2005 2006 2007 2008 2009 2010 2011 2015 2016 2017 aspnet azure csharp debugging elasticsearch exceptions firefox javascriptajax linux llblgen mongodb powershell projects python security services silverlight training videos wcf wpf xag xhtmlcss

Minima .NET 3.5 Blog Engine (a.k.a. Minima 2.0)

Since the original release of Minima, I've added a ton of new features to my own blog (which ran on the original Minima).  That plus the release of the .NET Framework 3.5 Beta 2, which includes LINQ, has prompted me to work further on the public release of Minima.  Thus, the creation of the Minima .NET 3.5 Blog Engine.  This is major upgrade to Minima.  Here are some of the new features...

LINQ

Though I love LLBLGen Pro (the worlds only enterprise-class O/R mapper and database abstractor), I thought it would be tremendously beneficial to build the new version of Minima on something that many more people would be able to appreciate.  Thus, I rewrote all data access components to use LINQ instead of LLBLGen Pro.  In the Minima .NET 3.5 Blog Engine, there is no LLBLGen Pro left over and thus you do not need the LLBLGen Pro assemblies.

If you are new to LINQ, then the Minima .NET 3.5 Blog Engine is something you may want to checkout.

Windows Live Writer Support (with RSD Support)

The previous version of Minima didn't have any supported blog client.  That was left as a training exercise to those using Minima as a training tool.  It did however have an extensive WCF interface that allowed simple web-service interaction with Minima.  However, since the release of Windows Live Writer (WLW) Beta 2, the need for a WCF interface and the need to write your own blog client is gone.  With this release of Minima, you simply setup your blog , point WLW at it and it will detect everything for you via the provided rsd.xml and wlwmanifest.xml files.

Metaweblog API

As previously stated, the Minima .NET 2.0 Blog Engine had a WCF interface, but this new release doesn't.  In it's place is the XML-RPC based Metaweblog API to allow for seamless interaction by WLW.

Simplified File Structure

The file structure of Minima has been greatly simplified and the number of files in the actual website is very minimal now.  If you recall, the entire idea behind Minima was that it is very minimalistic.  This doesn't mean it doesn't have many features, but it rather means that everything is organized in such a way that makes it look minimalistic.

SQL Server-based HttpHandler Management

A few weeks ago I published a simplified version of the universal HttpHandlerFactory technique, which relies on SQL Server instead of XML configuration files for HttpHandler management.  Under this model you can simply go to the HttpHandler table and put in an HttpHandler, the text used to match against a URL, and a matching type ("Contains", "EndsWith", "StartsWith", or "Default").  So, if you want to move your API from /xml-rpc/ to /962c8b59-97dc-490b-a1d1-09b55e47455b/, just go into the table and paste in that GUID over the text XML-RPC and you're done (you will probably have to kill the cache as well since Minima caches HttpHandler mappings-- just open and save the web.config file.)  Using this same HttpHandler table you can change the comment moderation endpoint (which uses the MinimaCommentHttpHandler).

Google Sitemap Creator

Minima now allows you to create a Google Sitemap simply by using the MinimaSiteMapHttpHandler registered in the HttpHandler SQL Server table.  By default it's registered to anything ending with "sitemap.xml", but by changing the path in the HttpHandler table you can instantaneously change the sitemap path.

File Mapping Support

One of the features I found that I really, really needed a few months ago was a way to symbolically link virtual files to physical files.  Thus I built a simple system that would allow me to store symbolic links in SQL Server.  Initially there is a default "catch all" folder to which all files are naturally mapped.  Internally, this is by setting MinimaFileHttpHandler to a certain path in the HttpHandler table; /materials/ by default.  For specific files that aren't in that folder, you simply add the mappings in the FileMapping table.  Theoretically, you could have multiple links to the same file using this system.

User Rights System

Since there is a public API, there needs to be some type of rights management system.  In the Minima .NET 3.5 Blog Engine, rights are done at the system and blog level and you assign rights to blog authors.  For example, an author needs the 'R' (retrieve) system right to get a list of blogs on the system (what WLW will try to do when you point it at this release of Minima) and would need the 'C' (create) blog right to post to a particular blog.  There are 'C', 'R', 'U', and 'D' rights that can be set in the UserRight table.  If it's a blog right, there is a blogId associated with the right, if it's a system right the blogId is null.  It's actually a really simple, yet effective rights system.  That the entire point of minimalism.

