Enhance WinForm Functions
Form Maximizer for .NET helps you add professional touches to your forms right now by configuring a few properties rather than by delving into .NET intricacies.
Form Maximizer for .NET is a set of Windows Forms controls that add usability and developer productivity features with little or no code. The suite's forte is support for data-entry formsespecially alerting users to problems with the input. For example, when you drop the ControlExtender control on your form, a new category of properties appears for textbox controls. You can set an alternate background color for the textbox when it receives the focus, and you can select from an extensive list of validation criteria for a field, such as matching a typical U.S. telephone number, e-mail address, or ZIP code. Invalid input appears in red. You can validate troublesome date and time entries by using the extender's Language property to specify the expected culture (such as "FR-ca") for all controls on the form.
The ValidationErrorMessages class works hand in hand with the EditControlExtender to simplify error messages (see Figure 1). You can identify the error type and enter specific message text rather than writing a lot of code to cope with invalid input. These built-in properties cover invalid data types, out-of-range values, and improper formats.
If you need even more complex validation and real-time calculated fields, you can create your own expressions and expose them as properties using Smart Evaluator for .NET. It offers many math and string functions with a VB-like syntax.
The FormExtender control wraps and exposes form functions to save you time and effort. A few well-implemented properties can help your form sport a non-standard shape, use a gradient background, remember its screen position, and close automatically after a given number of milliseconds. You also get easy access to system events so you can trap for low memory, a pending shutdown, or a change in the computer's time.
The product's documentation is adequate, including basic reference information in HTML Help format. A 38-page Word document outlines the software's capabilities, but could be more task-oriented to assist beginners. The minimal sample app needs to be expanded with more explanations about the object, property, or feature being demonstrated.
Oddly, the license agreement doesn't specifically say that you get royalty-free distribution of the runtime components, although that is stated on the vendor's Italian-language Web site. You obtain the source code when you buy the Enterprise Edition of the suite.
Advanced developers might find they can implement many of Form Maximizer's features with a few lines of their own code or samples from published tips. However, this useful package will appeal to beginner and intermediate developers who prefer to add professional touches to their forms right now by configuring a few properties rather than by delving into .NET intricacies.
Form Maximizer for .NET 1.0
Price: $129 Professional Edition; $229 Network Edition; $349 Enterprise Edition
Quick Facts: Set of Windows Forms controls that enhance user-interface features and data-validation capabilities by creating extended properties.
Pros: Easy to use; allows fast input validation; requires little or no coding.
Cons: Sample app needs expansion; documentation not task-oriented enough.
Build Sites With Rich Content
by Don Kiely
February 3, 2005
Macromedia Studio MX 2004 features four industrial-strength Web development tools: Dreamweaver MX, for designing and developing the pages that make up a site; Flash MX, for creating and deploying rich multimedia content; Fireworks MX, for creating and exporting interactive graphics; and FreeHand MX, for creating vector-based graphics. These tools comprise a Web designer's dream team for rich, interactive Web sites (see Figure 1).
The Windows package also includes ColdFusion MX, a "rapid scripting environment" for hosting and serving up dynamic Web pages. Studio MX also supports ASP, ASP.NET, JSP, and PHP, with integrated features to create Web pages using the appropriate scripting and server code as well as deployment to the various server types. For example, the ASP.NET designer has GUI tools to simplify tasks such as retrieving information from a database and using ASP.NET server controls. Once you know how to do something for one server, you'll see that the steps for another server are virtually identical. With both Windows and Macintosh versions of the tools included in the box, you can move between the platforms and use similar tools.
Studio MX is helpful when you must work with different sites hosted on various platforms. However, tasks that are straightforward in dedicated server tools, such as VS.NET for ASP.NET, are cumbersome in Dreamweaver.
The five tools are not as integrated as the marketing literature suggests. You can share features and documents between the tools, but each tool has its own IDE that is focused on its particular type of visual development. This means that there's a learning curve as you move between tools, but it also means that each IDE is uniquely suited for its task.
As a developer with severely restricted graphic design capabilities, I didn't find Studio MX to be as compelling as it would be to a designer. The VB.NET and C# code is color-coded, but there's little productivity support such as name completion or IntelliSense.
The documentation is simply mind-boggling in its thoroughness. The only printed manual in the box, "Exploring Studio MX," is nearly 200 pages and provides feature overviews and tutorials. The tools feature comprehensive help files, and the Macromedia Web site offers a wealth of material. With information this complete, anyone willing to put in the time will have no problem learning the tools.
Studio MX is a great set of tools for Web designers who write HTML, create stunning content, and generate fairly generic dynamic Web pages. Web developers writing code should probably stick to dedicated tools that help make you more productive.
Macromedia Studio MX 2004 version 7.0.1
Quick Facts: Comprehensive suite of Web development tools for ASP, ASP.NET, JSP, ColdFusion, and PHP.
Pros: Rich tools for stunning Web content; powerful IDEs dedicated to specific uses; great documentation.
Cons: Products not closely integrated, little support for writing server-side code.
About the Author
Don Kiely is a senior technology consultant. Reach him at firstname.lastname@example.org.
