Understanding SQL Injection in .Net

This article talk about what SQL injection is, how can this effect the security of our websites and what steps should be taken to create an ASP.NET application SQL injection proof.

SQL Injection :

Many databases in today's world are prone to SQL Injection attack. This attack is often used by attackers to attack the database which means it can gain access to database and manipulate the database.

This attack can be more dangerous if account, through which you are accessing the database, has all privileges to access database then attacker can delete the tables or even database itself.

For Example:

When we want to get the data based on username in Asp.net, then writing like:

  String Query = “select * from User_master where User_name ='"+ txtUsername.Text;

Now in textbox txtUsername you pass following value as "'; drop table User_master - -" Now your Query will be like below

 select * from User_master where User_name = ''; drop table User_master - -'

Now what this above code does it executes two statements in first statement it Executes the statement

  select * from User_master where User_name = ''

After that semicolon (;) is there which tells SQL that it is end of first statement then after that it executes the second statement,Syntactically this will two statements, as result, drop table User_master and drops the table.

Note that:- Even if semicolon is not there it will take two as different statements as SQL it self can not identify SQL statement and Parameter you have to tell him which is query and which is parameter.

Solution :

ASP.NET provides us beautiful mechanism for prevention against the SQL injection. There are some thumb rules that should be followed in order to prevent injection attacks on our websites.

User input should never be trusted. It should always be validated: 

- Dynamic SQL should never be created using string concatenations.

- Always prefer using Stored Procedures.

- If dynamic SQL is needed it should be used with parametrized commands.

- All sensitive and confidential information should be stored in encrypted.

- The application should never use/access the DB with Administrator privileges.

- Dynamic SQL should never be created using string concatenations.

If we have dynamic SQL being created using string concatenations then we are always at the risk of getting some SQL that we are not supposed to use with the application. It is advisable to avoid the string concatenations altogether.

Always prefer using Stored Procedures.

Stored procedures are the best way of performing the DB operations. We can always be sure of that no bad SQL is being generated if we are using stored procedures. Let us create a Stored procedure for the database access required for our login page and see what is the right way of doing the database operation using stored procedure.

CREATE PROCEDURE dbo.CheckUser

 (

 @userID varchar(20),

 @password varchar(16)

 )

AS

 select userID from Users where userID = @userID and password = @password

 RETURN

We have to Validate the user with parameterized commands as below code in Asp.net:

using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["SampleDbConnectionString1"].ConnectionString))

        {

            using (SqlCommand cmd = con.CreateCommand())

            {

                cmd.CommandType = CommandType.StoredProcedure;

                cmd.CommandText = "CheckUser";

                cmd.Parameters.Add(new SqlParameter("@userID", username));

                cmd.Parameters.Add(new SqlParameter("@password", password));

                using (SqlDataAdapter da = new SqlDataAdapter(cmd))

                {

                    result = new DataTable();

                    da.Fill(result);

                    //check if any match is found

                    if (result.Rows.Count == 1)

                    {

                        // return true to indicate that userID and password are matched.

                        return true;

                    }

                }

            }

        }

This is a very basic article on SQL injection. I have specifically focused on ASP.NET applications but same concept will apply for any ADO.NET application. This article is meant for the beginner's who know nothing or too little about SQLinjection and making the applications SQL injection proof. I hope this has been informative.

Note: 

- Do you like this Article, do want to  know more Intresting Concepts on .Net, then Subscribe to this Blog.

- Do you have Intresting Articels on .Net, do you want to publish this blog, then mail to 

dotnetcircle@gmail.com to publish in this blog.

Special Thanks to Viewers, Followers as Blog reached 700+ Viewers, 50+ Google plus Followers, 20 + Subscribers

Thanks to each and everyone.

Difference Between N-tier Architecture and MVC Desgin Pattern

May Several new Learners  Confuses the difference is between MVC (Model View Controller) and N-Tier architectural patterns. It is my intent to clarify the confusion by comparing the two patterns side-by-side. At least in part, I believe the source of some of the confusion is that they both have three distinct layers or nodes in their respective diagrams.

N- Tier Architecture

                                                     

                                                           

- N-tier application architecture provides a model by which developers can create flexible and reusable applications. By segregating an application into tiers, developers acquire the option of modifying or adding a specific layer, instead of reworking the entire application..

Presentation tier

This is the topmost level of the application. The presentation tier displays information related to such services as browsing merchandise, purchasing, and shopping cart contents. It communicates with other tiers by outputting results to the browser/client tier and all other tiers in the network.

