Hi my name is Adel and i'm not a recoverd Software Developer.
It would be fun to know how your friend actually reacts to this graph because, as always, these graphs then to be a bit biased in some way or the other.
But it any case; nice digging and a good find.
Thanks MikaelSand for the comment, but i strongly disagress.. as the reseatch collected based on the following:
The Microsoft Security Bulletins web page
The Oracle Security Alerts web page
The CVE website at Mitre.
The SecurityFocus.com website
which is all reliable resources for discoverd flaws.
- If you're building a (web)service, you don't have to deploy it on every machine available, just the server. On the clients you could add a "web service reference" to your WCF basicHttpBinding.
- In the future, other apps could connect to another WCF endpoint, like wsHttpBinding or nettcpbinding.
- It is, but that doesn't count ;)
- No idea yet if they're going to push it as critical update. In other words, if every user will download it. But is that neccesary? Are you going to roll out your app to the world? Or just internal at some company?
Dennis
You could still ofcourse use WSE3 to help out. This also gives you transport neutral soap communication.
good point, my app will take place in our clients machines only so it doesn't matter i just widen the comparison a little.
thanks.
Очередные программные находки, которые могут помочь в повседневной работе.
Мы рады, что Вы нашли его полезным
Google Translate is awsome :D
Be cool Adel,When this guys ask you again , change your status to away or busy and don't answer them :D:D:P
But You know some times disorientation was happened because of magnitude information resulted from google search,you have to explain to them how to search in the right way to find the specific results.
Man! I've been there! The most irritating kind are those who do not understand that, well I don't know everything!
They ask me about printers and I say I don't know. So they think that I do it just to be mean, like I know but do not want to share...
Hahahaha, what a great story!
Mikael, been there as well! Printers is one thing I don't know anything about. When these mothers break down or just simply start bleeping that they have a problem, I don't know what to do. Go buy a new one, I can only advice! :)
Aaaawww :-)
lol, i wish it was this easy, go buy new one...
lol )))
Definitely nice and neat site you got there.
Hello, my compliments for your nice website!
Looks good! Very useful, good stuff. Good resources here. Thanks much!
Hi all!
I am really excited. Very useful, i found lots of intresting things here. Your web site is helpful. Best regards!
At you the excellent site, a lot of useful info and good design, thank.
I'm really impressed!
Well done, this site is really great. Just wanted to say hello, keep up the good work!
Great .Now i can say thank you!
Adel,
I also are a big fan of Maxthon. Same reasons: tabs on the IE engine and FAST as lightning ...
Hope to be using it for a long time
Joop
Welcome to the maxthon army :)
Well, MS has a similar tool called NGEN , its pretty cool for systems with performance constraints.
Wel as i understant NGen is an image generator which genrerates a native image from your IL but you still need the .NET Framwork, and this is not the case with Salamander .NET Linker and Native Compiler which generates native code for all the classes you have used ( BCL ) and of course your core program.
You should set TortoiseSVN's preferences to exclude these directories and the various other junk files that end up in your working copy.
My regex for what to exclude is at http://www.damieng.com/blog/archive/2006/10/12/AnkhSVN-join.aspx
[)amien
Well.. You shouldn't commit your 'obj' and 'bin' folders to your repository. These should be flagged to be ignored by tortoisesvn.
Cool...
Nice
Cool}Cool!
Interesting...
Nice...
interesting
Sneaky!
Not as bad as the old realPlayer-thing but...
Thanks for the heads up as well.
Wow, this indeed sucks! You're right, this kind of software doesn't even deserve to be downloaded!
So, what do you think about
last comments ?
So you say you're "trying out Mailinfo", but the screen shot says "SpeedBit Video Accelerator". Which one is correct?
no it's Mailinfo.. and this is the installer i double checked..
Well great I got to be COBOL...
Now I can't relate to all the cool kids :(
Don't know if this box eats html but lets try anyway:
<a href="www.bbspot.com/.../language_quiz.php"><img
src="www.bbspot.com/.../cobol.jpg" width="300" height="90"
border="0" alt="You are COBOL. You are very business-oriented. You make conversations longer than they should be, and people easily grow bored by you."><br>Which Programming Language are You?</a>
seems like it dosn;t.. :).. i did not know that.
Hello Adel,
I think you got a good point here. I happen to read blog-comments often, just to see how other people think about the subject, see how the discussion evolves...
I experienced the same thing a few weeks ago, that reading comments all-of-a-sudden changed my opinion and made me doubt the reliability of the posting.
A few weeks back, all over the web I read about a "WiFi signal budle device". Boris Veldhuijzen-Van Zanten (a successful Dutch internet enterpreneur, founder of V3 and Bomega for example) blogged about it. He fantasized about having a device that could use all available WiFi-signals at once. That way he could multiply his bandwidth, at least, that's what he wanted.
An acquaintance of his took the challenge of building such a device for him. He created the "Slurpr" which is a box that receives 6 WiFi signals at the same time and bundles it into one big connection to the router's client. It seems a great device to me and I could imagine that a lot of people were willing to pay $1.000,= for it.
However... when reading the comments underneath all of these articles, I noticed more-and-more people saying that it is just NOT possible to have a device doing that. Now I must say that many of those comments went into the technical details too deep, so I could not understand it all, but seeing that so many people thought they could explain WHY it is IMPOSSIBLE to create such a device made me believe that this could be a hoax.
So reading the articles themselves really made me enthusiastic, but after reading several comments my opinion got almost turned around 180 degrees...
