First time here? You are looking at the most recent posts. You may also want to check out older archives or the tag cloud. Please leave a comment, ask a question and consider subscribing to the latest posts via RSS. Thank you for visiting! (hide this)

June 2012 Blog Posts

Windows Authentication working from remote but not locally

Lately I’ve been playing with RavenDb, for building the website of the Web.NET Conference, and after first testing with the embedded db, I decided that it was better to go to “server mode”.

So I followed the instruction on how to set it up as IIS application, and I got it working pretty quickly: I could access the management studio from the browser and run the site on my development machine connected to the instance running on the server (by specifying the credentials in the connection string).

When I was ready to publish it for doing some real test on the server it stopped working, and I was getting a “Credentials not valid” error, which was quite bizarre as it was exactly the same connection string I was using to connect the same database from my dev machine.

I posted on the RavenDb mailing list, and Ayende offered to help me debug the problem: he already encountered the same problem and blogged about that last year.

the problem is that as security measure, when you are locally on a server, you can authenticate via Windows Authentication only to sites responding to machine name:

This issue occurs if you install Microsoft Windows XP Service Pack 2 (SP2) or Microsoft Windows Server 2003 Service Pack 1 (SP1). Windows XP SP2 and Windows Server 2003 SP1 include a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name.

Here the full Microsoft KB article: KB896861.

This is used to prevent reflections attacks.

To solve this problem you have three options:

  • make your site respond also to the machine name (obviously works only with one website per server)
  • disable, via a registry key, this loopback check only for some specified host names
  • disable, still via a registry key, the loopback check, on the entire server

In my case the first was not possible, the second approach didn’t work (as also didn’t work for Ayende) so I had to implement the 3rd registry hack.

To get the details of the solution, I won’t copy them here: just go to the KB article linked above or to a much nicer post that explains things in more detail:  Account failed to log on (0xc000006d) – Unable to load website from local server.

After restarting the server I was able to access the Management Studio locally from the server, but still the application was not connecting to the server: to make it work I had to remove the username and password from the connection string because probably the process of the web site was already authenticated using Integrated Authentication to the other IIS site under which RavenDb is running.

It took me (and Ugo) a whole day to solve this nasty problem, but now we have a RavenDb server up and running …

Experimenting with DevExpress DXv2 v2012 MVC Extensions and my first impressions

A few months ago I wrote a post on a component library built entirely in jQuery, but if you don’t like to write lots of javascript and prefer to write as much as possible in server-side code, today I’m writing about something I’ve been looking at lately: the new DevExpress DXv2 v2012 library, specifically the MVC extensions. Just small note before going on, I want to point out that that library contains also controls from WPF, classic ASP.NET WebForms and Silverlight.

mvc-ext

Installing and the first impressions

Let’s start from the installation: it was pretty easy and not many steps to go through. It installed all the components and installed in all the versions of Visual Studio (including VS2012 RC). Was good to see a nice Metro touch on the UI of the various install screens: it seems like we’ll have Metro inspired UIs everywhere in the coming years.

installer getting-started

Above you see two screenshots: the first is the aforementioned install screen, while the second brings me to what happens when the install dialog closes: you get a very well thought getting started screen, which links to sample apps and to demo pages. The really nice thing is that, unlike other products I’ve used in the past, when you click on either a end-to-end sample app or on a demo page, a instance of the ASP.NET development server (aka Cassini) starts, and you can immediately start using the app and see the demos (where you can see both the working demo together with the related code).

To learn all about the new features introduced in the 2012 version of the library, you can read the extensive 60 pages of the What’s New in DXperience 12.1 and see the short overview videos.