Application tier (business logic, logic tier, data access tier, or middle tier)

The logic tier is pulled out from the presentation tier and, as its own layer, it controls an application’s functionality by performing detailed processing.

Data tier

This tier consists of database servers. Here information is stored and retrieved. This tier keeps data neutral and independent from application servers or business logic. Giving data its own tier also improves scalability and performance.

Model–view–controller

                             
                                                             

Model–view–controller (MVC) is a software architectural pattern for implementing user interfaces. It divides a given software application into three interconnected parts, so as to separate internal representations of information from the ways that information is presented to or accepted from the user.

The Model-View-Controller (MVC) pattern separates the modeling of the domain, the presentation, and the actions based on user input into three separate classes 

Model. The model manages the behavior and data of the application domain, responds to requests for information about its state (usually from the view), and responds to instructions to change state (usually from the controller).

View. The view manages the display of information.

Controller. The controller interprets the mouse and keyboard inputs from the user, informing the model and/or the view to change as appropriate.                                                                                                       

When Do I Choose Which Pattern?

First of all, these two patterns are definitely not mutually exclusive. In fact in my experience they are quite harmonious. Often I use a multi-tiered architecture, such as a three-tiered architecture, for the overall architectural structure.

How to Increase and Decrease Rows Dynamically for Asp.net Grid View Control

Design of Grid View
-----------------------

In the Grid View, we have three text boxes, and three drop down lists, to get Understand that
how to perform this action with text boxes and Drop down lists, i have implemented this.

View Source :
--------------

<asp:UpdatePanel ID="UpdatePanel1" runat="server" >
<ContentTemplate>
<div style="text-align:left;margin-left:50px">
<asp:gridview ID="Gridview1" runat="server" ShowFooter="True" AutoGenerateColumns="False" BackColor="White" BorderColor="#999999" BorderStyle="Solid" BorderWidth="1px" CellPadding="3" ForeColor="Black" GridLines="Vertical" >
<AlternatingRowStyle BackColor="#CCCCCC" />
<Columns >
<asp:BoundField DataField="RowNumber" HeaderText="Row Number" />
<asp:TemplateField HeaderText="First Name">
<ItemTemplate>
<asp:TextBox ID="txtFirstName" runat="server" Height="25px"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Last Name">
<ItemTemplate>
<asp:TextBox ID="txtLastName" runat="server" Height="25px"></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Date">
<ItemTemplate>
<asp:TextBox ID="txtDate" runat="server" AutoPostBack="true" class="date"  Height="25px">

</asp:TextBox>
 
 
</ItemTemplate></asp:TemplateField>
<asp:TemplateField>
<ItemTemplate>
<asp:DropDownList ID="ddlAgeRange" runat="server">
<asp:ListItem Value="-1">Age Range</asp:ListItem>
</asp:DropDownList>
</ItemTemplate></asp:TemplateField>
<asp:TemplateField>
<ItemTemplate>
<asp:DropDownList ID="ddlRelationship" runat="server">
<asp:ListItem Value="-1">Relationship</asp:ListItem>
</asp:DropDownList>
</ItemTemplate></asp:TemplateField>
<asp:TemplateField>
<ItemTemplate>
<asp:DropDownList ID="ddlGender" runat="server">
<asp:ListItem Value="-1">Gender</asp:ListItem>
</asp:DropDownList>
</ItemTemplate></asp:TemplateField>
</Columns>

<FooterStyle BackColor="#CCCCCC" />

<HeaderStyle BackColor="Black" Font-Bold="True" ForeColor="White" />
<PagerStyle BackColor="#999999" ForeColor="Black" HorizontalAlign="Center" />
<SelectedRowStyle BackColor="#000099" Font-Bold="True" ForeColor="White" />
<SortedAscendingCellStyle BackColor="#F1F1F1" />
<SortedAscendingHeaderStyle BackColor="#808080" />
<SortedDescendingCellStyle BackColor="#CAC9C9" />
<SortedDescendingHeaderStyle BackColor="#383838" />
</asp:gridview></div><br />
<asp:LinkButton ID="lnkMore" runat="server" Text="More(>>)"></asp:LinkButton>
&nbsp;&nbsp;
<asp:LinkButton ID="lnkLess" runat="server" Text="Less(<<)"></asp:LinkButton>
<br /><br />
 