I must say that today I still am not convinced on who is right: can such a device be made or is it just a big hoax? (No need to discuss that here by the way, just wanted to illustrate what comments did for me.)
To see what I'm talking about, visit these sites:
www.bomega.com/.../who-will-build-me-a-wi-fi-canalizer (Boris' initial request)
geektechnique.org/.../slurpr-the-mother-of-all-wardrive-boxes (Slurpr project site)
www.veign.com/.../slurpr-wifi-access-point-which.html (Another blogger not sure if it's real or a hoax)
Regards,
Robin Paardekam
Cool. I hope there's not much more from 3.11 that will show up in Vista... ;-)
Small note: screendumps like that in PNG format get rather large. Try saving 'em in JPG-format as they now are more then 500Kb each.
Me neither, nor do I agree with being COBOL :(
Still the same as in Windows XP and Windows 2000. Nothing changed.
@Robin good point about the PNG format, i guess i'll be watching out for this.
so you have been through the same thing, reading blog comments, researching the subject on different places is a must for not tolerable issues.
buling a foundation on top of other's brains is something you don't wanna do unless you have looked this information up on multiple places.
Hilarious. I see so many of this in my current project.
Can you name names ? :)
LOL - if you're looking for relative percentages, everyone can already tell you that practically nobody uses FF - IE6/7 rule the market, and for good reason - no sane person would install that bug-ridden, incompatible hack - go get IE7 and see you web site the same way all your customers do. And safely.
Talk about security!
That's good to know.
India, you better watch out :)
Basha, I searched for the words in that screenshot and found the page!!
It's an admin page!! open to the public!
From the left Waleed Abd Al Wahab, Hossam Al Din (CriticalSites), Omayma Masrefy (Clip Solutions), Mona
Cool!
Cool.
Thanks for your nice comments
Sorry :(
you welcome.., thx for the day.
Hi Adel,
Although I get your tip, I'm not quite sure I agree. Probably because you don't post why you should do this. ;)
I think the user is the one who, as soon as he/she chooses to change his/her password, is responsible for choosing a good password.
And by the way, my hotmail and Gmail passwords (for example) have been te same since I got an account...
The idea is good, but it's not really safe to keep the passwords itself in the backend. A much safer approach would be to hash it before it goes into the database. Then, at login you compare the hash of what the user entered with what's in the database.
If you want, you then keep a log of old password hashes to prevent an old pw from being chosen again.
Even better is to use a so-called 'salted hash'.
@Rick van den Bosch
The reason you may wanted to do this..if your password base compromised you wanted to change the password for your clients to something tempporary and also prevent them from changing this back to the old compromized one, however you also will benfit from this stratigy to force users to never having the same password they already changed - why they change their password on the first place - to be using it again...
@Arjan Zuidhof
exactly how this should work.
q reverse mortgage <a href= reversemortgage.vdforum.ru >sales reverse mortgage</a> [url=reversemortgage.vdforum.ru]sales reverse mortgage[/url]
You sure should contact them about the possibilities of a web-facelift! :) They seems to appreciate those emails, considering the footer on the front-page: "If you have any comments about our WEB page, you can either write us at the address shown above or e-mail us at berkshire@berkshirehathaway.com. However, due to the limited number of personnel in our corporate office, we are unable to provide a direct response."
BTW: Warren's companies GEICO and Borsheim's seem to have rather nice sites. But what the heck, as long as you're contacting them about Berkshire Hathaway Inc, why not also mention the other two? :)
tadalafil online <a href= tadalafil.blog.drecom.jp >tadalafil buy</a> [url=tadalafil.blog.drecom.jp]tadalafil buy[/url]
nice one :D
You've been kicked (a good thing) - Trackback from DotNetKicks.com
cards credit chase number <a href= chase-credit-cards.flyfolder.ru >credit cards chase payment</a> [url=chase-credit-cards.flyfolder.ru]credit cards chase payment[/url]
Nice stuff! However, it seems it only works on IE. They will have to invest more for Firefox.
i didn't implement it myself but i guess over HTTP won't be a problem to work with FF.
Thanks Adel, I needed that.
No kind words for the people that feel stuff is not going nearly fast enough?
I mean, everyone that waiting for the first CTPs of Rosario, while being bored with Orca's, lambda's, linq and all the stuff we have been using for ...what seems like ages now!
;-)
Technology vs. Life:
The daily battle to keep up with the technology while still managing to not miss out on everything else!
Pat Hynds
Amen, i totaly agree with u
the game is all about focus
focus on one technology at a time till u master it then move to the next one, if u jump from something to another randomly u will never master anything and u will never be productive
"You DO NOT have to..."
But you should strive for it! ;-)
"You DO NOT have to memorize and understand every patten the gang of four have catalogued."
Oh, those are old school these days ;-)
Good work!!!
Welcome dear friends on tne my blog with Samira!!!
Is vs. As Performance
So all you really needed to do was open the solution and .webmap file of that project change it and be on your mary way...
Sometimes I get tired of the .Net 1.1 solutions... then I remember I need to EAT!
make sense -:)
It's a tiny tip, but an excellent one! I'm developing on the compact framework and that doesn't support the StrongNameIdentityPermission attribute. It didn't occur to me to use the InternalsVisibleTo until I read your post.
