Fun Times with the HttpRequestValidationException

September 3, 2010 Leave a comment

Last night, I had a ‘GoToMeeting’ Session with my Mom, testing out the CMS for a Merchant Advertising Platform that I’m working on.  I love Mom, because she never fails to break my software in new and exciting ways.

The HttpRequestValidationException is generally thrown in the HttpRequest.ValidateNameValueCollection() as it iterates through the set of parameters looking for Script Injection attacks. 

Now Mom, that’s her below with my niece Avery, doesn’t know what a Script Injection attack is but her input looked like a Script Injection attack to the HttpRequest.ValidateString() method.

So, big deal you say.  And I’d agree with you.  But the flow resulting from the HttpRequestValidationException being thrown was fascinating.  Prior to today, I would have said, ‘If the Page.UnLoad Event is being called, then the Page.Init Event must have executed.’  Look it says so in the documentation.  It so happens that in my ASP .NET Message Loop abstraction, I depend on this concept.  By initializing a variable in Page.Init and leveraging it in Page.UnLoad.

To my surprise, when the HttpRequestValidationException was being thrown.  I was getting a NullReferenceException in my Page.UnLoad.  This threw me for a loop (no pun intended), and initially I thought Microsoft had done something creative like emptying the Context.Items HashTable, before the Page.UnLoad because the Request was no longer accessible.  This seemed reasonable, but weird.

Nope this was not the case.

Here is the debug information from the correct flow:

Here is the output, if I get an HttpRequestValidationException:

So, next time someone asks you a question about the ASP .NET Page Lifecycle with a haughty persona.  Ask them what happens when an HttpRequestValidationException is thrown.  I bet they won’t know the answer.  It was news to me.

Happy Coding!  Dylan


P.S. – I love my Mom!  Hi, Mom!

Categories: Uncategorized

Oh the Irony, and why I can’t seem to get rid of the Entity Framework

It’s been several weeks, since I’ve posted.  Ironically, this has been due to the increased productivity resulting from a modified use of the Entity Framework.  After my last post, I spent a few days researching and refactoring my project to use the multitude of Data Access Frameworks available.  And while I’m still frustrated with the way the Entity Framework handles the EntityState of detached object hierarchies, I have to admit it was the most productive tool for me.  I guess the grass is always greener on the other side.

With regard to my super secret project, Google Places is simply going to eat my lunch.  It’s extremely frustrating to consider killing a project pre-launch, simply because Google has so much darn muscle and mindshare.  The irony is not lost on me, giving that I am a proud Alumnus of the Evil Empire

Luckily, it’s a big world out there, with a whole lot of big hairy problems.  So I’ve been coding my hands off recently addressing all kinds of different business models.  Sooner or later something will stick that doesn’t have a giant multi-billion dollar corporation on the other side of the field.

I’m still enjoying my work with WebKit, although yesterday, I experienced one of the hairiest problems I’ve seen to date.

The CSS Class ‘.bottomNavPanel’ should include a ‘z-index: 1;’ attribute.  But somehow and for some reason, if I included this attribute in the ‘.bottomNavPanel’ class definition, it did not attach to the node.  But if I added a second class definition ‘.webKitzFix’ and added it too the node as well ‘<div class=”bottomeNavPanel webKitzFix”>’, it wired up fine to the node.  This issue replicated in both iPhone and Android environments, so I’m guessing it’s something working with the root engine.  This post, also points to some funky WebKit ‘z-index’ weirdness, adding support to my theory.

If I had saved up more money or had more leisure time, I would really enjoy cracking open the Open Source Web Kit code to understand the root of some of these issues.  Unfortunately, I have to chalk this one up to PFM (Pure F’ing Magic), until I have the time to invest in the codebase.

Categories: Uncategorized

Breaking up with the Entity Framework

I’m sorry Entity Framework, but I’m leaving you.  It’s not you, it’s me.

I remember when I first saw you on the Cover of MSDN Magazine.  I remember how you frustrated and teased me on the train to New York.  Your shapely implementation of my Database Schema was so lithe and agile.  But it was all merely a facade.  I recall our first fight, when I told you how shallow you were, only remembering one level of nesting.  But then I groked your .Include() method, and I felt so ashamed for my thoughtless accusations.

I remember how addicted you were to your precious bottle of context, when I detached you from the chains that bound you, oh how your behavior became erratic.  When I called your entity.childEntitySet.Add() method, you would not even acknowledge our new child instead saying your EntityState was Unchanged.  How could you treat your own children so?!

And so, I took responsibility for your children.  I lovingly explicitly attached them to your context, and tucked them safely into our database.  And then, I came over to your side and sweetly whispered a reminder that your Children were an integral part of yourself.