Secure Your ASP.NET Sites
by Don Kiely
February 3, 2005
Keeping apps secure is one of the hardest tasks a developer must deal with, and Web-based server apps are the hardest apps to secure. Peter Blum's Visual Input Security (VISE) aims to bring security to Web apps developed by mere mortal ASP.NET developers, with a comprehensive set of tools and copious information to protect against the most insidious attacks du jour.
.NET and ASP.NET include many tools to protect your site, but you can spend months of development time tying up all the loose ends against SQL injection, cross-site scripting, poorly formed user input, and many other indecencies that an attacker can use to compromise your site. The beauty of VISE is that it brings together many tools to detect and protect against attacks proactively.
The base product is a set of improved controls that go well beyond the ASP.NET validation controls. They serve to protect all visible and hidden fields, query string parameters, and cookies from tampering. This first level of defense protects your app against various scripting and injection attacks.
VISE can detect and respond to attacks in various ways. For example, it can slow down the site's response to the attacker when it detects that a particular page is undergoing an attack. This protects against common attacks that rely upon repeated and intense probes to find a site's vulnerabilities.
VISE uses its logging and analysis tools to generate a comprehensive security analysis report that provides an audit of each page's inputs, their vulnerabilities, and security-sensitive settings (see Figure 1). This is the gem of the package, revealing your site's weak spots and providing the information you need to lock it down.
Installing VISE is daunting at best. The installation package automates some basic installation steps, but you must follow a 30-page installation document to lock down and configure your site. VISE makes security easier, but it is still a far cry from being simple.
I was initially put off by the complexity of the installation, but soon realized that by following the detailed instructions, I was forced to analyze my server and application in order to make the best selectionsboth within IIS and my appto lock it down. By the time I finished, I had a much better idea of where I had to spend more time to improve security.
The comprehensive VISE documentation is also daunting, but I learned a lot about ASP.NET security by exploring it carefully. You can't simply set a switch somewhere in the product to make your site secure, but VISE provides everything you need to determine how to improve your app's security yourself. And that's the best way to achieve security.
You must have the author's Professional Validation And More product (level 2) in order to run VISE, adding at least $100 to your cost. But that's a small price to pay for secure sites.
VISE won't eliminate all the work you need to do to secure your site, but by implementing its recommendations and using its tools, you'll be able to take full advantage of all the security that .NET and IIS have to offer.
Visual Input Security 1.0.0
Price: $250 (requires license for company's Professional Validation And More Level 2 product)
Quick Facts: A suite of security tools to help lock down ASP.NET apps.
Pros: Comprehensive guidance for locking down an app; proactive response to attacks rather than just blind protection; cheap for all the benefits.
Cons: Complicated setup; doesn't eliminate careful security work on an app; requires another product.
About the Author
Don Kiely is a senior technology consultant. When he isn't writing software, he's writing about it, speaking about it at conferences, and training developers in it. Reach him at email@example.com.
Generate Rich Content Easily
by David Mack
February 3, 2005
telerik's r.a.d.editor helps you give your end users the ability to create or modify rich content easily over the Web. You can use r.a.d.editor to give your users capabilities without requiring them to understand the underlying technologies. r.a.d.editor supports several foreign languages and allows your users to create links dynamically, as well as edit text and upload files.
r.a.d.editor is easy to install, although you should remember a couple things. The editor comes with r.a.d.spell, a standalone product that also ships with r.a.d.editor for free. You must configure r.a.d.spell separately from r.a.d.editor if you want to use the spell-check capability. Follow the instructions on how to do this, as well as how to download and install the foreign language packs.
You can configure the Visual Studio IDE to include r.a.d.editor in your toolbar, or you can include it manually. Adding r.a.d.editor to an ASP.NET application is simply a matter of dragging and dropping. You can also easily code the postback to handle content you create. I recommend looking at the documentation to get familiar with which properties are exposed, especially if security is a concern. This way, you can plan on the best way to integrate r.a.d.editor into your existing ASP.NET applications. r.a.d.editor lets you customize its functionality using the control properties and user roles.
You can cut and paste directly from Microsoft Word into r.a.d.editor without having to worry about Word-related tags and metadata finding their way into your content (see Figure 1). Several cut-and-paste options are available on the toolbar to help you perform this function. You can save your data directly to an ASPX or ASPC file. You can also modify the static information on your site directly from r.a.d.editor and save it to the appropriate file by using the Update button and postback. Be aware that Visual Studio locks the file when you have it open for local editing, so the update might not take place. Obviously, this isn't a problem if the page is deployed on a Web server.
r.a.d.editor also offers multilingual spell-checking functionality, though you must download the other foreign-language packs. You can also change the language for the labels' display on the toolbar and in the pulldowns.
r.a.d.editor is a customizable tool that can save you money and time, as well as increase your productivity.
Phone: 888-365-ASPX; 617-249-2116
Quick Facts: A WYSIWYG editor for generating rich content without knowledge of the underlying technology or protocol.
Pros: Ease of use; powerful editing capabilities; foreign-language support, including a spellchecker.
Cons: Must download different language dictionaries for spellchecking.
About the Author
David Mack is a technical lead for the National Intelligence Division of Titan Systems and an independent consultant. He has more than 10 years of experience in object-oriented programming. Reach him at firstname.lastname@example.org.