Orchard CMS 1.6.1 security patch available

A quote from the website:

A non-persistent XSS vulnerability has been discovered in the Orchard.Comments module that is distributed with the core distribution of the CMS. The module could in some circumstances let an external website render custom scripts on an Orchard website. This vulnerability might ultimately be used to gather your credentials if you further authenticate on the targeted Orchard website.

All released versions of Orchard are vulnerable and need to be patched immediately.

We are releasing today (April 30, 2013) a new version 1.6.1 of Orchard 1.6 that has the patch in place. This new version is replacing the previously available download. If you are downloading Orchard 1.6.1 today, you do not need to take any additional steps. The latest 1.x development branch is already patched as well. We are also releasing patch files for each version of Orchard from 1.0 to 1.6 that can be applied to existing web sites.

Great to see that security risks are getting patched immediately !

More information and download links at:

More information about Orchard CMS:

 

WebMatrix 3 (preview)

webmatrix 3 preview

WebMatrix3 preview is available for download.

New changes for even simpler website creation

In addition to everything which WebMatrix 2 offers, WebMatrix 3 brings you easy access to your Windows Azure websites. Icon-sized previews of your sites make them easy to find and open. Access your remote sites as seamlessly as local sites. When you need to protect your work or collaborate on team projects, you’ll love our integration of Git and TFS source control systems. These are just a few of the highly requested features we’ve added in WebMatrix 3!
http://www.microsoft.com/web/post/webmatrix-3-preview-how-to-articles

 

Try it out today on http://www.microsoft.com/web/webmatrix/next/

Orchard CMS v1.4 available

Orchard CMS is a free, open source content management system that allows users to rapidly create web sites on the Microsoft ASP.NET platform. It is built on a flexible extensibility framework that enables developers and customizers to provide additional functionality through extensions and themes.

Get it here!

[ link ] [ info ] [ orchard cms ]

ASP.NET Web API

ASP.NET Web API is a framework that makes it easy to build HTTP services that reach a broad range of clients, including browsers and mobile devices. ASP.NET Web API is an ideal platform for building RESTful applications on the .NET Framework.

Can’t wait for the full version of MVC 4! :-)

[ link ]

ASP.NET MVC: place JavaScript from a View inside the head-section by using sections

When working with ASP.NET MVC, you often need some JavaScript in your views.
The most obvious way of doing this is just adding the JavaScript inside the view:

@{
     ViewBag.Title = "About Us";
 }

<script type="text/javascript">
     // some code
   </script>

<h2>About</h2>
 <p>
      Put content here.
 </p>

Your html source code will end up with a mess:

<!DOCTYPE html>
<html>
 <head>
<meta charset="utf-8" />
<title>About Us</title>
<link href="/Content/Site.css" rel="stylesheet" type="text/css" />
<script src="/Scripts/jquery-1.5.1.min.js" type="text/javascript"></script>
<script src="/Scripts/modernizr-1.7.min.js" type="text/javascript"></script>
</head>
 <body>
     <div>
         <header>
             <div id="title">
                 <h1>Title</h1>
             </div>
            <div id="logindisplay">
                     [ <a href="/Account/LogOn">Log On</a> ]
            </div>
             <nav>
                 <ul id="menu">
                     <li><a href="/">Home</a></li>
                     <li><a href="/Product">Products</a></li>
                     <li><a href="/Home/About">About</a></li>
                 </ul>
             </nav>
         </header>
         <section id="main">
<script type="text/javascript">
            // some code
          </script>
          <h2>About</h2>
          <p>      Put content here. </p>
</section>
        <footer>
        </footer>
     </div>
 </body>
 </html>

As you can see in the code above, the JavaScript was added where the your view was rendered.
To keep your code clean, you can use and render sections!

Open your master View _Layout.cshtml and add a RenderSection:

<!DOCTYPE html>
 <html>
 <head>
     <meta charset="utf-8" />
     <title>@ViewBag.Title</title>
     <link href="@Url.Content("~/Content/Site.css")" rel="stylesheet" type="text/css" />
     <script src="@Url.Content("~/Scripts/jquery-1.5.1.min.js")" type="text/javascript"></script>
     <script src="@Url.Content("~/Scripts/modernizr-1.7.min.js")" type="text/javascript"></script>
     @if (IsSectionDefined("MyOtherJavascript"))
     {
       @RenderSection("MyOtherJavascript");
     }
 </head>
 <body>

Now in your View (in my case /Home/About.cshtml) add the section:

