Wednesday, March 28, 2012

Object Initializers

With the help of Object Initializers, you can initialize objects with fewer lines of code.

For. e.g:

We have a class representing a Student.

public class Student
        public string StudentName;        
        public int StudentID;

        public Student(string StudentName, int StudentID)
            this.StudentName = StudentName;
            this.StudentID = StudentID;

        public Student(int StudentID)
            this.StudentID = StudentID;            

        public Student()

Suppose we make a class for Student List and inherit it from class List. To add objects to this class, we'll make use of object initialization.

Before we had object initialization, we would have had to do the following:

public void Add(string StudentName, int StudentID)
     Student std = new Student(StudentName, StudentID);
With object initialization, the code can be reduced to the following lines: 

public void Add(string StudentName, int StudentID)
    this.Add(new Student { StudentID = StudentID, StudentName = StudentName});
Do note that the resulting IL Code of both the above code snippets will be the same. However, you can see the difference in the lines of code the developer will need to type. Though, this may not sound very beneficial by looking at the above example. But try implementing object initialization in real-life code and you'll see the benefit.

The above example used object initialization without constructor. Here's how you use it with constructor.

public void AddStudent2(string StudentName, int StudentID)
   this.Add(new Student(StudentName, StudentID));
Another way to use object initialization is by calling the constructor and initializing the properties at the same time:
public void AddStudent(string StudentName, int StudentID)
    this.Add(new Student(StudentID) { StudentName = StudentName });

Saturday, March 24, 2012

Implicitly Typed Local Variables (C#)

While coding, at some point, you might want to be able to declare a variable without having to explicitly mention the type of this variable.
C# 3.0 allows this by introducing a keyword var.

Here's how you use it:

var i = 0;
var str = "some string";
The type of the variable is deduced by the statement at the right hand side. However, these variables are still not loosely typed. You can check this be assigning different type of values to the same variable. For e.g., the variable i above cannot later on be assigned a string value.

The code below;

var i = 0;
i = "some string";

would give a compile-time error ("Cannot implicitly convert type 'string' to 'int' ").

Though, the use of implicitly typed variables may not be understandable by just these examples, these are really helpful when you are using LINQ.


Friday, December 16, 2011

JavaScript Introduction

Web site development is not simply about 'designing', neither does it comprise of learning one language and excelling in it. Instead for good designs and better websites you need to get hands-on on several skills/tools/languates. For e.g. if you are working on ASP.Net, you'll need to know your way in and out of ASP.Net, then you'll need to know be proficient at a programming language like C# or VB.Net to do all the code-behind stuff.
In addition to that you'll need to have a good knowledge of Javascript and CSS. What are they? How are they used? What can be accomplished through them? etc.

(Of course there are a lot of other things involved in web site development, such as security, but let's keep that for another discussion.)

What is it? (What can be accomplished through it? and other similar questions)
First up Javascript and Java have nothing to do with each other, although the similarity in names is misleading.
To put simply, Javascript is used to add interactivity to web sites/pages. Using Javascript
  •     one can add HTML dynamically to the page, so that a piece of HTML is only included in the page when certain condition is true. For e.g. greeting message can be displayed based on the time of the day the page is viewed. (Good Morning, Good Afternoon etc.)
  •     to validate input before sending it to the server. As each request to server is time and resource consuming, it is considered smart to validate input before sending it to server.
How is it used?
Let's start working on JavaScript now.

The first step is to understand the ways through which JavaScript can be added to a web page.
There are two simple ways to do it:
  1. Include JavaScript in the page itself.
  2. Write JavaScript in a separate file and then include the file in the page (this method is beneficial whenever the same JavaScript needs to be used on multiple pages).

The script tag:

For implementing both the methods mentioned above, the script tag is used.
Usage: (Method # 1)
<script language = "JavaScript">
//JavaScript code

Usage: (Method # 2)

<script language = "JavaScript" scr = "filepath" />

The src (source) attribute expects a file path. The name of the file containing JavaScript MUST have the extension ".js".

Book: Java Script and Jscript by Jaworski

Thursday, July 14, 2011

Folder options in Windows 7

In a lot of things, Windows 7 is different from Windows XP.

Just the other day I needed to display the extension of all files. This could be done easily in XP with folders options. But in Windows 7, where do I find the "Folder Options".
For folder options on Windows 7, follow the below steps.
  1.  Start (the windows icon at the bottom left corner) -> Control Panel
  2. If you can't find "Folder Options" anywhere, locate the "View by:" title at the top right corner. It must be set to Category for you to not see Folder options. Change it to either "Large Icons" or "Small Icons".
  3. You'll now be able to see "Folder Options". You can play with it all you want.

Sunday, April 17, 2011

Informative links on ASP.Net Page Cycle, View State and Session Tracking

ASP.Net View State Contains information on ASP.Net Page Cycle as well

Cross Site Request Forgery Attack

Cross site request forgery attacks constitute of tricking a user to unknowingly send a request, of, say, transferring funds to the attacker's account.

Formal Definition:

" is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts"

AKA (Also Known As):

One-click attack
Session riding

Abbreviated as:

CSRF or XSRY (pronounced as sea-surf) 
Difference from XSS(Cross-Site Scripting):

Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
To understand how it works, we first need to understand the concept and working of cookies and session.


If a user has cookies enabled on his/her web browser, every time the user makes a request to a web server, (that is, accesses a web site) the web server stores information in a piece of text called cookie.

This cookie is hereafter used for identifying this user uniquely.


Session is another way to identify users uniquely. If you have worked on ASP.Net applications you will know that values that need to be stored for a particular user are added in Session. Each session is uniquely identified by an ID called Session ID.

When a user makes a request to an application that implies session and if the user has cookies enabled the Session ID generated would be stored in the cookie. And for every subsequent request this Session ID would be sent to the server. The server would use this Session ID to identify the user. This way the user would not need to authenticate himself/herself for each request.

Once the user's session has been assigned an ID, it is returned to the server for every request. However, if the time elapse between two requests is more than the timeout value, the session is said to be expired and the user will have to identify himself again, (for e.g. login again) if the user wishes to continue using the web site.
How CSRF Works?
Consider the following scenario:
1. You are logged into your internet banking account.
2. Simultaneously you are also checking out a forum.
3. Let's say you click on an innocent looking link on the forum.
4. Though this link "looks" innocent, it actually isn't. In fact, it sends a funds transfer request of say, Rs. 1000 destined for his own account.
5. How is this possible?.. 

It is possible if the internet banking website you are visiting does not have a multi step funds transfer process, or even if it does, the last step, which is the final step where funds are actually transferred to the destination account does not check if the previous steps have been performed, and simply transfer funds without verifying the user sending the request. Here, the site blindly trusts the Session ID sent by the client browser (through cookie) to authenticate the user.

How does the hacker know the web page of the final step.
Simple.. The hacker may also have an internet banking account and has, therefore, noticed the link of the funds transfer page and also that the amount and destination account number are made a part of the link. For e.g, the link may look something like:

(Normally, web sites that provide features which involve money transactions or that provide any type of crucial information should never ever make even minor fields like amount a part of the URL.)

So, here's a small introduction to CSRF.

Helpful Links: