The ASP.NET 2.0 DefaultButton property on Form and Panel allows IE to fire a button or link when the user hits the enter key while in a form field.  The LinkButton control does not fire when the users browser is FireFox.  Several people have found creative ways to solve this problem.  I chose to take advantage of .NET 3.5 support for Extension Methods and just wrap the needed fixes into a method right on my form object.  Here is the code for you to drop into your own library.  Perhaps I will do the same for Panel when the need arises.
  
 public static class BrowserHelper
    {
         public static void DefaultLinkButton(this HtmlForm form, LinkButton defaultButton)
        {
            // Inspired by: http://kpumuk.info/asp-net/using-panel-defaultbutton-property-with-linkbutton-control-in-asp-net/

            // Wire-up the Link Button default supported in ASP.NET
            form.DefaultButton = defaultButton.UniqueID;

            // Script to wireup a click event for FireFox
            string _addClickScript = "addClickFunction('{0}');";

            string _addClickFunctionScript =
                @"  function addClickFunction(id) {{
            var b = document.getElementById(id);
            if (b && typeof(b.click) == 'undefined') b.click = function() {{
                var result = true; if (b.onclick) result = b.onclick();
                if (typeof(result) == 'undefined' || result) {{ eval(b.href); }}
            }}}};";

            form.Page.ClientScript.RegisterStartupScript(typeof(LinkButton), "addClickFunctionScript", _addClickFunctionScript, true);

            // Execute the script when the Page loads
            string script = String.Format(_addClickScript, defaultButton.ClientID);
            form.Page.ClientScript.RegisterStartupScript(typeof(LinkButton), "click_" + defaultButton.ClientID, script, true);
        }
    }

When hosting Google Video's on your site it can be handy to pull back the thumbnail for the video image. Currently there is no API for doing this so I wrote a method to do it for me. First I retrieve the RSS feed for the video. Then I pull out the thumbnail path from that feed.

        private static string GetGoogleThumnailPath(string contentID)
        {
            string path = null;
            // Fetch the RSS for the video
            WebRequest req = HttpWebRequest.Create("http://video.google.com/videofeed?docid=" + contentID);
            req.Method = "GET";
            WebResponse response = req.GetResponse();
            XmlTextReader stream = new XmlTextReader(response.GetResponseStream());
            XPathDocument doc = new XPathDocument(stream);
            XPathNavigator nav = doc.CreateNavigator();
            XmlNamespaceManager manager = new XmlNamespaceManager(nav.NameTable);
            manager.AddNamespace("media", "http://search.yahoo.com/mrss/");
            XPathNodeIterator iterator = nav.Select("/rss/channel/item/media:group/media:thumbnail/@url", manager);
            while (iterator.MoveNext())
            {
                path = iterator.Current.Value;
            }

            return path;
        }

We used this code on the Pets Best Community site. By the way if you are interested in Pet Insurance you can use my Promo Code: CISAKSON5 for a 5% discount. If you do not see the box to enter it on the Get a Quote page then it probably has automatically been applied through one of my links.

Today I received an update to a suggestion I made to Microsoft on April 8, 2005.  http://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=102180  That was before Beta 2 of Whidbey if memory serves me right.  My suggestion was to add features to the Membership API that would allow for a user to be renamed.  There are many scenerios where we choose to use the full Email address of a user as their username instead of having a seperate username.  This works great until the user changes their Email address.  (Another reason to have a permanent address that is not affiliated with your ISP)  I need to be able to allow users to update their Email address and thus their username/userid. 

Apparently my suggestion has been considered for Orcas, but isn't going to make it.  Still, I thought it was good that it was at least considered.