</ContentTemplate></asp:UpdatePanel>

To Increase and Decrease the rows 

//Set Intial Row to Grid view

public void SetInitialRow()
    {
        DataTable dt = new DataTable();
        DataRow dr = null;
        dt.Columns.Add(new DataColumn("RowNumber", typeof(string)));
        dt.Columns.Add(new DataColumn("Column1", typeof(string)));
        dt.Columns.Add(new DataColumn("Column2", typeof(string)));
        dt.Columns.Add(new DataColumn("Column3", typeof(string)));
        dt.Columns.Add(new DataColumn("Column4", typeof(string)));
        dt.Columns.Add(new DataColumn("Column5", typeof(string)));
        dt.Columns.Add(new DataColumn("Column6", typeof(string)));
        dr = dt.NewRow();
        dr["RowNumber"] = 1;
        dt.Rows.Add(dr);
        ViewState["CurrentTable"] = dt;
        Gridview1.DataSource = dt;
        Gridview1.DataBind();
        DropDownList ddl1 = (DropDownList)Gridview1.Rows[0].Cells[1].FindControl("ddlAgeRange");
        DropDownList ddl2 = (DropDownList)Gridview1.Rows[0].Cells[2].FindControl("ddlRelationship");
        DropDownList ddl3 = (DropDownList)Gridview1.Rows[0].Cells[3].FindControl("ddlGender");
        FillDdlAgeRange(ddl1);
        FillDdlRelationship(ddl2);
        FillDdlGender(ddl3);
    }



//Adding Rows to the Grid View
 private void AddNewRowToGrid()
    {
        if (ViewState["CurrentTable"] != null)
        {
            DataTable dtCurrentTable = (DataTable)ViewState["CurrentTable"];
            DataRow drCurrentRow = null;

            if (dtCurrentTable.Rows.Count > 0)
            {
                drCurrentRow = dtCurrentTable.NewRow();
                drCurrentRow["RowNumber"] = dtCurrentTable.Rows.Count + 1;

                dtCurrentTable.Rows.Add(drCurrentRow);

                ViewState["CurrentTable"] = dtCurrentTable;

                for (int i = 0; i < dtCurrentTable.Rows.Count - 1; i++)
                {

                    TextBox box1 = (TextBox)Gridview1.Rows[i].Cells[1].FindControl("txtFirstName");
                    TextBox box2 = (TextBox)Gridview1.Rows[i].Cells[2].FindControl("txtLastName");
                    TextBox box3 = (TextBox)Gridview1.Rows[i].Cells[3].FindControl("txtDate");
                    DropDownList ddl1 = (DropDownList)Gridview1.Rows[i].Cells[4].FindControl("ddlAgeRange");
                    DropDownList ddl2 = (DropDownList)Gridview1.Rows[i].Cells[5].FindControl("ddlRelationship");
                    DropDownList ddl3 = (DropDownList)Gridview1.Rows[i].Cells[6].FindControl("ddlGender");
                    dtCurrentTable.Rows[i]["Column1"] = box1.Text;
                    dtCurrentTable.Rows[i]["Column2"] = box2.Text;
                    dtCurrentTable.Rows[i]["Column3"] = box3.Text;
                    dtCurrentTable.Rows[i]["Column4"] = ddl1.SelectedItem.Text;
                    dtCurrentTable.Rows[i]["Column5"] = ddl2.SelectedItem.Text;
                    dtCurrentTable.Rows[i]["Column6"] = ddl3.SelectedItem.Text;

                }
                Gridview1.DataSource = dtCurrentTable;
                Gridview1.DataBind();
            }
        }
        else
        {
            Response.Write("ViewState is null");
        }


        SetPreviousData();

    }

//Deleting the rows of Grid View
  private void DeleteRowFromGrid()
    {
        if (ViewState["CurrentTable"] != null)
        {
            DataTable dtCurrentTable = (DataTable)ViewState["CurrentTable"];


            if (dtCurrentTable.Rows.Count > 0)
            {
                for (int i = dtCurrentTable.Rows.Count - 1; i > 0; i--)
                {
                    for (int j = dtCurrentTable.Rows.Count - 1; j >= i; j--)
                    {
                        dtCurrentTable.Rows[j].Delete();
                    }
                    break;
                }

                Gridview1.DataSource = dtCurrentTable;
                Gridview1.DataBind();
            }
        }
        else
        {
            Response.Write("ViewState is null");
        }
        SetPreviousData();
    }

// Fires when click on More to add rows
protected void lnkMore_Click(object sender, EventArgs e)
    {
        AddNewRowToGrid();
    }

// Fires when click on Less to Delete rows
    protected void lnkLess_Click(object sender, EventArgs e)
    {
        DeleteRowFromGrid();

    }

Note : Do You Know another technique to do this.
Then what are you waiting for , mail to dotnetcircle@gmail.com to post in this Blog.
Happy Coding.

