While working with seasoned Java developer who was kicking his heals at ASP.NET MVC he ran into a problem encrypting the password across the url using a JQuery base64 plugin. The problem is he has too many variations of the JQuery file running within his project. He is not willing to resolve the issue, instead prefer to patch things. Unfortunately the base64 plugin continues to return a null exception.
Although I'm impressed by his coding methodology in some areas, I don't like the idea that he doesn't use standard practices when coding. 5 years ago I was new to C# and looked up to him for learning the correct way to code. I really thought I knew my stuff after 3 years. It wasn't until I went to a job interview, that I discovered that those practices were incorrect.
I recently enrolled in college and in my JAVA class many of my bad coding habits are reflected in the project assignment, resulting in point deductions. Well he continues to do things wrong, no comments in his code and so forth.
He sticks to what he knows and it often create problems in the future.
Like the time when he built a bunch of C# Web Services. When I looked at his code, I said that's going to run into security problems later, especially when Microsoft decides to send security patches. Although I expressed my concerns, 3 years later everything stopped working and he had to rewrite all of those Web Services again. Apparently, Microsoft did sent patches to close some holes in security and his Web Services were doing hatchet jobs to work. Going across servers, writing to files systems, SQL Queries and returning data.
THE GOOD, THE BAD, THE UGLY
He has been playing with MVC and Telerick controls for about 3 months. He is terrible with UI development, that's where I come in. I can do them both.
All the front facing apps the users log into use a custom login control that I built in ASP.NET C#. It is mobile and extensible. Simple add the web.config, login.aspx page and make a few changes to the Role name and it works out of the box.
He wanted me to use that control in a separate ASP.NET project, authenticate users and pass the authentication to his MVC project. UGLY HUH!
He is the senior developer, so I did what he asked. It would redirect them to the MVC project, but accessing the users profile or data was terrible. I said, let me build a project in MVC, use their Login page and get that to work with this project. He says, "OK, but I know nothing about the login stuff".
I completed the task in less than 1 hour and integrated it into his MVC project, fully functional.
He stripped the Registration page and put unconventional code into the page and says, I don't understand what fieldset, TextBoxFor(m => m.Username) or Html.BeginForm() and all that means. Removes everything and creates a table and puts stuff like this on the page:
Password
<%: Html.Password("password") %>
and a button: <button id="button1"<
Create a New Account
He adds a jQuery function to collect the data and passes that to a Controller
<script type="text/javascript">
$(document).ready(function () {
$('#button1').click(function (event) {
window.location = '<%= ResolveUrl("~/Account/Register2") %>' + '?UserName=' + $('#username').val() +
'&Password=' + Base64.encode($('#password').val() + "==");
})
});
</script>
The now here is the problem, people can see the password, so wanted me to encrypt the password. Here is what I did.
I created a method like this that takes a String as an argument and decodes the base64 url of the password and returns an unencrypted String of the password:
private String base64Converter(String password)
{
/* This method takes one argument password, decodes it and returns the decoded string */
// Bill King Added 1/31/2011
String pValue = "";
byte[] encodedDataAsBytes = System.Convert.FromBase64String(password);
string returnValue = System.Text.ASCIIEncoding.ASCII.GetString(encodedDataAsBytes);
pValue = returnValue.Substring(0, returnValue.Length - 2);
return pValue;
}
Below is his ActionResult in the controller that collects the button event:
public ActionResult Register2(string UserName, string Password, string ConfirmPassword)
{
Password = base64Converter(Password);
ConfirmPassword = base64Converter(ConfirmPassword);
This is the kind of lifestyle I need to change. I cannot get a job somewhere else making up stuff.