The EDX Software Blog

Problems with SQLServer Session State

October 15th, 2009

Intro. In my last entry I discussed changing the session state mode from the default InProc which stores Session variables in memory to SQLServer which stores Session variables in a sql database.

The Problem. I had a lot of problems after doing that. Data that I was storing in session variables wasn't being saved. It turns out that the sql session does not work exactly like the memory session, although I never saw this documented anywhere.

The Solution. After diagnosing it and trying things for a few days, I ended up writing a program to store/retrieve variables to/from my own sql table.

By the way, here are some electronics components we have for sale on our website: LMH6645MF, EEU-FC1V101, ZHB6718TA, IRFI9Z34GPBF, CD74HC109E, NLV32T-100J-PF, 1N5242B-T.

Posted in SQL, VB.NET | No Comments »

Change to SQLServer Session State

September 16th, 2009

Intro. One of our subscription websites saves quite a bit of information in Session variables. This website is now ready to go to beta test, so it is time to change the session state mode from the default InProc which stores Session variables in memory to SQLServer which stores Session variables in a sql database.

The Problem. I followed the instructions I found on msdn.microsoft.com, but that resulted in several errors sending me to google to search for possible solutions. One error that I got was:

Failed to login to session state SQL server for user 'TESTSERVER\ASPNET'

where TestServer is our test webpage server. This error reminded me that TestServer is using IIS 5, so I moved the test to our production webpage server, Laurel, which is running IIS 6. The new error was:

Failed to login to session state SQL server for user 'NT AUTHORITY\NETWORK SERVICE'

That's the IIS 6 error, and it was solved by setting up the sessionState tag correctly, as shown below.

The Solution. Here are the steps that worked for me. Note this usage: our webpage server is Laurel, sql database server is Hardy, MyUser is an existing user on Hardy with db_owner access to the databases used by the new website, MyPass is MyUser's password. Also note that our web.config does not use impersonation and that our authentication mode="Forms".

1. Open a command window on Laurel, change directories, and run the setup:

cd C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

aspnet_regsql.exe -S Hardy -E -ssadd

This created a database on Hardy named ASPState which contains all the stored procedures needed to do SQLServer session state. The data will actually be stored in tempdb, a system database.

2. We already had this in the web.config within the system.web and configuration tags:

< sessionState timeout="60" />

So, I changed it to:

< sessionState timeout="60" mode="SQLServer" sqlConnectionString="Data Source=HARDY;User Id=MyUser;Password=MyPass;" />

3. I used SQL Server Management Studio on Hardy to go to Security | Logins | MyUser | Properties | User Mapping. I checked the boxes for ASPState and db_owner, and tempdb and db_owner, and clicked OK.

I browsed to the webpage and everything worked fine.

Posted in SQL, VB.NET | No Comments »

Fixing My PayPal "Add To Cart" Button

August 25th, 2009

Intro. I previously blogged about how to create a PayPal "Add To Cart" button at runtime. We use this button on our Buy Now pages. To see an example, click on the following link, and then click any of the Buy Now links:

http://www.edxelectronics.com/PartSearch/PartSearch.aspx?SearchPart=AD5

On this page you'll see the "Add To Cart" button which is created at runtime.

The Problem. This week our users started reporting the following error from paypal.com after they clicked our "Add To Cart" button:

"Sorry — your last action could not be completed"

Yikes! Nobody can buy our products online.

A bunch of googling revealed that PayPal did an upgrade and changed some urls that we were using. And they didn't even tell us!

The Solution. We changed our runtime generated url's from:

https://www.paypal.com/cart/add=1 . . .

to:

https://www.paypal.com/cgi-bin/webscr?cmd=_cart&add=1 . . .

and everything went back to normal.

