Hosting.com is offering free (after $1 setup fee) hosting of ASP.NET 2.0 and SQL Server 2005.

I haven't yet read the fine print on how long this offer runs, or what happens at the end (wonder if you're on the hook for a contination of the hosting?)

ASP.NET 2.0 and SQL Server 2005 Beta Hosting

Great compilation of all things security related. Some highlights:

• Custom accounts for ASP.NET
• Create DPAPI / encryption library
• GenericPrincipal objects for Forms auth
• Implement IPrincipal
• Prevent cross-site scripting
• Regular expressions to validate input
• ASP.NET 2.0 security items
• Code Access Security
• Web Services using Client Certificates, SSL
• ... and much, much more ...
  

How Tos

Thanks to Kevin at work for this link. All 101 aren't there yet, but supposedly coming. :)

: 101 Samples for Visual Studio 2005

keywords: samples whidbey 2005 visual studio vs.net vsnet

Just a quick example on a one-liner way to clean a string. This one strips out all nonalphanumeric chars except @ - (dash) . (period)

Regular Expression Examples

here's the one-liner in case the page is gone someday.

Regex.Replace(strIn, @"[^\w\.@-]", "");

here is one that will clean a string to be safe for SQL statement (prevent SQL injection). courtesy of RegExLib.com

^["a-zA-Z0-9\040]+$
(Matches alphanumeric, space and double quotes)

Decent article explaining some of the impacts of deploying ASP.NET code into production with the debug="true" setting on.

ASP.NET Resources - Beware Of Deploying Debug Code In Production

keywords: temporary asp.net files resources precompile compile lock files

This is pretty dated (June 2003), but is a good writeup of all the security considerations for ASP.NET applications and web services.

At the bottom of the article is a good summary titled "Snapshot of a Secure ASP.NET Application".

Improving Web Application Security

keywords: processModel impersonation authentication machine key machineKey security privilege

This article discusses some of the techniques for using JavaScript along with ASP.NET pages.

Some highlights:

<body id="Body1" runat="server">
Body1.Attributes["onload"] = "document.forms[0]['TextBox2'].focus();";

RegisterStartupScript (gets injected at the end of the server FORM element)

RegisterClientScriptBlock (gets injected at the top of the server FORM element, useful for scripts that need to be loaded before page elements are loaded)

Page.RegisterClientScriptBlock("MyScript", "<script language=javascript src='MyJavaScriptFile.js'>");

---

Here is a similar article with a little bit more depth from the 4GuysFromRolla dudes.

Took me a bit to discover this by trial & error today. The controls (labels, text box, etc) that are in a Repeater header and footer template are not automagically bound to code-behind class member variables like regular page controls are.

Instead, you can "find" them at runtime like this (note: if you are data binding the repeater control, this must be AFTER call to DataBind).

Label lblErrorHead = repErrors.Controls[0].FindControl( "lblErrorHead" ) as Label;

Not sure about relying on the Controls[0] like above. In my case, the items laid out like this:

1. HeaderItem (element 0)
2. Item (element 1)
3. FooterItem (element 2)

For uber-safe code, you should probably find the HeaderItem by iterating the controls and looking at the ItemType.

I suppose another way to handle all this would be to handle the ItemCreated or ItemDataBound events, where you'll get a call for the Header and Footer items.