HardCode

Let's say that I have a page stats.aspx that uses stats.vb as the code behind page. Now, assume that I have a .VB file that contains a class that will return an ADO.NET Connection Object that I want to be used in all code behind pages that access the database. Say it is called Conn.vb. How would I allow stats.vb to use/recognize the class(es) in the file Conn.vb? Can I even do this, or must I make Conn.vb into a DLL instead so I can use the Imports?

Man, that "forum" gives me a headache just looking at it. For such a popular site I'd think they would have a legible forum engine! No answer there after 24 hours. Man, this is stinks. I am going to upgrade my PC to Win XP and after a clean reinstall I will see if it works. Maybe there was some remnant of the uninstalled ASP.NET 2.0 Beta?

My other thread doesn't really explain why this code is causing the exception code to kick in. Right now, management has links to my alpha version of the web app, so I cannot try the changes. Later in the day I will add the Response.Write(e.Message) and see what it produces. Thanks!

Yes, that why I commented them out and still received no error. :) I am using Web Matrix so I cannot step through :( ... UNLESS, you can help me with the other thread I posted about VS.NET 2003 + IIS with that "...IIS is not running ASP.NET 1.1" error! :)

I don't believe so, because if I comment out the lines: Try, Catch, Finally, End Try there is no error on the page. Since I use Web Matrix, I use the "technique" of commenting out the error handling to see any errors in the web browser (debug="true" is set). When I do so now, there is no error. That is why it is confusing me. It seems the parser just doesn't like that one .Redirect in the Catch !?!

I am confused about why, when I uncomment the Response.Redirect in the Catch, the page always .Redirects to "autherror.aspx". If it is commented, the page works fine! Is a .Redirect allowed in a Catch? If not, why does it .Redirect to that page every time when uncommented! Try ' Code that works and redirects to appropriate page ' based on a series of checks Catch e As Exception 'Response.Redirect("autherror.aspx") Finally oConn.Close End Try

Ack! This dreaded error and I cannot work it out: Happens when I start VS.NET 2003 on Win2K and select a new project of an ASP Application or a Blank Web Application. I Googled all over and tried all the fixes in many different combinations: 1. aspnet_regiis -i (even did -ua first later) 2. Delete folder Microsoft.NET\Framework\1.0.xxxx 3. Uninstall and reinstall Framework 1.1 + SP1 for 1.1 4. regsvr32 that aspnet .DLL file Still no good. I cannot fix the error. I haven't yet reinstalled IIS5.0, but it seems that is the very cause of this error. The odd things is, all I did to IIS, which was installed first, was enable FrontPage Server Extensions via the VS.NET setup Prerequisites. Other than that, IIS was installed first and never touched. BTW, asp.net pages run fine on the server :confused:

I want to allow a group of users in my workplace to be able to create a Folder (...\wwwroot\website1\<new folder>\). This is because they will be using a third-party survey tool that sends the survey up to the web server. I will need to put each survey in a separate folder on the server. Now, my question is, what is the best, most secure way to approach this? Should I be allowing anyone to create folders under the wwwroot at all? Is this not too smart? Is is okay? Would it be a good idea to use the .NET version of the FileSystemObject on a page to create the folder? Is this a bad idea all together?

Great, heading on over to Amazon.com now! EDIT: Is this the book? Or this one? Or this one? Or this one? I want to make sure I get the one you mentioned. Thanks!

I am trying to get a handle on security for ASP.NET, but an overall picture is hard to draw. I was wondering if anyone knows of a good source (web page, book, etc) of "Dos and Don'ts" for ASP.NET from a security standpoint. For instance, maybe "Do make your page accessible by authorized users by...", or even more simple than that. I am looking for a broad overview. I want to make sure that I am not making any obvious mistake to allow someone on the Internet to exploit the ASP.NET application. Maybe a list of common mistakes? :)

Works great! Thanks.

Nice! That worked perfectly. Thanks. While on the subject of DropDowns...how would I make it so the first value in the list is NOT selected when the page loads (i.e. it is blank).

I have a simple test ASP.NET page, using a DropDownList to select the WHERE clause to retrieve data into a datagrid: <%@ Page Language="VB" Debug="true" %> <%@ import Namespace="System.Data.SqlClient" %> <%@ import Namespace="System.Data" %> <script runat="server"> Private Const BASE_CONN As String = "<my valid connection string>" Public Sub GetStats() Dim oConn As SqlConnection Dim oCommand As SqlCommand Dim dtrReader As SqlDataReader oConn = New SqlConnection(BASE_CONN) oConn.Open oCommand = New SqlCommand("GetStats",oConn) oCommand.CommandType = CommandType.StoredProcedure oCommand.Parameters.Add("@Study", cboStudy.SelectedItem.Text) dtrReader = oCommand.ExecuteReader() dgStats.DataSource = dtrReader dgStats.DataBind oConn.Close End Sub Public Sub GetStudies() Dim oConn As SqlConnection Dim oCommand As SqlCommand Dim dtrReader As SqlDataReader oConn = New SqlConnection(BASE_CONN) oConn.Open oCommand = New SqlCommand("GetAvailableStudies",oConn) oCommand.CommandType = CommandType.StoredProcedure dtrReader = oCommand.ExecuteReader() cboStudy.DataSource = dtrReader cboStudy.DataTextField = "Study" cboStudy.DataBind() cboStudy.DataSource.Close oConn.Close End Sub Private Sub Page_Load() lblTitle.Text = "Please select a study:" Call GetStudies() End Sub Private Sub cboStudy_Change(sender As Object, e As System.EventArgs) lblTitle.Text = "Change Event Raised" Call GetStats() End Sub </script> <html> <head> </head> <body> <form runat="server"> <p> <asp:Label id="lblTitle" runat="server" text="Label"></asp:Label> </p> <p> <asp:DropDownList id="cboStudy" runat="server" Width="371px" OnSelectedIndexChanged="cboStudy_Change" AutoPostBack="True"></asp:DropDownList> </p> <p> </p> <p> <asp:DataGrid id="dgStats" runat="server" CellSpacing="1" CellPadding="2" BackColor="PaleTurquoise"></asp:DataGrid> </p> </form> </body> </html> The problem is, I had to set AutoPostBack to TRUE in order for the DropDown's Change event to raise, correct? The event raises, but each time I select a value in the DropDown, the DropDown re-sets itself to the first item in the list, right after the post back takes place. I have no idea why! What I need is this: * Select item in DropDown * Raise the Change event to get the data for the grid automatically