Know the ASP.NET MVC Filters and Attributes

ASP.NET MVC provides a simple way to inject your piece of code or logic either before or after an action is executed. This is achieved by decorating the controllers or actions with ASP.NET MVC attributes or custom attributes. An attribute or custom attribute implements the ASP.NET MVC filters(filter interface) and can contain your piece of code or logic. You can make your own custom filters or attributes either by implementing ASP.NET MVC filter interface or by inheriting and overriding methods of ASP.NET MVC filter attribute class if available.

Typically, Filters are used to perform the following common functionalities in your ASP.NET MVC application.

1. Custom Authentication

2. Custom Authorization(User based or Role based)

3. Error handling or logging

4. User Activity Logging

5. Data Caching

6. Data Compression

Types of Filters

The ASP.NET MVC framework provides five types of filters.

1. Authentication filters (New in ASP.NET MVC5)

2. Authorization filters

3. Action filters

4. Result filters

5. Exception filters

1. Authentication Filters

This filter is introduced with ASP.NET MVC5. The IAuthenticationFilter interface is used to create CustomAuthentication filter. The definition of this interface is given below-

public interface IAuthenticationFilter

{

 void OnAuthentication(AuthenticationContext filterContext);

 void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext);

}

You can create your CustomAuthentication filter attribute by implementing IAuthenticationFilter as shown below-

public class CustomAuthenticationAttribute : ActionFilterAttribute, IAuthenticationFilter

{

 public void OnAuthentication(AuthenticationContext filterContext)

 { 

 //Logic for authenticating a user

 }

 //Runs after the OnAuthentication method

 public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext)

 { 

 //TODO: Additional tasks on the request

 }

}

2. Authorization Filters

The ASP.NET MVC Authorize filter attribute implements the IAuthorizationFilter interface. The definition of this interface is given below-

public interface IAuthorizationFilter

{

 void OnAuthorization(AuthorizationContext filterContext);

}

The AuthorizeAttribute class provides the following methods to override in the CustomAuthorize attribute class.

public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter

{

 protected virtual bool AuthorizeCore(HttpContextBase httpContext);

 protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext);

 public virtual void OnAuthorization(AuthorizationContext filterContext);

 protected virtual HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext);

}

In this way you can make your CustomAuthorize filter attribute either by implementing IAuthorizationFilter interface or by inheriting and overriding above methods of AuthorizeAttribute class.

3. Action Filters

Action filters are executed before or after an action is executed. The IActionFilter interface is used to create an Action Filter which provides two methods OnActionExecuting and OnActionExecuted which will be executed before or after an action is executed respectively.

public interface IActionFilter

{

 void OnActionExecuting(ActionExecutingContext filterContext);

 void OnActionExecuted(ActionExecutedContext filterContext);

}

4. Result Filters

Result filters are executed before or after generating the result for an action. The Action Result type can be ViewResult, PartialViewResult, RedirectToRouteResult, RedirectResult, ContentResult, JsonResult, FileResult and EmptyResult which derives from the ActionResult class. Result filters are called after the Action filters. The IResultFilter interface is used to create an Result Filter which provides two methods OnResultExecuting and OnResultExecuted which will be executed before or after generating the result for an action respectively.

public interface IResultFilter

{

 void OnResultExecuted(ResultExecutedContext filterContext);

 void OnResultExecuting(ResultExecutingContext filterContext);

}

5. Exception Filters

Exception filters are executed when exception occurs during the actions execution or filters execution. The IExceptionFilter interface is used to create an Exception Filter which provides OnException method which will be executed when exception occurs during the actions execution or filters execution.

public interface IExceptionFilter

{

 void OnException(ExceptionContext filterContext);

}

ASP.NET MVC HandleErrorAttribute filter is an Exception filter which implements IExceptionFilter. When HandleErrorAttribute filter receives the exception it returns an Error view located in the Views/Shared folder of your ASP.NET MVC application.

