I read a nice post at Web Worked Daily that holds the same title my post holds...

This post (click here to read it) talks about some very common mistakes that a web worker could do, I aggree that the post is focusing on freelancer web workers, but there are some very usefull topics that can contribute you something even if you are a salaried employee and you want to create yourself at the 'end of the day' a successful online career.

The post speaks also to team leaders that need to plan the project schedule, set missions to her team members (the actual developers), stick on deadlines and to deliver (at last) a fine working project to the development end point. In addition, this post also relates to project managers by that it shows some examples how to manage the specific project properly, how to devide missions in the right way and more...

AND, in the bottom line, it displays its 5 common mistakes...
Enjoy

After doing great usage with CAPTCHA in my site (when adding comments - if you didn't try it I am inviting you to give it a try and add some comments after reading this post...), I decided to give some words about it...

Some definitions...
a CAPTCHA is a type of challenge-response test used in computing to determine whether the user is human, aka "Completely Automated Public Turing test to tell Computers and Humans Apart". A CAPTCHA involves one computer (a server) which asks a user to complete a test. While the computer is able to generate and grade the test, it is not able to solve the test on its own. Because computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human.

There are several approaches to this CAPTCHA mechanism, that comes to supply the same idea of effect (to differ a human user from a computer user of course), like:
- Carnegie Mellon's PIX CAPTCHA, which the user here sees few images and need to differ which one is exceptional.
- Oli Warner's KittenAuth, the user here needs to select all animals of specific speices in the proposed images.
- Microsoft's Asirra, quite similar to KittenAuth, but works under larger amount of images.

Some issues that are important in order of using CAPTCHA in your web site:

• You must dock the CAPTCHA image/s in a non dominant place in your web site - think about it, the CAPTCHA mechanism is comes to help you to avoid bots, not to take a central place in your site.
• The CAPTCHA image/s supposed to has as much as small weight (something like between 4 to 8 kb), the site should not be affected from the CAPTCHA image/s creation. I'd rather creating the CAPTCHA image/s using HttpHandler that display the image/s from an outside mechanism.
• The area of the image/s should be appropriate to the site isuue. Images of cats should not be appropriate to a government site for example, therefore select the image/s properly.
• Store the CAPTCHA in a safe place and name them in appropriate names in order to use it properly.

OK, what about some implementation? There are a lot of ways to implements this algorithm, which is not so complex. You can find a lot of written open source small application that implements this CAPTCHA mechanism.

In the web application that I am working on at work, we saves all distorted images in a DB (and its images' values of course) and grabs it randomally on each request of the specific page that holds the CAPTCHA. The distorted image is shown to the user and its value is stored in the page viewstate (which is also encripted of course).
After that user enters her input, that value is being validated against the distorted image's value and if it's correct, moves on...

Do you have more suggestions of CAPTCHA implemetations?

Hi fellows, how are you?

I read a nice article regarding editing and encrypting/decrypting web.config sections. The nicest thing in that feature is the ability to access to the web.config content via the actual code behind (and) in run-time. (Could be a lot of reasons to access the file from the code itself, and the API is very 'friendly').

Click here to get the directive to this article.

Bye bye...

Hi again..

I am here again with the same issue, and this is because a long conversation that I had with Oren Ellenbogen (ex. co-worker) about some extending and refactoring of the former post solution (you can see it here if you missed it).

The main goal in the Session/Application objects encapsulation was the ability of avoiding casting each time that we would use these objects, this is annoying especially we uses the specific object in most of the flows of the application.
The other goal is getting the ability of managing these objects in one centered place.

NOW, some extesibility...
This object need to be maintened everytime that we want to add a new session/application object. Good usage of generics will solve this problem -> this will bring up the ability of adding new objects everywhere that we'll want (example in the continuance...).

So, look at the following implemetation:

public static class SessionRepository
{
   public static bool IsExist(string objectKey)
   {
      return HttpContext.Current.Session[objectKey] != null;
   }

   public static TObject GetInstance<TObject>(string objectKey)
   {
      return (TObject)HttpContext.Current.Session[objectKey];
   }

   public static void Add<TObject>(string objectKey, TObject obj)
   {
      HttpContext.Current.Session.Add(objectKey, obj);
   }
}

Some usage:

if (SessionRepository.IsExist("SomeObjectKey"))
{
   SomeObject obj = SessionRepository.GetInstance<SomeObject>("SomeObjectKey");

   // Do your things...
}

SessionRepository.Add<SomeObject>("SomeObjectKey", SomeObject);

This way of implementation comes to help us with the casting issue and it gives up extensibilty options. I think that there is a small disadventage here - we also need to remeber the keys of the objects in the session object - but there is nothing perfect.

Summary:

1. Both of the solutions are good and each has each advantages/disadventages, you can prefer the best way of using.
2. The first way (shown in the former post) enables you a direct access to the object stays in the session/application, but need to be managed for each time we want to add new object into the session/application.
3. The way shown here holds a different approach, enables you extensibility, but you don't have the explicit access to these objects.
4. In both ways, the casting issue is covered!

That's it for today.

Commets will be appriciated...

Hi!

In most of ourweb applications, we (must) use the session object, which gives us better way of data storing (session object lives over the HTTP protocol and exists all over the user's session lives {except of expiration etc...}).