Access Control System (via IP address, UserAgent, and HTTP Referrer)

In a recent blog entry I alluded to an access control system I added to my blog.  This access control system allowed me to control access by IP address, UserAgent, or HTTP Referrer and based up on one of those three things I could either write a message to the browser or forward them.  So, for example, if I want to block someone trying to download my entire site I can put the following data in the SQL Server 'Access' table: 1, 'I', 10.29.2.100, 'You have been banned', null, true.  That is, on BlogId 1, for an IP Address of 10.29.2.100, show a message of 'You have been banned', don't forward them anywhere (that's the null), and enable the rule ('true').  If you want to have them forwarded to another address, just put the destination address in the AccessHttpForward column and the rule is activated immediately.

This is implemented by an HttpModule, so it's going to apply to absolutely every request coming across the system.  They won't be able to download anything off your website, not even images or CSS files.  Also, this system works on a "first hit" model.  That is, the first rule that is hit is the one that is applied.

Tracing via Reflection

This release of Minima also allows you to trace just about anything to SQL Server.  The tracing mechanism works by serializing what you give it into XML and then stores that XML in a table.  Doing something like this comes in tremendously handy when troubleshooting APIs.  Since Minima's TraceManager has a RecordMethodCall method that accepts a params array of Object types, you can send as many parameters as you want to the method and it will serialize them into XML for storage in SQL Server.  Some types are obviously no serializable, but you can always send each property of a type to the method instead of sending the entire object.

Other Features

As with all my web projects, exceptions are e-mailed to the person monitoring the system.  With this release of Minima, I added a feature that I've been using for a while: support for Gmail subjects.  Usually in Gmail, messages that look a like will be grouped together in the same conversation.  This is a tremendously time saving feature for most everything, but not when it comes to exception monitoring (or comment notification).  So, when enhanced Gmail subjects are enabled, e-mail subjects are suffixed with a long random number (actually, the time in ticks) so that no two messages are in the same conversation.  The same is done for comment notification.

Previous Features

Previous features were fairly basic and included labeling, commenting, and other blog stuff.  The biggest feature of the previous release of Minima was its ability to have more than one URL for a blog entry.  So, for example, if you accidentally blog as /Blog/2007/08/LINQ-ruels.aspx, you can add another URL mapping to that entry so /Blog/2007/08/LINE-rules.aspx, which would set as the default mapping, goes to the same place.  Both are still accessible, but the new default will be the one that shows up at the blog entry's permanent home.  The Minima .NET 3.5 Blog Engine retains this feature.

As a Training Tool

As with all my project there is an "As a Training Tool" section in the release notes.  This release of Minima can be used to train concepts such as ASP.NET, CSS theming, proper use of global.asax, integrating with Windows Live Writer, framework design guidelines, HttpModules, HttpHandlers, HttpHandlerFactories, LINQ, type organization, proper-SQL Server table design and naming scheme, XML serialization, and XML-RPC.NET usage.

To download the Minima .NET 3.5 Blog Engine simply access the following Subversion repository and download the associated sample SQL Server 2005 database:

Fast Visual Studio 2008 Beta 2 Downloads

WOW! I heard that these downloads were fast, but I had no idea they were this fast!  MSTorrent [theoretically] rules!

Hopefully this will actually work.  The first two times I've tried MSCD with Standard I got a "verified" download, but it was completely corrupted.  Then I downloaded and installed Web Developer Express from the web site and then downloaded and installed Standard from the web site to find out that they have completely incompatible versions of the .NET Framework 3.5.  No idea.

If you want to give it a try, head on over to the link below.

Related Links

NetFXHarmonics Subversion Viewer

In an attempt to make my SolutionTemplate/EBook more accessible and readable, I went ahead and built a simple ASP.NET-based Subversion viewer to allow readers to view and read my SolutionTemplate/EBook online.  This should allow easier navigation of the project without actually forcing anyone to download it.  Furthermore, this really applies to all my projects in Subversion: Minima, Data Feed Framework and SolutionTemplate/EBook.

You can access the NetFXHarmonics Subversion Viewer at one of the following locations:

Basically you just access http://viewer.netfxharmonics.com/PROJECT_NAME/trunk.  It's that simple.  Hopefully these will make referencing these resources and reading SolutionTemplate/EBook a lot easier.

By the way, in case you are wondering, this viewer was created by an HttpHandler that uses the URL being accessed to figure out what path or file to look at in the Apache front-end for Subversion.  After a quick HttpWebRequest, a few regular expressions are done and a header and footer are tacked on to give the final version of the page.

