Wednesday, October 15, 2008

Username Regex Validation

While accepting values from user you must validate the values because wrong values (like XSS attacks) can cause harm to your database and website.

The validation can be done on server side and can also be done on client side.
Here I am explaining server side as this is the most secure way.
Althrough the client side validation is included in the source code

Click here to download visual studio solution code


Regex Code:

The Regular Expression below validates the username format.

^[a-zA-Z0-9_]{5,20}$

Scope:

So while creating a new user for a website you can validate the username string with the following business logic:
1) User name must be between 5 to 20 characters.
2) User name can have lowercase and uppercase characters.
3) User name can be alpha-numeric.
4) No special character allowed.

As you can see this is a very basic code to evaluate simple username for your website.

Implementation:

Asp.net HTML code:

<asp:TextBox ID=”txtRegex” runat=”server”></asp:TextBox>
<asp:Button ID=”btnValidate” runat=”server” Text=”Validate value” OnClick=”btnValidate_Click” />
<asp:Label ID=”lblResultRegex” runat=”server” Text=”"></asp:Label></div>

Asp.net Code Behind:

using System.Text.RegularExpressions;

protected void btnValidate_Click(object sender, EventArgs e)
{
if (Regex.IsMatch(txtRegex.Text, @”^[a-zA-Z0-9_]{3,16}$”) == true)
{
lblResultRegex.Text = “username ok”;
}
else
{
lblResultRegex.Text = “username invalid”;
}
}

Now just run the application an verify the results.

Click here to download visual studio solution code

Friday, October 10, 2008

Read & Write to System Registry data, keys using C#

In this post i am going to explain that how to access the System Registry and how to read and write data to registry.

Step 1: First you need to import the below namespaces:
using Microsoft.Win32;

Step 2: Now create an object of Registry class:
RegistryKey regkey;

Step 3: Now access the registry and get the value of a key

regkey = Registry.CurrentUser.CreateSubKey(@”Software\Microsoft\FTP”);

if (regkey.GetValue(”Use PASV”) == null)
{
txtValue.Text = “No Value Specified”;
}

else
{
txtValue.Text = regkey.GetValue(”Use PASV”).ToString();
}

The above code gets the value of the “Use PASV” key from the
Registry\CurrentUser\Software\Microsoft\FTP path.

Step 4: Set the key value
regkey.SetValue(”Use PASV”, txtValue.Text);

Monday, October 6, 2008

Website Design Guidelines / Checklist

1) Keep the raw file (e.g. psd, ai, cdr) in RGB format. Create the site design with the original dimensions (e.g. for 800x600=780, for 1024, 768=970).

2) Try to keep text and images separate. Avoid overlapping of separate elements.

3) Keep text content more than image.

4) Always use web fonts like: Arial, Helvetica, Times New Roman, Courier New / Courier so that design at execution won’t look different from raw file.

5) Put some textual content and links in bottom of every page (e.g. copyright, sitemap, ).

6) Usage of Headings is also good practice.

7) Avoid using lot of graphics or images that are hard to load, instead use a thumbnail to show and a new page (or popup) to view full image.

8) Headline plays a significant role in attracting customers. Hence use catchy phrases for the headline, it'll work well.

9) The most important is the content. Relevant content is the best way to keep the visitors hooked up and more over buy what you are selling. Correct use of words and sentences not only attracts the prospects but also helps the search engines to crawl it easily. Proper content, with relevant use of keywords is a MUST.

10) Determine the site navigation and its appearance before start designing. Also keep in mind we must use text as navigation, in case text is not possible images can be used but they must be small in size(kb), so that it wont take time to load.(Refer to yahoo home page).

11) User must should know where currently in site he is, show this by a textual bar like YOU ARE HERE

12) Avoid using gradient images in html page background, because it conflicts with site content and images at different screen resolutions.

13) Determine html link style (mouse over, normal) color and size.

Friday, October 3, 2008

How to get user’s IP address using asp.net

Many times we need to get the current user’s / visitor’s IP address.

Sometimes this is essential for security reasons.
We must leg the user’s IP address in the following situations:

1) where you accept data from user, like guestbook newsletter, search page etc. This gives a plus point to the security of website, as you can get the user’s identity by his IP if he do something wrong with your website.

2) User login pages. Alwayskeep record the logins of website users. Record the datetime and IP of user.

If you want to blok some particular users to use your website then on page load just ckeck the current Ip against database of ip’s you have created for blacklisting.

Now coming to the point,
How to get user’s IP address using asp.net

HttpContext.Current.Request.UserHostAddress;
or
HttpContext.Current.Request.ServerVariables["REMOTE_ADDR"];

The above code may return the IP with proxy.

Use the below code to get the IP address of the machine and not the proxy use the following code
HttpContext.Current.Request.ServerVariables["HTTP_X_FORWARDED_FOR"