In the meantime, I have found that I can rename a user by directly updating the membership database.  Microsoft cautions against this when using multiple stores for Membership, Roles, and Profile data because user + application is the identity that is shared across disparate stores.  It is my opinion that they should have used a unique identifier instead.  The MembershipUser supports such an identity already.  Similiarly I wish Windows authenticated users and forms authenticated users shared a common data type for their identities.  I believe Microsoft would say that indeed they do and this is the string type that the username or User.Identity.Name.  For my purposes I created a database table to map a GUID to Windows identities so that I could normalize all of my UserId's to be unique and meaningless.  A Email address as a username carries meaning.  That makes a bad primary data key in many scenarios because of the lack of good support for renaming.  Keys should never need renaming.  Even a Windows UserId can change when its based on a persons name and their legal name changes.

What do you all think?

 

I just finished blowing an afternoon fighting an issue in ASP.NET 2.0 and crawler detection.  There is a slick feature where you can define browser capabilities with .browser files.  My tests were indicating that Yahoo (Slurp) and Ask (Teoma) were not being detected as crawlers by the framework.  Simple enough.  I'll just create a .browser file and add it to App_Browsers in my app.  In the file I will do a User Agent match on Slurp and Ask. 

A few hours pass by.....its not working....dive into reflector....find some hard coded string having to do with crawler detection.

Take a look at System.Web.Configuration.BrowserCapabilitiesFactory.CrawlerProcess(NameValueCollection headers, HttpBrowserCapabilities browserCaps).  In there is a curious little string "crawler|Crawler|Googlebot|msnbot" being passes to a RegEx processor.

It looks like Yahoo and Ask crawlers are detected as Mozilla browsers, but not as crawlers.  Google and MSN on the other hand are detected as both.  Curiously Google and MSN are both in the little hard coded string that is compiled into the assembly.

My theory is that the browser capabilities detection sees these popular crawlers as Mozilla browsers first and then fails to detect that they are crawlers.  Only those with a user agent string matching what is coded in the framework also get flagged as crawlers.  If anyone has more insight, please comment.

So, to fix the issue I ended up implementing my own wrapper.  Here you go:

      public static bool IsCrawler(HttpApplication app)
      {
         bool isCrawler = app.Context.Request.Browser.Crawler;
         // Microsoft doesnt properly detect several crawlers
         if (!isCrawler)
         {
            Regex regEx = new Regex("Slurp|slurp|ask|Ask|Teoma|temoa");
            isCrawler = regEx.Match(app.Request.UserAgent).Success;
         }
         return isCrawler;
      }

Having just returned from TechEd 2006 I am excited to begin sharing my passion for Windows Workflow Foundation (WF).  It is my opinion that WF is the tool that will enable model driven development that will become the de facto standard for application and system development.  If you are not familiar with WF yet, then its time to start reading up on it over at www.netfx3.com.  Currently Microsoft is shipping WF beta 2.2 with both Sequential and State Machine workflow activities.  Later this year they are planning to release WF and a CTP of a new WF activity know as PageFlow.  While you wait you might check out the Webcast from Israel Hilerio to see some of the ideas going into the page flow activities.  I really enjoyed meeting Israel and the other members of the WF team as well as Kashif Alam.  Kashif is the point of contact for the ASP.NET team when it comes to WF integration and the coming Page Flow activities.

I have spent the last few weeks trying to build a page flow model on top of a State Machine since I was not aware of the model Microsoft is working on.  Now that I have a better understanding of where Microsoft is heading as well as a working prototype of my own I would like to begin sharing my code and ideas.  I look forward to other feedback and ideas for improvement.  I am ready to use WF now!  My hope is that, together with anyone who reads this, we can create and maintain a set of tools that will enable powerful WF solutions underneath very thin UI layers. 

I will be focusing on starting a WF powered web application from scratch.  What will make it different from a traditional application is that all logic and flow will be driven by the WF engine, activities, and abstraction layers.  In the end I will have a web UI that is completely brainless.  All short and long term persistence will be managed by WF activities and WF code.  All navigation and page flow will be driven by WF models, yet equally supportive of non-linear processes and browser back buttons.  Running a Windows UI on top of the workflow will be fully supported, though at this time I do not plan to explore that scenario, except to ensure that system.web is not referenced anywhere except the UI layer.  I will be demonstrating an ASP.NET WorkflowManager (WFM), but it should be trivial to create a similar Smart Client WorkflowManager as well.  The WFM will by the abstraction layer between the UI and the WF making it simple for the developer to pass objects between the 2 and manage the runtime and WF instances.