Posted in General, VB.NET | No Comments »

Sys.WebForms.PageRequestManagerServerErrorException

June 16th, 2009

Intro. My company has a private webpage where subscribers search for some specialized information and then can use the search results to update database records. The page has many textboxes used to allow the user to define search criteria, filter the results, and add and update records. The textboxes are in AJAX UpdatePanels and there are many buttons which submit the data to the webpage server.

The Problem. If the user types a "less than" character ( < ) followed by a letter in any textbox, clicking any of the buttons will result in this popup error message:

Sys.WebForms.PageRequestManagerServerErrorException: An unknown error occurred while processing the request on the server. The status code returned from the server was: 500.

A little research revealed that an error occurs because the system is trying to prevent the user from entering an html tag. And the user get a popup message (instead of a full error page) because the submit button is within an UpdatePanel, and I have no customErrors page defined for a 500 error. Unfortunately, the error message above does not convey to my users that they must put a space after the < .

Rejected Ideas. So how can I fix this problem? Some blogs recommended that I simply turn off the test for html by adding:

ValidateRequest="false"

in the tag < %@ Page ...%>, but I didn't think this was a very good idea because then the page would be open to HTML injection.

I also considered the question, "Can I prevent users from entering html into my textboxes?", and looked at javascript ways to change or remove the < characters.

The Solution. I decided, though, that it is better to let the user fix the problem. A popup error message is perfect, as I don't want my users navigating away from my page. So, I just needed a way to change the text of the error message to something the users will understand. Insert this code in your .aspx just below your asp:ScriptManager line:

< !-- Code to replace text of 500 error -->
< script type="text/javascript">
  Sys.WebForms.PageRequestManager.getInstance().add_endRequest(
    function(sender, e)
    {
     if (e.get_error())
      {
       if (e.get_response().get_statusCode() == 500)
        {
          alert("A potentially dangerous value was detected from the client. Note that every < must have a space after it. ");
      e.set_errorHandled(true);
        }
      }
    }
)
< /script>

Posted in AJAX | No Comments »

Cross-thread operation not valid

September 30th, 2008

Intro. I am upgrading some old programs from VS2003 to VS2005. These are old Windows apps that run either continuously or on a scheduled basis with little user involvement. They have escaped upgrading up until this point because they work.

The Problem. After upgrading a program I got this error when I ran it:

Cross-thread operation not valid: Control 'TextBox1' accessed from a thread other than the thread it was created on.

The program did have "Imports System.Threading" in it, but only so it could use "Thread.Sleep(x)". The program had no intention of being multi-threaded – it thought it was single-threaded. I removed these lines as a test, but the error did not go away.

The Solution. The program also contained "Imports System.Timers" and "Dim oTimer As New System.Timers.Timer" and it turns out that this timer runs on a different thread than the rest of the program. To avoid the error, add this line where you initialize the timer:

oTimer.SynchronizingObject = Me

Posted in VB.NET | 1 Comment »

Prevent Backspace From Going to Previous Page

June 30th, 2008

Intro. We have one website that is accessible only by subscribers who have a username and password. The subscriber is presented with lots of data and has the opportunity to add and modify text.

The Problem. If the subscriber hits the backspace key while the focus is not in an editable field, the website goes back to the previous page. This causes the subscriber to lose any data that has been entered but not yet saved. Since there is no reason to return to the previous page, I needed to stop the backspace from going back a page.

The Solution. I added the following javascript to the < head> section of my webpage (note that I added a space after every "<" so that this editor wouldn't interpret my html):