Thanks,
Jeffry
And i now learned a new case where InternalsVisibleTo is the savior, Thanks
Security? Member visibility has little to do with security; am I missing something?
if you don't have internal keyword or you don't know how to use it with the InternalsVisibleTo attribute you will end up forced to have most of your types declared as public so you can take advantage from that specific assembly, and that allow any other code to access those assemblies as well.
When you design with security on mind you have to work with least permission sets, least visibility .. and so on.
Pingback from clipmuses » Blog Archive » Is C# getting old ?
maybe the Developers thought that java is be know by everyone, Or too like Java.
hehe!
Exist any other alternative? The price is insane!
Grant Holiday has some excellent posts about the new TFS Rosario stuff. And Camano looks awesome!
Pex does what is called 'dynamic symbolic analysis', which could be seen as a on-the-fly static symbolic analysis.
Pingback from Pages tagged "Diverse"
the only benefit I've ever seen for using stored procedures instead of dynamic sql is when more than one database server is involved. Using stored procedures and views can over come the burden of trying to mash together two separate databases within your application.
Within the stored procedure or view you can access all the linked servers that you want while still working from within a single database. This means that your application only needs to connect and use a single datasource.
Ever better is you are not limited in using linked servers, stored procedures and views to connect to other MS SQL databases, you can also connect to other database engine such as Oracle.
In the coldfusion project I'm working on right now I'm using linked servers and views to connect and mash database between MS SQL and Oracle. The view calls both database to mash data together. I also use views to insert data into the Oracle database, this could be accomplish using stored procedures, but I like using views instead.
This is a very poorly written and constructed article.
The paragraph about SQL injection is nonsense.
Executing a stored procedure is much like calling a simple SQL statement; it can be done in insecure ways (dumb string concatenation like in the example) or in secure ways (e.g. JDBC parameters), and both styles of SQL are equally exposed to SQL injection.
Pingback from Stored Procedures vs. Dynamic SQL - The never ending debate? « blog.jemm.net
In general if your write crappy code/have poor indexes/didn't set up SQL Server correctly it won't matter if you chose SPs over sql. This is a real secondary thing.
I do think though that stored procedures help out a lot as units of deployment/organization as fixes/releases come into play. Plus they abstract your code slightly as do views do.
SP's do take longer to write, but it pays off in the long run if you end up with a big application -- it'll be easier to maintain.
If a SP isn't portable between various DBMS's, then your ad-hoc SQL probably isn't portable either.
SP's aren't a guarantee for perfect security, but they're still much better than ad-hoc SQL. You have to give a user account much higher SQL permissions than you would if you were just using stored procedures.
Writing code like "EXEC sp_GetCustomerByEmail '" + txtEmailAddress.Text + "'"; isn't nearly as secure as using an SqlParameter -- the ideal method to call SP's is to call your SP and pass all its parameters as an arraylist. There's much, much less potential for injection.
Also, with SP's, you don't have to recompile your ASP.NET application, you have better layer abstraction, and the best benefit -- you have a lot less transferred data. Instead of transferring big, bulky ad-hoc SQL, you can transfer a stored procedure name and its parameters to the SQL server.
>This is a very poorly written and constructed article.
I think it is rushed a bit, but all points it touches are good.
@Andrey Shchekin
I may haven't spent the time required for this to turn out great article but i wanted to get my view on this ASAP.
This article makes the author appear ignorant.
If you were to blindly follow the authors advice you could end up in a world of hurt.
For example - the execution plan for a stored procedure is created and cached stored once. The execution plan for an ad-hoc query is stored for each variant of the query. So if the code has a query to get user details:
select * from user where email = 'bill@microsoft.com'
The execution plan is generated and cached every variant of the query (i.e every time a user logs in) Imaging if gmail used ad hoc queries in this manner.
I am not saying that the use of ad-hoc queries is bad, there are work arounds for this issue such as parameterised queries. I am saying that this article is poorly written and should be taken with a grain of salt.
Agree with the points in the article for CRUD style operations.
For intensive "batch" processing tasks such as collecting payments over 1 million customers, stored procedures significantly out perform dynamic SQL due to the latency between the application and the database. Caching of query plans isn't the issue in this situation.
While I do see your points there are a few things I see differently:
The biggest reason for SP:s in my point of view is ensuring data consistency. Limiting the surface area to the data.
In larger projects where many people/even multiple teams are involved it's simply stupid to put the responsibility for query writing to the
developers. Sooner or later they will forget that CREATED column should not be changed when UPDATING etc. The biggest asset lies in the data (not the app), and data should be protected for consistency by all possible means.
You say: "Minor change to the design require changing in both the SPs and the DAL code." You see it as something negative, I see it as something positive.
I would rather have compilation error, or even app crashes than inconsistent data because developer (me maybe) forgot to change a SQL statement.
Kind of type safety...
With a good code generator (generating sp calls from meta data) it really doesn't have to be that much of a burden. Although I do really agree on the "Versioning sp code" point.
