Brant Burnett's Development Blog » ASP.NET

Simplify Asynchronous Javascript Loading In ASP.Net Using LABjs

Brant Burnett — Wed, 27 Jan 2010 21:41:48 +0000

LABjs is an excellent javascript library that performs asynchronous loading of javascript files. This can help to greatly increase the load speed of your web pages. Now, instead of blocking while one file is being downloaded, other scripts further down the chain can be downloaded while waiting. On top of that, it can maintain processing order, waiting to process certain scripts until others are complete, and optionally executing code on completion.

All of this is great for the client side. But how do you define which scripts to include in the LABjs chain on the server side?

Since for work I primarily operate in ASP.Net, I’ve created an ASP.Net solution to the problem, LABjs.Net. This library provides two key controls, LabScriptManager and LabScriptManagerProxy. These controls loosely follow the behavior of the AJAX ScriptManager and ScriptManagerProxy controls, at least their script loading aspects.

Key supported features include:

Refer to script files using application relative paths (i.e. ~/js/jquery.min.js)
Load script files from assembly resources
Specify if debug or release scripts should be used, or use the debug setting from the web.config file
Ability to set any of the options provided by LABjs
Include wait() calls in the chain, and provide inline functions to be executed after the wait
Use LabScriptManagerProxy to add scripts and waits to the chain in content pages and user controls
Use LabActionGroup inside LabScriptManagerProxy to add script() calls at a specific point in the primary chain
LABjs debug and release versions are embedded in the DLL and automatically referenced, but you can opti0nally override this with your own URL
Experimental support for the cdnLABjs library I am working on, which provides automatic failover to a local file if a file fails to load from a CDN (for information about why, see Using CDN Hosted jQuery with a Local Fall-back Copy)

Below you will find links to the current release candidate, 1.0rc1. Please review it and give me any feedback you might have.

Download Binaries
Readme File
Git Repository

Update 2/8/2010: Updated to version 1.0rc4

jQuery.Net

Brant Burnett — Sat, 02 May 2009 14:49:25 +0000

In the last few months, I’ve discovered jQuery and jQuery UI, which are a pair pretty awesome of open source javascript libraries. I know, I’m a little behind the times here, but all I can say is “Wow”. Frankly, using jQuery makes the AJAX library that comes with .NET 3.0/3.5 from Microsoft seem foolish and clunky. I’ve now transitioned away from using Microsoft’s open source AJAX Control Library, instead choosing to use jQuery.

The only downside of using jQuery with ASP.Net is the lack of integration. They now include a vsdoc file which helps with Intellisense, but there’s a long way to go. For simplicity, I’m still using Microsoft’s AJAX code for their page methods and UpdatePanels, and primarily using jQuery for the client side controls and animations.

I’ve written a library to help with the creation of ASP.Net server controls that utilize jQuery. I’m calling it, very creatively, jQuery.Net. You can access the code and binaries for the library on github, the link’s below.

jQuery.Net Git Repository

Appending Text To The Titles Of All Web Pages

Brant Burnett — Sun, 31 Aug 2008 16:35:00 +0000

Have you ever wanted to add a text string, like an application name, to the title of all your web pages. It’s easy to do using the control adapters available in ASP.NET 2.0 and later. First, create a new .browser file in the App_Browsers folder of your application, or add this entry to an existing file. Be sure to substitute MyNamespace for the correct namespace where the class is located.

<browsers>

  <browser refID="Default">
    <controlAdapters>
      <adapter controlType="System.Web.UI.HtmlControls.HtmlHead"
               adapterType="MyNamespace.TitleAdapter" />
    controlAdapters>
  browser>

browsers>

Now create the TitleAdapter class that is referenced by the .browser file:

Imports System.Web.UI.Adapters

Public Class TitleAdapter
    Inherits ControlAdapter

    Private Shared _titleAppendString As String = " - Your Application Name Here"
    Public Shared Property TitleAppendString() As String
        Get
            Return _titleAppendString
        End Get
        Set(ByVal value As String)
            _titleAppendString = value
        End Set
    End Property

    Protected Overrides Sub Render(ByVal writer As System.Web.UI.HtmlTextWriter)
        MyBase.Render(New TitleAdapterHtmlTextWriter(writer, TitleAppendString))
    End Sub

End Class

And finally, create the HtmlTextWriter that is referenced by the control adapter:

Public Class TitleAdapterHtmlTextWriter
    Inherits HtmlTextWriter

    Public Sub New(ByVal writer As HtmlTextWriter, ByVal appendString As String)
        MyBase.New(writer)
        InnerWriter = writer.InnerWriter

        _appendString = appendString
    End Sub

    Public Sub New(ByVal writer As System.IO.TextWriter, ByVal appendString As String)
        MyBase.New(writer)
        InnerWriter = writer

        _appendString = appendString
    End Sub

    Private _appendString As String

    Private _renderingTitle As Boolean = False
    Private _nestedCount As Integer

    Public Overrides Sub RenderBeginTag(ByVal tagName As String)
        If _renderingTitle Then
            _nestedCount += 1
        ElseIf String.Equals(tagName, "title", StringComparison.InvariantCultureIgnoreCase) Then
            _renderingTitle = True
            _nestedCount = 0
        End If