In addition I will share my implementation of the Simple Read and Write activities that were introduced in the MS Help Desk sample application.  The Help Desk sample application was also written by Israel Hilerio to demonstrate an option for simplifying the sharing for data between a workflow and the hosting application.  I have found it to be very effective for many scenarios and I look forward to presenting some enhancements to it for enabling additional scenarios.  These will be incorporated into the WFM and added to the WF Runtime as DataExchange services.

I look forward to interacting with the WF community so fell free to introduce yourself and comment with questions as I post articles and code.

 

This week I started reading Professional ASP.NET 2.0 Security, Membership, and Role Management by Stefan Schackow.  I can't recommend this book enough.  Stefan is a great guy as well.  I had opportunity to meet him on a couple different visits to Redmond.  I wish I had this book 2 years ago when I started looking at the Membership and Role API's in .NET 2.0.  (Yes, I was looking these things 2 years ago.  They were announced at the PDC in Oct. 2003).

Today I found a bonus nugget of goodness I had to share that is indirectly related to ASP.NET 2.0 security.  On Page 429 Stefan explains why all the SQL objects in the Microsoft SQL providers for .NET 2.0 explicitly reference DBO as the object owner.  (ex. dbo.aspnet_Memberhsip)  It turns out that SQL 2000 takes a performance hit if the object owners are not explicitly declared in stored procedures, views, etc.  The performance hit is significant enough that Microsoft did a QFE on ASP.NET 1.1 SQL Session state.  I had no idea and I figured many others also were clueless about the patch for Session State as well as the performance issue.

Check out Todd Carter's blog for some more details.  It also includes a link to the .NET 1.1 Session State fix.

Previously I blogged about possible solutions for tracking downloads with Google Analytics.  The solution I am going to experiment with first is to dynamically add the tracking code to my download links via JavaScript.  I spent quite a bit of time on my script to make it cross-browser compatible and so that it would handle proper timing of execution based on the loading of the links.  I also used a regular expression to limit the tracking to specific link types.  Hopefully those match most cases.  If all goes well I will probably wrap all of this into a simple ASP.NET control that can be added to an page you want tracked. 

First off you need the standard Google tracking scripts:

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_uacct = "UA-XXXXXX-X";
urchinTracker();
</script>

Second is my new download tracking script.  I have placed it in a separate file for browser caching and easy updating.  Also it has the defer="defer" attribute so that IE will not load the script until the content has finished loading.  XHTML compliance required me to include a value for the attribute.  Please let me know if you come up with any improvements to the script or if you find any errors.  Thanks to quirksmode for info on the dynamic event models and dean edwards for info on deferred script execution.

<script type="text/javascript" src="downloadtracker.js" defer="defer"></script>

Here is the actual downloadtracker.js code

// We dont want the try adding the tracking code until the page links are loaded
if (document.addEventListener) {
document.addEventListener("DOMContentLoaded", addEvents, null); // Firefox
} else {
addEvents(); // IE : Call the function immediately because the script is referenced with the defer attribute supported by IE
}

function addEvents()
{
// quit if this function has already been called
if (arguments.callee.done) return;
// flag this function so we don't do the same thing twice
arguments.callee.done = true;
for (i=0; i <document.links.length; i++)
{
var x = document.links[i];
// Only attach tracking code to specific file types
var extensions = new RegExp(".+\.(zip|pdf|xls|doc|csv|txt|ppt|xml|rtf)$");
var doc = x.href.toLowerCase().match(extensions);
if (doc)
{
if (x.attachEvent)
{
x.attachEvent('onclick', function () {TrackIt(window.event.srcElement)}); // IE
} else {
x.addEventListener('click', function () {TrackIt(this)}, false); // Firefox
}
}
}
}

function TrackIt(link)
{
// Remove the conversion to Lowercase if you are on a Case sensitive web server
urchinTracker(link.href.toLowerCase());
}

It seems like forever ago that I started recommending Fredrik Normen's Permission Manager.  Recently I was tasked to find a way to restrict nodes in a SiteMap based on Permission.  Today I completed that task and thought I would share it with the world.  First of all, I appoligize for writing the code in VB.NET (employers standard), but you can all compile it and reference it from C# so get over it.

