4GuysFromRolla.com Headlines

Most ASP.NET applications include a number of configuration settings, such as connection strings, mail server settings, system-wide default settings, and so forth. While these settings could be hard-coded in the source code, it"s usually a wiser idea to place them in a configuration file, such as Web.config. The reasoning being that if these values need to be modified, editing a configuration file is a lot easier than updating the code, rebuilding, and re-deploying.

We can define custom configuration sections in Web.config that conforms to a pre-determined XML schema. For example, our web application might have a couple of scalar configuration settings (quoteOfTheDay and yourAge) as well as a collection of settings (favoriteStates) where each setting in the collection can have its own scalar values (name and abbreviation, let"s say). This configuration information could be expressed in Web.config using the following XML markup:

<ScottsSettings
     quoteOfTheDay="Hello, World!"
     yourAge="28">
   <favoriteStates>
      <add name="California" abbreviation="CA" />
      <add name="Missouri" abbreviation="MO" />
      <add name="Illinois" />
   </favoriteStates>
</ScottsSettings>

In Creating Custom Configuration Sections in Web.config we examined a technique for parsing the XML in custom configuration section that works in both ASP.NET 1.x and 2.0 applications. This required writing a bit of code. ASP.NET 2.0 applications, however, can utilize .NET 2.0"s new configuration API, which makes creating custom configuration sections much easier. Read on to learn more!
Read More >

The Health Monitoring system in ASP.NET 2.0 is designed to monitor the health of a running ASP.NET application in a production environment. It works by recording event information to a specified log source. The .NET 2.0 Framework includes a variety of built-in events that can be used by the Health Monitoring system, including events for monitoring application re-starts and stops, unhandled exceptions, and failed authentication attempts, among others. The .NET Framework also include support for logging these events to the Windows event log, to a Microsoft SQL Server database, via WMI, in an email, and to the ASP.NET page tracing system. As we saw in The Basics, when using the out-of-the-box events and log sources, the Health Monitoring system can be setup and configured entirely through Web.config without needing to write a single line of code!

In this article we will continue our exploration of the built-in events and log sources. In particular, we will look at the WebFailureAuditEvent event, which is raised when there is a security audit failure. We will also look at the SimpleMailWebEventProvider event provider, which, as its name implies, sends event information via email. Read on to learn more!
Read More >

The Health Monitoring system in ASP.NET 2.0 is designed to monitor the health of a running ASP.NET application in a production environment. It works by recording event information to a specified log source. The .NET 2.0 Framework includes a variety of built-in events that can be used by the Health Monitoring system, including events for monitoring application re-starts and stops, unhandled exceptions, and failed authentication attempts, among others. The .NET Framework also include support for logging these events to the Windows event log, to a Microsoft SQL Server database, via WMI, in an email, and to the ASP.NET page tracing system. As we saw in The Basics, when using the out-of-the-box events and log sources, the Health Monitoring system can be setup and configured entirely through Web.config without needing to write a single line of code!

In this article we will continue our exploration of the built-in events and log sources. In particular, we will look at the WebFailureAuditEvent event, which is raised when there is a security audit failure. We will also look at the SimpleMailWebEventProvider event provider, which, as its name implies, sends event information via email. Read on to learn more!
Read More >

Software engineering involves a number of important stages that occur before the application is deployed, such as requirements analysis, design, coding, and testing. The software engineering process, however, does not end once an application has been deployed and is being used. Regardless of how well designed, coded, and tested a web application may have been, there will invariably be hiccups. The database server may go offline, the website might be experiencing an unexpected heavy load, or there may be a hardware failure on the web server itself. And, unless the application is trivial or you are a programming god, there are bound to be bugs that will weild their nasty little heads every now and then.

To help detect and diagnose problems, it is important that key web application metrics and information are monitored and logged. There are a number of open-source and Microsoft-created libraries to help with with logging unhandled exceptions and notifying developers. See Gracefully Responding to Unhandled Exceptions - Processing Unhandled Exceptions for information on how to log unhandled exceptions.

ASP.NET version 1.x did not include any built-in logging and notification system and therefore required a little bit of code or configuration effort from the developer. ASP.NET 2.0, however, provides built-in Health Monitoring facilities that make it a snap to configure a website to record events to the event log, a database, via WMI, in an email, or to the ASP.NET page tracing system. Moreover, the Health Monitoring system was created using the provider design pattern, making it possible to implement our own logging logic.

This is the start of a series that explores the ASP.NET 2.0 Health Monitoring system. In this article we will examine the basics of Health Monitoring and see how to setup Health Monitoring to log events to a SQL Server database. Read on to learn more!
Read More >

Software engineering involves a number of important stages that occur before the application is deployed, such as requirements analysis, design, coding, and testing. The software engineering process, however, does not end once an application has been deployed and is being used. Regardless of how well designed, coded, and tested a web application may have been, there will invariably be hiccups. The database server may go offline, the website might be experiencing an unexpected heavy load, or there may be a hardware failure on the web server itself. And, unless the application is trivial or you are a programming god, there are bound to be bugs that will weild their nasty little heads every now and then.

