Adding Sorted Items to DropDownMenus at Runtime

I use drop down menus regularly. They are a very common control on most any website and often we are just getting a list of things out of a database and simply binding them to the drop down so the user can select one.

It’s very easy to bind items to an ASP.NET DropDownMenu. Removing items as well as adding items it just as easy. But what if you need to add items to the DropDownMenu when the list has already been DataBound and you need to ensure that all the items in the DropDown have been sorted (either by the Text or the Value)? This is a little bit tricky, which is why I’ve taken the time to show you how to do it (and so I can use this example next time I need it).

 

 

Using a Generic Method to Encode String Properties In Order To Avoid Cross Site Scripting Attacks

Cross Site Scripting Attacks (XSS Attacks) are a real problem, don’t make the mistake of thinking they aren’t in widespread use or that you are not vulnerable. During the development of your project you need to explicitly take steps  to avoid exposing your sites visitors to this serious issue. You can use the Microsoft Web Protection Library to reduce the risk of XSS attacks, get it here http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651

Recently I developed a simple generic method that I can pass objects to which will loop over the properties and automatically HTML encode any that are strings. This is useful when you use ORM systems such as Linq2Sql or ADO.NET Entity Framework, which generate an object model of your database which often include properties of type String.

Here is how to call the method:

 

Here is the code:

 

Integrated Windows Authentication: Getting FireFox to Play Nice

If you protect your web applications using Integrated Windows Authentication (IWA), typical with company Intranets, FireFox will prompt users to provide their network credentials (i.e. their Username and Password) when they try to access the site.

You can side step this by making minor changes to FireFox so that it will negotiate with the web server behind the scenes, effectively performing a “silent login” like Internet Explorer does automatically when accessing IWA protected apps.

 

IMPORTANT: Your IIS node needs to allow fall back to NTLM Authentication for this to work.

Using the Metabase Manager, part of the IIS Resource Toolkit that is available from Microsoft, will showNegotiate, NTLM under Authentication. If you removed NTLM than this tutorial is a waste of your time

Step 1:

Open FireFox, in the Address Bar type about:config, you will be prompted with a warning like the following.

FF-Intranet-Support1

Step 2:

Click the “I’ll be careful, I promise!” button. In the “Filter” textbox type network.automatic

FF-Intranet-Support2

Step 3:

Select the 2nd option named network.automatic-ntlm-auth.trusted-uris. Enter the values of your Intranet sites, separating them with a comma, and click OK

FF-Intranet-Support3

FireFox will then negotiate your login silently, eliminating the need for the Server Login prompt.