Last I fully agree with Sean, "Not having to recompile your ASP.NET application" - saved me a couple of times,
"you have better layer abstraction", and "lot less transferred data"
Adel sorry but i must disagree with you
hard coded sql statements in the DAL is worst thing i could think of for the following reasons
1- when ur sql code is large and what mean by large is more than 1000 line it's not a good idea to write it using an VS IDE
2- who said there is no versioning tools for sql? VSTS now offer support for SQL projects
3- it's always a good practice to encapsulate the database functionality in stored procedures, so when ever u need to change ur database design u can do it and change ur stored procedures without rebuilding and deploying the project, and i'm not talking here about the projects that need 5 min for deployment, i'm talking about projects that take days and sometimes requires staff to travel abroad to deploy it
4- i don't think VS is better than the sql studio from the productivity aspect to write sql statements
unless u r talking about statements like select * from products
5- "It's impossible to cover every single scenario" who said so? the same way you can make ur ad-hoc sql statements dynamic you can make stored procedures dynamic too, stored procedures have parameters for a reason
6- "string s = "EXEC sp_GetCustomerByEmail '" + txtEmailAddress.Text + "'";" i've never seen a developer stupid enough to do that :D
simply because if u use stored procedures with security in mind and u know that hard coded sql statements is BAD and vulnerable to sql injection, the u will never take the effort to implement a sql stored procedure then execute it from a hard coded sql statement
7- you can't use transactions in hard coded sql statements the same way like stored procedures, u will have to handle these transactions ur self from ur DAL code, which is something i don't recommend
8- if you implemented your transaction in ur DAL layer which is again something i don't recommend, if ur web application failed for any reason u won't be able to roll back specially if that failure reason was that the database is gone offline, which is again if u r dealing with money that would be the worst dream from the business aspect
9- stored procedures still maintain a higher performance for a simple reason "less round trips"
if u hard coded sql statements in ur DAL this will means lots and lots of round trips between you sql server and your application server when ever a user clicks a button on ur asp.net pages
Ted,
Why do you think it is a poorly written article? I think it touches on valid points and is in-line with my experience. SPs are teh suck.
Your security argument is very weak. The security benefits of stored procedures lie in not constructing a SQL string, in passing parameters to a procedure. SQL injection attacks are possible because people don't check their inputs when building a SQL statement. And in your argument for a weakness in stored procedures you do exactly that: dynamically build a SQL string AND don't check the inputs.
Proving that a secure technique can be used insecurely doesn't prove that it's insecure.
They have helped me out a lot. I work with people that are SQL experts but I wouldn't want them in the source code recompiling. They can update, create and help me with a lot of things this way.
Ok...let's not say SPs are great just because we have been drinking the kulade too long.
Here is why you should use them:
1) You wish to isolate users from the physical structure of your database. You need performance that views will not provide in dynamic SQL.
2) You have complicated code that is best broken down using temp tables for performance.
3) You want the pre-cache query plan only stored procedures provide effeciently. Dynamic SQL will cache a plan; but, it is dropped from Cache earlier when RAM is needed than SP Cache. It also takes more to determine if a Cached plan is useable because the query has to be compared to determine if it is the same as an already executed query. For simple CRUD queries, who cares. But if you have a database that really does something...
Here is why you should not use them:
1) To protect from SQL Injection. There are methods to make SQL Calls that do not require an SP yet provide the same protection for SQL Injection as an SP.
2) You wish to have your data access layer be More intellegent. You require a data access layer to be intimately aware of your data structure.
3) True transporability is required, and you have a middle tier that is capable of working with multiple SQL syntax.
There are many more bullets that could be added to either side of the arguement. The answer is, it depends on your situation...AS ALWAYS. This arguement is like saying everything should be written using a Factory Pattern.
These are some of the worst arguments against the use of stored procedures I've ever read. Good grief.
Pingback from Vinny Carpenter’s blog » Daily del.icio.us for January 7th
@tony petruzzi
if you used SPs you will ran into problem of SQL compatability, that's why SPs aren't portable, if you have choosen to work with Dynamic SQL, it will work on both env without any problems, but views can solve this as well.
@Timestamp
Exactly, both using SPs or Dynamic SQL, doesn't protect you from SQL Injection out of the box you have to use SQL parameters for that, the myth here is that SPs advocates always says that SPs are SQL Injection proof and Dynamic SQL isn't here I'm showing that it doesn't relate to either technique but it's all about the developer
@Horis Dinglebery
i think you misunderstood what i was saying, i only promote the use of Parametrized-Queries,
The execution plan is cached both SPs and Parametrized-Queries, and guess what even queries with no parameter is parametrized and cached (SQL Server 2000).
but any way there is ton of reasons why you should only use Parametrized-Queries.
@Duncan
it doesn't out-perform this much review Eric Wise's experiment, but to isolate specific code as in your example is a good idea, but bear in mind that using SPs mostly for abstraction isn't the way to go.
@Fady Anwar
>>> 5- "It's impossible to cover every single scenario" who said so? the same way you can make ur ad-hoc sql statements dynamic you can make stored procedures dynamic too, stored procedures have parameters for a reason
no you can't really think of the following scenario, what if you want to create update procedures for 10 tables each contain 10 columns for example, think of the combination for each column for the expression and the filter parts of the SQL Statment, if you need to prepare a SPs to update every single filed you will have 100 SPs not to mention there is still possibilities that you need difference fields on the WHERE clauses, good luck with that.
>>>>6- "string s = "EXEC sp_GetCustomerByEmail '" + txtEmailAddress.Text + "'";" i've never seen a developer stupid enough to do that :D
no there are, check www.asp.net forums
>>>>>7- you can't use transactions in hard coded sql statements the same way like stored procedures, u will have to handle these transactions ur self from ur DAL code, which is something i don't recommend
i don't see why i can't use transaction from Dynamic SQL.
@Tim,
providing the SP executing example is to show that i can use SPs and STILL BE OPEN TO SQL injection.
