This Blog Has Been Moved !

This Blog Has been moved to http://aleemkhan.wordpress.com

Finally, I have shifted my Blog to Wordpress. My Wordpress Blog is http://aleemkhan.wordpress.com, the feed address is http://aleemkhan.wordpress.com/feed. I will discontinue posting here and will be posting only on Wordpress from now on. This was due for quite some time now because all the Blogger issues I have been having, and specially the Blogger Beta even sucked more than Blogger, nothing could work with Blogger Beta and this ultimately pushed me to move.

 

 

 

Google Launched the Ping Service for Blogs. I don’t think it makes much of difference for Blogger Blogs as they are immediately indexed and are searchable through Google BlogSearch, but for other blogging engines and individual bloggers it is a good service.

 

So, the speculation which has been around for many days was true. Google finally bought YouTube for $1.65 billion. The price is really shocking considering YouTube only started in February 2005. YouTube growth is really inspirational, in such a short period the company reached to a worth of $1.65 billion with around 20 million visitors per month. Amazing!

 

More details here


Statue of Yoda !
Originally uploaded by aleemkhan.
Dave Winer posted

this picture of Yoda Statue at Lucas Studios. Actually am testing my Flickr

account to post on Blogger Beta

through mail.

It is a general requirement in any ASP.NET application to restrict the site navigation for certain roles and allow access for others. Recently I had to restrict the site map of my application based on the roles but as I was not aware of the available site map trimming settings, I made a similar model myself adding extra attributes to my site map nodes and as I am using a TreeView control for binding to the SiteMapDataSource, I used the TreeView DataBound method to access the SiteMapNode attributes and then checking their permission from the Database.

 

Fortunately the ASP.NET 2.0 provides trimming of the SiteMapNodes based on the available Roles from the underlying RolesProvider. You need to provide the roles attribute in the SiteMapNode and specify the role to which this note is accessible (* can be used for all roles).

 

<?xml version="1.0" encoding="utf-8" ?>

<siteMap>

<siteMapNode title="Support" description="Support" url="~/Customers/Support.aspx" roles="Customers" />

</siteMap>

 

You also need to enable the security trimming settings in the web.config as they are disabled by default.

 

<system.web>

<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">

<providers>

<add name="XmlSiteMapProvider" description="Default SiteMap provider." type="System.Web.XmlSiteMapProvider " siteMapFile="Web.sitemap" securityTrimmingEnabled="true" />

</providers>

</siteMap>

</system.web>

 

 

For More information about the sitemap trimming is available in MSDN here.

The entire authentication and authorization model in ASP.NET 2.0 is quite improved from the previous version. The addition of the new Login Controls and the whole Membership and Roles Management through provider model has really made the entire security architecture easy to use yet extremely customizable.

 

Last night I was looking for a way to Log-In user automatically (without his password) thorugh my code, actually the scenario is that the user actually logs in from another site and is redirected to my site with the username in the request. Now I have the username, no password and how do I log this user in (or create an authentication token for him). A post from Scott Guthrie came to the rescue. An authentication token for any user even if you do not have him password can be set with

 

FormsAuthentication.SetAuthCookie(LoggedInUserName, False)

 

Where LoggedInUserName is the username for which you want to set the authentication token. Now ok I can authenticate the user and log him in but the authorization of my website is set to deny the anonymous user so the user cannot even access the Default.aspx where I actually write the above code for creating a token.

 

<system.web>

<authorization>

            <deny users="?" />

</authorization>

</system.web>

 

There is a simple workaround to this also as you can specify different authorization for any particular path/location in your website. So the following will allow access to the default page to anonymous users but restrict rest of the site of the logged in user.

 

<location path="default.aspx">

      <system.web>

            <authorization>

                  <allow users ="*" />

            </authorization>

      </system.web>

</location>

 

Some good resources about ASP.NET 2.0 Authentication and Authorization and Security on the whole are as follows.

 

Scott Guthrie Post about ASP.NET 2.0 Security Resources

 

How To: Protect Forms Authentication in ASP.NET

 

Explained: Forms Authentication in ASP.NET 2.0

 

Security Guidelines: ASP.NET 2.0

 

I never used the HTML <Legend> and <Fieldset> until recently when I had to create a GroupBox for the controls on a web page. These tags are really amazing; they create a groupbox with rounded corners with Legend on the top. Actually the ASP.NET Panel control has a GroupingText Property, if you specify this property; the panel renders a field set with GroupingText set as the Legend.

<Fieldset>

<Legend>HTML Group Box</Legend>

<!--Rest of the GroupBox code -->

</FieldSet>