The access to the session objects and variables is quite easy and simple, BUT, what happens when you want to store your complex struct or object in the session (even some other system object)? THEN, you must cast this session variable, and check if it alives before you can access its properties etc...

I have a good suggestion that also will encapsulate the sesison's variables and will be easy to manage, pay attention:

Firstable, I created a static class, called: Repository, which will expose the session variables as properties, and the access to these objects will be much more easy and explicit.

The repository static class:

public static class Repository
{
    public static SomeObject SessionSomeObject
    {
        get
        {
           return HttpContext.Current.Session["SomeObject"] as SomeObject;
        }
        set
        {
            HttpContext.Current.Session["SomeObject"] = value;
        }
    }

    // Some more properties declarations
}

(This class gathers all the session/application members = good and convenient code management).

NOW, look at the 'old fashioned' and regular way that the sytax suggests us (if we don't use the Repository static class):

if (Session["SomeObject"] != null)
{
   myObject = ((SomeObject)Session["SomeObject"]).MyProperty;
}
else
{
   // bla bla bla...
}

In the above example, we must check if the object is alive in the session firstly if we want to access its properties (unless we do it, it will throw us a runtime error). In the bottom example we cover this case with one sentense of code:

myObject = Repository.SessionSomeObject.MyProperty;

Here, even if the object is null, it will we create an instance of it and will return us some default value of the object's property.

Have a good day...

p.s.
This code relates also to the Application object!

Hey fellows...

I wanted to share you with an event that happened these days, my friend - Oded Balilty won the Pulitzer Prize for his photograph.

This is a great honor also to Oded and as well to Israel state of course.

This photograph displays a lone settler woman defying Israeli security forces, so take a look:

Well done Oded, keep successing alive...

With regards,
Eran

You can download it, it is ready, right from the oven...

The best thing that I found there is the Validation Application Blocks, which is new and wasn't in the earlier versions.
"Developers can use this application block to create validation rules for business objects that can be used across different layers of their applications." (quoted form the msdn site).

You can find it here: http://msdn2.microsoft.com/en-us/library/aa480453.aspx

Enjoy...

Hello!

Some intro:
I am starting to migrate a classic asp web application (quite complicated) to .NET 2.0 environment and in the begining (of course) I am starting to learn the functionality of the existing web app.

This morning I came to work and started to rrun the asp web app, but my IIS (5.0) seemed to be dead. I couldn't run anything, even the localhost help page to get some information.

I disabled the "Show friendly HTTP error messages" from the explorer advanced options, and | got this messgae: "The server has encountered an error while loading an application during the processing of your request" - Interesting...

After doing some actions in the IIS, I succeeded solving the problem myself, I just changed the application protection to Low in the virtual directory folder properties.

Some info:
The Application Protection drop-down determines if this IIS Application is to be isolated in its own process, pooled with other apps, or in-process with IIS. This feature comes to give us the ability of isolating applications, configuring them to run in a process (memory space) that is separate from the Web server and other applications. You can configure applications to have one of three levels of application protection: Low, Medium, High.

Another thing is: The application protection determines how memory resources are allocated for ASP pages:

• Low (IIS Process): this level runs ASP pages using the same resources as the web service. The advantage of the low level is that you are given the most permissions and access. The disadvantage is that if the ASP service fails, the web service will be impacted as well.
• Medium (Pooled): this level allocates a pool of memory resources used by all ASP pages. The advantage of the medium level is that you control the amount of resources allocated. In addition, if an ASP page causes the ASP service to fail, it does not affect the web service. The disadvantage is that if one site causes the ASP service to fail, all of the ASP pages will fail.
• High (Isolated): this level allocates a specific amount of memory resources for each ASP application. The advantage to the high level is that if an ASP page causes the ASP service to fail, only that specific site will fail and not the other sites. The disadvantage is that additional resources are used by each individual application pool.

Hope I helped someone...

Hey guys how are you?

I wanted to share you with nice dillema that was raised by one of our team leaders, called: Boaz Davidoff.
He encountered with a situation that he wanted to create new instance of an object that inherits from a parent object (which is no problem right...?), BUT firstly he wanted to initiate some members in the child object before of creating the parent object and just after it to call the parent object constructor.

It turns out that this situation is quite impossible in .NET, because by default, you must call the base ctor firstly and just after it to do your stuff, for an example:

public class A
{
    int a1, a2;

    public A(int a1, int a2)
    {
        this.a1 = a1;
        this.a2 = a2;

        // Do your stuff
    }
}

public class B : A
{
    public B(int b1, int b2) : base(b1, b2)
    {
        // Do your stuff
    }
}

I wanted here, by calling B ctor, to make some manipulations over b1 and b2 (before calling the base ctor), but encountered with a PROBLEM.

So, take a look on this solution:

public static B CreateBObject(int c1, int c2)
{
    // Do some manipulation over c1 and c2

    return new B(c1, c2);
}

private B(int b1, int b2) : base(b1, b2)
{
    // Do the rest of your stuff
}

Some explanations:
I created again B ctor, which the only different from the other B ctor is by that it is private (in other words: this object cannot be initialize from outside this class).
Now, the addition... I added a static method called CreateBObject, which receives the same params, does some manipulation over them, after it calls the B's private ctor and returns B object like we wanted in the first time.

Nice, huhh? I would like to have some comments

p.s.
Thanks Boaz