Entries Tagged 'ASP.NET' ↓

A group placeholder must be specified on ListView

Now this is even more tricky than An item placeholder must be specified on ListView. For Visual Studio 2008 RTM Microsoft changed the whole GroupTemplate Design structure.

This MSDN Article is covering it pretty good, here’s what you have to do if you switched from Visual Studio 2008 Beta 2 to Visual Studio 2008 RTM:

1) Remove the ItemPlaceholderID=”xx” from your ListView, it should look like that (e.g.):

<asp:ListView ID=”ListView1″ runat=”server” DataKeyNames=”picID” DataSourceID=”LinqDataSource1″ GroupItemCount=”4″>

2) Have a LayoutTemplate organized like that:

<table align=”center” border=”0″ cellpadding=”15″ cellspacing=”15″ id=”layoutTemplate” runat=”server”>
<tr runat=”server” id=”groupPlaceholder” />

3) And a GroupTemplate in that kind of style:

<tr runat=”server” id=”ProductsRow”>
<td runat=”server” id=”itemPlaceholder” />

That’s all. If you try to set the new GroupPlaceHolderID in the ListView Tag the GroupTemplates won’t be formated correctly, I didn’t figure out why yet. This solution however is based on the MSDN Article and works.

An item placeholder must be specified on ListView – VS2008 RTM

This errors pops up as soon as you switched from Visual Studio 2008 Beta 2 to Visual Studio 2008 RTM. Here’s the exact error:

System.InvalidOperationException: An item placeholder must be specified on ListView ‘ListView1’. Specify an item placeholder by setting a control’s ID property to “itemPlaceholder”. The item placeholder control must also specify runat=”server”.

To fix this, replace every itemContainer occurrences with itemPlaceholder, recompile and it should work. Also note that the control which is targeted as itemPlaceholder does not render CSS or other attributes anymore, you have to set them on surrounding HTML tags now like a div or ul.

Visual Studio 2008 Final released!

There we go, Visual Studio 2008 Final has just been released, including the .NET Framework 3.5 Final Version.

Here are some instructions for the Install-Process from Scott Guthrie, especially if you were using VS2008 Beta 2:

People often ask me for suggestions on how best to upgrade from previous betas of Visual Studio 2008. In general I’d recommend uninstalling the Beta2 bits explicitly. As part of this you should uninstall Visual Studio 2008 Beta2, .NET Framework Beta2, as well as the Visual Studio Web Authoring Component (these are all separate installs and need to be uninstalled separately). I then usually recommend rebooting the machine after uninstalling just to make sure everything is clean before you kick off the new install. You can then install the final release of VS 2008 and .NET 3.5 on the machine.

Once installed, I usually recommend explicitly running the Tools->Import and Export Settings menu option, choosing the “Reset Settings” option, and then re-pick your preferred profile. This helps ensure that older settings from the Beta2 release are no longer around (and sometimes seems to help with performance).

Note that VS 2008 runs side-by-side with VS 2005 – so it is totally fine to have both on the same machine (you will not have any problems with them on the same box).

I really hope the final Release will fix some annoying bugs I was fighting with lately, although I expect this to be a much smoother release than Visual Studio 2005.

Quick Note to Silverlight Developers: You should wait until Microsoft released the updated Silverlight Tools for VS 2008, it’s expected within the next two weeks.

Futhermore Microsoft released a cool Training-Kit for the .NET Framework v3.5, grab it here. The Visual Studio 2008 and .NET Framework 3.5 Training Kit includes presentations, hands-on labs, and demos. This content is designed to help you learn how to utilize the Visual Studio 2008 features and a variety of framework technologies including: LINQ, C# 3.0, Visual Basic 9, WCF, WF, WPF, ASP.NET AJAX, VSTO, CardSpace, SilverLight, Mobile and Application Lifecycle Management.