To help detect and diagnose problems, it is important that key web application metrics and information are monitored and logged. There are a number of open-source and Microsoft-created libraries to help with with logging unhandled exceptions and notifying developers. See Gracefully Responding to Unhandled Exceptions - Processing Unhandled Exceptions for information on how to log unhandled exceptions.

ASP.NET version 1.x did not include any built-in logging and notification system and therefore required a little bit of code or configuration effort from the developer. ASP.NET 2.0, however, provides built-in Health Monitoring facilities that make it a snap to configure a website to record events to the event log, a database, via WMI, in an email, or to the ASP.NET page tracing system. Moreover, the Health Monitoring system was created using the provider design pattern, making it possible to implement our own logging logic.

This is the start of a series that explores the ASP.NET 2.0 Health Monitoring system. In this article we will examine the basics of Health Monitoring and see how to setup Health Monitoring to log events to a SQL Server database. Read on to learn more!
Read More >

In December 2004 the National Oceanic and Atmosphere Administration (NOAA) unveiled a Web service for accessing weather forecasts for locations within the United States. To demonstrate using this service and Web services in general, I wrote an article titled Display Local Weather Forecasts with the NOAA"s Web Service, in which we built a custom Web control named MultiDayForecast that displayed weather forecast information.

In the two years since the Display Local Weather Forecasts with the NOAA"s Web Service article was authored, the NOAA has made a few breaking changes to their service, thereby breaking the MultiDayForecast control. I"ve since updated the MultiDayForecast control to handle these breaking chnages, as well as making it easier to handle future changes. This article details the NOAA"s breaking changes and the steps taken to update the MultiDayForecast control. Read on to learn more!
Read More >

In December 2004 the National Oceanic and Atmosphere Administration (NOAA) unveiled a Web service for accessing weather forecasts for locations within the United States. To demonstrate using this service and Web services in general, I wrote an article titled Display Local Weather Forecasts with the NOAA"s Web Service, in which we built a custom Web control named MultiDayForecast that displayed weather forecast information.

In the two years since the Display Local Weather Forecasts with the NOAA"s Web Service article was authored, the NOAA has made a few breaking changes to their service, thereby breaking the MultiDayForecast control. I"ve since updated the MultiDayForecast control to handle these breaking chnages, as well as making it easier to handle future changes. This article details the NOAA"s breaking changes and the steps taken to update the MultiDayForecast control. Read on to learn more!
Read More >

Two previous article of ours, An Overview of Cryptographic Systems and Encrypting Database Data and Using Symmetric Encryption in a SQL Server 2005 Database, explored cryptosystem fundamentals and looked at encryption support in Microsoft SQL Server 2005. We compared and contrasted symmetric and asymmetric encryption, examined SQL Server 2005"s key management, and saw examples of how to use T-SQL commands to create symmetric keys and to use these keys to encrypt and decrypt data.

In this article - the final one of the series - starts with a look at the T-SQL commands for performing asymmetric encryption and decryption. Next, we discuss using digital signatures as a means for ensuring the integrity of the encrypted data. This article concludes with an ASP.NET 2.0 website example that ties together the lessons learned throughout this article series. Specifically, the database used by this ASP.NET application stores customer information with the customer"s credit card information encrypted. An ASP.NET page provides a means to view the sensitive information in plaintext as well as a means to add new customers to the database with the credit card information properly encrypted. Read on to learn more!
Read More >

Two previous article of ours, An Overview of Cryptographic Systems and Encrypting Database Data and Using Symmetric Encryption in a SQL Server 2005 Database, explored cryptosystem fundamentals and looked at encryption support in Microsoft SQL Server 2005. We compared and contrasted symmetric and asymmetric encryption, examined SQL Server 2005"s key management, and saw examples of how to use T-SQL commands to create symmetric keys and to use these keys to encrypt and decrypt data.

In this article - the final one of the series - starts with a look at the T-SQL commands for performing asymmetric encryption and decryption. Next, we discuss using digital signatures as a means for ensuring the integrity of the encrypted data. This article concludes with an ASP.NET 2.0 website example that ties together the lessons learned throughout this article series. Specifically, the database used by this ASP.NET application stores customer information with the customer"s credit card information encrypted. An ASP.NET page provides a means to view the sensitive information in plaintext as well as a means to add new customers to the database with the credit card information properly encrypted. Read on to learn more!
Read More >

As the attacks in which hackers use become more and more sophisticated, and the programs in which they attack become increasingly complex, encryption is becoming the last line of defense in database management system (DBMS) security. A previous article of ours, An Overview of Cryptographic Systems and Encrypting Database Data, compared and contrasted symmetric and asymmetric encryption and discussed key database encryption concepts, including key management, authentication, authorization, and so on. The article also briefly touched upon encryption capabilities of Microsoft SQL Server 2005.

In this article we will expand upon the first and look at how, specifically, to encrypt the data in a SQL Server 2005 database using symmetric encryption techniques. We"ll start with examining the facilities for managing keys in SQL Server and then explore symmetric encryption in SQL Server 2005. A future article will look at using asymmetric encryption. Read on to learn more!
Read More >