Dynamic User Directory returning Region and Country Text Values as Opposed to EntryID

Dynamic User Directory simple altering of SQL proc to work with DNN 7.4 and higher that stores Region and Country profiles as EntryID numbers

The attached code is a simple way to also include Region and Country Text and Values so you can use them in DUD item list and detail template:

LI.Text as CountryText,LI2.Text as RegionText,LI.Value as CountryValue,LI2.Value as RegionValue

1) make a backup of the stored proc[NocusNetworks_RetrieveDNNUserProfileData3]

using sql management studio and create it with a backup name

2) copy the following attached SQL data provider file and run it under Host / SQL of your site

3) then go to host/schedule and run the DUD scheduler

4) edit your DUD template and use RegionText / CountryText / RegionValue / CountryValue

A Solution to Performance Issues with Dynamic Forms

Makes a world of difference!

There have been some reports that Dynamic Forms can be very slow in edit mode and becomes cumbersome, especially when creating a large form with a variety of field types. Thanks to Peter Nuiten and Ernst Peter Tamminga of www.xcess.nl, we are happy to share a solution with you!

DNN Security Leak Bypassing Dynamic Registration

We found a workaround for this!

We’ve come across a situation that we want to share with you. Several customers using Dynamic Registration were finding that people were able to bypass this and somehow get to the standard DNN registration without the extended fields. Apparently, this was done by simply adding “?ctl=register” to the URL. Here’s a workaround that was helpful to one of our clients (thanks, Bob!).

JavaScript Getting Started Guide

JavaScript Getting Started Guide w/ JavaScript examples, error handling, and popular functions…

JavaScript is a straight-forward scripting language used for client-based Web development.  Despite the name, JavaScript is not related to Java other than in its general approach of using a C-like syntax in the language structure. Originally developed at Netscape under the name Mocha, it was later renamed to LiveScript and then JavaScript. Microsoft’s version of the language was sold as JScript to avoid copyright issues.

Installing SQL Server 2008

The new release of Microsoft SQL Server 2008 has been announced in August 2008. This version of SQL Server provides powerful new capabilities that were developed with the customer in mind. SQL Server is considered the leading database platform in both scalability and performance.

Installing AJAX on Windows Server / AJAX Toolkit

installing AJAX within IIS / Windows Server and AJAX Toolkit for Visual Studio

AJAX (Asynchronous Javascript & XML) is a technology that aims to make the web truly interactive. With Ajax, you can avoid a full postback that causes the entire page to refresh. Instead you can change specific areas of the page, and develop an application that mimics very closely the functionality and the responsiveness of a traditional Windows application.

SQL Server Reporting Services – From query to report!

Who Needs SQL Server’s Reporting Services?

If you’ve mastered SQL Server, you’re a database administrator for SQL Server, you’re writing data-driven applications, or you’re just tired of writing SQL statements to retrieve the data your users need and dump them to an Excel worksheet, it’s time to explore a total reporting solution that will enable you to deliver the necessary reports to the right people. SQL Server Reporting Services is such a solution; it’s a flexible, powerful, scalable business intelligence tool. Sure, Reporting Services is also a reporting tool, but this description doesn’t make justice to the product. SQL Server Reporting Services is a system for designing, deploying, managing and delivering reports based on SQL databases

Quick Guide to ADO.NET Entity Framework

A Quick Guide to Using Entity Framework (ADO.NET)

If you’ve spent some years developing applications you are almost absolutely certain to be familiar with SQL. It is powerful but it is certainly not convenient to have to learn a completely different syntax and programming language to work with your data.

Backup & Restore Databases using MSDE

SQL Server Desktop Engine (which is also known as MSDE 2000) is a database engine designed to run in the background, supporting Microsoft applications without the need for a full-blown SQL Server installation. Unfortunately, MSDE does not have a user interface of its own, relying on manipulation of the databases to the applications that use it. While MSDE works well, there are administration tasks that need to be performed that are seldom part of an application that uses the engine, and the most important of these tasks is backing up the databases themselves.

How to Make LINQ Work For You in ASP.NET

LINQ TO SQL, LINQ TO XML

Secure Data – SSL Certificates Part 2

Purchasing an SSL Certificate

A typical Certificate Authority (and one widely used in the US) is www.godaddy.com. Through godaddy.com you can buy a standard SSL Certificate (which just verifies your domain exists) for as little as $14.99 per year depending on their current promotions. Or you can buy a higher level of SSL Certificate (with godaddy.com verifying your company information) for up to $499.99 per year, depending on the SSL Certificate required. You can also obtain a free 90-day SSL Certificate from www.instantssl.com, if you want to experiment with SSLs (you can, of course, renew your free SSL Certificate after the 90 days).

