com/2008/02/18/sql-2005-and-sql2008-enabling-notifications-sql-chache-dependancy-part-i/">SQL 2005 and SQL2008 Enabling Notifications. SQL Chache Dependancy Part-I</a><br /><br /><b>Keywords:</b><br />ASP.NET 2.0, ASP.NET 3.5, C#Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com8tag:blogger.com,1999:blog-13221527.post-60413475987791795842008-09-24T11:09:00.001-04:002009-01-10T11:27:17.386-05:00Cross Site Scripting and Cross Site Request ForgeryJeff Atwood wrote a good article <a href="http://www.codinghorror.com/blog/archives/001171.html">explaining the danger of XSRF and XSS</a><br /><br />1) I want to confirm that checking UrlReferrer [hoping to prevent XSRF attack] is a waste of time. UrlReferrer can be spoofed by malicious user. Such spoofing can be done by combination of XSS and XSRF attack: injecting javascript into HTML output (XSS) on one web page and producing forged request (XSRF) pointing to another page of the same web site. <br />Jeff is also correct that legitimate users may have empty UrlReferrer. Rejecting such users is a mistake.<br /><br />2) I agree that introducing parameters cuts off the most obvious XSRF attacks.<br />But if one of your pages is XSS vulnerable (allows javascript injection), then even if you have dynamic parameters to prevent XSRF (on another page), javascript can still read these dynamic parameters and re-submit them, so the request would succeed.<br />That's how Gmail was hacked -- the hacker used XSS vulnerability on some obscure Google's web site site in order to exploit XSRF vulnerability in Gmail).Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-25178262509089896572008-08-25T11:20:00.002-04:002009-11-11T21:57:49.859-05:00Cure for "deadlocked!": learning to use proper SQL hintsJeff Atwood's article <a href="http://www.codinghorror.com/blog/archives/001166.html">Deadlocked!</a> made me recall my painful experience with default locking settings in SQL Server.<br />Default select queries with (readcommitted) just don't work reliably in real life (because they cause deadlocks on regular basis).<br /><br />It was hard to ignore scary stuff from SQL theoreticians about "dirty data", but eventually I've learned to use "with (nolock)" hint for most of my SELECT queries.<br />That doesn't mean that all queries should be written with nolock, but most of SQL queries should.<br />Especially if I'm writing web app.<br /><br />In some situations I want to be sure that the data is consistent no matter what. In this case I use different locking hints. Which hints to use heavily depends on particular situation.<br /><br />It's important to clearly understand what exactly locking does.<br />The locking model is relatively simple, however most of SQL Server locking tutorials are just terrible.<br /><br /><h4> How-To learn SQL Server locking Tutorial</h4>The best approach to learn about locking is to experiment:<br /><br />1) Open three separate windows in SQL Management Studio.<br />Window One: for lock diagnostic sp_lock<br />Window Two: for pending transaction with Update/Delete/Insert query.<br />Window Three: for SELECT statements with different locking hints.<br /><br />2) In Window One write and execute:<br />exec sp_lock<br />Take a look at the results.<br />Note what locks are there (these locks are generated by sp_lock itself).<br />Learn about what these locks mean (Google is your friend).<br /><br />3) In Window Two (that's separate connection to SQL server) write and execute:<br />============<br />begin transaction<br />update MyTestTable set MyColumn = 1<br />-- rollback transaction<br />============<br />Note, that "rollback transaction" is commented out, so transaction won't complete.<br /><br />4) Return back to Window One and execute sp_lock.<br />Note what additional locks you see in sp_lock results.<br /><br />5) In Window Three execute:<br />select * from MyTestTable with (updlock)<br />The query won't complete, because it's locked by pending transaction in Window Two.<br /><br />6) Switch to Window Two and cancel transaction by executing "rollback transaction"<br />Make sure that SELECT transaction in Window Three is completed now.<br /><br />7) Try different combinations of locks (readcommitted), (nolock), (updlock), (repeatableread), (serializable), ... in Window Three.<br />Try other different update/insert/delete statements in Window Two.<br /><br />8) Try to use "commit transaction" instead of "rollback transaction" in Window Two and see how it would affect SELECT results in Window Three.<br /><br />9) Try to run:<br /> begin transaction<br /> select * from MyTestTable with (updlock)<br />in Window Two and:<br /> select * from MyTestTable with (serializable)<br />in Window Three.