Real World HttpModule Examples

Back when I first discovered HttpHandlers I remember being ecstatic that the control that I thought I lost when moving from PHP to ASP.NET was finally returned, but when I first discovered HttpModules I remember almost passing out at the level of power and control you get over the ASP.NET request pipeline.  Since then, I've used HttpHandlers, HttpHandlerFactories, and HttpModules in many projects, but I'm noticing that while many people have heard of them, many have no idea what you would ever use them for.  So, I would like to give a few examples.

The first example is really simple.  On my blog, I didn't ant anyone to alias my web site or access it in any other way than by going to www.netfxharmonics.com.  Since HttpModules allow you to plug into the ASP.NET request pipeline, I was able to quick write an HttpModule to do exactly what I wanted:

public class FixDomainHttpModule : IHttpModule
{
    public void Dispose( ) {
    }

    public void Init(HttpApplication context) {
        context.BeginRequest += delegate(Object sender, EventArgs ea) {
            HttpApplication ha = sender as HttpApplication;
            String absoluteUrl = ha.Context.Request.Url.ToString( ).ToLower( );
            if (ha != null) {
                if (MinimaConfiguration.ForceSpecifiedDomain) {
                    if (!absoluteUrl.StartsWith(MinimaConfiguration.Domain.ToLower( ))) {
                        context.Response.Redirect(MinimaConfiguration.Domain);
                    }
                }
            }
        };
    }
}

...with this web.config:

<httpModules>
  <add name="FixDomainHttpModule" type="Minima.Web.HttpExtensions.FixDomainHttpModule" />
</httpModules>

By doing this I don't need to put a check in each page or in my MasterPage.  Since HttpModules are for the entire application, even URLs accessing my images are forced to be done by www.netfxharmonics.com.

Another example is a simple authentication system for a system I was working on a while back.  The application allowed anyone logged into active directory to access it's resources, but only certain people logged into active directory would be authorized to the use application (i.e. anyone could access images and CSS, but only a few people could use the system).  Knowing that the .NET framework is the model for all .NET development, I looked at the machine's web.config to see how ASP.NET implemented its windows and form authentication.  As it turns out, it does so by HttpModules.  So, I figured that the best way to solve this problem was by creating an HttpModule, not by throwing a hack into each of my WebForms or my MasterPages.  Furthermore, since ASP.NET uses the web.config for its configuration, including authentication configuration, I wanted to allow configuration of my authentication module to be via the web.config.  The general way I wanted to configure my HttpModule would be by a custom configuration section like this:

<Jampad>
    <Security RegistrationPage="~/Pages/Register.aspx" />
</Jampad>

The code for the HttpModule was extremely simple and required only a few minutes to throw together.  If the page being accessed is a WebForm and is not the RegistrationPage set in web.config, then the system's Person table is checked to see if the user logged into the machine has an account in the application.  If not, then there is a redirect to the RegistrationPage.  Simple.  Imagine how insane that would have been if you wanted to test for security on each page.

public class JampadSecurityModule : IHttpModule
{
    public void Dispose( ) {
    }

    public void Init(HttpApplication context) {
        context.BeginRequest += delegate(Object sender, EventArgs ea) {
            HttpApplication ha = sender as HttpApplication;

            if (ha != null) {
                CheckSecurity(context);
            }
        };
    }

    private void CheckSecurity(HttpApplication context) {
        SecurityConfigSection cs = (SecurityConfigSection)ConfigurationManager.GetSection("Jampad/Security");

        if (String.IsNullOrEmpty(cs.Security.RegistrationPage)) {
            throw new SecurityException("Security RegistrationPage is required.");
        }

        if (cs == null) {
            return;
        }

        if (!context.Request.Url.AbsoluteUri.Contains(cs.Security.RegistrationPage) &&
            context.Request.Url.AbsoluteUri.EndsWith(".aspx")
            ) {
            PersonCollection pc = new PersonCollection( );
            pc.GetMulti(new PredicateExpression(PersonFields.NTLogin==ActiveDirectoryFacade.NTUserName));

            if(pc.Count < 1){
                context.Response.Redirect(cs.Security.RegistrationPage);
            }
        }
    }
}

Again, plugging this into the web.config makes everything automatically happen:

<httpModules>
    <add name="JampadSecurityModule " type="Jampad.Security.JampadSecurityModule" />
</httpModules>

Recently I had to reuse my implementation in an environment that would not allow me to use LLBLGen Pro, so I had to rewrite the above 2 lines of LLBLGen Pro code into a series of Strongly-Typed DataSet tricks.  This implementation also had a LoginPage and an AccessDeniedPage in the custom configuration section, but other than that it was the same idea.  You could actually take the idea further by checking if the person is currently authenticated and if they aren't do a check on the Person table.  If they have access to the application, then PersonLastLoginTime column to the current time.  You could do many things with this implementation that would be rather crazy to do in a WebForm or MasterPage.

