ASP.net FAQS

Hi Guys,

I found a quite good ASP.net Faq which answer a lot of frequent asked questions.


Here is the link : http://www.syncfusion.com/FAQ/aspnet/

Introduction to Server-Side Data

Data access is the heart of any real-world application, and ASP.NET provides a rich set of controls that are well-integrated with the managed data access APIs provided in the common language runtime. This section walks through several iterations of a sample that uses the ASP.NET DataGrid control to bind to the results of SQL queries and XML data files. This section assumes some familiarity with database fundamentals and the SQL query language.
Server-side data access is unique in that Web pages are basically stateless, which presents some difficult challenges when trying to perform transactions such as inserting or updating records from a set of data retrieved from a database. As you'll see in this section, the DataGrid control can help manage these challenges, allowing you to concentrate more on your application logic and less on the details of state management and event handling.

http://samples.gotdotnet.com/quickstart/aspplus/doc/webdataaccess.aspx

Stop SQL Injection Attacks Before They Stop You

Armed with advanced server-side technologies like ASP.NET and powerful database servers such as Microsoft® SQL Server™, developers are able to create dynamic, data-driven Web sites with incredible ease. But the power of ASP.NET and SQL can easily be used against you by hackers mounting an all-too-common class of attack—the SQL injection attack.
The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database. How is this possible?

Links : http://msdn.microsoft.com/asp.net/articles/security/default.aspx?pull=/msdnmag/issues/04/09/sqlinjection/default.aspx

Cross-Site Scripting Protection

This is an article about cross-site scripting protection from MSDN
http://http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/scriptingprotection.asp


Adding Cross-Site Scripting Protection to ASP.NET 1.0

Scott HanselmanChief ArchitectCorillian Corporation
November 2003
Summary: ASP.NET 1.1 added the ValidateRequest attribute to protect your site from cross-site scripting. What do you do, however, if your Web site is still running ASP.NET 1.0? Scott Hanselman shows how you can add similar functionality to your ASP.NET 1.0 Web sites. (12 printed pages)
Contents
The ProblemC#-Eye for the IL GuyHttpModuleProgrammer IntentInstallation and ConfigurationThe ResultsConclusion
The Problem
I've got a customer that has deployed a site on Microsoft® ASP.NET and the Microsoft® .NET Framework 1.0. It's a large site, and they are a large customer, and as a large customer they tend to move, well, slow. We were in the middle of a large deployment when ASP.NET/Framework 1.1 came out. The team felt that it was too risky to move everything over to ASP.NET/Framework 1.1 so close to the finish line. So we decided to move to ASP.NET/Framework 1.1 later in the year. However, since we build complex e-banking Web sites that cross many lines of business and deal with folks' money, security is job #1 (or job #0 if you're zero based). The client has a requirement that we deal with cross-site scripting (often called "XSS") attacks aggressively.
XSS is a particularly sinister kind of hacking, where an l33t hx0r (elite hacker) or a "script kiddie" tries to retrieve personal information or fool a site into doing something it shouldn't do by entering JavaScript into a Web Form, or by encoding the script into a parameter in the URL. A simple example is a Web Form that has a single text box and a single button. The user enters their name into the text box and submits the form. The page then prints out "Hello firstname" by string concatenation, String.Format, a Response.Write or through a server-side label.

My first post

Hi, everyone

This is my first post. I hope I have more items in the near future. This blog is about my project that I am working on. Will update later.