This article is full of holes... the most obvious ones is the attack on SP security. If you implement SPs correctly, then this would not be a problem:
string s = "EXEC sp_GetCustomerByEmail '" + txtEmailAddress.Text + "'";
Even if txtEmailAddress.Text = "'; DROP DATABASE myDB", since the user executing that stored procedure only has rights to executing stored procedures and not random SQL... CERTAINLY not DROP rights, the Sql injection problem you mention does not exists, unless an incompetent developer creates it.
In answer to your "performance" attack, Yes.. SQL Server caches execution plans for random SQL, but not to the level that it does for SPs. SQL Server stores several execution plans for SPs and selects the best plan based on parameters, all tables and joins involved, as well as other costs calculations such as I/O and pages involved.
If you're using random SQL, you SQL statements must match perfectly in order for an execution plan to be reused.
People seem to be ignorant of, or simply forget, that using dynamic sql does note equate to injecting values. Dynamic SQL can be, and should be, used with parameters just as you do stored procedures.
If you use parameterised sql then your cached plans are just as efficient as stored procedures.
More good news that even if you haven't used params ( which you should never ) SQL Server will cach the execution plan.
Well the thing is this situation can turn into a pretty fucked up one if you were only handling files that aren't in the depo yet, with the 'add' status attached. Then you're screwed, all you can do is delete, and write those again.
Adel Khalil wrote a post about Mark Miller's latest post on his weblog. And now I'm continuing
LOL, THAT is hilarious
everyone loves boobs :D and with code, they look even more sexy :P
thanks for the blog link man, i was searching for such thing long time ago
Pingback from true or false emails
yes it does. ms hasnt fixed e problem even though its may 2008. only way is to install IE7??
cool, I'll try this out today, I hope this wouldn't be my last thing to write.
tell me about the side effects :D
nothing really but i advice against using this, just for absulote situations :D
I have a Nokia N95 8Gb, having defectd from Sony Ericsson. More features, half the price! And you don't look quite as pose-ish!
LOL, u have just made my day :D
Aus allen Bereichen kann man es wieder heraus schaffen.
Um eine neue Identität zu bekommen ist es möglich einen neuen Namen anzunehmen.
Sie können einen www.adelstitel.us oder Adelsnamen durch Heirat oder Adoption.
Bei Interess schaut einfach unter www.adelsitel.us nach und schreibt mir eine e-mail an info at adelstitel.us
Ich würde mich freuen, von Ihnen zu hören.
Graf Leonberg
Got a 404 on that link.
But I found a different solution...
www.realtime-windowsserver.com/.../outlook_2007_rss_feeds_not_upd.htm
found this page via google
The page you have requested was not found,
kant eih el story
Well.. sign your contract with a one month notice and compensate a few weeks with your holidays :)
That 4 day stuff is more ment for freelancers and are used in both directions.
I Need WINDOWS LIVE MESSENGER 14 urgent..
Any One who can help me??:(
contact:
therock285@hotmail.com
Just an update, the new poster's link is:
www.dotnetwork.org/.../1.jpg
sakia cafe ofcourse :D
Actually i have website for which i have an RSS Feed for one of the Pages. I have an RSS Feed Icon and Link on that page. but want to enable the RSS Feed Button of IE on that page only. And more over that page is an ascx page. So no head tag is present. What should i Do. Please suggest
Can we able to access mails in outlook 2007 & exchange version is 5.5, If you have any suggetion or patch , please suggest......
Regard,
Niranjan
niranjansatam@gmail.com
I just went through and deleted all the relevant .svn folders, then ran an SVN cleanup on the parent directory. Works Perfectly!!
Thank you for submitting this cool story - Trackback from DotNetShoutout
You are voted (great) - Trackback from WebDevVote.com
Klonopin withdrawl. Klonopin and suicide. Klonopin for fear of flying. Klonopin.
The article is great! There is one major issue with using buffer - if the response is buffered then each part (buffer) is wrapped with the callback method and that results in an incorrect javascript and response. However it's possible to turn off buffering by adding response.BufferOutput = false; in OnReleaseRequestState. Of course this may have some impact on performance.
5 stars to you!
You had the simplest solution to this problem! Thank you so much!
Best of all, the solution still works with ASP.NET 2.0 w/ AJAX Extensions (sans the .d in the Javascript call)
I've tried this and it works great in IE.
However, it doesn't work in any other browser for me.
Did I do something wrong?
Do I need json2.js anyway?
No, it should work on FF, Chrome and IE with no problem? what are you getting from FF, try to debug using FireBug ?
@Adel:
I tried to connect to a Web service which return a line of text and I want to show that text in a lebel.
Here is the .asmx code:
[ScriptService]
public class Events : WebService
{
[WebMethod]
[ScriptMethod(UseHttpGet = true, ResponseFormat = ResponseFormat.Json)]
public string HelloWorld()
return "Hello World";
}
Here is my jQuery code:
var options = {
url: "ws.someweb.com/.../HelloWorld",
data: {},
dataType: "jsonp",
success: function(msg) { $("#message").html(msg.d); },
error: function(msg) { alert(msg); }
$.ajax(options);
This works just fine in IE, but not in the other browsers I mentioned earlier.
Any idea please?
This is weird. I tried running your project and it works just fine in all browsers. But it somehow doesn't work for me in firefox, opera, and chrome. T-T
OK, I finally figured it out.
Using <button> to take the event somehow doesn't work.
After switching to <input>, it did the magic!
Don't know why.
I'll work on this issue to figure out the cause.
Thanks a lot.