Another example of an HttpModule would be my custom access control system I built into my blog.  I'm not going to paste the code here as it's just the same idea as the other examples, but I will explain the concept.  Basically I created a series of tables in my blog's SQL Server database that held information on access control.  In the Access table I put columns such as AccessDirection (allow, deny), AccessType (IP Address, UserAgent, HTTP Referral), AccessText, AccessMessage, and AccessRedirect.  My HTTPModule would filter every ASP.NET request through this table to figure out what to do with it.  For example, I could block an IP address by creating a table record for 'deny', 'IP Address', '10.2.1.9', 'Your access has been denied.', NULL.  Immediately upon inserting the row, that IP address is blocked.  I could also block certain UserAgents (actually this was the original point of this HttpModule--bots these days have little respect for the robots.txt file).  I could also block requests that were from a different web site.  This would allow me to stop people from leaching images off my web site for use on their own.  With a simple HttpModule I was able to do all this in about an hour.  By the way, one record I was tempted to create was the following: 'deny', 'UserAgent', 'MSIE', NULL, 'http://www.getfirefox.com/'.  But I didn't :)

Now when would you use an HttpModule versus an HttpHandler?  Well, just think about what the difference is.  An HttpHandler handles a specific address pattern for a specific set of HTTP verbs, while every request in an application goes through an HttpModule.  So, if you wanted to have an image creator at /ImageCreator.imgx, then you need to register .imgx to IIS and then register your image creation HttpHandler in your web.config to handle that address (in case you forgot, web browsers care about the Content-Type, not the file extension.  In this example, your HttpHandler would set the Content-Type as 'image/png' or whatever your image type is.  That's how a web browser will know what to do with a file.  It has nothing to do with the file extensions; that's just for IIS.)  On the other hand, if you wanted to block all traffic from a specific web site, then you would create an HttpModule, becayse HttpModules handle all traffic on an application.  So, if you just remember this fundamental difference in purpose between the two, then shouldn't have my problems in the future.

Simplified Universal HttpHandlerFactory Technique

A few months ago I wrote about the Universal HttpHandlerFactory Technique where you have one HttpHandlerFactory that all your ASP.NET processing goes through and then in that HttpHandlerFactory you then choose what HttpHandler is returned based upon what directory or file is accessed.  I still like this approach for certain scenarios, but my blog got to the point where I was managing 11 different HttpHandlers for about 25 different path and file patterns.  So, it was time to simplify.

What I came up with was basically my go to card for everything: put it in SQL Server.  From there I just checked the URL being accessed against the patterns in a database table and then looked up what HttpHandler to use for that particular request.  Then, of course, I cached the HttpHandler for future file access.

Here are my SQL Server tables (yes, I do all my design in T-SQL-- SQL GUI tricks are for kids):

create table dbo.HttpHandlerMatchType  (
HttpHandlerMatchTypeId int primary key identity not null,
HttpHandlerMatchTypeName varchar(200) not null
) 

insert HttpHandlerMatchType select 'Contains'
insert HttpHandlerMatchType select 'Starts With'
insert HttpHandlerMatchType select 'Ends With'
insert HttpHandlerMatchType select 'Default'

create table dbo.HttpHandler (
HttpHandlerId int primary key identity not null,
HttpHandlerMatchTypeId int foreign key references HttpHandlerMatchType(HttpHandlerMatchTypeId),
HttpHandlerName varchar(300),
HttpHandlerMatchText varchar(200)
) 

Here is the data in the HttpHandler table:

 HttpHandler Table

Looking at this image and the SQL Server code, you can see that I'm matching the URL in different ways.  Sometimes I want to use a certain HttpHandler if the URL simply contains the text in the HttpHandlerMatchText and other times I'll want to see if it the URL ends with it.  I included an option for "starts with" as well, which I may use in the future.  This will allow me to have better control of how paths and files are processed.  Also, notice that one is "base".  This is a special one that basically means that the following HttpHandler will be used (keep in mind we are in a class that inherits from the PageHandlerFactory class-- please see my original blog entry):

base.GetHandler(context, requestType, url, pathTranslated);

Now in my HttpHandlerFactory's GetHandler method I'm doing something like this (also note how LLBLGen Pro helps me simply my database access):