< script type="text/javascript">
//code to catch the backspace and stops the back default action
if (typeof window.event == 'undefined'){
document.onkeypress = function(e)
{
    var test_var=e.target.nodeName.toUpperCase();
    if (e.target.type) var test_type=e.target.type.toUpperCase();
    if ((test_var == 'INPUT' && test_type == 'TEXT') ||(test_var == 'INPUT' && test_type == 'PASSWORD')|| test_var == 'TEXTAREA')
    {
      if ((e.keyCode == 8 ) && (e.target.readOnly == true))
      {
        e.preventDefault();
      }
      else
      {
        return e.keyCode;
      }
    }
    else if (e.keyCode == 8 )
    {
      e.preventDefault();
    }
}
}
else
{
document.onkeydown = function()
{
    var test_var=event.srcElement.tagName.toUpperCase();
    if (event.srcElement.type) var test_type=event.srcElement.type.toUpperCase();
    if ((test_var == 'INPUT' && test_type == 'TEXT') ||(test_var == 'INPUT' && test_type == 'PASSWORD') || test_var == 'TEXTAREA')
    {
      if ((event.keyCode == 8 ) && (event.srcElement.readOnly == true))
      {
        event.returnValue=false;
      }
      else
      {
        return event.keyCode;
      }
    }
    else if (event.keyCode == 8 )
    {
      event.returnValue=false;
    }
}
}
< /script>

Posted in General | No Comments »

Access DotNetNuke Passwords From Second App

April 2nd, 2008

Intro. We have one website based on DotNetNuke (FirstSite) with some functions that are available only to the paid subscribers. We have another website (SecondSite) being written in vb.net that needs to be password protected.

The Problem. The usernames and passwords are stored in the DotNetNuke table aspnet_Membership in an encrypted format (this is optional, but we want encrypted for security). How can SecondSite access the usernames and passwords of FirstSite in a clear text format for its login page?

The Solution. The password encrypt/decrypt is handled by the asp.net framework, so I tapped into that. I added my data source info to my SecondSite's web.config within the < connectionStrings> tag. I just copied this from FirstSite's web.config (note that I added a space after every "<" so that this editor wouldn't interpret my html):

< add name="SiteSqlServer"
connectionString=" (your connection string) "
providerName="System.Data.SqlClient"/>

Then I added these lines within the < system.web> tag. Again, I just copied these from FirstSite's web.config:

< machineKey (your machine key line) />
< membership defaultProvider="AspNetSqlMembershipProvider"
    userIsOnlineTimeWindow="15">
   < providers>
      < clear/>
      < add name="AspNetSqlMembershipProvider"
         type="System.Web.Security.SqlMembershipProvider"
         connectionStringName="SiteSqlServer"
         enablePasswordRetrieval="true"
         enablePasswordReset="true"
         requiresQuestionAndAnswer="false"
         minRequiredPasswordLength="7"
         minRequiredNonalphanumericCharacters="0"
         requiresUniqueEmail="false"
         passwordFormat="Encrypted"
         applicationName="DotNetNuke"
         description="Stores and retrieves membership data
         from the local Microsoft SQL Server database"/>
   < /providers>
< /membership>

Then I added these lines to SecondSite's login.aspx.vb:

Dim aspnetUser As System.Web.Security.MembershipUser = _
System.Web.Security.Membership.GetUser(txtUsername.Text.Trim)
If Not aspnetUser Is Nothing Then
Password = aspnetUser.GetPassword()
End If
If Password <> txtPassword.Text.Trim Then DoInvalidLogin()

Works like a champ!

Posted in General, VB.NET | 3 Comments »

Convert XML Object to DataTable

March 11th, 2008

Intro. I have a legacy program that returns an object containing data in XML format. A new requirement came down for this data to be shown in a grid on a new webpage.

The Task. Write a new webpage that calls the legacy program and then uses the resulting XML Object as the datasource for a gridview.