Disable any LastActivityDate Updates for ASP.NET Membership

I recently built an ASP.NET Application which makes intensive use of the build in ASP.NET Membership Class. I use it to store the number of new messages for a particular user and stuff like that as it’s very comfortable to set those values:

System.Web.Profile.ProfileBase pB = System.Web.Profile.ProfileBase.Create(UserName);     pB["FriendApproval"] = ApprovalCount.ToString();

I use the LastActivityDate Value to show members who have been around recently. The strange thing had been that every now and then members popped up on the top who actually haven’t been online at all.

That happens because the LastActivityDate Value is updated on every Profile Info retrieval and every Profile Info Update by default. To disable this behavior you have to modify two Stored Procedures:

Remove this piece of code:

IF (@@ROWCOUNT &gt; 0)
UPDATE dbo.aspnet_Users
SET LastActivityDate=@CurrentTimeUtc
WHERE UserId = @UserId

Remove or comment out this piece of code:

UPDATE dbo.aspnet_Users
SET    LastActivityDate=@CurrentTimeUtc
WHERE  UserId = @UserId 

That’s it! Of course you have to take care of updating the LastActivityDate yourself now, I recommend adding a User Control to the MasterPage, put the Stored Procedure for Updating LastActivityDate (write one) in its codebehind and cache the control for about 5 Minutes, your server will thank you later.

Follow Up: Enable ValidateRequest in ASP.NET and still read HTML

Last week I read a great post on Mad’s Blog about Re-Enable Request Validation in ASP.NET. He built a javascript function which automatically HTMLEncodes the Text on Clientside when the User hits Submit by using Tagmapping and automatically HTMLDecodes it on server-side.

By using his technique you can still benefit of the ValidateRequest Security while allowing HTML in your forms.

Now to the Follow Up: If you use ASP:Panels on your webform and you hide specific Panels which do include Textboxes to show them just on specific events you run into a Javascript Error saying tb is null. That’s because the HTML Output which is dynamically created doesn’t contain the textbox when the Panel is hidden, although ASP.NET is executing the JS Statement for those hidden textboxes anyway and that’s when the Error pops up. You can fix that pretty easy by checking if tb is null, here’s Mad’s Code containing that little fix:

public class SafeTextBox : System.Web.UI.WebControls.TextBox
protected override void OnLoad(System.EventArgs e)
if (!Page.ClientScript.IsClientScriptBlockRegistered(Page.GetType(), "TextBoxEncode"))
System.Text.StringBuilder sb = new System.Text.StringBuilder();
sb.Append("function TextBoxEncode(id)");
sb.Append("var tb = document.getElementById(id);");
sb.Append("if (tb != null){"); //fix
sb.Append("tb.value = tb.value.replace(new RegExp('<', 'g'), '<');");
sb.Append("tb.value = tb.value.replace(new RegExp('>', 'g'), '>');");
Page.ClientScript.RegisterClientScriptBlock(Page.GetType(), "TextBoxEncode", sb.ToString(), true);

// Adds the function call after the form validation is called.
if (!Page.IsPostBack)
Page.Form.Attributes["onsubmit"] += "TextBoxEncode('" + ClientID + "');";

public override string Text
get { return base.Text; }
if (!string.IsNullOrEmpty(value))
base.Text = value.Replace("<", "<").Replace(">", ">");
base.Text = value;

Read Mad’s full article on how to implent this technique and be sure to turn ValidateRequest back on!

Validate your Redirects!

I usually keep an eye on what my web applications are doing every now and then. Recently I noticed some really strange redirects being fired from one of my older projects. Like redirects to specific IP adresses or curious subdomains, rather traditional addresses for e.g. phishing attacks.

After checking my redirect logic the problem was immediately clear, I didn’t validate my redirects in any way, lazy me. The following code is offers actually a great way for people to use your brand/domain for redirects to spam sites or even phishing sites:

string RedirctURL = Request.QueryString["r"].ToString();

Now someone could easily drop his URL into the QueryString: http://www.yourdomain.com/somesite.aspx?r=http://www.the-injected-url.com. So what you should do is, check if the input really belongs to your site or is something you really want to redirect to.

If you only redirect to internal sites you can just check the string for a double slash “//”, if it occurs, deny the redirect. If you also redirect to external sites you have to use a database and save all permitted redirect URLs in there.