        MyBase.RenderBeginTag(tagName)
    End Sub

    Public Overrides Sub RenderBeginTag(ByVal tagKey As System.Web.UI.HtmlTextWriterTag)
        If _renderingTitle Then
            _nestedCount += 1
        ElseIf tagKey = HtmlTextWriterTag.Title Then
            _renderingTitle = True
            _nestedCount = 0
        End If

        MyBase.RenderBeginTag(tagKey)
    End Sub

    Public Overrides Sub RenderEndTag()
        If _renderingTitle Then
            If _nestedCount > 0 Then
                _nestedCount -= 1
            Else
                _renderingTitle = False
                Write(_appendString)
            End If
        End If

        MyBase.RenderEndTag()
    End Sub

End Class

Note that you can edit the text string in the TitleAdapter class. Additionally, it is a static variable so you can alter it at startup from a database column in your Global.asax file.

Application To Generate ASP.NET Machine Keys

Brant Burnett — Tue, 26 Aug 2008 16:25:00 +0000

Frankly, it’s always a pain to create ASP.NET machine keys for each of your web applications. I’ve written a little helper app that creates the section for your web.config file for you, with options for various encryption and validation algorithms.

Special thanks go to Ben Strackany, who’s article ASP.NET: MachineKey Generator I used as my starting point.

Download MKGen 1.0.0.0

Update To Partial Authentication System

Brant Burnett — Tue, 26 Aug 2008 16:01:00 +0000

I’ve posted an update to the Partial Authentication System that fixes the following minor bugs:

Fixed bug where PartialAuthentication properties weren’t always initialized after application reload
Fixed bug where invalid authentication tickets were raising exception instead of ignoring them

You can download the new source code and binaries here:

Partial Authentication System 1.0.1.1 Source and Binary

Easily Work With Differing Time Zones In An ASP.NET 3.5 Application

Brant Burnett — Wed, 18 Jun 2008 09:36:00 +0000

When working with ASP.NET applications, time zones are often a problem when dealing with
DateTime structures. There are two different common scenarios that a developer is likely
to encounter. The first is that you are placing the application on a hosted server
that is in a different time zone than the business you are trying to operate. The second
is that you have users from different time zones and would like to display the date and time
to the user in their local time zone rather than the server’s time zone.

Hosted Time Zone addresses this problem by providing two settings. ApplicationTimeZone sets
the time zone to be used by the entire application. ThreadTimeZone sets the time zone to be
used by the currently running thread, which defaults to the ApplicationTimeZone if no time
zone has been specified on the thread. If you are using ThreadTimeZone then you need to be
sure to set the value for each request made to the server. You will usually do this in your
global.asax file, such as in the Application_BeginRequest handler.

To actually perform the conversions you can call the ToAppTime, FromAppTime, ToThreadTime, or
FromThreadTime static methods on the ApplicationTimeZone class. Additionally, extension methods
have been declared for the DateTime and DateTimeOffset classes that perform the same functions
more cleanly. In order for the extension methods to work you must import the HostedTimeZone
namespace.

You should note that there are not any overloads for FromAppTime or FromThreadTime for the
DateTimeOffset class. This is because the ToLocalTime method of DateTimeOffset performs the
same function, so they would be redundant.

This library requires the TimeZoneInfo class, which is not available until the .NET Framework 3.5.
Therefore, it is not compatible with ASP.NET 2.0 or earlier.

Hosted Time Zone 1.0.0.0

Using URL Rewriting With Web Parts

Brant Burnett — Tue, 10 Jun 2008 16:00:00 +0000

Web parts are a great new system for allowing personalization of web sites by end users that
was introduced in ASP.NET 2.0. However, it isn’t useful when used in combination with
URL rewriting.

URL rewriting allows you to respond to requests from dynamic URLs by redirecting the handling
to a different .ASPX file on your server. This can be used to make your URLs more readable
and improve your search engine optimization (SEO), instead of using long query parameters.
Some example systems for implementing this are UrlRewriter.net and UrlRewriting.net.

When you use web parts in combination with a rewritten URL, the web parts will all be shared by
all of the URLs that are rewritten to the same .ASPX file. This library corrects this
by replacing the WebPartManager with RewritableWebPartManager and the SqlPersonalizationProvider
with RewritableSqlPersonalizationProvider.

It also provides additional functionality in the form a personalization levels. This allows you
to share common personalization settings amonst multiple URLs. When a user is browsing, if no
personalization is specified at a particular level, the personalization defined at a higher level
is displayed instead. For example, in a web store scenario you can allow the store operators to
provide shared personalization that all users will see. Using levels, they can set personalization
that will appear on all item pages, such as a disclaimer, and then override that personalization
with a different disclaimer on a specific item’s page.

More information can be found in the readme file included in the download.