What Didn't Work. I tried to cast the XML Object (MyXMLObject) to a DataSet or a DataTable using CType, but that just gave me this error:

System.InvalidCastException: {"Unable to cast COM object of type 'System.__ComObject' to class type 'System.Data.DataSet'. Instances of types that represent COM components cannot be cast to types that do not represent COM components; however they can be cast to interfaces as long as the underlying COM component supports QueryInterface calls for the IID of the interface."}

The Solution. The first helpful thing that I ran into was this function:

Microsoft.VisualBasic.Information.TypeName(MyXMLObject)

which return the name of the data type. For me, it returned "IXMLDOMSelection". MSDN gave me the members and related information. My key discoveries were that MyXMLObject.item(0) contains the schema, and MyXMLObject.item(1) contains the data. Here is my working code:

Dim MyXmlDataDoc As New System.Xml.XmlDataDocument
Dim sr As System.IO.StringReader
'First fetch and load the schema
sr = New System.IO.StringReader(MyXMLObject.item(0).xml)
MyXmlDataDoc.DataSet.ReadXmlSchema(sr)
'Then fetch and load the data.
sr = New System.IO.StringReader(MyXMLObject.item(1).xml)
MyXmlDataDoc.DataSet.ReadXml(sr)
'Attach the data to the grid.
Me.grdResultsGrid.DataSource = MyXmlDataDoc.DataSet.Tables(0)
Me.grdResultsGrid.DataBind()

See an example of the resulting grid here:

http://www.edxelectronics.com/PartSearch/PartSearch.aspx?SearchPart=LM393

Posted in VB.NET | 1 Comment »

Convert aspx to html

November 29th, 2007

Intro. I wanted to set up a simple (no vb code needed), feeder website with links to our main site. The webmaster said to give him html pages so he could easily put it on a linux server. I've been developing in Visual Studio using master pages, so I decided to develop in aspx and then convert to html.

The Solution. Here are the steps I used:

Develop in Visual Studio using a master page. Don't use any aspx controls – use Html controls instead.
Build and run the project in debug mode.
Navigate to each page, rt-click, and View Source.
Save the source to pagename.html.
In all of the resultant html pages replace all .aspx with .html.
Ftp the html pages, the images, and the style sheet to the host.

Here is my resulting website:

http://www.leadfreesupplier.com/

Posted in General | No Comments »

Set Focus to Target Web Page

September 28th, 2007

Intro. I have a web page that displays a gridview of sales order information for the user. The user can click on the sales order number (sono) to display more information about any order. The original code opens a new web page (target="_blank") for each click.

The Problem. IE7 takes too long to load. Users that want to look at the details for several orders have to suffer the long load time for each click.

What Didn't Work. The original gridview had a HyperLinkField under the < Columns> tag (note that I added a space after every "<" so that this editor wouldn't interpret my html):

< asp:HyperLinkField DataNavigateUrlFields="sono"
    DataTextField="sono" HeaderText="Order Number"
    SortExpression="sono" Target="_blank"
    DataNavigateUrlFormatString="orderdetails.aspx?sono={0}" >
    < ItemStyle HorizontalAlign="Center" />
< /asp:HyperLinkField>

I replaced Target="_blank" with Target="OrdDetail". This made the browser reuse the same web page window for every click instead of opening a new page. Very fast!

However, the target page does not receive focus after the first use. So, the question now is how to set focus to the target web page, or how to bring the target web page to the front.

The older DataGrid component used to allow javascript in the DataNavigateUrlFormatString field, so I tried setting it to:

"javascript:window.open('orderdetails.aspx?sono={0}')"

This didn't work. The order numbers were no longer links. I found a couple of blogs that said that this was a known Microsoft bug.

The Solution. What finally worked was replacing the HyperLinkField with a TemplateField:

< asp:TemplateField HeaderText="Order Number" SortExpression="sono">
    < ItemStyle HorizontalAlign="Center" />
    < ItemTemplate>
        < a href="javascript:w=window.open
            ('orderdetails.aspx?sono=< %# Eval("sono") %>',
            'OrdDetail','width=100,height=100');
            w.focus();">< %# Eval("sono") %>
        < /a>
    < /ItemTemplate>
< /asp:TemplateField>

The javascript calls the orderdetails.aspx page, passing the sales order number (sono), and using the same window (OrdDetail) over and over, and then calls w.focus to bring the target page to the front. Very fast, and very cool!

Posted in VB.NET | No Comments »