To show the process for buying and applying an SSL Certificate to your Web site, we’ll buy and set up a basic SSL Certificate from godaddy.com (the steps are very similar to all other Certificate Authorities). The process starts with choosing the certificate level and add-ons you want to buy:

Secure Data – SSL Certificates Part 1

Secure Data – SSL Certificates

Keeping information secure on the Internet is not a trivial task.  The Internet was not designed to hide data: instead, data is sent with no protection at all from snooping.  With the development of the World Wide Web, and the growth of e-commerce, the need for protecting customer information, including personal data such as address, credit card numbers, and identity numbers became critical.  A number of techniques were developed, but one has become a standard for the Web: SSL.

When you connect to a web server from your browser, the connection is almost always without any protection at all.  However, most e-commerce sites have adopted SSL as a way of protecting both their customers and their own information.  You can tell when SSL is in use by the URL changing to “https” instead of “http” and the lock icon appearing on the browser window.  On newer browsers, the entire URL entry field turns green to show when an SSL connection is in place.

But what is SSL?  And, more importantly, how do you set up your own web server to use SSL?  That’s what we’ll look at here.

Secure Programming Tips – Cookie Creation & Session Management

Cookie Creation and Session Management

Cookie Creation and Session Management

Due to the stateless nature of how HTTP works, it’s virtually impossible for a web server to differentiate one request from another. As developers, it is imperative for us to implement some sort of session management to identify one user’s request from that of another. Most modern programming languages and web servers have mechanisms in place that ease management of users’ sessions by creating Session IDs. These session IDs help identify unique user requests. However, session IDs are often an attack target where a malicious user might attempt to guess a valid session ID in an attempt to hijack a current user’s session. Another similar attack would consist of a malicious user attempting to predict a future session ID. If a future session ID could be predicted, the malicious user could send a request to the server containing the future session ID and attempt to hijack a user’s session after that session ID was assigned.

The strength of a session ID is directly related to its length and the number of unique characters used to create it. The more characters the session ID contains, generally the more secure it will be. Ideally, a session ID should be at least 128 bits of entropy, which equates to about 16 characters in length. ASP.NET session IDs are 120 bits, but they have the added value of being signed and encrypted which all but ensures their security. ASP.NET session IDs are similar to GUIDS (Globally Unique Identifiers) and are virtually guaranteed to never repeat. If you are not using a language that generates session IDs or it generates session IDs that aren’t of sufficient size and strength, it is imperative that you, the developer, implement secure session IDs that are safe from attack.

In the event the web server you are using doesn’t support sessions, then the implementation of cookies is the best way to handle session management. Cookies are basically just pieces of data that can be persistent (stored on the user’s machine) or non-persistent (only available while browser is open and session is active). Before using cookies, it’s important to understand how to use them in a secure manner. The rest of this article will focus on the following areas of cookie security.

·         Persistent vs. Non-Persistent

·         Clear Text/Encoding/Encryption

·         Security Issues of Poor Implementation

First, let’s get an understanding of what a cookie actually is and why it is used. Cookies are nothing more than pieces of text that are transmitted from the web server to the user’s browser. Why are cookies used? Generally, cookies are used to determine the authentication or authorization rights of a user; they can be used to track which items a user has added to his shopping cart in an e-commerce website. They can also be used to track a user’s actions within an application to determine preferences. These preferences can then be used for targeted advertising.

Now that we know what a cookie is, let’s clear up some misconceptions on what a cookie isn’t. Cookies are not harmful, at least not in the context that they can cause harm to your computer system. Since cookies are nothing more then text and not executable code, it’s virtually impossible for them to be used maliciously like a virus or worm. The general concern associated with cookies has to do with a person’s browsing privacy. Because cookies can be used to track a user’s preferences and internet browsing patterns, they can be used to track what websites you have visited. In a corporate environment this could be an issue if employees are accessing websites that are in violation of a company’s internet usage policy. So, now that we know what cookies are and what they aren’t, as well as why they are used, let’s move on to understanding how developers can use them safely and securely within their applications.

What is the difference between a persistent and non-persistent cookie? A persistent cookie is data that is saved to a user’s machine. A common scenario when a persistent cookie would be created is when a user logs into an application and chooses to have their identity remembered, such as using the “remember me” functionality of a site during the login process. The persistent cookie contains information that identifies the user on subsequent visits to the site. The cookie may allow the user to bypass the login functionality and gain automatic access into the site itself. A non-persistent cookie is data that is only available while the user’s browser is still open and the session is active. If the user explicitly logs out of the application or closes their browser the non-persistent cookie is destroyed. None of the data associated with a non-persistent cookie is written to the user’s machine.

You should never store sensitive or personally identifiable information, such as social security numbers, account numbers, or passwords, in a persistent cookie. When making the determination on whether to encrypt or encode the data or leave it in plain text is up to developer preference. However, it is recommended to encrypt any cookie data that is used as a part of the applications logic, such as if a cookie value is used to hide or display a link on the page. In the examples below we’ll look at some common security issues that can arise when cookies are implemented incorrectly.