It is a connection object being returned from the custom control. I am still trying to wrap my head around ASP.NET's structure, so I am probably doing something so-very-wrong and missing the obvious. My goal is simply to maintain the connection string to the back-end database in one place. I found info on the Net about using this kind of custom control. That was before I used code-behind. I am now guessing the two don't go together? Should I just make a class that returns a connection object instead? Should I do something else?

Thanks for the response!

I have created a custom control that returns an SqlConnection object. This is in a .ASCX file. Can I reference this control from inside a .VB code-behind file? Currently, I am referencing it in the .ASPX file via: <%@ Register TagPrefix="MyTag" TagName="Ctrl" Src="controls\Connection.ascx" %> <head> <MyTag:Ctrl id="MyConn" runat="Server"></MyTag:Ctrl> </head>

Strangely enough, searching at MSDN didn't produce much. I was wondering what the difference is between Page_Init and Page_Load, and how they should be properly used.

Hmmm, I can use the FileSystemObject in ASP.NET right? If I can, then before the Redirect, I can just check if the file exists. If yes then Redirect. If not, then go to MyNotFoundPage.aspx. Think this will work?

This was actually the point of the question, because I am doing 5 independent verifications in the Page_Init. So, if the first one fails, then redirect to fail1.aspx. If it passes and the second one fails, redirect to fail2.aspx, and so on. The main reason I am not using one fail.aspx and passing the failure message is because my code redirects to an on-line software package and doesn't justify the development. I am only writing one page :) I know I can put a oConn.Close 5 times, but I was wondering about the rest of the code executing because I in fact do have a try...catch...finally construct, with the oConn.Close in the Finally part, and I would naturally prefer oConn.Close once instead of 5 times :) Now, just to verify, will the Finally part still execute with Response.Redirect("page.aspx") or must I additionally use the parameter of "false" in Response.Redirect("page.aspx", false)?

The error is in the VB part of Page_Init in an ASP.NET page, on Response.Redirect(sPath) where sPath is a local variable. sPath gets its value from a stored procedure. sPath with never be "" because the function that the stored procedure call is in will concatenate "/main.aspx" to the end of sPath. A possible value of sPath is "test/main.aspx". Supposing that there is no value retrieved from the store procedure, the value of sPath will be only "/main.aspx" and this does not exist. Hence the error I would get is: Server Error in '/' Application. -------------------------------------------------------------------------------- The resource cannot be found. Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly. Requested Url: /xxxxxxxx/main.aspx -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:2.0.40607.16; ASP.NET Version:2.0.40607.16 Now, you may suggest that I do something like If sPath = "/main.apsx" then don't redirect. However, there may be a value in the DB to return "test/main.aspx.", but if the subfolder "test/" doesn't exist, I will get the same error. So, I would like to trap this error in the redirect and then redirect to a definite page (like Response.Redirect("notfound.aspx"). I did notice that the URL of the error page is not the original page, rather the page I am trying to call (test/main.aspx). Where then should I handle the error? Will the calling page handle it? I am guessing the calling page CANNOT handle it because this: Try ' Do code here Response.Redirect("PageThatIsntOnServer.aspx") Catch e As Exception Label1.Text = e.Message Finally oConn.Close End Try ... will NOT stay on the calling page and change Label1.Text = e.Message.

In VB6, I could do a Select Case on Err.Number to handle specific errors in specific ways. I cannot seem to find the .NET equivalent. I tried ... Catch e As Exception Label1.Text = e.HResult ... in an ASP page's VB.NET Page_Init, but I get an error saying that e.HResult is Protected. What is the .NET way of doing this?

Supposed in Page_Init you have a Response.Redirect statement. Will any code after that statement (in Page_Init) still execute after/during/right-before the redirect? I am asking because I open a SqlConnection object, then check some conditions. Most conditions invoke a Response.Redirect, and I want to make sure that I can still get to the line "oConn.Close". Do I need to put it before every Response.Redirect or will the rest of the Sub still execute?

So, if there is a class Person in System.People.Person, and a class Person in MyLib.People.Person, then I can do this: <%@ import Namespace="MyLib.People.Person" %> <%@ import Namespace="System.People" %> ... and I will be sure, when instantiating class Person, to get Person from Mylib.People and not System.People? .NET will know that MyLib.People.Person is the most explicit so it will use that?

Why do you need to put both of these in an ASP.NET page: <%@ import Namespace="System.Data.SqlClient" %> <%@ import Namespace="System.Data" %> Doesn't the <%@ import Namespace="System.Data" %> statement also include objects in System.Data.SqlClient?