Also, don’t be tricked by using System.URI.AbsolutePath, because Firefox and IE will transform an invalid URL to a valid URL:

// Returns "//www.url-to-injected-site.com/badstuff.aspx" which will work in FireFox and IE!
Uri link1 = new Uri("http://www.url-to-injected-site.com//www.url-to-injected-site.com/badstuff.aspx");

As you probably know you should always validate external inputs, don’t be lazy or you will be sorry later..

Tips for avoiding Spam Filters with System.Net.Mail

I recently noticed that automatic mails sent by one of my online shops were flagged as spam when using GMX, GMail or generally mail services which are using SpamAssassin to filter out spam.

Sending out plain text-mails is old and rusty, if you want to deliver pretty mails to your customers you have to use HTML, unfortunately there is no way around it, but how to make sure that those pretty HTML mails actually reach the customer? Spam filters like SpamAssassin treat HTML Mails as potentially dangerous, so you have to use HTML very carefully.

If you do use HTML Mails you have to create two kinds of Bodys, one HTML Mail Body and one PlainText Mail Body. I show you how to do this in C# / ASP.NET 2.0 by using the built-in System.Net.Mail Class after some general advices.

Here are some recommendations for a automatic HTML mails which are being sent out a hundred times per day:

  • Don’t forget to add <html><body>Your HTML Text/Code</body></html> to your HTML-Text-String
  • Try to stick with 1-3 Images in total. For example your Logo, a header background and a photo of the particular product.
  • Use HTML Tags with care. Set a good looking font like Arial, create listings, link tags, bold and italic texts and restrict yourself to create a well formed/layouted text, which is most important. Don’t even think about implenting an embed or object tag for including flash videos or anything like that.

SpamAssassin checks a lot of factors and is using a point-system for filtering out spam, here is a little snippet:

5.000 BAYES_99

The heaviest impact is BAYES_99, if your text sounds spammy, you are spam flagged. If you e.g. sell Viagra you shouldn’t list the product name in your confirmation mail ;-). Another example is MIME_HTML_ONLY, this hits your mail if you only supply HTML Text, without a seperated PlainText. I won’t explain every function in detail here, if you follow this HowTo you likely won’t run into any problems.

Let’s have a look on how to properly send a HTML Mail with the System.Net.Mail Class, in this case it is sending the Mail via Google Apps / GMail:

public void ExecuteHtmlSendMail(string FromAddress, string ToAddress, string BodyText, string Subject)
MailMessage mailMsg = new MailMessage();

mailMsg.From = new MailAddress(FromAddress);
mailMsg.To.Add(new MailAddress(ToAddress));
mailMsg.Subject = Subject;
mailMsg.BodyEncoding = System.Text.Encoding.GetEncoding(“utf-8″);

System.Net.Mail.AlternateView plainView = System.Net.Mail.AlternateView.CreateAlternateViewFromString
(System.Text.RegularExpressions.Regex.Replace(BodyText, @”<(.|\n)*?>”, string.Empty), null, “text/plain”);
System.Net.Mail.AlternateView htmlView = System.Net.Mail.AlternateView.CreateAlternateViewFromString(BodyText, null, “text/html”);


// Smtp configuration
SmtpClient smtp = new SmtpClient();
smtp.Host = “smtp.gmail.com”;

smtp.Credentials = new System.Net.NetworkCredential(“username”, “password”);
smtp.EnableSsl = true;


What’s important here: Setting the correct Encoding, in my case utf-8. Create a plainView and htmlView of the mail message. For the plainView I used a simple Regex statement for stripping out the HTML Tags. Add the plainView and htmlView to the AlternateViews Class of the Mail Message and finally send the mail, in my case via SSL, if you don’t know whether you have an Mailserver with SSL capabilities just ask your provider.

Using this construct you send out your HTML Mails as HTML Mail and Plaintext Mail and SpamAssassin is going to like you for that.