<br /><br />10) Keep monitoring locks using sp_Lock in Window One.<br /><br />11) Do free-style experimenting and research problem on Google when you are getting unexpected results.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0tag:blogger.com,1999:blog-13221527.post-43606757470958315432008-08-02T12:17:00.002-04:002008-08-03T15:52:08.144-04:00RackSpace - are they really the best web hosting?About a month ago I switched from Virtual Private Hosting on webhost4life to dedicated hosting on RackSpace.<br />It was definitely an improvement, but I'm still dissatisfied. <br /><br /><br />Here are painful parts of my experience with RackSpace:<br /><br />1) RackSpace wanted me to sign paper contract (WebHost4Life didn't require that). That paperwork took almost a day (several hours of my efforts + some wait time). Sales guy couldn't open several versions of "Microsoft Office Image Writer" that I emailed to him, so I had to resend the document in different format.<br /><br />2) It is a little unpleasant to deal with RackSpace sales guys. They forget (or "forget") to answer some of my questions; use some slightly unpleasant pushy sales techniques. Is it typical for any sales reps, not only RackSpace's sales?<br /><br />3) After the contract was signed, it took RackSpace almost 4 days to install the server. I signed the contract Wednesday July 3rd 2008 and was hoping that on Saturday-Sunday night I'll be able to move my web site (www.postjobfree.com) to RackSpace. But RackSpace set up my server only on Monday - not convenient time for me and my users to do the move.<br /><br />4) RackSpace promised me that they would help with the migration. They gave some tips, but not all of them were good. For example, they suggested me to shut down my web site for few hours while I will copy my database. Not a good approach for 24/7 service. So, basically I was mostly left on my own with the migration.<br />Fortunately, I used <a href="http://msmvps.com/blogs/omar/archive/2006/08/27/110061.aspx">advise of Omar Al Zabir about smooth web hosting migration</a><br />Ironically -- it was Omar's recommendation to use RackSpace for web hosting that made me pick them.<br /><br />5) Average response to my ticket requests is about few hours (2-3 may be?). Sometimes ticket response time is shorter; sometimes it's longer (up to a day or even more in some cases). It's an improvement in comparison with WebHost4Life, but is that really the best in hosting industry?<br /><br />6) Most of the time responses are good, rarely great, and in some cases responses are incompetent :-(<br />For example, I asked RackSpace if it would be a good idea to run SMTP server on separate IP address (same physical machine). A RackSpace guy replied that it would be a good idea. So we did the switch. But it turned out that RackSpace cannot monitor ports on another IP addresses (only on primary IP address). So we updated SMTP server settings again to allow listen both IP addresses. That caused SMTP server to use primary IP address to send emails, but at this point smtp.postjobfree.com DNS record was pointing to second IP address, and this caused painful issues with spam filters on some servers. In the end we returned back to using primary IP for SMTP, but went through some pain because of incompetent advice.<br /><br />7) RackSpace seems to be not really good in analyzing past problems. They simply ignored my request about digging into this incompetent SMTP advice. Nothing like "sorry, we screwed up and would do this and that to prevent it in the future". Nothing like "sorry, it was misunderstanding and you (me) should do this and that to avoid problems in the future". I would understand if cheap hosting provider would skip such "past failure analysis". But if hosting provider claims "fanatical support" - I expect to do a little better.<br />Well, may be it happenned because I still didn't have a chance to talk with my account manager. RackSpace doesn't have one for me yet (after being with RackSpace for a month):<br /><br />8) Rackspace's ticketing system creates unneeded noise. For example, after I create a ticket on my.rackspace.com, it adds meaningless auto-response to the ticket and sends me notification email. If I update a ticket, I get notification email again. Why would I need notification about ticket updates I made myself? That's distracting.