What I did to create the PermissionXmlSiteMapProvider was to inherit directly from XmlSiteMapProvider and then extend 2 methods.  First of all I extended the Initialize method so that I could verify that it was configured properly.  Since it is dependent on the presence of Permission Manager and it properly working I added a simple check to verify that it has a provider.

The second method to override for the addtion of Permission to a SiteNode was IsAccessibleToUser.  Thankfully the siteNode can have extra attributes on it without complaint.  I used that to check for the permission attribute.  If it is there then a call to Permission Manager is done for the named permission and the currently logged in user.

After configuring my applications to use my new Provider I restrict access to nodes as easy as this:

<siteMapNode url="Edit.aspx" title="Edit" permission="Modify" />

Since I built on top of the XmlSiteMapProvider I also get the ability to do Roles restriction and a combination of Roles and permission:

<siteMapNode url="Delete.aspx" title="Delete" Roles="Admins, Editors" permission="Delete" />

It is important to note a few things that I ran into while working on this solution.  You must enable Security Trimming.  If you will restrict based on Roles you also must enable RoleManager.  Restricting via Roles is a little quirky as described in the MSDN Site Map Providers document.  Specifically review the Security Trimming section.

Here is the siteMap section of Web.config that implements the PermssionXmlSiteMapProvider:

<siteMap enabled="true" defaultProvider="PersmissionXmlSiteMapProvider">
  <providers>
    <add name="PersmissionXmlSiteMapProvider" 
           type="IDCL.Web.Security.PersmissionXmlSiteMapProvider, IDCL.Web"
           description="Permission xml site map provider"
           securityTrimmingEnabled="true"
           siteMapFile="Web.sitemap"/>
  providers>
siteMap>

Obviously you also need to have Permission Manager installed and configured or this will not work.

Here is the code for the provider:

Imports System
Imports System.Web
Imports System.Configuration.Provider
Imports System.Web.Configuration
Imports Nsquared2.Security

Public Class PersmissionXmlSiteMapProvider
Inherits XmlSiteMapProvider

Public Overrides Sub Initialize(ByVal name As String, ByVal config As System.Collections.Specialized.NameValueCollection)

' Verify that config isn't null
If config Is Nothing Then
  Throw New ArgumentNullException("config")
End If

' Verify that Permission Manager is configured
If PermissionManager.Provider Is Nothing Then
  Throw New ProviderException("Permission Manager default provider missing.")
End If

' Add a default "description" attribute to config if the
' attribute doesn't exist or is empty
If String.IsNullOrEmpty(config("description")) Then
  config.Remove("description")
  config.Add("description", "PermissionXmlSiteMap provider")
End If

' Call the base class's Initialize method
MyBase.Initialize(name, config)
End Sub

Public Overrides Function IsAccessibleToUser(ByVal context As System.Web.HttpContext, ByVal node As System.Web.SiteMapNode) As Boolean

  Dim authorized As Boolean = MyBase.IsAccessibleToUser(context, node)

  'Pull the permission out of the sitemap node as an attribute
  Dim Permission As String = node.Item("permission")
  If Not Permission Is Nothing And authorized Then
    If context.User.Identity.IsAuthenticated Then
      ' Only check permission for known users
      Return PermissionManager.HasUserPermission(context.User.Identity.Name, Permission)
    Else
      ' The presence of a permission requires a known user
      Return False
    End If
  End If

Return authorized

End Function
End Class

The PermissionSiteMapProvider.zip file with this article includes the Provider solution and a sample web.config