Glad you got it to work.
sfdasdfds
i am non-profit school. how can i activate openid login in my school login page.
please help,
Gaurav
gloyalka@gmail.com
Thanks!!! I was looking for that piece of code!
I also would LOVE to be able to use OL2007 with my Exchange 5.5. Has ANYONE found a workaround?
PLEASE let me know at sales@grand-resorts.org
Thank you for submitting this cool story - Trackback from PimpThisBlog.com
Buy percocet online no prescription. Long term use of percocet. Percocet. Percocet signs of abuse.
Thanks for sharing this, I am aspnet developer and i am implementing above scenario in dot net nuke i have done all the settings but still i am unable to call the service any idea?
Great i got it. Its working fine now. You have done a fabulous job Mr, adel.
Great that you got it. thanks for the comment.
Yeah... totally insane... Let's crack it
Cheap payday loan.
I dunno about everyone else, but I had to add <webServices>
<protocols>
<add name="HttpGet"/>
<add name="HttpPost"/>
</protocols>
</webServices>
to my web.config before I could get it to work.
Great article, thx.
Do you know why this isn't working with VB based webservice?
I used ContentTypeHttpModule.dll as is (so it stays as C#) and pretty sure didn't make any mistake on client side (whenever i switch url to C# based webservice it works) so the only part left is below.
Thank you for your time and attention.
Best
'-----
Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols
' To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
<System.Web.Script.Services.ScriptService()> _
<WebService(Namespace:="http://tempuri.org/")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
Public Class JSONP_EndPoint
Inherits System.Web.Services.WebService
<WebMethod()> _
<Script.Services.ScriptMethod(ResponseFormat:=Script.Services.ResponseFormat.Json)> _
Public Function Sum(ByVal x As String) As String
Return x & " _echoed!"
End Function
End Class
Yes any program can be cracked but what to crack?
There's no trial and noway to get the program even the locked version that needs a serial.
There must be someone who really hates salamander to buy it, crack it and spread it :)
To make it work, I had to add (like JakeC):
-----------------
<webServices>
-------------------------
But - the web service only returns json (formatted server-side) in xml tags. Anyone found a way around this?
My bad - I didn't edit this line of the ContentTypeHttpModule:
---------------------
if (!resquest.Url.AbsolutePath.Contains("JSONP-EndPoint.asmx")) return;
I just replaced "JSONP-EndPoint.asmx" with my webservice name. I then commented out the following from the web.config:
Now it works - thanks for the help!
This is known that cash makes people autonomous. But what to do if somebody has no money? The one way is to receive the <a href="lowest-rate-loans.com/.../a> and short term loan.
If you want to buy real estate, you will have to get the <a href="lowest-rate-loans.com/.../a>. Furthermore, my brother always takes a student loan, which occurs to be really reliable.
If you're in a not good position and have got no money to go out from that, you will have to take the <a href="lowest-rate-loans.com/.../home-loans">home loans</a>. Because it should help you definitely. I take commercial loan every single year and feel myself great just because of it.
Hi
I have tried to use this solution however my website is on a different server I cannot invoke the webservice from there is there any reason why its failing...
Thank you for your help
Sal
Hi Sal,
The idea for using JSONP is to make a cross-domain communication so having your website on a different server is a requirement :) please provide me with more information in order to help you and understand the problem more.
Adel.
Firstly thank you for your quick response.
What I have done is used your project and I have published both the webservice and the web application within your project to my server. When I navigate to the default page and click on the 'invoke' button I get the response back so I know that it is working fine and that the webservice has been published correctly.
However my html page is on a different server so what I have done is copied the caller.js, jquery-1.3.1.js and the json2.js files on to my other server and I have referenced them within my html file, however it seems like I don't get a response back, nothing is returned.
I really appreciate your help, could you please tell me what I am doing wrong.
Thank you.
Hi Adel
I have come to the conclusion that the issue is not the consuming of the web service but erm the actual json output. I am trying to convert the a datatable in to json output format using your project how would that be possible. Could you please point me in the right direction.
You can try JSON.Stringfy() method that returns a json string, however i may help me identify the problem if you share a subset of the output returned.
Make sure you have used the Http Module to alter the request from XML to JSON.
Thanks.
I think I figured out what the issue was when I was converting the datatable to json it was putting double quotes around the values where as in order for javascript parse it, it requires single quotes around it. I now need to convert your project in to a VB project do you have a sample of your project in VB??
No sorry i don't.
All people deserve good life and <a href="http://bestfinance-blog.com">loan</a> or just secured loan can make it much better. Because people's freedom relies on money.
Thank you for your help I have successfully been able to use your project to create my cross domain application. However there is one more issue that I was wondering whether you would be able to help me with. What is the best way to authenticate a user I have an Asp.net webservice I can use integrated windows authentication or forms authentication. The webservice is microsoft based but the client application is not.
My question is does JSONP support SOAP headers and how secure is it to send username and password information across the usual Ajax Jsonp route, would MD5 make it secure enough?
Any input from you would be great!
Thanks Again! your project has helped me out a lot.
Very happy that you got it to work, regarding Windows Auth, i don't think that will work with non-windows clients that is from conceptual point of view, for JSONP supporting SOAP header i too don't think so.
MD5 hash will be secure for most cases but depend of your type of application and the sensitivity of the data that is transmitted, you can also rely on SSL to tunnel the username and password hash that would make it allot harder to break.
but still you need to think about your data and application domain.
Thanks and let me know if i can help.
cc
Thanks for this...