I use gmx.net for testing my mails as they are using a pretty well configured SpamAssassin and you can easily see the spam-flags by checking out the Header of the mail (also possible with GMail and hopefully every other mail application out there). An example of this:

X-GMX-UID: UNbaLmk4ZDI4zQ9QSmY2gY1xemhmY8Gs

A Spam-Score of 5 (=treated as Spam) and it’s telling me that I didn’t supply a PlainText Version of the Mail, after including that one all errors were gone.

Hope this saves some headaches 😉

kick it on DotNetKicks.com

ListView and GroupTemplate Example

A quick example on how to use the new GroupTemplate which is being featured by the new ListView Control of the .NET Framework v3.5.

The ListView templates follow a strong hierarchy:

LayoutTemplate [root item, container for ListView rendering]

  • GroupTemplate [Optional, required for tiled layout]
  • >> ItemTemplate
  • >> AlternatingItemTemplate
  • >> EditItemTemplate
  • >> InsertItemTemplate
  • >> ItemSeparatorTemplate
  • >> EmptyItemTemplate
  • >> SelectedItemTemplate
  • GroupSeparatorTemplate

and finally the EmptyDataTemplate (optional), which is only being displayed when there are no results for the DataSource. To be able to use the GroupTemplate you have to set a groupContainer and put the layoutTemplate inside the GroupTemplate Tag.

<asp:LinqDataSource ID=”LinqDataSource1″ runat=”server”
ContextTypeName=”DataClassesDataContext” TableName=”pics”>
</asp:LinqDataSource><asp:ListView ID=”ListView1″ runat=”server” DataKeyNames=”picID” DataSourceID=”LinqDataSource1″ ItemContainerID=”layoutTemplate” GroupItemCount=”2″>
<table id=”groupContainer” runat=”server”></table>
<tr id=”layoutTemplate” runat=”server”>
<a href=”<%# Eval(“picFileName”) %>”> a <%# Eval(“aspnet_User.UserName”) %></a>

By using the GroupTemplate you can produce tiled layouts which are e.g. needed for Image Galleries. However, as stated earlier you can only set a GroupItemCount at the moment, it would be great if we could get more options here for the final Release.

Side note:
The GroupSeparatorTemplate is displayed at the end of each GroupTemplate except the last one. The ItemSeparatorTemplate is displayed at the end of each ItemTemplate except the last one. The EmptyItemTemplate is displayed for filling up dummy columns when e.g. building a xhtml layout.

LinqDataSource and ListView – a Dream Team

I just finished my first fully driven LINQ ASP.NET Page in one of my Projects by using the LINQDataSource and ListView. Let’s have a quick look at the Code.

The LINQDataSource:

<asp:LinqDataSource ID="LinqDataSource1" runat="server"
ContextTypeName="sqlGFDataContext" EnableDelete="True" EnableInsert="True"
EnableUpdate="True" OrderBy="commentID desc" TableName="gf_game_comments" OnDeleted="lvComments_OnDeleted">

The ListView Control:

<asp:ListView ID="lvComments" runat="server"

<div id="layoutTemplate" runat="server" />

Zu <%# Eval("gf_game.URL") %>"><%# Eval("gf_game.Title") %> von <%# Eval("aspnet_User.UserName") %> am <%# Eval("commentDate") %><br />
<%# Eval("Comment") %>
<asp:Button ID="Button1" runat="server" CommandName="Edit" Text="Edit" />
<asp:Button ID="Button2" runat="server" CommandName="Delete" Text="Delete" />
<AlternatingItemTemplate >
<%# Eval("UserID") %>
<%# Eval("Comment")%>
<asp:Button ID="Button1" runat="server" CommandName="Edit" Text="Edit" />
<asp:Button ID="Button2" runat="server" CommandName="Delete" Text="Delete" />
Comment: <asp:TextBox  runat="server" id="txtComment" Text='<%# Bind("Comment") %>'></asp:TextBox>
<br />
<asp:Button ID="Button3" runat="server" CommandName="Update" Text="Update" />
<asp:Button ID="Button4" runat="server" CommandName="Cancel" Text="Cancel" /><br />
<asp:TextBox runat="server" ID="txtUserID" Text='<%# Bind("GameID") %>'></asp:TextBox>
<asp:TextBox  runat="server" id="txtAbstract" Text='<%# Bind("Comment") %>'></asp:TextBox>
<asp:Button ID="Button3" runat="server" CommandName="Insert" Text="Insert" />
<asp:Button ID="Button4" runat="server"
CommandName="Cancel" Text="Cancel" /><br />

