This blog is now moved to http://syedgakbar.com

Please visit the above site for details and latest updates.

With growing security concersn for the site, it’s now recommended to don’t use the Weak or No Ciphers at all. Unfortunately, these weak ciphers are enabled by default in most of the IIS versions.

If you don’t want to supports the use of SSL ciphers that offer either weak encryption or no encryption at all, then you can easily turn them of by by modifying the corresponding registry entries under following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\

Basically, to fix this security warning, you should disable the SSLv2 and any SSL Ciphers less than 128 bit encryption.

The following link discuss the steps you need to perform:
http://blog.techstacks.com/2008/10/iis-disabling-sslv2-and-weak-ciphers.html

If you want more info or details, please check the following link:
http://support.microsoft.com/kb/187498

As it’s risky task, I will recommend that you first try it on a test machine.

Good luck and be careful when editing registry entries.

As I discussed in my previous thread, more and more people and moving toward the Tableless design to design the HTML files. Check the following post for detail:

http://syedgakbar.wordpress.com/2008/03/01/a-step-toward-tableless-design/

Of course, the migration is not as simple as it looks. Designing the page layout with just the DIVs (basically not using tables) is not that easy for newbies. There are many tricks and tweaks you learn with time (similar to what it was with table based design). One question I asked frequently is that how you can center align the DIV tag using the stylesheet. The reason for this the trick to do this using CSS is not that intutive. You may start with “text-align:center”, or by doing “float:left”, but all this doesn’t work. The correct way to do this using something like this:

<div style="margin:0 auto;width:930px;">
	Center Aligned Box
</div>

In the width, you can give it either by percentage (to make it relative to current page width) or in pixel (hard coded). There is still one small catch. Sometime you will notice that it doesn’t work in the IE. The most probable reason is that IE is running in the Quirks Mode

To fix this, add the following line which set the DOCTYPE to restrict:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

Hope it helps.

If you often work on the JavaScript for the DHTML tasks, then there are good changes that you had wanted to modifying some of the existing built-in or third JavaScript functions. If you want to enhance the built-in JavaScript functions, then probably the best technique is closure. If you don’t already know about it, here is a good starting article:

http://www.coryhudson.com/blog/2007/02/07/modify-existing-javascript-functions/

If the function you want to modify is already written in the JavaScript, then you can either tweak the source file (if you can and have access for it), or you can change the required source at the run-time using the JavaScript. This is what I like about JavaScript, similar to many other interpreted languages, you can play with the existing source too. This becomes more easy and powerful with advance features like closure, currying, prototyping, etc.

Anyway, coming back to the point, you can easily get the source of the existing JavaScript functions as string and then can modify it. Here is a sample script demonstrating this concept:

function foo()
{
return “foo it”;
}

var orignalFunction = foo.toString();
var newFunction = orignalFunction.replace(“foo it”, “do it”);
eval(newFunction);
alert(foo());

As many of you have guessed, the alert above will display the text “do it” instead of “foot it”. OK, now we know how we can modify the existing function at run-time, but then the question is how we can use it and is it really of any help? The one place, where I find it very useful was during adding the Google “Enhance 404 pages” widget in the ASPX page.

This JavaScript based Google widget is designed to be placed on the custom “4o4″ page of your site.  Read more about this:

https://www.google.com/webmasters/tools/enhance404?

Now when I added that JavaScript widget in the ASPX page, it failed because this JavaScript renders a form tag, but I already have one in the ASPX page (needed in all ASPX pages). As we can’t have nested forms (I would like to have this feature supported), it was failing. In such cases, I usually use the IFRAME to render the new content. It worked in this case too, but I see another problem and that’s the Google search results were opening in the same IFRAME. This was tricky to handle because the JavaScript for this is written by Google and is hosted on their server. Though I can re-write all this on my own, but it would be a time consuming task.

Looking at the JavaScript rendered by the Google widget, I found that a function named “ss” handles the redirection and it’s redirecting to “window.location” object. Okay, the fix is simple, if I can some how change this line to “parent.window.location”, my problem will be solved. The problem is that JavaScript source is hosted on the Google server and I can’t change it.

It’s time to take advantage of the interpreted language features, and by adding a custom script like following after the Google widget, my problem was solved.

<script type=”text/javascript” language=”javascript”>
// Set the parent window as the target redirect
var newRedirectFunction = ss.toString().replace(‘window.location’, ‘parent.window.location’);
eval(newRedirectFunction);
</script>

That was simple and elegant. Long live JavaScript.

One of our client reported a problem that on some of their site secure pages FireFox displays the “connection partially encrprypted warning” (by showing a small “i” on secure lock icon).

When I first started looking at that problem, I thought it would be something as simple as some page being hosted on the HTTP (using hardcoded URL). I started by looking at the page source in the FireFox page source viewer. As I start looking into it, my head started to spin because looking at the page source (HTML) all the path were either relative or were on HTTPS.

After spending sometime and carefully observing the pages, I found a pattern that the pages with the ASP.Net form and text box controls usually result in this SSL warning. After this clue, I run the HTTP Analyzer and found the issue (I wish I had run it earlier, but it’s never too late). The problem I found was the “WebResource.axd” is being return at the HTTP path. Actually, it’s requested at the HTTPS path, but then the server sends a redirect command to request this file over the HTTP and it causes this warning.