<br /><br />9) Maintenance downtime. :-(<br />I mentioned already that RackSpace considered few hours web site downtime during migration as "ok" practice. That attitude goes toward other maintenance things too. Today they installed hardware firewall on my server. They brought down my server for almost an hour (!). Could anybody explain me why installation of hardware firewall should bring server down for almost an hour? It should be less than a minute downtime, or preferably zero downtime. That was disappointing. I managed to migrate web server from different hosting with no downtime (I copied 4 GB database between WebHost4Life and RackSpace and still managed to avoid downtime) and now trivial installation of hardware firewall caused almost an hour downtime:<br /><br />10) The hardware firewall installation caused another issue as well -- my web site was not able to send out emails after the firewall installation. RackSpace didn't notice that, because their SMTP port monitoring didn't catch the issue. We noticed it few hours later and reported in a ticket. We got no reply for couple of hours, so I had to call RackSpace and remind that the issue is still there. They were not very good in pinpointing the issue. They were trying to re-test SMTP server and it worked. So we (at PostJobFree) had to find it out the problem ourselves. The problem was that smtp.postjobfree.com could be pinged from every computer, but not from my server itself, because hardware firewall didn't resolve the request from my server back to the server itself.<br />RackSpace techies couldn't grasp that for a while even after I pointed them into that direction. Eventually they recommended to update my application and made it use my new 192.168.x.x IP address for sending emails. Imagine that: update and redeploy my application web app to accommodate to hardware changes. And do it in the hurry after(!) hardware firewall is installed.<br />I suggested better solution: simply add one record to C:\WINDOWS\system32\drivers\etc\hosts:<br />127.0.0.1 smtp.postjobfree.com<br />RackSpace techies still cannot grasp that solution and comment on it. Fortunately my solution works so far.<br /><br />11) There were few other minor issues, but I think my saga is getting too long already.<br /><br />On the bright side:<br /><br />1) When my server works (and it usually works) it works really fast. I'm happy with the speed so far. Though I'm not sure if I should attribute it to RackSpace or to dedicated server. With WebHost4Life SQL server was shared with 4 other clients and in the end I was getting 50+ timeouts/day.<br /><br />2) Some RackSpace folks taught me some useful stuff, for example about DNS [re-]configuration.<br /><br />3) RackSpace is expensive, but it's not THAT expensive. I got my server + SQL Server license + hardware firewall for a little over $600/mo (with 1 year contract)<br /><br /><br />So, what do you think, is it typical to have issues like these with any hosting provider, or there are better hosting providers out there?<br /><br />Any other comments?<br /><br /><br />Update (2008 August 03):<br />Problems with RackSpace are getting worse.<br /><br />RackSpace technician configured my SMTP server as open relay<br />:-(<br /><br />That's how it sounded on the ticket:<br />"We did find a setting in your SMTP that was set incorrectly, and we corrected that."<br /><br />In fact, SMTP server was configured properly and the problem was with DNS configuration. Instead of fixing DNS (after installing Hardware Firewall) RackSpace guys made the problems much worse by turning my SMTP server into spam-machine and enabling prompt access to all spammers through newly installed hardware firewall.<br /><br />Crazy stuff.Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com4tag:blogger.com,1999:blog-13221527.post-40322956392385386412008-04-03T19:18:00.001-04:002008-04-08T17:39:57.730-04:00TechCrunch pushes Start-ups to failIf you want to announce your start-up on TechCrunch50 the only thing you need to do is to <s>sell your soul to the Devil</s> deny your prospective customers access to your web site. Here's the quote: <blockquote><a href="http://www.techcrunch50.com/2008/the-rules/">Rules of participation in TechCrunch50</a><br /><i>Until its presentation on stage at the conference, a company will keep its site password protected with limited private access to alpha or beta users for testing purposes.</i></blockquote>That means that you have to decrease your popularity, get less testing and less feedback, get less word of mouth, and ultimately get less revenue.<br /><br />On the other hand, your participation in TechCrunch50 would be free.<br /><br />Free is good, isn't it?Dennis Gorelikhttp://www.blogger.com/profile/17700219093521377626noreply@blogger.com0