The first is with a traditional string concatenation, which would look something like this:

string MyString = String.Empty;
MyString = “Hello ” + “World”;

The second way, is using the StringBuilder library, which would look something like this:

StringBuilder MyString = new StringBuilder();
MyString.Append(“Hello “);
MyString.Append(“World”);

These two sets of code do basically the same thing, but is it preferable to use one over the other? It turns out, that the StringBuilder class is much, much more efficient when dealing with large sets of strings. For short strings, with fewer than five concatenations, chances are you’ll be better off with traditional string concatenation because you don’t have to instantiate a copy of the StringBuilder library, but for situations that you want to do a lot of string manipulation, you definitely want to use the StringBuilder library.

Here’s a synthetic test using C# and ASP.NET comparing the two:

        Trace.IsEnabled = true;

        StringBuilder StBuilder = new StringBuilder();
        Trace.Write(“String Builder Append Begin”);
        for (int x = 0; x < 10000; x++)
        {
            StBuilder.Append(“Testing123″);
        }
        Trace.Write(“String Builder Complete”);

        string stString = String.Empty;
        Trace.Write(“String Concatenation Beginning”);
        for (int x = 0; x < 10000; x++)
        {
            stString += “Testing123″;
        }
        Trace.Write(“String Concatenation Complete”);

The test concatenated the string 10,000 times. Although it’s a synthetic test, it shows that the StringBuilder class is substantially more efficient than the string class for concatenation. The string class concatenated the text in 5.292587 seconds. The StringBuilder class performed the same task in just 0.006142 seconds. In other words, the StringBuilder was over 850 times faster at concatenating the string than the string class was.

Now that’s a performance benefit!

By default, ASP.NET will add the following references to your page:

using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;

In a library that I was using, I was able to pair those down to these five libraries:

using System;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

After removing the un-necessary libraries, the page load time decreased by nearly half of a second. If you were to do this with all of your libraries and pages, chances are you could see a pretty significant performance increase.

As I write this article, It’s about 75 degrees and Sunny outside. When I should be going out on a bike ride, instead I’ve opted to play with Twitterizer (an ASP.NET Twitter Library). Twitterizer is an ASP.NET library that lets you interact with the Twitter API using easy to use objects and methods. It will work with any of the .NET variants (C#, VB, J#, Windows Forms, ASP.NET, WPF, etc). I added the functionality into the 360 Web Content Management System and I thought I’d share with you how I did it.

Here’s how to retrieve twitter feeds in ASP.NET

(1) Get a copy of the Twitterizer Library

First, you’ll need to get a copy of the Twitterizer Library from Google’s Codebase. The download is pretty small and contains only the application library (DLL) you need. Create a new website in ASP.NET and extract the twitterizer library to the /bin/ folder so that you can use it.  Once you have it placed in your /bin/ folder, add a “using” reference to the library in the header of your page.

using Twitterizer.Framework;

(2) Create a “Twitter” object and Retrieve Your Status Updates.

The library contains a few different objects that you can create. A “Twitter” object is the most generic object that you can create. Creating an instance of this object using your username and password gives you all the functionality you would normally have in Twitter, but instead of using the Twitter web interface, you’re using C# or Visual Basic. First, we’ll need to instantiate the object, and then get a collection of status updates from your account.

Twitter thisUser = new Twitter(“UserNameHere”, “PasswordHere”);
TwitterStatusCollection thisCollection = thisUser.Status.UserTimeline();

(3) Loop Through Your Status Updates and Generate Some HTML

The “TwitterStatusCollection” object type is a list of “TwitterStatus” objects, so you can use a foreach loop and go through your most recent status updates. You’ll notice in the code below that I also do some basic work with the time of the status update to generate a hyperlink to the page of the status, similar to what Twitter does.

string TwitterCode = “”;
foreach (TwitterStatus thisStatus in thisCollection)
{

TimeSpan thisSpan = new TimeSpan();
thisSpan = DateTime.Now.Subtract(thisStatus.Created);

string TimeBetween = “”;
if (thisSpan.Days > 0) { TimeBetween = thisSpan.Days.ToString() + ” days ago”; }
else if (thisSpan.Hours > 0) { TimeBetween = thisSpan.Days.ToString() + ” hours ago”;}
else if (thisSpan.Minutes > 0) { TimeBetween = thisSpan.Days.ToString() + ” minutes ago”;}
else if (thisSpan.Seconds > 0) { TimeBetween = thisSpan.Days.ToString() + ” seconds ago”;}

TwitterCode += “<div class=’TwitterStatus’>” + thisStatus.Text + ” <a href=’http://twitter.com/” + thisStatus.TwitterUser.UserName + “/status/” + thisStatus.ID + “‘>” + TimeBetween + “</a></div>”;
}
(4) Display Your Tweets

You now have a string with your most recent twitter status updates that you can display on the page using a simple Response.Write() or you can display it in a label. You can see a variation of this code running on the “Twitter” page for the 360 Web Content Management System.