I applied this into my development machine and it worked ok...
when I tried the same code from a test machine I am getting
"Web Service method name is not valid"
The client application which try to access the web service is Classic ASP
the Web service application is ASP.NET 2.0
Any advice?
this is the best guide I've ever read Thanks you so muck
@MM Never tried that scenario also not have a much of experience on classic asp.
@vodka, thanks.
This is not necessarily true. In reality there may be a low chance that p is of type Product, in which case using "is", is actually slightly faster. We're talking about billionths of seconds here, so it only matters for really big loops.
I think this is the most detailed resource on the topic - thank you. But it did not work for me as the server returns 500 error whenever I try to assign the contenttype:
app.Context.Request.ContentType = JSON_CONTENT_TYPE;
Here is my situation:
ASP.NET 3.5, asmx web service, IIS 6.
I tried your code as httpmodule but was getting 500 error. Whenever I comment out the contenttype assignment line, it works but returns the result wrapped as XML string - and that's exactly what I am trying to avoid. I then removed the httpmodule and did the assignment of contenttype in Global.asax in BeginRequest - same 500 error.
BTW, I cannot see the reason for the error as it likely happens before my web service gets control. Even when I return immediately from the webservice, without any processing, the error has already occurred.
I tried to access this from jquery as well as straight from the browser - same thing.
I would appreciate any advice on this.
test
You have mentioned " ...and then upgrade to Outlook 2007". Is it really possible? I tried, but office 2007 installs without outlook because outlook 2003 is already on the system. If you remove outlook 2003 and install outlook 2007, you cannot connect to Exchange Server 5.5. :(
So if there really is a solution to upgrade Outlook 2003 to Outlook 2007 (and still get connected to exch 5.5), I would really love to know the solution.
Thanks
Farhan
admin@stayonweb.com
I tried your code in my web service and html page, but unfortunately its not working in my case. May be i am doing some mistake. I am sending you my code, please help me regarding this issue. I have included the Handler that was required.
This is my Method in web service:
<ScriptMethod(UseHttpGet:=True, ResponseFormat:=ResponseFormat.Json)> _
Public Function HelloWorld() As String
Return "Hello World"
My JSON Request.
$(document).ready(function() {
$.ajax({
url: "www.flymrt.com/.../AgentLoginJSON,
data: {x:"test"},
contentType: 'application/json',
success: function(msg){
alert('aya');
},
error: function(msg)
alert('error');
});
Thanks and your help would be appreciated.
Public Function AgentsLogin() As String
I guess that to get the <a href="http://bestfinance-blog.com">loan</a> from creditors you ought to present a good motivation. However, once I have got a financial loan, just because I wanted to buy a car.
Meeen, I love you for this sweet code!
Article submissions cannot be performed by most of guys. Optimization is a separate system that will not be understandable for everybody! Just only article submission services will do link building work efficiently. So, think what method for your website do you choose!
Your comrades have high academic results and you cannot manage with your course assignment? It happens because you don't acknowledge that they order course work writing. Thence, do the same and get higher grades.
I amk stuck with JSONP. I am trying to use access a webservice on a different domain and here is my code:
var count = 2;
var fieldNames = jQuery.makeArray(["affiliateID", "encryptedOrderID"]);
var fieldValues = jQuery.makeArray(["AID", "OID"]);
var webMethod = "xx.xx.com/.../Service.asmx
var parameters = "{'fieldCount' : " + count + ", 'fields': " + fieldNames + ", 'values': " + fieldValues + "}";
jQuery.ajax({
type: "GET",
url: webMethod,
contentType: "application/json",
dataType: "JSONP",
data: parameters,
success: function(response) {
jQuery("#WebServiceResult").append(response);
Nothing is happening in the webservice and the "response" I am getting is the Test form that we get when we type the url in the address bar.
This is kind of very important for me. Quick help is totally appreciated.
Thanks Much in advance!
Been pulling my hair out over this all day. Was able to get my webservice to allow GET request and starting getting this error:
Error: missing ; before statement
Found your site and also read the link from Elegant Code listed above. I created the custom httphandler, remembering to change the endpoint.asmx, and added the module to my web.config. I am still getting the error:
How can I check to see that the custom handler is doing what it is supposed to do. It would appear that it is not.
Here is my jquery statement:
url: "aresdev/.../GetImagesByPrefix,
data: { strPrefix: prefix },
success: function(json) {
alert(json.d);
Thanks in advance,
Jason
Great article! Helped me tremendously.
is it possible to use it in asp.net 2.0?
I have webservice hosted on other subdomain e.g s1.abc.com/WebServices/LikeTest.asmx/test
LikeTest.asmx it my webservice and test is function.
No I want to call that webservice in other subdomain named impex.abc.com
So,please help me.I tried many things but in vain.It's not running well.
Urgently needed help.
We've always http://freeappleipads.Net/ Reviews of popular Free Apple iPad
Thanks you so muck :x
Fantastic! Simple & Perfect! Tnx
Just a tip:
if you're using IIS7 instead of 6, the code in web.config should be placed at system.webServer/modules instead of system.web/httpModules.
Article submissions cannot be performed by most of guys. Optimization is a separate system that will not be understandable for everybody! Just only article submission services will do link building work efficiently.
