FCI-Helwan blog

Just another FCI-H weblog

ASP.NET 4.0 and its confliects with ASP.NET 2.0

The application domain or application pool is currently running version 4.0 or later of the .NET Framework. This can occur if IIS settings have been set to 4.0 or later for this Web application, or if you are using version 4.0 or later of the ASP.NET Web Development Server. The element in the Web.config file for this Web application does not contain the required ‘targetFrameworkMoniker’ attribute for this version of the .NET Framework (for example, ‘‘). Update the Web.config file with this attribute, or configure the Web application to use a different version of the .NET Framework.
You may get this error if you installed Visual Studio 2010.
Today I published a website (ASP.NET 2.0) and uses Application Pool ASP.NET V2.0, and when I browsed it; it got that error.
Simply I press right click on the virtual directory (My website) under Default Web Site, properties ->ASP.NET, I found it uses ASP.NET Version 4.0, I changed it to ASP.NET 2.0 -> Apply, message box appears says
Changing the Framework version requires a restart of the W3SVC service. Alternatively, you can change the Framework version without restarting the W3SVC service by running: aspnet_regiis.exe -norestart -s IIS-Viirtual-Path
Do you want to continue (this will change the Framework version and restart the W3SVC service)?
I said OK, but it didn’t change its version and it needs me to do some action
Start->All programs->Visual studio 2008->Visual Studio Tools->Visual Studio 2008 Command Prompt -> write this command ->
Aspnet_regiis.exe -s W3SVC/1/ROOT/My website
It then works well.


June 17, 2009 Posted by | ASP.NET, IIS, VS 2010 | Leave a comment

How to secure my ASP.Net web Application (XSS)

mmm, I’m not good enough in wrting a good introduction to my posts, so i’m going to get into the point directly. How to write a secure ASP.Net web application.

I will show you in this post the most common attacks on ASP.Net applications and how to prevent these attacks to happen on our Application.

1) Cross site scripting(XSS)

is the most common attack, it represents about 85% from web sites attacks. XSS happens when the attacker tries to inject a java script in any input controls like textboxs for example then submit this input to the server.

example: try to input this code in a test page has a one textbox to take ur user name and a button to preview this username –

<script>alert("Hacked using XSS");</script> –

i hear someone says, hehehe, i can validate the input text to see if it contains the tag <script> or not !!
ok, please make ur check then compile, and enter this text in ur textbox and tell me the results
-<body onload="alert("Hacked too ??!!?");"> –

sure any attacker will not write these kind of scripts, s/he may get ur cookies values, may be s/he put a script on ur server which make an automatically redirect any user to any other page may be may be may be …

I think now it is clear what is XSS, but how can we secure our ASP.Net application aginst this famous attack? there are many good practices like,

  1. Make sure that ValidateRequest attribute in Page tag is always true ( try to make it true and try this attack again.
  2. Use HtmlEncode Method in HttpUtility class which applies HTML encoding to a specified string and return the encoded string not to be executed as a client-side script(try to set ValidateRequest=”False” and use HtmlEncode Method ).
  3. Don’t trust user’s input and always keep validating aginst any special characters in the input.

C u in the next post

April 24, 2009 Posted by | ASP.NET | 1 Comment

Limitations on using Cookies

Make note of the following limitations when using Cookies (I’m not sure if that applies to all Web-technologies or just Asp.Net, but I’ve just solved a bug related to this issue using Asp.Net):

  • A cookie size is limited to 4096 bytes. It is not much, so cookies should be used to store small amounts of data. For larger amounts of data
  • Also, number of cookies is limited to 20 per website. If you make new cookie when you already have 20 cookies, browser will delete oldest one.
Quoted from beansoftware.com

November 18, 2008 Posted by | ASP.NET, Tips | 1 Comment

.NET Framework 3.5 Service Pack 1 has been released

ASP.NET in the .NET Framework 3.5 Service Pack 1 release includes numerous bug fixes. In addition, it includes features for the following:

  • Enabling high-productivity data scenarios by using ASP.NET Dynamic Data.
  • Supporting the browser navigation in ASP.NET AJAX applications by using ASP.NET AJAX browser history.
  • Increasing the download speed for ASP.NET applications by using ASP.NET AJAX script combining.

More about .NET Framework 3.5 Service Pack 1, Press Here

August 24, 2008 Posted by | ASP.NET, Microsoft | Leave a comment

How to create a multi-lingual web site Step By Step

As usual there are two ways to make a multi-lingual web site:

· The easy , beautiful and half functional way.

· The hard , ugly but full functional way.