And if you need to do some custom operations while the Delete Event is fireing you can hook it up really easy:

protected void lvComments_OnDeleted(Object sender, LinqDataSourceStatusEventArgs e)
var gc = (gf_game_comment)e.Result;

As you see you got access to the complete table object with all its data inside, it’s really comfortable.

All this stuff is almost working out of the box if you use the new LinqDataSource Control and enable support for Inserting, Updating and Deleting Data while binding the DataSource. It’s really amazing how easy this stuff got, you don’t even have to care about JOINS, LINQ is doing everything for you.

If you check the code on my ListView again you notice this Eval Code – Eval(“aspnet_User.UserName”) – I got access to this tablefield without writing any SQL Join. LINQ automatically checks the relations between your tables and sorts out the specific data. This could be another great step in productivity as you don’t have to take care of huge SQL Querystrings anymore.

More on this topic:
Scott Gu for setting up the ContextType (required for the LINQ DataSource): Binding UI using a LINQ DataSource
Rick Strahl for a quick Overview on the new Controls by using a SQLDataSource: ListView and DataPager in ASP.NET 3.5.

.NET 3.5 and HTMLEncoding on ASP.NET Controls

Watch out if you use Gridviews which display links or specific HTML in some columns. Since I upgraded to the .NET Framework 3.5 on my servers my Gridviews had HTMLEncoding turned on by default.

So you have to turn it off now manually via HtmlEncodeFormatString=”False”. I didn’t notice that at first but a customer quickly reported the missing links in the Gridview – the columns displayed plain HTML Text instead of a link.

Just fyi..

ListView and DataPager

Now I’m really missing my CopyToHTML Plugin back from Visual Studio 2005 :o. Here is a little example on how to use the new ListView Control and DataPager of the .NET Framework 3.5:

<asp:ListView ID=”ListView1″ runat=”server” DataSourceID=”SqlDataSource1″ ItemContainerID=”DataSection”>

StartLayout:<br /><br />
<div id=”DataSection” runat=”server”></div>
EndLayout!<br /><br />

<div class=”usRevs”>
<div class=”criticscore”>
<%# DataBinder.Eval(Container.DataItem, “Rating”)%></div>
<div class=”criticreview”>
<div class=”quote”>
<%# DataBinder.Eval(Container.DataItem, “Title”)%></div>


<asp:DataPager ID=”DataPager1″ runat=”server” PagedControlID=”ListView1″ PageSize=”4″>
<fields><asp:nextpreviouspagerfield ButtonType=”Button” ShowFirstPageButton=”True” ShowNextPageButton=”False” ShowPreviousPageButton=”False” /><asp:numericpagerfield />
<asp:nextpreviouspagerfield ButtonType=”Button” ShowLastPageButton=”True” ShowNextPageButton=”False”
ShowPreviousPageButton=”False” />

<asp:SqlDataSource ID=”SqlDataSource1″ runat=”server” ConnectionString=”<%$ ConnectionStrings:LocalSqlServer %>”
SelectCommand=”SELECT [Title],[Rating],[Description],[Developer] FROM [gf_game]”></asp:SqlDataSource>

That’s it, here is how it looks:
ListView Datapager

However, there is one big downside of the DataPager: If you build a Website which needs to score in SEO matters you wouldn’t want to use the DataPager. As of now the links to the pages look like that:


A SearchEngine won’t be able to follow this link, which means you eventually run into problems if you want to get a heavy paged site indexed in a SearchEngine by using the DataPager Module in that kind of way.

