Saturday, May 31, 2014

Custom Error Page 401 Access Denied when Using Windows Authentication

ASP.NET provides us with the ability to add custom pages for HTTP errors via Web.config CustomErrors tag.  This however does not work when we try to handle the 401 error under Windows authentication.  The reason for this is that this error (401) is raised during the Authorization request event on the HttpApplication process pipeline (see below), and Custom error settings are processed during the Action Method invocation (ASP.NET Handler.ProcessRequest event).

HTTP Process Pipeline
HTTP 401 Error browser Interaction
Http Process Pipeline




The common interaction between the browser and the server is as follows:

The browser sends request with no authentication tokens.

The server responds with a 401.2 HTTP error.

The browser send authentication tokens if the user is already logged. If the user is not, the browser shows a login dialog.

Even if the user is logged on, but he does not have the required role for this access, the server returns a 401.2 error and displays the Access Denied Page.

To provide a custom page for the Access Denied error, we should implement the following:
  • Use httpErrors Configuration settings
  • Allow Anonymous Access to content
  • Allow Anonymous Access to controller actions

Use httpErrors Configuration settings

<configuration>
<system.webServer>
  <httpErrors errorMode="Custom" xdt:Transform="Insert">
    <remove statusCode="401" />
    <error statusCode="401" path="/Error/NotAuthorized" responseMode="ExecuteURL" />
  </httpErrors>
</system.webServer>
</configuration>

*Note that this setting only works when the application is running under IIS. This setting can be added to the Web.Release.config file, so when the deployment is done these settings are merged into the Web.config file. This is done with the help of the xdt:Transform=insert attribute.

With this setting, we are basically telling IIS that we want to use our own custom page when the 401 error is raised. Note that since the machine.config already has this setting defined, we need to first remove the entry. We can then add the entry with our own directives. In this case, we are doing a server execute in the response mode which requires a relative path to our page or route. There is also support to redirect to an absolute Url. For this case, we are using a controller action named Error.NotAuthorized that is relative to the application.

Allow anonymous access to content

Since our custom error page may need to download images and other resources, we need to add some settings in our web.config to indicate that these resources should be unprotected. This is important because even if we redirect to a custom view, the images and bundled resources would also raise a 401 error, and the page may not look as the rest of the application. To allow access to other content, we can add the following settings to our web.config file.

Location Setting
Paths that should be allowed

<location path="Error">
    <system.web>
      <authorization>
        <allow users ="*" />
      </authorization>
    </system.web>
  </location>


Images

Error
The route for our custom error page
Bundles
This is the path use to download bundled resources.
Content
For CSS files
Favicon.ico
Favorite icon

*Note add one location setting per path
*Use fiddler to get an idea of the resources that are downloaded


This setting allows all users to have access to the path defined by the location path attribute. We should note that if we are using a particular folder or route for our custom view, this also should be allowed to all users.


Allow Anonymous Access to controller action

When using a controller to provide the custom error page, we must allow anonymous access to the action that should process this error.  This can be done as follows:

[Authorize]
public class ErrorController : Controller
{
//
// GET: /Error/
public ActionResult Index()
{
return View("Error");
}

//GET: /Error/NotAuthorized
[AllowAnonymous]
public ActionResult NotAuthorized()
{
return View("NotAuthorized", "NoChromeLayout");
}

}
The AllowAnonymous attribute allows non-authenticated users to have access to this request. Our view and layout provide only content which does not required authentication.

How about using Application EndRequest handler?

Another approach often use is to implement a redirect on the end request handler (global.asx.cs) as follows:

 protected void Application_EndRequest()
{
// If the user is not authorized redirect to error page
if (Response.StatusCode == 401)
{
Response.ClearContent();
              Response.RedirectToRoute("NotAuthorized ");
}
}

The problem I find with this approach is that it can lead to endless redirect scenario. The end request event is raised multiple times during the request life cycle of a page. The page can download more  content like images, CSS, JavaScript files each one sending a request thus raising an EndRequest event. If one of those resources is not properly configured, the status code would also be 401 and another redirect would be initiated.

Conclusion


The HttpError custom page configuration should be less intrusive approach to add custom error pages to our application as it is a configuration task instead of an implementation concern.

Saturday, May 17, 2014

Visual Studio 2012 does not support SSIS projects

If you are trying to open a SSIS (.dtproj) with Visual Studio 2012m and you are getting this error message:

Unsupported

This version of Visual Studio does not have the following project types installed or does not support them. You can still open these projects in the version of Visual Studio in which they were originally created.

