Monday, January 31, 2011

When bad coding goes wrong

While working with seasoned Java developer who was kicking his heals at ASP.NET MVC he ran into a problem encrypting the password across the url using a JQuery base64 plugin. The problem is he has too many variations of the JQuery file running within his project. He is not willing to resolve the issue, instead prefer to patch things. Unfortunately the base64 plugin continues to return a null exception.

Although I'm impressed by his coding methodology in some areas, I don't like the idea that he doesn't use standard practices when coding. 5 years ago I was new to C# and looked up to him for learning the correct way to code. I really thought I knew my stuff after 3 years. It wasn't until I went to a job interview, that I discovered that those practices were incorrect.

I recently enrolled in college and in my JAVA class many of my bad coding habits are reflected in the project assignment, resulting in point deductions. Well he continues to do things wrong, no comments in his code and so forth.

He sticks to what he knows and it often create problems in the future.

Like the time when he built a bunch of C# Web Services. When I looked at his code, I said that's going to run into security problems later, especially when Microsoft decides to send security patches. Although I expressed my concerns, 3 years later everything stopped working and he had to rewrite all of those Web Services again. Apparently, Microsoft did sent patches to close some holes in security and his Web Services were doing hatchet jobs to work. Going across servers, writing to files systems, SQL Queries and returning data.

THE GOOD, THE BAD, THE UGLY
He has been playing with MVC and Telerick controls for about 3 months. He is terrible with UI development, that's where I come in. I can do them both.

All the front facing apps the users log into use a custom login control that I built in ASP.NET C#. It is mobile and extensible. Simple add the web.config, login.aspx page and make a few changes to the Role name and it works out of the box.

He wanted me to use that control in a separate ASP.NET project, authenticate users and pass the authentication to his MVC project. UGLY HUH!

He is the senior developer, so I did what he asked. It would redirect them to the MVC project, but accessing the users profile or data was terrible. I said, let me build a project in MVC, use their Login page and get that to work with this project. He says, "OK, but I know nothing about the login stuff".

I completed the task in less than 1 hour and integrated it into his MVC project, fully functional.

He stripped the Registration page and put unconventional code into the page and says, I don't understand what fieldset, TextBoxFor(m => m.Username) or Html.BeginForm() and all that means. Removes everything and creates a table and puts stuff like this on the page:
Password
<%: Html.Password("password") %>

and a button: <button id="button1"<
Create a New Account

He adds a jQuery function to collect the data and passes that to a Controller
<script type="text/javascript">
$(document).ready(function () {
$('#button1').click(function (event) {
window.location = '<%= ResolveUrl("~/Account/Register2") %>' + '?UserName=' + $('#username').val() +
'&Password=' + Base64.encode($('#password').val() + "==");
})
});
</script>

The now here is the problem, people can see the password, so wanted me to encrypt the password. Here is what I did.

I created a method like this that takes a String as an argument and decodes the base64 url of the password and returns an unencrypted String of the password:

private String base64Converter(String password)
{
/* This method takes one argument password, decodes it and returns the decoded string */
// Bill King Added 1/31/2011
String pValue = "";
byte[] encodedDataAsBytes = System.Convert.FromBase64String(password);
string returnValue = System.Text.ASCIIEncoding.ASCII.GetString(encodedDataAsBytes);
pValue = returnValue.Substring(0, returnValue.Length - 2);
return pValue;
}

Below is his ActionResult in the controller that collects the button event:
public ActionResult Register2(string UserName, string Password, string ConfirmPassword)
{
Password = base64Converter(Password);
ConfirmPassword = base64Converter(ConfirmPassword);

This is the kind of lifestyle I need to change. I cannot get a job somewhere else making up stuff.


Tuesday, January 11, 2011

Visual Studio & Windows 7 IIS Configuration

Installing IIS and ASP.NET on Windows 7

Installing the ASP.NET component of IIS 7.0 in Windows Vista enables ASP.NET Web applications to run as local IIS Web sites. To enable Visual Studio to create and use local IIS Web sites, you must enable metabase compatibility. This lets Visual Studio interact with the IIS metabase and with the IIS 7.0 configuration store.

If IIS is enabled on your computer before you install the .NET Framework version 4, ASP.NET 4 is automatically registered with IIS. However, if IIS is not enabled on the computer when you install the .NET Framework, you must manually register ASP.NET with the appropriate version of IIS by running the ASP.NET IIS Registration tool. For more information, see ASP.NET IIS Registration Tool (Aspnet_regiis.exe).

Note Note

You must have administrative permissions to install IIS 7.0.

To enable ASP.NET on Windows Vista for debugging

  1. In , open Control Panel and then click Programs.

  2. Under Programs and Features, click Turn Windows features on or off.

    Note Note

    If Control Panel is set to display in Classic view, click Programs and Features, and

    in then in the left pane, click Turn Windows features on or off.

    The Windows Features dialog box is displayed.

    Note Note

    If User Account Control (UAC) is enabled, it might display a message when

    you try to access the Windows Features dialog box. Click Continue to access the

    dialog box. For more information, see User Account Control.

  3. Expand Internet Information Services.

  4. Expand Web Management Tools, expand IIS 6 Management Compatibility, and then select the IIS 6 Metabase and IIS 6 configuration compatibility check box.

  5. Expand World Wide Web Services, expand Application Development Features, and then select the ASP.NET check box.

    Note Note

    The options that are required for Web application development will

    automatically be selected.

  6. Expand World Wide Web Services, expand Security, and then select the Windows Authentication check box.

    To enable Visual Studio to debug applications, you must configure IIS 7.0 with the Windows Authentication module. By default, the module is not configured as part of IIS.

  7. Click OK to start the IIS and ASP.NET installation process.

  8. When the configuration process finishes, close Control Panel.