After finding this, I searched with related keywords, and I found a blog which discuss the same problem in much more detail:
http://blogs.msdn.com/praveeny/archive/2007/03/27/webresource-axd-going-over-http-when-you-are-browsing-on-https.aspx

The solution was simple. The client was using a custom ASP.Net Handler to toggle between the secure and non-secure modes. http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx

All which was needed to fix the problem was to allow the “WebResource.axd” to be served on the HTTPS too.

The point is when you see such problem, don’t rely on the simple page source. Rather look at the actual HTTP packets (using tools like HTTP Analyzer, Fiddler, etc) and you can solve such problem in minutes.

When debugging some problem, usually the “Call Stack” window is really of help. It let’s quickly see how you reached in current location i.e. call chain. This is of help when using some Visual Debugger, but you know what, the actual error happens when the application goes Live. For live applications, a good practice is to always log these errors in some database (or file) for latter analysis.

In .Net, during the runtime exception logging, most of us will use the Exception.StackTrace property to log the current stack trace. During analysis of different run-time errors, I found that some time the Exception.StrackTrace doesn’t return the full call chain. I think this is related to the classes which override the StackTrace property for content or format control.

Anyway, the good thing is that you can get full call chain, including the system calls, using the Environment.StackTrace. Though it’s large, but what it has is worth the bytes it consumes. Another advantage of the Environment.StackTrace property it works even when no exception has occurred.

This version introduce many of the new and exciting features to help you easily manage your running applications. Here is a quick list of the new features in the version 2.0

• Let’s you reorder the Taskbar groups similar to simple application buttons.
• Custom grouping of the running applications in the Taskbar .
• Easily hide all the icons on your desktop.
• Set any Windows to the Top
• Set the transparency level of any of the running window.
• Minimize any Window to the System Tray
• Hide (and of course unhide) any of the running Window.
• Make your Taskbar transparent.
• Auto run the application on Windows Start

The best thing is that it’s still Free and is also free of any Ads and Spywares. Go ahead, download it and give it a quick try:
TaskbarExt Version 2.0

When developing a desktop application, it’s often required that only one instance of application should be executable at a time. This is usually implemented in different ways depending on Language/Tools you are using to build the application.
Some common techniques used are either using the Mutex or getting a list of active processes and making sure that a process with same executable name is not already running. Here are the different articles which all discuss a bit different techniques to achieve the same goal:
http://dotnet.org.za/ernst/archive/2004/07/20/2887.aspx
http://www.codeproject.com/KB/cs/CSSIApp.aspx
http://www.ddj.com/windows/184416856
http://audiprimadhanty.wordpress.com/2008/06/30/ensuring-one-instance-of-application-running-at-one-time/
If you are developing your application in Visual C++, then there is a relatively simple and straight forward method. The trick is that you declare a shared segment for you executable and you set a variable in the shared data segment when the first instance of the application is run. When you try to run again the same application, it also shares the same data segment and thus you can check the value of the variable to see if another instance of application is running or not.
For this you can add the following code at top of your executable.

// This share data segment section is used to make sure that only instance of the application
// should be running at a time
#pragma data_seg(“.singleInstance”)
HWND g_hWnd = NULL;
#pragma data_seg()
#pragma comment(linker, “/section:.singleInstance,rws”)

Then you can check and set the g_hWnd in your Instance initialization method.

// Check if another instance of the application is already running
if (g_hWnd)
{
// Post message to bring the main window to front

// Another instance is already running, so quit.
return false;
}

Don’t forget to assign the “g_hWnd” variable the reference of main window handle after you create that window. Credit for this technique goes to:
http://www.codeguru.com/cpp/misc/misc/applicationcontrol/article.php/c3763/

If you are writing any application which adds an icon to the Taskbar notification area, it’s recommend to handle the “WM_TASKBARCREATED” the message sent by explorer. This message is sent by explorer when it’s creating the taskbar. As after crash explorer doesn’t remember the original notification icons, you should handle this message and then re-register your application notification icon.

 

To capture this message, you must first register it like this:

const static UINT WM_TASKBARCREATED = ::RegisterWindowMessage(__T(“TaskbarCreated”));

 

Once it’s registered, you should handle this in your Windows Callback Procedure to re-add the icon for your application in the notification area. Something like this:

 

// Check if the Taskbar is just being created. This message is broadcast by the Explorer
// when it’s launched (after any crash)
if (message == WM_TASKBARCREATED)
{
    // Add the code to re-add your application in the notification area.
}

 

Simple, but yet effective. What do you think?

Page break in HTML pages

 

When generating reports directly in the HTML, it’s often required to do a forced page break so that a new sections always prints on a new page. Fortunately, this is very simple with the help of CSS. For this you just need to add the “page-break-before:always” or “page-break-after:always” styles to the tags on which you want to have the page break.

 

As clear from the name, if you add the  “page-break-before:always”, it will add a page break before the current tag. Similarly, “page-break-after:always” will create a page break after the current tag end.

 

Here is a sample code to see this in action

<div style=”page-break-before:always”>This will print on first page</div>

 

<div style=”page-break-before:always; page-break-after:always”>This will print on second page</div>

 

<div>This will print on third page</div>

Please notice that how we have added the page break before and after attributes on the second page such that we no longer need this on the third DIV tag.

 

Note: Please note that these attributes doesn’t work in FireFox (and most other browsers) when used within tables (cells or rows). When having problem with the page break, make sure the section you want to have break on is not under any table.