As you may already know, this means that this project type is not configured on your installation of Visual Studio, but for some installing the support for BI projects is a bit tricky. We can address this by following these steps:

Download the Microsoft SQL Server Data Tools 2012


Run and install the data tools. If this is not installed, the next step will failed to install as well.

Download the Microsoft SQL Server Data Tools – Business Intelligence for Visual Studio 2012


When you run this file,  we need to make sure to select perform a new installation of SQL Server 2012. We should note that this option does NOT install a new instance of SQL Server. It only installs the features. We can then select the Data tools feature and complete the installation.

After the installation is complete, all the SSIS project templates should be available on Visual Studio 2012, and the unsupported error should go away.


I hope this helps.

Sunday, April 27, 2014

JavaScript DateDiff Extension Methods

When working with Date types in JavaScript, we often have the need to do date difference calculations. An approach to provide this functionality would be to extend the Date type with functions that can handle the calculations. So let’s talk about how to create these extension methods.

We can create extension methods on any JavaScript object by using the Object.prototype property. This property allows us to associate dynamic properties and functions to an object. This is what we use to associate the following functions to any Date instance.

Extension methods:

/*
Date type Extension Methods
Source: ozkary.blogspot.com
Date: 4/27/2014
*/
//Month difference
Date.prototype.monthDiff = function (dtBefore) {
      var yr = (this.getFullYear() - dt.getFullYear()) * 12;
      var mn = ((this.getMonth() + 1) - (dt.getMonth() + 1));
      return yr + mn;
}

//year difference
Date.prototype.yearDiff = function (dtBefore) {
      var yr = (this.getFullYear() - dt.getFullYear());
      return yr;
}

//date format
Date.prototype.toShortDate = function () {
      var dt = (this.getMonth() + 1) + '/' + this.getDate() + '/' + this.getFullYear();
      return dt;
}

Function name
Description
monthDiff (date)
This extension method expects a date type as a parameter. It uses native functions to calculate the years and months difference between itself (this) and the date parameter.
yearDiff (date)
This extension method expects a date type as a parameter. It uses native functions to calculate the year difference between itself (this) and the date parameter
toShortDate
This extension method uses the native functions to extract the date parts (month, day, year) and return the short date format (mm/dd/yyyy)

Usage:

Now that we have our new functions available, we can work on showing a way to use them. We can do that by comparing a couple of date ranges to display the difference in months and years. In our examples, we use the most recent date as the extended object, and pass the before date as the parameter. This allows us to get positive values for the date difference calculation.

var date1 = new Date('2/16/2014');
var date2 = new Date('09/01/2009');
$('#dates1').text(date1.toShortDate() + ' - ' + date2.toShortDate());
//get the date difference
var m = date1.monthDiff(date2);
var y = date1.yearDiff(date2);
$('#m1').text(m);
$('#y1').text(y);

//get the date difference
date1 = new Date('3/28/2014');
date2 = new Date('12/28/1996');
$('#dates2').text(date1.toShortDate() + ' - ' + date2.toShortDate());
m = date1.monthDiff(date2);
y = date1.yearDiff(date2);
$('#m2').text(m);
$('#y2').text(y);

This script performs the following steps:
  • Create Date instances
  • Display the short date format (mm/dd/yyyy)
  • Calculate the months and year differences

The result should look as shows below. We can also use this JSFiddle sample to see it in action.


Thanks for following and keep an eye for additional entries.

Sunday, April 20, 2014

Format Currency with JavaScript and CSS

When working with currency, there is a need to format the data with commas, decimals, currency sign and an indicator for negative amounts. Let’s take a look at one approach that can help us format the data once it is rendered on the user interface.

We start by taking a look at a page that displays several numeric fields with no styles.



As we can see, these numbers are hard to read. It will be much better to just add commas and a different font for negative values. We can do this by using a CSS selector and select all the elements that we want to format.

$('* div').each(function () {   
    var item = $(this).text();
    var num = Number(item).toLocaleString('en');

    if (Number(item) < 0) {
        num = num.replace('-', '');
        $(this).addClass('negMoney');
    } else {
        $(this).addClass('enMoney');
    }

    $(this).text(num);
});

The approach here is to use the Number.toLocaleString function to format the data with commas. This provides the ability to eliminate the use of regular expression to parse the data. Now we need to add the currency sign and use a red font for negative amounts. We do this by applying these CSS classes.