We will go first through the common steps for the both ways

First create your ordinary web site with your VS

In the design view add one label and one button and leave them with their default values

From your solution explorer right click on your web site and click add new item and choose Resource File and rename it with you page name and extension (Default.aspx)

A Massage will pop for you asking for creating a Global Resources folder click no

Add a new folder with the name APP_LocalResources and put your Resource file on it

In the Label and the Button add new attribute meta:resourcekey=”ResourceName”

Add a new string value in the resource file with the same resource key name and add .Text like ResourceName.Text and give it the Default language value like English

Copy the resource file and rename the new one to the secondary language name like Default.aspx.as-EG.resx

Give the ResourceName for the button another values in the Arabic resource file like عربي

Here come the easy way

Set the Culture and UICulture to Auto from designer or from aspx file like Culture=”Auto” UICulture=”Auto”

And now just run you application , The Button and the label now should have the default language values from the resource file

Change the default language for you explorer (most explorers will be from Tools->Internet Options->Language(Button)

If the Arabic language is not already there add it and move it up

Now refresh you page and the label and button should change their text to عربي

That’s easy as you can see :d but what is the user don’t know about how to change the browsers language, then we should use the bit harder way and use a button to change the Culture and the UICulture values from the code.

*You need now to change the Culture information on the button Click event, But the problem here is that the culture information will be reset on the postback, so you can use whatever way to keep its value but here I will use cookies .

Now make a new class with name common and put it in the App_Code folder

Make a bool attribute with the name ISArabic like

public static bool IsArabic


if (Thread.CurrentThread.CurrentUICulture.Name == “ar-EG”)

return true;
return false;

Now on the button Click we will create a new cookie(if it doesn’t already exist) and give it the culture value just as fallows

HttpCookie myCookie = (HttpCookie)Request.Cookies[“Localization”];

if (myCookie == null)

myCookie = new HttpCookie(“Localization”);

Then we will set the cookie value acording to the current choosen culture

if (Common.IsArabic)

myCookie.Values[“Language”] = “en-US”;


myCookie.Values[“Language”] = “ar-EG”;

then we set the cookie and add it and Then we redirect to the same page

myCookie.Expires = DateTime.Now.AddYears(1);



Now add a new Item and choose Global Application Class

Add a new event called Application_BeginRequest and put the code which checks for the current culture on it just like that

void Application_BeginRequest(Object sender, EventArgs e)


HttpCookie myCookie = (HttpCookie)Request.Cookies[“Localization”];

if (myCookie != null)


//Read culture from cookie
System.Threading.Thread.CurrentThread.CurrentUICulture = new System.Globalization.CultureInfo(myCookie.Values[“Language”]); System.Threading.Thread.CurrentThread.CurrentCulture = System.Globalization.CultureInfo.CreateSpecificCulture(myCookie.Values[“Language”]);




//Create new default cookie

myCookie = new HttpCookie(“Localization”);

myCookie.Values.Add(“Language”, “en-US”);

myCookie.Expires = DateTime.Now.AddYears(1);


//Set the thread default culture

System.Threading.Thread.CurrentThread.CurrentUICulture = new System.Globalization.CultureInfo(“en-US”);

System.Threading.Thread.CurrentThread.CurrentCulture = System.Globalization.CultureInfo.CreateSpecificCulture(“en-US”);


Don’t forget to remove the Auto values for the Culture And UICulture

Now everything should work just fine

You can now use the resource file and change strings, pictures and icons just according to the chosen language

source files could be found here

February 10, 2008 Posted by | ASP.NET | Leave a comment

Another Solution to DateTime problems (.Net)

Now that I read th last post, I remembered another solution that can be implemented on the Application level rather than the implementing it in your SQL statements,

Of course we have three parts of the problem. The first is how to display dates without any problems; like misinterpretation (dates like 2/3/2007 & 3/2/2007, if you don’t know how your DB interpret dates) or throwing exceptions. The second is how to read user-input dates. The third is how to write dates to the DB in the right form & again without misinterpretation.

Displaying dates in the right form:

Remember that the problem is not just about the user misinterpret the displayed date, it’s also your problem when you come to next part. for eg when displaying dates for the user to edit.

In this part we have to display the date with an enforced format that’s:

string myDateFormat = ConfigurationManager.AppSettings[“myDateFormat”];

This way we can enforce the date format we want & also it’s just a matter of configuration (just edit the configuration file to change the format of dates across a whole solution without rebuilding).

Reading user-input dates:

Now we come to last part, which much related to the previous part. Now after displaying the dates properly to the users, we need to make sure that the input of the user through editing the displayed ones or just typing new ones won’t be misinterpreted. the solution itself comes in two parts:

  1. First, the input field must be validated according to the same format we are using through the solution, better be by retrieving the format string from the configuration file as we did in the previous part (for the same reasons; allowing all-in-one configuration).
  2. Given that that enforced a When parsing the date, use “ParseExact” not “Parse” to parse your date.

