Monday, March 31, 2008

Custom Webpart Personalization Provider

If don't have SQL Server Express installed or want to modify its behaviour, you can create your own personalization provider. To create a custom personalization provider, the following steps are required:

1) Update web.config for custom personalization provider:

<personalization defaultprovider="AspNetTextFilePersonalizationProvider">
<add name="AspNetTextFilePersonalizationProvider" type="TextFilePersonalizationProvider">

2) Create the personalization provider which should be derived from
PersonalizationProvider. The following is a Example given in the MSDN at

using System;
using System.Configuration.Provider;
using System.Security.Permissions;
using System.Web;
using System.Web.UI.WebControls.WebParts;
using System.Collections.Specialized;
using System.Security.Cryptography;
using System.Text;
using System.IO;
public class TextFilePersonalizationProvider : PersonalizationProvider

Add this code in the App_Code folder of your application. It also can be compiled as a library and placed in the bin folder of the application. The following changes are required for that:

1) Update the web.config to include assembly info

<personalization defaultprovider="AspNetTextFilePersonalizationProvider">
<add name="AspNetTextFilePersonalizationProvider"
type="TextFilePersonalizationProvider, <strong>CustomProviders</strong>"/>

2) compile the assembly. You may need to reference additional assemblies than given below
csc /t:library /out:Samples.AspNet.CS.Controls.dll /r:System.dll /r:System.Web.dll *.cs

Saturday, March 29, 2008

Symmetic Key Encryption using .NET and C#

There are two main types of encryption and decryption algorithms, symmetric and asymmetric. Asymmetric algorithms use a related key-pair to encrypt and decrypt data. One of the keys in the pair is typically called a public key while the other is called a private key. Data encrypted with a public key can only be decrypted with the private key, and vice-versa. PKI (public key infrastructure) is built based on asymmetric algorithm. RSA is a popular asymmetric algorithm.

On the other hand, in symmetric encryption, a secret key or password is used to scramble data. In order to decrypt the scrambled data, the same key has to be used. DES, Triple DES, RC2 and AES or Rijndael are examples of symmetric algorithms. Symmetric encryption algorithms will be discussed in detail here.

It is based on While DES is well most well known, it is also oldest and least secure due to its relatively small key size. in January, 1999, and the Electronic Frontier Foundation worked together and where able to break a DES key in 22 hours and 15 minutes using brute force attack..

Triple DES or TDES
The Data Encryption Standard (DES) was developed by an IBM team around 1974 and adopted as a national standard in 1977. It was developed after DES was found susceptible to brute force attack. Triple DES is a minor variation of this standard. Triple DES uses the original DES algorithm literally three times to encrypt data. TDES was chosen as a simple way to enlarge the key space without a need to switch to a new algorithm. In general TDES with three different keys (3-key TDES) has a key length of 168 bits: three 56-bit DES keys (with parity bits 3-key TDES has the total storage length of 192 bits), but due to the meet-in-the-middle attack the effective security it provides is only 112 bits. A variant, called two-key TDES (2-key TDES), uses k1 = k3, thus reducing the key size to 112 bits and the storage length to 128 bits. However, this mode is susceptible to certain chosen-plaintext or known-plaintext attacks and thus it is officially designated to have only 80-bits of security.

RC2 was designed by Ron Rivest in 1987 and stands for "Ron's Code" or "Rivest Cypher". It was designed as replacement for DES and was sponsored by Lotus. RC2 is a 64 bit block cypher with a variable key size, , from one byte up to 128 bytes. The algorithm is designed to be easy to implement on 16-bit microprocessors

AES or Rijndael
Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. It has been analyzed extensively and is used worldwide. The cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted to the AES selection process under the name "Rijndael". AES is fast in both hardware and software and requires small memory. It has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits.
Strictly speaking, AES is not exactly Rijndael (although in verbal practice they are used interchangeably) as Rijndael supports a larger range of block and key sizes; AES has a fixed block size of 128 bits and a key size of 128, 192 or 256 bits, whereas Rijndael can be specified with key and block sizes in any multiple of 32 bits, with a minimum of 128 bits and a maximum of 256 bits. The greater the bit size specified, the more difficult it is to break the encryption algorithm and therefore, the more secure your data is