You can also download a copy of my sample code.

Here’s how to implement the ASP.NET Color Picker Control

(1) Download the library and add it to your project

First, download the library from the ASP.NET Color Picker Control website. Make sure to download the latest binary release from the website. Currently that version is ASP.NET Color Picker v.1.4.10423.1 Binary. Once you get the zip file, it will contain a library that you should extract to the /bin/ folder of your website.

(2) Register the library on your page

ASP.NET provides a set of standard controls that you can add to a page that start with the “ASP” prefix, such as “<ASP:TextBox runat=”server” id=”txtBox” />. Any custom controls will have their own prefix that you specify by registering the library on the page. It’s another line of code that you add to the top of the page next to your page definition. It should look something like this:

<%@ Register Assembly=”Karpach.WebControls” Namespace=”Karpach.WebControls” TagPrefix=”cc1″ %>

(3) Add the control to your page

Now that you have the library referenced, you can add the control to your page and make use of it.  For the purpose of this demo, I’m going to set the AutoPostBack property to true and run a function whenever the color is changed. This will show us the color that we picked inside of a label (also shown below) after we select a new color.

<cc1:ColorPicker ID=”colorBackgroundColor” runat=”server” AutoPostBack=”true” OnColorChanged=”chngColor” />
<br /><br />
<asp:Label ID=”lblResults” runat=”server” Text=”"></asp:Label>

(4) Create Your C# Function

After we choose a color, we have to do something with it. With the ColorPicker control above, I’m using the OnColorChanged property to call the “chngColor” function, which in C# will look something like this. This will also demonstrate how to programmatically read the color chosen with the .Color property of the ASP.NET Color Picker Control

protected void chngColor(object sender, EventArgs e)
{
lblResults.Text = “<div style=’background-color:#” + colorBackgroundColor.Color.Replace(“#”, “”) + “;height:50px;width:80px;text-align:center;padding-top:35px;’>Sample Text</div>”;
}

(5) Success

So far, we’ve added the library to our project, registered the library on the page, added the control to the page, and done something with the color chosen by the user. Your page should look something like this:

You can download my sample program here.

Exception Details: System.FormatException: The specified string is not in the form required for an e-mail address.

Ouch. To remedy this issue, I added a check to make sure the email address was valid before it attempted to send the message. In the code below, I’m making use of the System.Text.RegularExpressions library that comes with the .NET framework. The code below is written in C# but the code will be very similar in Visual Basic. It will also work in ASP.NET, WPF or plain old windows forms.

Here’s a C# function that will determine whether or not an email address is valid:

public static bool IsValidEmail(string strEmailAddress)
{
if (strEmailAddress == null)
{
return false;
}
else
{
return System.Text.RegularExpressions.Regex.IsMatch(strEmailAddress, @"^[-a-zA-Z0-9][-.a-zA-Z0-9]*@[-.a-zA-Z0-9]+(\.[-.a-zA-Z0-9]+)*\.(com|edu|info|gov|int|mil|net|org|biz|name|museum|coop|aero|pro|[a-zA-Z]{2})$", RegexOptions.IgnorePatternWhitespace);
}
}


I also made some modifications to the system on the front-end, so when a user registered from then on, that it would validate that they have entered an email address and that the email address matched the format of an email address using a RequiredFieldValidator and a RegularExpressionValidator.<–>

Today, we’re going to encrypt a string with SHA-2, specifically the SHA-512 derivation of SHA-2, which should hypothetically be more secure than SHA-1 because it has a longer message digest than SHA-1. The example code I’m going to show off today also uses a “salt“, whereas the previous function I showed off didn’t. This will make your hashed-passwords more immume to dictionary attacts because not only would the hacker have to develop a hash for every commonly known password, but as well as every commonly known password multiplied by the nearly infinite number of possible salts.

Here’s the function:

    public static string CreateSHAHash(string Password, string Salt)
    {
        System.Security.Cryptography.SHA512Managed HashTool = new System.Security.Cryptography.SHA512Managed();
        Byte[] PasswordAsByte = System.Text.Encoding.UTF8.GetBytes(string.Concat(Password, Salt));
        Byte[] EncryptedBytes = HashTool.ComputeHash(PasswordAsByte);
        HashTool.Clear();
        return Convert.ToBase64String(EncryptedBytes);
    }

How it works:

This method makes use of the System.Security.Cryptography class. It combines your password and the salt that you provide and  turns it into a byte-array. It runs those bytes through the has computation function provided by the class and returns an 88-bit string of the message-digest/hash that’s created.