HttpHandlerCollection hc = new HttpHandlerCollection( );
hc.GetMulti(new PredicateExpression(HttpHandlerFields.HttpHandlerMatchTypeId != 4));

IHttpHandler hh = null;
foreach (HttpHandlerEntity h in hc) {
    hh = MatchHttpHandler(absoluteUrl, h.HttpHandlerName.ToLower( ), h.HttpHandlerMatchTypeId, h.HttpHandlerMatchText.ToLower( ));
    if (hh != null) {
        break;
    }
}

This is basically just going to look through all the HttpHandlers in the table which are not the "default" handler (which will be used when there is no match).  The MatchHttpHandler method basically just passes the buck to another method depending of whether I'm matching the URL based on Contains, StartsWith, or EndsWith.

private IHttpHandler MatchHttpHandler(String url, String name, Int32 typeId, String text) {
    IHttpHandler h = null;
    switch (typeId) {
        case 1:
            h = MatchContains(url, name, text);
            break;

        case 2:
            h = MatchStartsWith(url, name, text);
            break;

        case 3:
            h = MatchEndsWith(url, name, text);
            break;

        default:
            throw new ArgumentOutOfRangeException("Invalid HttpHandlerTypeId");
    }

    return h;
}

Here is an example of one of these methods; the others are similiar:

private IHttpHandler MatchContains(String url, String name, String text) {
    if (url.Contains(text)) {
        return GetHttpHandler(name);
    }
    return null;
}

As you can see, it's nothing fancy.  The last method in the chain is the GetHttpHandler, which is basically a factory method that converts text into an HttpHandler object:

private IHttpHandler GetHttpHandler(String text) {
    switch (text) {
        case "base":
            return new MinimaBaseHttpHandler( );

        case "defaulthttphandler":
            return new DefaultHttpHandler( );

        case "minimaapihttphandler":
            return new MinimaApiHttpHandler( );

        case "minimafeedhttphandler":
            return new MinimaFeedHttpHandler( );

        case "minimafileprocessorhttphandler":
            return new MinimaFileProcessorHttpHandler( );

        case "minimapingbackhttphandler":
            return new MinimaPingbackHttpHandler( );

        case "minimasitemaphttphandler":
            return new MinimaSiteMapHttpHandler( );

        case "minimatrackbackhttphandler":
            return new MinimaTrackBackHttpHandler( );

        case "minimaurlprocessinghttphandler":
            return new MinimaUrlProcessingHttpHandler( );

        case "projectsyntaxhighlighterhttphandler":
            return new ProjectSyntaxHighlighterHttpHandler( );

        case "xmlrpcapi":
            return new XmlRpcApi( );

        default:
            throw new ArgumentOutOfRangeException("Unknown HttpHandler in HttpHandlerMatchText");
    }
}

There is one thing in this that stands out:

case "base":
    return new MinimaBaseHttpHandler( );

If the "base" is simply a call to base.GetHandler, then why am I doing this?  Honestly, I just didn't want to pass around all the required parameters for that method call.  So, to make things a bit more elegant I created a blank HttpHandler called MinimaBaseHttpHandler that did absolutely nothing.  After the original iteration through the HttpHandlerCollection is finished, I then do the following (it's just a trick to the logic more consistent):

if (hh is MinimaBaseHttpHandler) {
    return base.GetHandler(context, requestType, url, pathTranslated);
}
else if(hh != null){
    if (!handlerCache.ContainsKey(absoluteUrl)) {
        handlerCache.Add(absoluteUrl, hh);
    }
    return hh;
}

One thing I would like to mention is something that that sample alludes to: I'm not constantly having everything run through this process, but I am caching the URL to HttpHandler mappings.  To accomplish this, I simply setup a simple cached dictionary to map URLs to their appropriate HttpHandlers:

static Dictionary<String, IHttpHandler> handlerCache = new Dictionary<String, IHttpHandler>( );

Before ANY of the above happens, I check to see if the URL to HttpHandler mapping exists and if it does, then return it:

if (handlerCache.ContainsKey(absoluteUrl)) {
    return handlerCache[absoluteUrl];
}

This way, URLs can be processed without having to touch the database (of course ASP.NET caching helps with performance as well).

Related Links

All my work in this area has been rolled-up into my Themelia ASP.NET Framework, which is freely available on CodePlex. See that for another example of this technique.

Powered by
Python / Django / Elasticsearch / Azure / Nginx / CentOS 7

Mini-icons are part of the Silk Icons set of icons at famfamfam.com