Order of Filter Execution -

All ASP.NET MVC filter are executed in an order. The correct order of execution is given below:

 1. Authentication filters

 2. Authorization filters

3.  Action filters

4.  Result filters

5.  Configuring Filters

You can configure your own custom filter into your application at following three levels:

Global level

By registering your filter into Application_Start event of Global.asax.cs file with the help of FilterConfig class.

protected void Application_Start()

{

 FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);

}

Controller level

By putting your filter on the top of the controller name as shown below-

[Authorize(Roles="Admin")]

public class AdminController : Controller

{

 //

}

Action level

By putting your filter on the top of the action name as shown below-

public class UserController : Controller

{

 [Authorize(Users="User1,User2")]

 public ActionResult LinkLogin(string provider)

 {

 // TODO:

 return View();

 }

}

Difference between inner join and equi join and natural join

SQL join clause is used to to retrieve data from two or more database tables. In previous article, I have explained the Different Types of SQL Joins. In this article, I would explain the difference among inner join, equi join and natural join.

Inner Join

This is the most used join in the SQL. this join returns only those records/rows that match/exists in both the database tables.
Inner Join Example

SELECT * FROM tblEmp JOIN tblDept
ON tblEmp.DeptID = tblDept.DeptID;

Inner Join Result

tblEmp.Name

tblEmp.DeptID

tblDept.Name

tblDept.DeptID

Ram

1

HR

1

Raju

2

IT

2

Soya

2

IT

2

Sam

3

ADMIN

3

Equi Join

Equi join is a special type of join in which we use only equality operator. Hence, when you make a query for join using equality operator then that join query comes under Equi join.
Equi Join Example
SELECT * FROM tblEmp JOIN tblDept

ON tblEmp.DeptID = tblDept.DeptID;

Equi Join Result

tblEmp.Name

tblEmp.DeptID

tblDept.Name

tblDept.DeptID

Ram

1

HR

1

Raju

2

IT

2

Soya

2

IT

2

Sam

3

ADMIN

3

Note
Inner join can have equality (=) and other operators (like <,>,<>) in the join condition.
Equi join only have equality (=) operator in the join condition.
Equi join can be an Inner join, Left Outer join, Right Outer join
The USING clause is not supported by SQL Server and Sybase. This clause is supported by Oracle and MySQL.

Natural Join

Natural join is a type of equi join which occurs implicitly by comparing all the same names columns in both tables. The join result have only one column for each pair of equally named columns.

Natural Join Example
--Run in Oracle and MySQL
SELECT * FROM tblEmp NATURAL JOIN tblDept
Natural Join Result

Natural Join Result

DeptID

tblEmp.Name

tblDept.Name

1

Ram

HR

2

Raju

IT

2

Soya

IT

3

Sam

ADMIN

In the above join result we have only one column "DeptID" for each pair of equally named columns.
Note
In Natural join, you can't see what columns from both the tables will be used in the join. In Natural join, you might not get the desired result what you are expecting.
Natural join clause is not supported by SQL Server, it is supported by Oracle and MySQL.

Sql server, .net and c# video tutorial: Part 70 - Authorize and AllowAnonymous action filters in mvc

Sql server, .net and c# video tutorial: Part 70 - Authorize and AllowAnonymous action filters in mvc

New Features in Asp.Net MVC5

Know the New Features in Asp.net MVC 5 Framework :

One ASP.NET :

                The Web MVC project templates integrate seamlessly with the new One ASP.NET experience. You can customize your MVC project and configure authentication using the One ASP.NET project creation wizard. 

ASP.NET Identity :

The MVC project templates have been updated to use ASP.NET Identity for authentication and identity management.

Bootstrap :

The MVC project template has been updated to use Bootstrap to provide a sleek and responsive look and feel that you can easily customize. 

Authentication filters :

Authentication filters are a new kind of filter in ASP.NET MVC that run prior to authorization filters in the ASP.NET MVC pipeline and allow you to specify authentication logic per-action, per-controller, or globally for all controllers. Authentication filters process credentials in the request and provide a corresponding principal. Authentication filters can also add authentication challenges in response to unauthorized requests.

Filter overrides :

You can now override which filters apply to a given action method or controller by specifying an override filter. Override filters specify a set of filter types that should not be run for a given scope (action or controller). This allows you to configure filters that apply globally but then exclude certain global filters from applying to specific actions or controllers.