@{
     ViewBag.Title = "About Us";
 }
@section MyOtherJavascript {
   <script type="text/javascript">
     // some code
   </script>
 }
<h2>About</h2>
 <p>
      Put content here.
 </p>

Now your JavaScript will be injected inside the header:

<!DOCTYPE html>
 <html>
 <head>
     <meta charset="utf-8" />
     <title>About Us</title>
     <link href="/Content/Site.css" rel="stylesheet" type="text/css" />
     <script src="/Scripts/jquery-1.5.1.min.js" type="text/javascript"></script>
     <script src="/Scripts/modernizr-1.7.min.js" type="text/javascript"></script>
<script type="text/javascript">
     // some code
   </script>
 </head>
 <body>
<!-- ... -->

That’s it! :)
You can add more logic to it, there is also an overload of the RenderSection in case you just want to say it is optional or not.

I demonstrated the RenderSection by injecting JavaScript into the header, but this can be used in other places (and you can also inject and render normal html code). ;-)

FYI: I’m using ASP.NET MVC 3 with Razor engine.

msdn ]

Knockout JavaScript

Knockout JavaScript or simply kojs, helps you creating dynamic JavaScript UIs using the Model-View-ViewModel (MVVM) pattern.

Don’t ignore this, because it will be a part of ASP.NET MVC4. :)

If you don’t know knockoutjs, you can start the interactive tutorials via http://learn.knockoutjs.com/.

<p>Teusje is: <span data-bind="text: someCoolText" /></p>
<p>Insert some cool text: <input data-bind:"value: someCoolText" /></p>
var viewModel = {
someCoolText: ko.observable("Funky")
};

ko.applyBindings(viewModel);

Have fun! ;-)

[ source ] [ source2 ]

EF Code First change the default generated database name

I’m playing around with ASP.NET MVC 3 + EF Code First. At a testing stage my models change often. To always have some clean content when building and running the project I have overridden the Seed method in my custom database initializer class (inherit from DropCreateDatabaseIfModelChanges<T>).

using System.Collections.Generic;
using System.Data.Entity;
using System.Linq;
using Test.Models;

namespace Test.DAL
{
public class TestInitializer : DropCreateDatabaseIfModelChanges<TestContext>
{
protected override void Seed(TestContext context)
{
var categories = new List<ProductCat>
{
new ProductCat { Name = "Wood" },
new ProductCat { Name = "Metal" },
new ProductCat { Name = "Plastic" }
};

var products = new List<Product>
{
new Product { Name = "Bench", ProductCat = categories.Single(c => c.Name == "Wood")},
new Product { Name = "Bottle", ProductCat = categories.Single(c => c.Name == "Plastic")},
new Product { Name = "Electric cable", ProductCat = categories.Single(c => c.Name == "Metal")}
};

products.ForEach(p => context.Products.Add(p));
context.SaveChanges();

base.Seed(context);
}
}
}

Now if you have SQL Server Management Studio (SSMS) open, you will see that your generated database is something like Project.Namespace.Class, which is actually not a good name. To change that EF Code First generated name you can do something like this in your DbContext class:

using System.Data.Entity;
using System.Data.Entity.ModelConfiguration.Conventions;

namespace Test.Models
{
public class TestContext : DbContext
{
public TestContext()
: base("MyNewDBName") // <-- database name
{ }

public DbSet<Product> Products { get; set; }
public DbSet<ProductCat> Categories { get; set; }

protected override void OnModelCreating(DbModelBuilder modelBuilder)
{
modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
}
}
}

Keep in mind that this is only one of the places where you can change the default database name.

Now your database will be called MyNewDBName in SSMS.
Have fun ;-)

ASP.NET: Adding Membership to an mdf file

In case you need to add Membership to an *.mdf file you need to use the tool: aspnet_regsql.exe.

This tool can be found in:

C:\WINDOWS\Microsoft.NET\Framework\<versionNumber>\

In my case it was:

C:\Windows\Microsoft.NET\Framework\v4.0.30319\

Now getting the tool working with an *.mdf file (MyData.mdf) should be done like this:

C:\Windows\Microsoft.NET\Framework\v4.0.30319>aspnet_regsql.exe -C "Data Source=
.\SQLEXPRESS;Integrated Security=True;User Instance=True" -d "C:\Users\Teusje\do
cuments\visual studio 2010\Projects\MySite1\MySite1\App_Data\MyData.mdf" -A all

Start adding the following features:
Membership
Profile
RoleManager
Personalization
SqlWebEventProvider

................

Finished.

C:\Windows\Microsoft.NET\Framework\v4.0.30319>

More information about can be found here and here (msdn).

Enjoy ;)