Here’s how it would need to look like for e.g. page 2:

yoururl.com/pagedsite.aspx?p=2 or even better: yoururl.com/pagedsite.aspx/2/

The PagerData Control is really amazing but if it’s missing the SEO aspect I can’t use it for my public SEO oriented sites..

UPDATE: Here you can find a querystring based DataPager built by Polita Huff: click. Great!

Opening an ASP.NET AJAX Project in Visual Studio 2008 Beta 2

Be careful when you open an ASP.NET AJAX Project in Visual Studio 2008 Beta 2! VS2008 thinks it’s a .NET Framework 3.5 Project at first and you will run into problems when you try to use the new controls as the web.config settings are still pointed to the 2.0 Settings. I tried to modify the System.Web.Extensions entries in the web.config manually but forunately there’s a much easier way:

How to fix this: Go to the project properties and convert it back to a .NET 2.0 project. Hit OK and go to the project properties once again. Now choose .NET 3.5 project and it will correctly modify the web.config so you will be able to use the 3.5 tools.

This is a little bug in Visual Studio 2008 Beta 2 which will probably be fixed in the next release.

Visual Studio 2008 Beta 2 released!

You can get the full release here and the smaller Express Edition here.

Some of the new features:

  • VS 2008 Multi-Targeting Support
  • VS 2008 Web Designer and CSS Support
  • ASP.NET AJAX and JavaScript Support
  • Language Improvements and LINQ
  • Data Access Improvements with LINQ to SQL
  • Lots of other improvements

Scott Guthrie added an important note for two things you should do after VS 2008 installation:

1) You should download and run this batch file. This takes only a few seconds to run, and fixes an issue we found earlier this week with the version policy of System.Web.Extensions.dll – which is the assembly that contains ASP.NET AJAX. If you don’t run this batch file, then existing ASP.NET 2.0 projects built with ASP.NET AJAX 1.0 and VS 2005 will end up automatically picking up the new version of ASP.NET AJAX that ships in .NET 3.5 Beta2. This will work and run fine – but cause you to inadvertently introduce a .NET 3.5 dependency in the applications you build with VS 2005. Running the batch file will change the version binding policy of the new System.Web.Extensions.dll assembly and ensure that you only use the new .NET 3.5 ASP.NET AJAX version with projects that you are explicitly building for .NET 3.5.

2) If you have ever installed a previous version of “Orcas” or VS 2008 on your machine (either Beta1 or one of the CTP versions), you need to reset your VS 2008 settings after installing Beta2. If you don’t do this, you’ll have an odd set of settings configured (some windows will be in the wrong place), and you’ll potentially see some IDE performance slowness. You can reset your settings by typing “DevEnv /resetsettings” on the command-line against the VS 2008 version.

Also note that this release features a Go-Live Licence, so let’s get ready for VS 2008 deployments 🙂

Visual Studio 2008 Install

Visual Studio 2008 Beta 2

Quick note: Scott Guthrie confirmed the Release of Visual Studio 2008 Beta 2 in the near future:

VS 2008 Beta2 should be available for free download in the next three weeks. It will support a go-live license.

Sounds great, I usually don’t like using Beta Software that much, especially as IDE, but for proper and comfortable WPF / Silverlight development this is a must.

Disable Button after ASP.NET Async Webservice Call

With ASP.NET Ajax and ASP.NET v2.0 it is a piece of cake to create an asynchronous Webservice these days.

However, what if that needs about 45 minutes or even longer to complete? You know your users, many people will hit the button again after 10 minutes because they think it will be faster that way, or they accidently double click it. Just imagine people standing at a traffic light and hitting the “Get Green Button” like a thousand times. The result of this is an unwanted increase of the server load by starting an additional webservice process with every click.

Here is a very easy solution to pretend this, add this to the Button which fires the async webservice call, in my case Button1:

   41 Button1.Attributes.Add(“onclick”, ” this.disabled = true; “ + ClientScript.GetPostBackEventReference(Button1, null) + “;”);

That’s it! The button will be disabled until the final PostBack is taking place. Of course your controls need to be in an UpdatePanel for this to work.