But then came the last straw.  When I spoke to you in LINQ, the language which first brought our love together, you claimed no knowledge of your children, saying your Context has been disposed, even though I had torn your context from you.  So, I appealed to your primal EntityCollection‘ToList<>’ I pleaded.

Only to hear you say, “The ObjectContext instance has been disposed and can no longer be used for operations that require a connection.”

And with a broken heart, and head bowed low, I now turn away.  For like the pretty girls in high school, you were so beautiful, but your shallowness was your flaw.  I’d much rather spend my time, with someone who is less polished, but much less complicated.

Goodbye Entity Framework.  It’s time for me to move on.  You may say that I wasn’t up to your standards.  You may say that I wasn’t good enough.  But I ask you, honestly.  If not me, than who?  For I fear unless you change, you will find yourself old and alone.  To which I say, enjoy your cats.

Categories: Uncategorized

Coming Soon to a Mobile Device Near You

May 19, 2010 1 comment

In my last post, I laid down the foundational arguments that I believe favor WebKit versus native applications.  Below is a screen shot of my super secret project. 

iPad / iPhone

Android 1.6

Android 2.1

Yes I know my Icon Labels are cut off.  Something new to fix.  BTW.  See below.  :)


Okay, hyperlocal coupons to mobile devices are definitely not super secret or new.  But luckily it’s not a saturated market, and I think I can learn a lot by developing a solution in this space.  You know what I say, ‘Go Big or Go Home!’

Some things that are cool about my application:

  • Like a Native iPhone App, it’s divided into 3 viewable areas:  Top Navigation, Content and Bottom Navigation
  • I have Transitions between screens:  overlay, slide and switch.
  • I ‘rolled my own’ single finger scrolling for the list view in the Content Area.  To date I think there are 2 JavaScript frameworks that do this, but I wanted to write my own given issues I expected to encounter with Android and iPhone Clients.
  • There is only one Page Load.  Once the HTML Page has been loaded into the browser everything else is messages to an HttpHandler via the XMLHttpRequest Object.
  • I’ve even got Error Logging via a JavaScript Buffer, a SetTimer() method and the XMLHttpRequest.

Truth in Advertising – Some things that are not cool about my application:

  • Branching on ‘navigator.userAgent’, either within your JavaScript or via Server Side redirection is a must!  WebKit on Android and WebKit on iPhone are different.
  • Common tricks are not cross platform.  For example, ‘window.scrollTo(0, 0);’, the trick we use on the iPhone to get rid of the Navigation Bar, does not work on the Android browser.  You can accomplish the same goal, but you need a separate technique.
  • Debugging is a <%= yourFavoriteExplicative %>!  Luckily Safari has a Developer Debugging Option that can be turned on via Settings.
  • Android has ‘A Frecking Lot!’ of Screen Resolutions.  At the moment, I’m accounting for 6, but given the resultant Screen Shot from Android 2.1 in the Emulator, looks like I have a few more to account for.  iPhone and iPod Touch have 1 Screen Resolution.
  • Android does not do Hardware Acceleration in the WebKit Animations, so the really cool stuff runs really choppy.  You will need to limit your transitions to very simply manipulations of the screen.

My purpose is to demonstrate that it can be done.  It’s not easy.  There are no frameworks and this is real work.  But it can be done.

Good luck to all you HTML 5 / WebKit developers out there.  Drop me a line if you get stuck.

Categories: Uncategorized

Catching Up

April 26, 2010 4 comments
Funny thing about getting older, seems it takes much longer for things to heal.  It’s been about 8 weeks now, since I fell off the ladder, and sprained my ankle.  It’s still tight, but I’m now able to get around pretty much normally.  I’m looking forward to working out, as this time has taken a tole on my exercise routine.

Although I’ve been limping around for the last eight weeks, I’ve been awfully busy.  At the end of March, I attended the Where 2.0 conference and the subsequent WhereCamp on the Google Campus.  It was a validating experience, as most others attending the conference were also concentrating their efforts on WebKit based applications as opposed to native Android / iPhone Applications.  To me, this simply makes the most logical sense.

Here’s my Ignite Presentation from Where:

Note:  During Ignite Presentations you have 5 minutes, the slides Auto Advance and you get about 15 seconds per slide.  So please forgive my pacing and the few mistakes I made.


My argument is based on three premises

1)  Unlike the desktop environment, the SmartPhone landscape is exceedingly diverse.  This diversity not only exists across platforms, but also manifests itself in heterogeneous features within the platform vertical.  Thus, in order to reach the widest audience one must either target commonality (HTML5 / WebKit) or implement solutions on a dizzying variety of devices.