DateTime myTime = DateTime.ParseExact(myStringTime, myDateFormat, null);

Writing dates to your DB:

Now that we have the properly parsed date we should format in like the format below while writing to the DB


Enforce the above format when writing dates to DB. The format is the standard format that won’t be misinterpreted by the DB.


Don’t use Date.Pasre(…), unparameterized Date.ToString(), always use Date.ParseExact(…), & parametrized Date.ToString(). This way our application won’t be affected by the date format of the machine it’s running on or that of the DB server it’s communicating with (either on the same machine or not).

August 17, 2007 Posted by | ASP.NET, C# | Leave a comment


.netBUTTON provides real-time dynamic button generation with results that look so attractive it is difficult to believe they were not individually hand crafted in Photoshop .
It works throw Dot Net 2005 ( for both desktop and web application controls ) .
It Supports ASP.NET validation controls .
it Sets text font, size and style along with color, background color and more .
See more features here .

August 13, 2007 Posted by | ASP.NET, C#, Microsoft | Leave a comment

“How Do I” Videos — ASP.NET

I’ve received that from Shawon, .NET Community founder

On this page you will find dozens of videos designed for all ASP.NET developers, from the novice to the professional. If you are new to ASP.NET, you can learn the basics of how to create dynamic web applications with ASP.NET 2.0 and Visual Web Developer 2005 Express Edition, using either Visual Basic or C#. If you have a bit of development experience, you will learn how to employ some of the great new features introduced in ASP.NET 2.0. New videos are added every week, so check back often.

More on http://msdn2.microsoft.com/en-us/asp.net/bb498194.aspx

Thanks Microsoft

July 17, 2007 Posted by | ASP.NET, Microsoft | 1 Comment

Types of web site in ASP.NET 2.0

In the name of Allah ,
1- File system Web sites .
2- Local IIS Web sites .
3- FTP Web sites .
4- Remote Web sites .
This are types of web site that you can develop it by ASP .NET 2.0 as illustrate in picture .This article will be useful isA , if you interest to know the different between them , want to know why this types or want increase your knowledge .

1-Local IIS Web sites :
First of all to create a local Web site:
  • *you need to have administrative rights (Windows administrator) .
  • *you must have IIS installed on your computer.

Local IIS Web sites store the pages and folders in the IIS default directory structure (that is, \Inetpub\wwwroot). By default, Visual Studio creates a virtual directory under IIS. However, you may create a virtual directory ahead of time and store the code for your Web site in any folder. The virtual directory just needs to point to that location. One important reason to create a local Web site is to test your application against a local version of IIS, for example, if you need to test such features as application pooling, ISAPI filters, or HTTP-based authentication. Even though a site is accessible from other computers, it’s often much easier to test these aspects of your application when you can see it interact with IIS on your computer.

2-File System Web Sites :

  • *File system Web sites live in any folder you specify .The folder may be on your local computer or on another computer sharing that folder.
  • *File system Web sites do not require IIS running on your computer. But , you run pages by using the Visual Studio Web server( Visual Studio 2005 includes its own built-in Web server. This lets you develop Web applications effectively even if you don’t have IIS installed on your development machine).

Form File System Web Sites advantage is you may develop your Web site on your computer even when logged on as a user without administrative rights. This scenario is only useful for developing and testing those features of your site that you develop. Because IIS is out here, you won’t be able to work with (or have to deal with) such IIS features as ISAPI filters, application pooling, or authentication.

3-FTP Web Sites :
Via Visual Studio you can create HTTP-based sites or manage Web sites available through an FTP server. For example, if you use a remote hosting company to host your Web site, an FTP offers a way to move files back and forth between your development location and the hosting location. You then use Visual Studio to manage the content on the remote FTP server.

  • *You might use this option to test the Web site on the live server where it will actually be deployed.
  • *By default, Visual Studio logs you in to the FTP server as an anonymous user. However, some FTP servers require you to provide a username and password. In that case, you can deselect the Anonymous Login option and then enter your username and password. The username and password are saved until you end the Visual Studio session.

4-Remote Web Sites

  • *Remote Web sites use IIS on another computer that is accessible over a local area network.
  • *To create this type of web site, FrontPage Server Extensions must be installed on the remote computer.
  • *By default, a web application that you create on a remote server doesn’t have the permissions needed to change files in the web site at runtime. If an application needs to change a file, then, you’ll need to contact the system administrator about giving it the appropriate permissions.

This option is useful if you decide you want to test the Web site on its actual deployment server. In addition, the entire development team can work on the site simultaneously.
My source :

February 17, 2007 Posted by | ASP.NET, Microsoft | Leave a comment