AES Example
public byte[] Encrypt(string text, string password)
Rijndael rij = Rijndael.Create();

/// Create Key and IV using PasswordDeriveBytes. The
/// PasswordDeriveBytes class uses an extension of the PBKDF1
/// algorithm defined in the PKCS#5 v2.0 standard to derive bytes
/// suitable for use as key material from a password. The
/// standard is documented in IETF RRC 2898
PasswordDeriveBytes secKey = new PasswordDeriveBytes(password,

ICryptoTransform encryptor = rij.CreateEncryptor(secKey.GetBytes(32),

MemoryStream ms = new MemoryStream();

CryptoStream cs = new CryptoStream(ms, encryptor, CryptoStreamMode.Write);
byte[] arrayText = Encoding.Unicode.GetBytes(text);
cs.Write(arrayText, 0, arrayText.Length);

byte[] encryptedBytes = ms.ToArray();


return encryptedBytes;

public string Decrypt(byte[] text, string password)
Rijndael rij = Rijndael.Create();
PasswordDeriveBytes secKey = new PasswordDeriveBytes(password,

ICryptoTransform decryptor = rij.CreateDecryptor(secKey.GetBytes(32),

MemoryStream ms = new MemoryStream(text);

CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read);

byte[] buffer = new byte[text.Length];
int count = cs.Read(buffer, 0, buffer.Length);

string plainText = Encoding.Unicode.GetString(buffer, 0, count);

return plainText;

Wednesday, March 26, 2008

Opening a new window in ASP.NET

The following simple HTML code can be used to open a new windows:

<form id="Form1">
<INPUT Type="button" OnClick="'')" value="enter">

If server side control is a must, do the following at the page load:

button1.Attributes.Add("onclick", "'')");

Using GridView with Custom Collection

I had a requirement of displaying an objct collection returned by a web service. It took a bit of time to understand and display this data in a GridView.

The following gives example of using the grid view in your code. It is using array of MyObject to display information.

1) To display custom columns, add the following code and add the columns from the gridview->properties->columns. Add the first field which will be clicked as buttonField with ButtonType under Appearance group as link. Also select CommanName under Behaviour group as Select. Unless you set it, SelectedIndexChanged event will not fire and RowCommand event should be captured.
2) Add subsequent columns to be shown as BoundField
3) Handle SelectedIndexChanged to handle clicking of a particular row. GridView1.SelectedIndex will give the index of the row clicked. This index into the myAr will give the object details.

using System;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;

public partial class _Default : System.Web.UI.Page
protected void Page_Load(object sender, EventArgs e)
MyObject[] myAr = new MyObject[] { new MyObject("1", "1.1"), new MyObject("2", "2.1"), new MyObject("3", "3.3"), new MyObject("4", "4.4") };
System.Collections.ArrayList al = new System.Collections.ArrayList();
al.Add(new MyObject("1", "11"));
al.Add(new MyObject("2", "22"));
al.Add(new MyObject("3", "33"));
GridView1.DataSource = myAr;

GridView1.AutoGenerateColumns = false;
protected void GridView1_SelectedIndexChanged(object sender, EventArgs e)
int index = GridView1.SelectedIndex;

public class MyObject
private string firstName;
private string lastName;

public MyObject(string fn, string ln)
FirstName = fn;
LastName = ln;

public string FirstName
get { return firstName; }
set { firstName = value; }

public string LastName
get { return lastName; }
set { lastName = value; }

GridView Code:
tags have been removed due to the blog writer tool:
<asp:GridView ID="GridView1" runat="server" DataKeyNames="FirstName"
<asp:ButtonField CommandName="select" DataTextField="FirstName"
HeaderText="FirstName" Text="Button" /<
<asp:boundfield datafield="LastName" headertext="Lastname"<