2)  Our applications are essentially channels, through which we communicate a message to our customers (user community).  An application that represents a single channel must remain constantly relevant and engaging.  If another channel, even for a single version, subverts the user’s attention, it will be very difficult to recapture the users’ loyalty.  Installing an application is a commitment.  Uninstalling an application is a whim.  Browsing to a ‘url’ is a trivial action.

3)  Just about every application I see, aside from ‘games’ and ‘very rich media implementations’, are simply data views with CRUD behaviors.  These can be implemented in JavaScript / CSS / HTML 5 (we used to call this DHTML, don’t know if that has been replaced by a new buzzword).  Make no mistake, working in the browser is tough.  It took me weeks to really ‘get’ enclosures, and to see how javascript’s functional metaphor differed from my OO background.  But, I eventually got it, and now find myself comfortable in the environment.

I’ve had some great deployments in these last eight weeks.  March’s ArtWalk application was a great success, but I’m most proud of a simple application I put together for the RAP Tour of Homes.  I had not expected very many users to access the application as I didn’t do any PR work, but I was thrilled to see that we had more users than GoWalla and FourSquare, during our little Riverside Event.

So what’s next?  Here’s what I’m working on for the next 60 days or so.

I’ve been working very hard to codify a ‘List First’ view of Mobile Location Based Applications, think ‘Check In’ model versus ‘Maps’ model.  That framework is nearly complete, should be done by the end of the week.  I’m reviewing the changes to FaceBook, as much as I hate to admit it, I think FaceBook has become the defacto identity of the internet…yikes!

With luck, and a lot of hard work, by the end of June, I’ll have FaceBook integration with my Event Management Applications.  I’ll have developed an Event Management Framework for local organizations to build Locative and Temporal Interfaces (where and when as these define an ‘event’).  Finally, I’ll have the first version of my super secret project on the streets….shhhh.  Don’t tell anyone.  ;)

All my best to my new friends from the Where^2 Conferences.  I’m insanely jealous of the cool tribe of Makers in Portland.  I miss the energy of CA, and hope to find a way to bring that kind of creative energy and naive confidence back to Jacksonville.  It’s amazing what you can accomplish if you don’t listen to what others tell you, you cannot do.

So proud of my beautiful wife Andrea!  I love her more each day, and we’ve been together so long, I no longer remember myself without her.  Her dedication to her kids at SP Livingston inspires me.  That’s as much as I’ll say on my public blog, but even here, it’s important to acknowledge how I could not have become myself without her love and support.  And I am proud to reciprocate, as she comes into her own, with her teaching career.  

Categories: Uncategorized

Humpty Dumpty had a Fall

March 17, 2010 2 comments

Monday, was my first day feeling better, after fighting a cold for the better part of the week.  I was so excited to really dig into work.  My contractor had just finished repairing some roof damage, and I wanted to check out his work.  So, I climbed up on the ladder to have a look.  On the way down, the ladder slipped and ‘Humpty Dumpty had a Great Fall.’

I hit the ground and knew this was going to lay me up for a while.

Here are some shots two days later, you should have seen it on Monday!


Categories: Uncategorized

Custom HttpHandlers in ASP.NET 4.0, help is on the way.

March 9, 2010 6 comments

How it worked pre-ASP .NET 4.0

If you attempted to implement Integrated Pipeline HttpHandlers in ASP .NET 2.0+, with IIS 7.x you generally performed the following steps:

1)  Create an HttpHandler that extends IHttpHandler.

2)  Add the HttpHandler to the <web.config>.<system.web>.<httpHandlers> section

3)  Go to IIS and make some changes to you Web Site.  Notice in this case we are running v2.0 of the Framework with an Integrated Managed Pipeline.

4)  You went to you Web Site and clicked on ‘Handler Mappings’

5)  The you went over to Actions and clicked ‘Add Managed Handler…’

6)  You got this beautiful window, that crawled the Assemblies in the GAC and your ‘bin’ directory looking for implementations of IHttpHandler.  You selected the Type, Set the Path, Set the Verb and Gave it a Name

7)  In fact, this made a modification to your web.config, correctly configuring that Handler.


How it works with ASP .NET 4.0

1)  The first thing you notice is the following happy 500 Error.  The instructions are pretty clear.  They basically explain that <web.config><system.web><httpHandlers> is no longer valid and everything needs to move to <system.webServer><handlers>.  So that’s easy enough, and you figure you just do it through IIS 7.+ via the ‘Add Managed Handler…” action.

2)  Uh, oh!  Notice there’s not a darn thing in the ‘Type’ combo box.  Heck that’s okay, you are a smart cookie and you can hand jam exactly the same configuration as existed in the ASP.NET 2+ configuration file.

3)   Since, it loads the Type Via Reflection, I also tend to add the assembly name.

Now you should be back in business.

Categories: Uncategorized

Get every new post delivered to your Inbox.