The first steps

When you open Visual Studio for the first time and try to create a new project, you’ll notice the new DevExpress project templates in the File-New dialog, and by selecting the Web projects’ group you get 7 project templates, 4 for web forms and 3 for MVC: the project templates names are self-explanatory and they give you a getting-started project wizard too. One of the DevExpress web project templates give you an empty ASP.NET MVC project with all the references to use the DevEx MVC extensions and the last one gives you a Outlook-like interface to build a feature-rich website. The interesting project template is the first one, “Web Application”: instead of just creating the project, it opens a custom "wizard" dialog (Metro style of course) that helps you to setup your project, by allowing you to choose the layout of your page (standard, empty, outlook-style or customizable), the view engine (webforms or Razor), the theme and some other lower-level settings.

new-project-dialog custom-aspnetmvc-wizard-layout-step custom-aspnetmvc-wizard-theme-step

If you choose the “customizable” layout, you are basically getting the outlook-style layout with custom panes and controls. The Empty layout gives you exactly the same contents as the empty project template while the Standard layout gives you just enough to get you started with a project that runs immediately. It’s also nice that you can choose which version of ASP.NET MVC you want to target, 3 or 4, and it gives you all the same scripts and references as if you were using the official MVC project template. The only difference is that it doesn’t use Nuget to reference all the various referenced libraries (jQuery, jQuery UI, Knockout, Modernizer, etc.) so if you want to keep up to date with the newest releases you have to either download manually, or just download them via Nuget (as needed).

Let’s see some code

As I said just right at the beginning, the DXperience library uses ASP.NET MVC HTML Helper extensions methods to dynamically add JavaScript to your pages, so that you don’t have to mix JavaScript code to C# code. Personally I like writing JavaScript code, but I have to admit that sometimes, when you have to pass values coming from the page’s Model to JS constructors or methods, the mix of JS and C# is a bit too much, and I usually end up writing my own Html extension method.

Setting up the references

Because JavaScript is necessary for the client-side interactions, you need to include the references to the JavaScript scripts and CSS files. To add them all you have to do is use one of the MVC extensions and list all the “MVC Extensions” you are going to add in your application:

    @Html.DevExpress().GetStyleSheets( 
    new StyleSheet { ExtensionSuite = ExtensionSuite.NavigationAndLayout }, 
    new StyleSheet { ExtensionSuite = ExtensionSuite.Editors }, 
    new StyleSheet { ExtensionSuite = ExtensionSuite.HtmlEditor }, 
    new StyleSheet { ExtensionSuite = ExtensionSuite.GridView }, 
    new StyleSheet { ExtensionSuite = ExtensionSuite.PivotGrid },
    new StyleSheet { ExtensionSuite = ExtensionSuite.Chart },
    new StyleSheet { ExtensionSuite = ExtensionSuite.Report },
    new StyleSheet { ExtensionSuite = ExtensionSuite.Scheduler }
)
@Html.DevExpress().GetScripts( 
    new Script { ExtensionSuite = ExtensionSuite.NavigationAndLayout }, 
    new Script { ExtensionSuite = ExtensionSuite.HtmlEditor }, 
    new Script { ExtensionSuite = ExtensionSuite.GridView }, 
    new Script { ExtensionSuite = ExtensionSuite.PivotGrid },
    new Script { ExtensionSuite = ExtensionSuite.Editors }, 
    new Script { ExtensionSuite = ExtensionSuite.Chart },
    new Script { ExtensionSuite = ExtensionSuite.Report },
    new Script { ExtensionSuite = ExtensionSuite.Scheduler }
)

This generates a long url that will be used to retrieve a minified and bundled script containing all the needed files:

<link rel="stylesheet" type="text/css"
	href="/DXR.axd?r=[here a 100 char long hash]-PCKT4" />
<script id="dxis_1000344687" src="/DXR.axd?[here a 500 char long hash]-lDKT4"
	type="text/javascript"></script>
<script id="dxss_1816643409" type="text/javascript">

This dynamic delivery is done using the DevExpress custom ASPxHttpHandlerModule which provides mainly performance and server-side callback processing capabilities.

Adding components

The library contains lots of interesting components, mostly “enterprise” components and elements, like the omnipresent editable/sortable/filterable grid, various charts, a HTML WYSIWYG editor, the scheduler component (a Outlook calendar-like component), various UI components (dockable panels, split panels, tabs, menus, accordions, trees, modal dialogs). It also has some more general purpose data editors, to beautify and add validations to the usual dropdown lists, textboxes, radio buttons and so on. In the next few paragraphs I’m going to show the general feeling of how it to use the MVC extensions.

