Monthly Archives: December 2012


Referential Inegrity

Having clause & Where clause

Inner Join vs Outer Join

Self Join

Correlated vs Uncorrelated query


SELECT b.Emp_id, b.Emp_name,e.emp_id as managerID, e.emp_name as managerName
FROM Employee b
JOIN Employee e ON b.Emp_ID = e.emp_mgr_id

This is a classic self-join, try the following:

SELECT e.ename, e.empno, m.ename as manager, e.mgr
emp e, emp m
WHERE e.mgr = m.empno

And if you want to include the president which has no manager then instead of an inner join use an outer join in Oracle syntax:

SELECT e.ename, e.empno, m.ename as manager, e.mgr
emp e, emp m
WHERE e.mgr = m.empno(+)
Or in ANSI SQL syntax:

SELECT e.ename, e.empno, m.ename as manager, e.mgr
emp e
ON e.mgr = m.empno

Leave a comment

Filed under SQL

Imp Terms
IIS is the most popular ASP.Net web server provided by Micrsoft.

Worker Process: All application runs under the scope of Worker Process (w3wp.exe), which act as application boundary. When a request comes to the server from a client worker process is responsible to generate the request and response.

Application pool:
Application Pool is the container of worker process. An app pool can have multiple worker process that share same configuration, by default there is only one worker process per app pool. A server can have multiple App pool for different application.
eg: an enterprise organization might place its human resources Web site and its finance Web site on the same server, but in different application pools.

Application Pool with multiple Worker process is “Web Garden“.

Now the request handling by IIS is divided into two stages:
Kernal Mode
User Mode

1) In Kernal level, the request received by IIS is handled by HTTP.SYS, which identify the App pool to process the request.

2) In User Level, we have Web Admin Services (WAS) which takes the request from HTTP.SYS and pass it to App pool.

3) When App pool rceive the request it simply passes the request to the worker process (w3wp.exe) which looks up the URL of request to load the correct ISAPI extension.
ISAPI extensions are the IIS way to handle requests for different resources. Once ASP.NET is installed, it installs its own ISAPI extension (aspnet_isapi.dll) and adds the mapping into IIS.

4) When wp loads the aspnet_iisapi.dll, it starts the HttpRuntime, which is the entry point of your application.

5) HttpRuntime calls the ProcessRequest method to start processing
HttpRuntime.ProcessRequest(HttpWorkerRequest wr)
It creates the instance of HttpContext which provide access to all it’s properties like Request, Response, Session using HttpContext.Current properties.

6) Then HttpRuntime loads HttpApplication object


Leave a comment

Filed under .Net

How to make your ViewState secure?

ASP.Net viewstate is client side state management and is stored in hidden field with id __VIEWSTATE as shown below:

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwULLTE2MTY2ODcyMjkPFgYLl/p5/cggNdr/yAizfkifBJ20CwQ=" />

Now the string in value is is not encrypted but serialized(encoded) use Base64 en ccoding, which can be easily decoded using many tools.

Now there are mainly two approach to secure your Viewstate:
1) EnableViewStateMAC / Hash code (Hashing)

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="DataSetToViewState.aspx.cs"
EnableViewState="true" EnableViewStateMac="true" Inherits="WebWorld.DataSetToViewState" %>

Make sure viewstate data is tamper proof using Hash Code, you can do this by adding EnableViewStateMAC=true. MAC stands for Message Authentication Code. It internally added a Hash code with ViewState content and store in hidden field. During postback, the checksum data is verified again by ASP.Net and if there is mismatch, the postback will be rejected.
2) Encryption

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="DataSetToViewState.aspx.cs"
EnableViewState="true" ViewStateEncryptionMode="Always" Inherits="WebWorld.DataSetToViewState" %>

The second option ViewStateEncryptionMode=”Always”. It will encrypt the viewstate, there are three option
Always: Encrypt the viewstte always.
Auto: Encrypt if the control require for encyrption. For this to happen, the control must call the Page.RegisterRequiresViewStateEncryption() method.
Never: Never encrypt the viewtate.

We can also enable these settings for EnableViewStateMAC and ViewStateEncryptionMode in web.config:

<pages enableViewStateMac="true" viewStateEncryptionMode="Always"></pages>

Note: Try to avoid ViewState encryption if it is not necessary as it can cause performance issues.


Leave a comment

Filed under ASP.Net

Can we store DataSet into ViewState?

DataSet is a disconnected object. DataSet is a fully serializable object. It can be serialized in three different ways—to a standard .NET formatter, to an XML writer, and through the XML serializer.

//Create new dataset :
DataSet ds = new DataSet();
//Store the dataset directly into view state
//retrieve the dataset where it required
GridView1.DataSource = (DataSet)ViewState["dsn"];

Leave a comment

Filed under ASP.Net

How to store object in ViewState?

We can store objects in viewstate like we store string or integer. But before storing we need to convert them into stream of bytes to keep tem in hidden field. So we need to use Serialization. And object which can’t be serialised, they will not be able to keep in viewstate.

public class Student
public int Roll;
public string Name;
public void AddStudent(int intRoll, string strName)
this.Roll = intRoll;
this.Name = strName;

Now we need to store them to viewstate.

Student _objStudent = new Student();
_objStudent.AddStudent(2, "Max");
ViewState["StudentObj"] = _objStudent;

//Retrieving student
Student _objStudent;
_objStudent = (Student)ViewState["StudentObj"];

Leave a comment

Filed under ASP.Net

Encoding vs Encryption

First Similarities:
1) They both transform data into different format.
2) They both are reversible (unlike Hashing).


1) to transform data it uses a scheme that is publicly available
2) don’t require any key to transform, just algorithm & the same is used to decode it.
eg: ASCII, Unicode, Base64

1) to transform data it uses the way that only specific user can reverse it.
2) it uses key with plaintext & algorithm to encrypt and the ciphertext, algorithm & key is used to decrypt it.
eg: AES, RSA


Leave a comment

Filed under .Net