Attribute routing :

 ASP.NET MVC now supports attribute routing, thanks to a contribution by Tim McCall, the author of http://attributerouting.net. With attribute routing you can specify your routes by annotating your actions and controllers.

ASP.NET Scaffolding :

ASP.NET Scaffolding is a code generation framework for ASP.NET Web applications. It makes it easy to add boilerplate code to your project that interacts with a data model.

In previous versions of Visual Studio, scaffolding was limited to ASP.NET MVC projects. With Visual Studio 2013, you can now use scaffolding for any ASP.NET project, including Web Forms. Visual Studio 2013 does not currently support generating pages for a Web Forms project, but you can still use scaffolding with Web Forms by adding MVC dependencies to the project. Support for generating pages for Web Forms will be added in a future update.

When using scaffolding, we ensure that all required dependencies are installed in the project. For example, if you start with an ASP.NET Web Forms project and then use scaffolding to add a Web API Controller, the required NuGet packages and references are added to your project automatically.

To add MVC scaffolding to a Web Forms project, add a New Scaffolded Item and select MVC 5 Dependencies in the dialog window. There are two options for scaffolding MVC; Minimal and Full. If you select Minimal, only the NuGet packages and references for ASP.NET MVC are added to your project. If you select the Full option, the Minimal dependencies are added, as well as the required content files for an MVC project.

Support for scaffolding async controllers uses the new async features from Entity Framework 6.

----------------------------------------------------------------------------------------------------------------------------------

Released on : 17-OCT-2013

New Released .Net Framework :

Latest Release : 5-July-2014

Latest Framework: Asp.Net MVC 5.2.0

Detailed Architecture of ASP.NET 4.5

Asp.Net Framework :
----------------------------------------------
Asp.Net has extended into multiple code frameworks, including Web Forms, MVC, Web Page, Web API and SignalR. Initially, all these grew up separately but now they are coming together. Now, you can develop your web site or web application by using Web Forms or MVC or Web Page and services by using Web API or SignalR.

Components of Asp.NET 4.5 Architecture :
------------------------------------------------------

1) .NET Framework :

.Net framework is an integrated component of windows operating system that supports development and execution of next generation applications, Windows store apps and services.

2) ASP.NET Framework :

ASP.Net Framework is used to create dynamic website, web application and web services. It is built on the top of .NET Framework.
Asp.NET Framework provides you various capabilities like Hosting Model, Site/Service Management, Protocol Abstraction, Security, Caching capability, Routing and Model Binding etc.
asp.net 4.5 architecture diagram
Mainly, Asp.Net can be divides into two parts - Asp.Net Sites and Asp.Net Services.

3) Asp.NET Site

There are following flavours of Asp.NET Site -

     - Web Forms               
                        This is the traditional event driven development model. It has drag and drop server controls, server events and state management techniques. This best for rapid application development (RAD) with powerful data access.
     -  MVC
                         This is a lightweight and MVC (Model, View, Controller) pattern based development model. It provides full control over mark-up and support many features that allow fast & agile development. This best for developing lightweight, interactive and device oriented (i.e. compatible to smart phones, iPhone, tablet, laptop etc.) web application with latest web standards.

     -  Web Pages
                          This is also a lightweight and Razor syntax based development model. It has built-in template and helpers also provide full control over mark-up. It is best for developing beautiful web application with latest web standards. You can also use WebMatrix which is a free tool and has built-in template; for developing Asp.Net Web Page.
     -    SPA
                         SPA stands for Single Page Application which helps you to build web applications that include significant client-side interactions using HTML5, CSS3 and JavaScript. It is best to make highly interactive single page dashboard web applications.

 4)  Asp.NET Services

                          There are two ways to make Asp.Net Services as given below –
Web API

Asp.Net Web API is a framework for building HTTP services that can be consume by a broad range of clients including browsers, mobiles, iphone and tablets.

SignalR


ASP.NET SignalR is a library that simplifies the process of adding real-time web functionality to applications. Real-time web functionality is the ability to have server code push content to connected clients instantly as it becomes available, rather than having the server wait for a client to request new data.

LINQ Article Posted by Sumanth Bodhuluri

LINQ  :

---------                   

Basically LINQ address the current database development model in the context of Object Oriented Programming Model.

What exactly is Linq ?

For a beginner these are common question, Now we will discuss about these questions clearly .Before we do anything let us understand what is linq?

We know that whenever retrieve a data from the database we write select statement.         