.enMoney::before {
    content:"$";
}
.negMoney {
    color:red;
}
div.negMoney::before {
    content:'($';
}
div.negMoney::after {
    content:')';
}

The script adds the class name to the element. We use the enMoney and negMoney classes to provide the font style. To add the currency sign and parentheses (negative values only), we use the CSS pseudo-element ::before and ::after to apply the special currency format.  The result looks like this:




This looks much better now, and it is a simple approach that uses the browser capabilities, JavaScript and some CSS to get the formatting done.

Use this JSFiddle to play with the script: Format Currency


Sunday, March 30, 2014

XDocument Merge XML Documents

In some instances, we may have the need to extend the information in a XML payload by merging multiple documents into one. When using the System.Xml.Linq.XDocument class, there is no method to allow us to do a merge. On this article, we extend the XDocument class to provide the Merge capabilities.

XML Documents:

We first start by showing two XML documents that can be combined into one. The base requirement with this approach is that both documents are similar with the exception of one Element that contains some unique information that is not contained on the other XML.

XML with Annual Data
XML with YTD Data
Merged XML

<Finance>
  <Company>
    <Name>OG-BIT</Name>
  </Company>
  <Annual>
    <col1>100</col1>
    <col2 />
  </Annual>
</Finance>


<Finance>
  <Company>
    <Name>OG-BIT</Name>
  </Company>
  <YTD>
    <col1>100</col1>
    <col2>200</col2>
  </YTD>
</Finance>


<Finance>
  <Company>
    <Name>OG-BIT</Name>
  </Company>
  <YTD>
    <col1>100</col1>
    <col2>200</col2>
  </YTD>
  <Annual>
    <col1>100</col1>
    <col2 />
  </Annual>
</Finance>


The company and annual information needs to be maintained.

From this XML, we need to extract the YTD information

The outcome should be a document with both reports and with single company information.

Extension Methods:

An approach to provide this feature is to create extension methods that implement the merge. This is done by adding the following static class:

    /// <summary>
    /// extension methods to enable the merge of xml documents
    /// </summary>
    internal static class XDocumentExtension
    {
        /// <summary>
        /// merge an element from one document to the root of another
        /// </summary>
        /// <param name="refDoc"></param>
        /// <param name="doc"></param>
        /// <param name="elementName"></param>
        internal static void Merge(this XDocument refDoc, XDocument doc, string elementName)
        {
            if (doc != null && !String.IsNullOrWhiteSpace(elementName))
            {

                //find the element by name
var segment = doc.Descendants().Where(elm => elm.Name.LocalName= elementName).Select(elm => elm).FirstOrDefault();
                //if found add to the original document at the root
                if (segment != null)
                    refDoc.Root.Add(segment);           
            }
        }

        /// <summary>
        /// merge an xml string into a XDocument reference
        /// </summary>
        /// <param name="refDoc"></param>
        /// <param name="xml"></param>
        /// <param name="elementName"></param>
        internal static void Merge(this XDocument refDoc, string xml, string elementName)
        {
            if (!String.IsNullOrWhiteSpace(xml) &&                              !String.IsNullOrWhiteSpace(elementName))
            {
                XDocument doc = XDocument.Parse(xml);
                refDoc.Merge(doc, elementName);
            }
        }

        /// <summary>
        /// returns the xml string with header declaration
        /// </summary>
        /// <param name="doc"></param>
        /// <returns></returns>
        internal static string ToStringWithDeclaration(this XDocument doc)
        {
            return String.Format("{0}{1}", doc.Declaration, doc.ToString());
        }       
    }

This is the description for this class:

Method
Description
Merge (XDocument, string)
Merges two XDocument references by finding an element with the LocalName equal to the parameter value.
Merge (string, string)
Loads the XML string into an XDocument reference and calls the Merge method.
ToStringWithDeclaration
Gets the merged XML string with the Declaration header when found (i.e. <?xml>)

Example:

The following example uses the extension methods to merge the documents and returns the merged XML string:

public static void main()
{
    string xml1 = @"<Finance><Company><Name>OG-BIT</Name></Company><YTD><col1>100</col1><col2>200</col2></YTD></Finance>";
    string xml2 = @"<Finance><Company><Name>OG-BIT</Name></Company><Annual><col1>100</col1><col2/></Annual></Finance>";

   XDocument doc = XDocument.Parse(xml1);
   doc.Merge(xml2, "Annual");
   string xml = doc.ToStringWithDeclaration();
}

This simple example illustrates an approach of how this can be done when using the XDocument class. There are other ways of achieving the same with other classes.


Thanks for reading.