Rewritable Web Parts Library 1.0.0.0

Update To Partial Authentication System

Brant Burnett — Wed, 28 May 2008 17:39:00 +0000

I’ve posted an improvement to the Partial Authentication System originally posted at Secure Persistent ASP.NET Forms Authentication.

I discovered a problem in the automatic redirection of requests back to HTTP from HTTPS using the requiresSSL=”None” setting in the authorization section. Since most sites would set this to none for their root folder, this caused a problem with the links generated by ASP.NET and AJAX to WebResource.axd and ScriptResource.axd, which are logically (not physically) located in the root of the web application. If you have a secure page in another folder which requests these resources, they were being redirected back to an insecure connection, causing a potential security flaw and causing Firefox to display warnings about partial security.

This has been addressed by ignoring the requiresSSL=”None” setting for a request for any file with the “.axd” extension, effectively treating it as requiresSSL=”Optional” instead. Note that requiresSSL=”Required” is still enforced as normal for files with this extension.

I’ve posted new source and binaries for download.

UPDATE: Please see updated version here

Secure Persistent ASP.NET Forms Authentication

Brant Burnett — Tue, 13 May 2008 14:08:00 +0000

While the ASP.NET Forms Authentication system is a great system for authentication, it has one significant shortcoming for a lot of sites. You can either only restrict it to always pass the authentication cookies in a secure manner or always pass them even if the connection is not secure. There is no intermediate method of authentication available to you. This means that if you are operating a web store you have a problem.

Normally, a web store wants the customer identified as soon as they come to the site, and throughout the shopping experience. However, when the user goes to edit their account or checkout, you want to switch them to a secure mode. In order to be secure, the cookie used to authenticate them for checkout must be restricted to SSL connections. This means that to maintain their login, you would have to remain in SSL from the moment they sign in forward, which adds a lot of unnecessary server load. Plus, it can cause headaches with external content you might want to include on your page that isn’t encrypted.

The solution is to modify the forms authentication system to use a pair of cookies. One is valid only to identify you but not access secure functions, doesn’t require SSL to be transmitted, and is persistent across sessions. The other is a full authentication and requires SSL to be transmitted.

The basic method this system uses is adding two additional HttpModules to your web.config file, PartialAuthenticationModule and PartialAuthorizationModule.

The PartialAuthenticationModule works by adding to the existing FormsAuthenticationModule. The FormsAuthenticationModule is used as normal to process authentication for the secure authentication cookie (requireSSL should be set to true for the forms module in web.config). The PartialAuthenticationModule kicks in after the FormsAuthenticationModule. If there is no user on the current request (i.e. not a secure request, so client didn’t transmit the cookie) then the user is added to the context from the secondary insecure cookie instead. The user that is added will have the “Partial” AuthenticationType instead of “Forms”. In case the login has changed, it will also clear the old secondary cookie if the username doesn’t match with the secure cookie.

The PartialAuthorizationModule processes later in the request life cycle. It uses the section of the section of your web.config files to identify security requirements on each folder. You just add a web.config file to each subfolder as required. This section supports two key fields. requiresLogin is either true or false, and specifies if the folder requires a secure login using the primary FormsAuthentication cookie. It verifies this by checking the AuthenticationType on the logged in user. The second field is requireSSL, which can be None, Optional, or Required. This will automatically redirect the request to or from https based on how you want the folder to be handled. This allows you to use normal app-relative URLs throughout your application without worrying about switching to and from https. Normally, for most folders you would use requiresLogin=”false” and requireSSL=”None”, and for secure folders you would use requiresLogin=”true” and requireSSL=”Required”.

I’ve also implemented a PartialAuthentication static class that is very similar to the FormsAuthentication static class. It actually uses a lot of the methods from the FormsAuthentication class to help it with a lot of the processing. In particular, you should switch any login or logoff code to use the methods in the PartialAuthentication class instead of FormsAuthentication. This will create or remove both of the necessary cookies. To sign off a user from the secure section but still leave the persistent insecure cookie, use the FormsAuthentication.SignOff method instead.

As far as security is concerned, the partial authentication cookie is generated using a FormsAuthenticationTicket just like with FormsAuthentication. It only difference is that the name of the cookie is prepended to the username in the ticket, and on decryption that string is validated. This prevents a client from editing their cookie file to set the secure cookie to have the same value as the insecure cookie. The cookies are encrypted using the same machine authentication keys as the forms authentication tickets, so they should work on web farms in the same manner.

Please note that this library is designed for .NET 3.5 and Visual Studio 2008, though it should be easily
convertible back to .NET 2.0 if you change the project settings.

UPDATE: Please see updated version here

Fix To GroupedUpdatePanel

Brant Burnett — Mon, 28 Apr 2008 14:59:00 +0000

After further testing, I discovered a bug in my GroupedUpdatePanel. It didn’t always function correctly when the postback was initiated by a child control with ChildrenAsTriggers set to true. Any UpdatePanels declared after the initiated panel would update, but those before would not. I’ve corrected this, though it’s now a bit more complicated. There is an processing module which needs to be added to your web.config file in the section. Here’s the link to the corrected file.

GroupedUpdatePanel.zip