 SELECT STATEMENT :

Where clauses, orderby clauses, groupby clauses, having all these are part of  select statement.As a developer of languages like C# & VB.NET would have to learn sql commands to communicate with the databases for operationsThe  problem here is the developer must learn sql commands properly , and when he is writing the sql statements in frontend  will be  purely in string format  that does not have typechecking and no validations of syntax in the frontend . The  result will be displayed when the sql statements sends to the backend then it should be verified the syntax .If the syntax is right it executes the results i.e., which will fetch some object from the dataset or  dataReaderThe point here we must know SQL statements,  properly frame them and then submitted to the backend likewise we got another types of collections like Arrays, Lists & Dictionaries those are also used for getting the data from the dataSource .We have different sources of data like Xml documents , relational data sources and objects but here  the issue is we have to retrieve the data from the sources. The requirement is same i.e., retrieve the data.

“here we requires different API’s to fetch data from different data sources “.

Let us discuss with some different scenarios here:

sc1:  Like if I want to fetch data from a list I can only use methods of class list.

sc2:  If I want to operate on stack, queue, linkedlist. All these   I am restricted to the classes alone.

sc3:  Likewise if I am using ADO.NET for fetching the data from the database and I again get restricted to only those functionalities which are available in ADO.NET API. Moreover it is completely different API.

           sc4:   I may use dataReader or dataset likewise we must have coustom objects we have to fetch data and again a different API for that.

          sc5:  We might have xml has source of data there also we request different API  “Now a question raised that Why to have different API for different sources of data? When probably operation we did on that data source be almost similar ?”

THEN THE ANSWER  IS....

LINQ:

I hope with the above information we can understand the complexities faced in .net framework beforeNow we can go through, What exactly is Linq?Linq is a querying language feature and has a great power of querying on any source of data .What It mean is we are going to query in a programming language (C#, VB.NET and other .NET Compatible languages) and submitted to data source for retrieving data to us. So, that is what the LINQ facilitates is……Here Data source could be the collection of objects, database (or) XML files (or) oracle database (or) sql sever database (or) it can be any other dataSource which are implemented IEnumerable<T> interface. Of course it is a generic version  Microsoft basically divides LINQ into three areas:

1.    Linq to Object

2.    Linq to ADO.NET

3.    Linq to Xml (Xlinq)

LINQ TO OBJECTS :

What exactly I mean Linq to objects is we are going to perform queries against objects which are in memory. We have some objects created in memory those objects are going to perform our query.The objects can:  Collection objects, Arrays objects which are costumed user defined object from there we have to fetch the data .

For Example:          Collection of employee objects in memory.

We would like to perform some query on those employee objects.Like we need:     

 All the employees sorted by their names. All the employees sorted by their salary. To perform filter condition. Group all the employees by department nameIn these kind of cases we can use the linq to object concept.Linq queries gives us ability to perform operation on those objects which are actually not present in the methods in the corresponding class. That’s the beautiful power to see in programming.

LINQ TO ADO.NET:

          Linq to ADO.NET is further categorized into three:

 1) Linq to SQL:

                             Where we are perform query a sql sever database.     In short only on sql sever database not anything else.Now the point is now we will write query in C#. How is that going to execute against a sql server DataBase.This is the reason why the Linq Providers come into picture.

2)Linq to DataSet: 

                              Now we discuss about the how the Linq queries perform on the DataSet.We might had DataSet created.

 We can create DataSet which read on :

  1) DataAdaptor                                     

  2) Reading data from xml document

                            We might have got the dataset constructing dynamically by creating on datable and adding to the table whatever and adding to the table  collections and adding rows and columns to the data table.Whatever the way you created dataset from the dataset you have to perform query operations.

YES! Again linq can be used:

3) Linq to Entities :

Linq to entities is the solution provided for querying data against the entities which are created using entity Framework.What is entity Framework? Entity framework is an ORM solution provided by Microsoft.ORM: Object Relational Management solution.So, we are going to have some type of datasource through which will be created in memory and from those objects again we can fetch data using linq.So, Linq to entity is a purely for Entity Framework. 

LINQ to XML (XLINQ):

Linq to xml formally called as XLINQ.Here we perform query against any kind of  XML document.You might have an XML document which is structured XML data will be there in that, from there we can fetch the data.In this scenario we will use Linq to XML.Here in XLINQ: X------à Extending.

Note: Do you Have an Article about .Net, mail to: dotnetcircle@gmail.com