More good news that even if you haven't used params
I have used your code in my website. But i am getting nothing. I am calling a cross domain web service from a html page using jquery ajax function. I followed all your steps but could not find the desired output.when i run the web service i am getting an error in web.config as -
Parser Error Message: Could not load type 'ContentTypeHttpModule.ContentTypeHttpModule' from assembly 'ContentTypeHttpModule'
I resolved the ContentTypeHttpModule registration error. as i am using IIS7 integrated mode the registration bit is different in web.config. Anyway, but still i am not able to get the desired output. Now, i am getting a weird error. "A runtime Syntax Error". And it is not able to debug the error. Any inputs?
Hi,
When using IIS 7.5 and VS2010 don't forget to change the Application Pool settings as follows:
Manage Pipeline mode: Classic
.Net version: 2.0
Otherwise you will get out put as XML and not JSONP
I am simply out of words after reading your blog. I want to appreciate the way you handled such a complicated subject.
Thanks!
Works like a charm!
C# is not old, and still a lot of development has to be done on it and through it. Not sure that what will be its future but hope so remain in development market for some time.
Thanks once more for taking the time to put this online. I unquestionably liked every bit of it.
So far it has been a great experience for me since I visited this website for the first time. Thank you for sharing such information.
Really Superb dude. Thanks a lot.. I was searhing for this solution from past 3 days.. finally i got it.. hip hip hurray :)
Superb
Thanks a bunch, works great from a SharePoint 2010 Content editor webpart!
I would say, in all sincerity, that you seem to have a very firm grasp on that of which you write - which, for me, is something that simply cannot go unrecognized ... see what I'm saying?
Tried for while to get this example working. Can get JavaScript to call the web service (setup with debugging and steps into service) but always falls into the error function of the ajax call with a code 200, success????
Code identical as example really:
<web service code>
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
using Newtonsoft.Json;
using System.Web.Script.Services;
namespace PE
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
[System.Web.Script.Services.ScriptService]
public class HHTransfer : System.Web.Services.WebService
public object GetData()
return JsonConvert.SerializeObject(DateTime.Now);
<http module - same as example with service name changed>
<java script code>
function test() {
$.ajax({ url: "localhost/.../GetData",
success: function (json)
debugger;
error: function (e)
alert("Hit error fn!");
Also add items to web.config for service
"wont work without this"
Have also tried explicit return types from the service makes no difference.
any ideas???
interestingly the data is actually in the responseText of the error in raw XML form
e.g.
responseText: "<?xml version="1.0" encoding="utf-8"?>
<anyType xmlns:q1="www.w3.org/.../XMLSchema" d1p1:type="q1:string" xmlns:d1p1="www.w3.org/.../XMLSchema-instance" xmlns="tempuri.org/.../anyType>"
status: 200
statusText: "OK"
Many blogs provide commentary on a particular subject others function as more personal online diaries yet still others function more as online brand advertising of a particular individual or company. Thanks.
this must be a very informative post.
You have a nice blog. Thank you for sharing it with us.
You're an incredibly great inspiration to many people. I acquire a significant amount of ideas right here.
I’ll come back to read of you more upcoming posts. Have a great day!
in Adel Khalil we trust ): tnx man
I needed to add this
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="MyModule" type="ContentTypeHttpModule.ContentTypeHttpModule"></add>
</modules>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
<a href="www.universityloveconnection.com"">www.universityloveconnection.com" />COLLEGE SINGLES</a>
I'm glad that there someone likes you that can create an interesting topic. Thanks for the information and hope to hear more from you. This is a big help for us.
[url=www.universityloveconnection.com]COLLEGE SINGLES [/url]
Hi great article first of all but i need one more thing, how can we handle session management. with the module Session object in the HTTPCONTEXT always null. How can we define a variable in the session as Session["k"] = 3. i saw we can do this kind of definition in another article but in here we can not. how can we add this property to this code?
thanks
For everyone still having problems you'll need to modify the HttpModule class.
There is a line of code in there that does a compare on the asmx file used. All you have to do is change that and it will work.
Ex.
Please keep up your posts and I will continue to visit your site regularly.
Awesome.
Worked awesome.
Did mess up the formatting WSDL for other XML-based methods inside of the same web service though.
It's working on local server but not working on remote server
Hi there,
JSONP call returns error.Below is the error messeage.
But When I set data type as json, It works fine in IE but not in FF & Chrome. What am I missing?.
{"readyState":4,"status":200,"statusText":"success"}parsererrorError: jQuery182025999106633830127_1353740618424 was not called.
Here is my Code
url: locationUrl + '/AdmissionRequest.asmx/getProgramsJD',
type: 'GET',
dataType: dtype,
data: "{}",
async: false,
cache: false,
contentType: 'application/json; charset=utf-8',
success: function (data) {
source.localdata = $.parseJSON(data.d);
error: function (xhr, status, error) {
alert(JSON.stringify(xhr) + status + error);
Will Salamander also combine the third party DLLs that my VB .Net app uses into the exe it builds?
Cool article, solved the remoting issue of asmx webservice ..... really great work!
this gives the w3 validation problem
SyntaxError: syntax error
<?xml version="1.0" encoding="utf-8"?>
Please help me
hi scenario is i have c# website application live
that is data driven from sql server database. i need to allow other websites(not mine) on different domains query the database using an ajax call i suppose to list a table of records on their page. would this work around of using jsonp be the correct option?
Dear Adel Khalil,
cool article,
- it currently work at localhost with
url: "localhost/.../Sum"
- but I get a trouble when i publish on the real server. it doesn't work with
url: abc.com/.../Sum
thanks in advance
url: "localhost:1690/JSONP-EndPoint.asmx/Sum"
url: "abc.com/JSONP-EndPoint.asmx/Sum"