For example, to setup a masked input textbox, here is what you would have to do:

@Html.DevExpress().TextBox(
    settings => {
        settings.Name = "PhoneNum";
        settings.Width = 170;
        settings.Properties.MaskSettings.Mask = "+00 (999) 000-0000";
        settings.Properties.MaskSettings.IncludeLiterals = MaskIncludeLiteralsMode.None;
    }
).GetHtml()

So you specify the name of the html field (remember that in ASP.NET MVC the name of the field is what is used by the model binding to get the value for the controller), and then the settings specific for that control (in that case the mask and other mask-specific options).

If you want to pre-fill the value of the textbox with value coming from the view model, all you need to do is “binding” the control to the Model itself.

@Html.DevExpress().TextBox(...).Bind(Model.PhoneNum).GetHtml()

But even easier, is to use the ready-made editor templates and just call the EditorFor and let all the configurations hidden away from your sight. If you use DevExpress project templates you get a few of these editor templates (Boolean, DateTime, Decimal, MultiLineText, String, Password), but if you want you can easily made your own specifying all the settings you need to.

If we wanted, for example, to make a reusable PhoneNum control all we needed would be to just create a Editor template and then specify in the definition of the view model that that particular string is of type PhoneNum.

First create a PhoneNum.cshtml file and place it into the Views\Shared\EditorTemplates folder

@model String

@Html.DevExpress().TextBox(s => {
    s.Name = ViewContext.ViewData.TemplateInfo.GetFullHtmlFieldName("");
    s.Width = 170;
    s.Properties.MaskSettings.Mask = "+00 (999) 000-0000";
    s.Properties.MaskSettings.IncludeLiterals = MaskIncludeLiteralsMode.None;
}).Bind(Model).GetHtml()

Than, in the view model class, decorate the property with the UIHint attribute

public class HomeViewModel
{
    [UIHint("PhoneNum")]
    public String PhoneNum { get; set; }
}

And finally in the view just call the EditorFor method

@model Models.HomeViewModel
<div class="editorContainer">
    @Html.EditorFor(m=>m.PhoneNum)
</div>

This way you can easily reuse different editor controls without the need to write always all the configurations. That one was an easy example, but the same concepts and ideas can be applied to all the other MVC extensions.

Conclusions

The whole set of components and the overall experience is really well thought, starting from the first approach to the new project templates. Also the documentation available is really good at explaining all the various options and customization options.

From the technical standpoint the code has a bit too much a WebForms taste, but I have to agree that this approach might have its benefits: it will easily appeal to a WebForm developer, and also a “native” MVC developer, with a bit of work, could write the editor templates he needs, and then live a happy life without the need of writing all these lines of code each time he needs a control. And these native DevExpress MVC extensions are also feature-rich and provide some extensions not found in other libraries like the PivotGrid and Docking Suite.

If that complexity seems too much for the simpler controls, with the most complex ones (like the Scheduler or the Pivot Grid) the “verbosity” almost disappears compared to the amount of code you would need to write in order to implement the same functionalities directly in JavaScript. And the Scheduler component is really awesome: now I want to build something that needs that kind of UI just because I want to use it.

Disclosure of Material Connection: I received one or more of the products or services mentioned above for free in the hope that I would mention it on my blog. Regardless, I only recommend products or services I use personally and believe my readers will enjoy. I am disclosing this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.”

New kids on the blog: Ugo Lattanzi starts his English blog

The Italian .NET community is full of bright people, but with the exception of a few, most of them are unknown outside of Italian borders because they don’t blog that much, and when they do, they do it in Italian.

One of these really smart guys is Ugo Lattanzi (aka imperugo), web developer (or web addict as he calls himself), founder of the Dexter Blog Engine project, ASP.NET MVP since 2009 and long time community guy.

He is also, together with me, organizing this fall’s Web.NET European Conference in Milano (btw, the call for speakers is coming out this week).

He used to blog in Italian, but from today he starts his new adventure, also blogging in English on his blog: ToString.it.

So, join me welcome Ugo to the world of the English blogs, and follow his rss feed or follow him on twitter.

Tags: ,