The source code to check a user’s credentials in Active Directory using C# or Visual Basic is actually fairly minimal. This works with both ASP.NET and with Windows Forms  (or WPF for that matter) if you’re building a desktop application.

Here’s how to do it:

(1) Reference the appropriate library

You’ll need to make use of the System.DirectoryServices library that comes with Visual Studio. You can add this to your ASP.NET code-behind page or your C# class for your Windows forms like this.

using System.DirectoryServices;

(2) Create An Authentication Function.

Here’s a basic function that will check a user’s permissions on a given domain. Essentially, it will try to create an Active Directory entry using the provided credentials, and it can successfully create a valid entry, we know that the user is authenticated. Otherwise, it’ll return false.

public bool AuthenticateActiveDirectory(string Domain, string UserName, string Password)
{
try
{
DirectoryEntry entry = new DirectoryEntry(“LDAP://” + Domain, UserName, Password);
object nativeObject = entry.NativeObject;
return true;
}
catch (DirectoryServicesCOMException) { return false; }
}

That’s really all there is to it. Microsoft has an extensive aritcle on MSDN that covers active directory authentication in .NET that you might want to check out as well.

ASP.NET does a particularly good job of offering the ability to resize photos. The System.Drawing library that comes with .NET allows you to resize photos extremely well with just a few lines of code, and place it in the format that you’d like.

Here’s how to resize photos in the .NET Framework:

(1) Reference the appropriate libraries.

The example code below will be in C#, but it will work basically the same way for Visual Basic or J#. You’ll need to reference the System.IO library to read and write the files, as well as the System.Drawing library and the System.Drawing.Imaging library. To do this, simply add the following lines to the top of your code-behind page.

using System.IO;
using System.Drawing;
using System.Drawing.Imaging;

(2) Load the OriginalImage

The following three lines of code will take an existing image that you can set programmatically, say if you want to connect it to a photo gallery module in a database, and create a bitmap/image object that you can use to resize the image:

string UploadPath = Server.MapPath(“/images/”);
string FileName = “OriginalImage.PNG”;
Bitmap OriginalBM = new Bitmap(UploadPath + FileName);

(3) Determine The New Size

Typically you’ll want to keep the aspect ratio the same, but you can set them statically if you’d like.  Here’s some code that will create two variables for the height and the width. We set the width statically based on what we’d like to use, then the height is based on the aspect ratio of the original image so that the image is not stretched.Finally, we’ll create a “Size” object that will be used for the resizing

float AspectRatio = (float)OriginalBM.Size.Width / (float)OriginalBM.Size.Height;
int NewWidth = 800;
int newHeight = NewWidth / AspectRatio;
Size newSize = new Size(NewWidth, newHeight);

(4) Resize and Save the Photo

Once you have a new “Size” object created, we can create a new Bitmap/image object with the new size that we specify and save it in the format of image that we’d like. In this case, I’m saving it as a Jpeg file, but you can also save it as a PNG, GIF, or Bitmap file if you’d like.

Bitmap ResizedBM = new Bitmap(OriginalBM, newSize);
string newfilepath = UploadPath + “resized_” + FileName.Replace(@”\”, @”");
ResizedBM.Save(newfilepath, ImageFormat.Jpeg);

Microsoft has provided us with a method called FormsAuthentication.HashPasswordForStoringInConfigFile that will hash your user’s passwords with MD5 or SHA-1 with a single line of code. Given the choice, I’d recommend SHA-1 because it’s generally considered more secure by the security community.

So what’s password hashing anyway?

Essentially, a hash function provides a means to take a string of text that you want to protect and encrypts it in such a manner that if the original text were ran through the function again, it would always generate the same result. Hash functions are generally a “one-way” encryption, so you can take the original password and turn it into the hashed password, but you can’t go back from the hashed password and turn it back into the original.

If you’d like a more technical explanation of password hashing, checkout this article on MathWorld.

Using the Function:

public static string PasswordHasher(string Password)
{
return FormsAuthentication.HashPasswordForStoringInConfigFile(Password, System.Web.Configuration.FormsAuthPasswordFormat.SHA1);
}

The above method will take a password that you enter and run it through the encryption function provided using the SHA1 format. You’ll get back a string with the generated hash of your password.

Overall, it’s a very nice quick and dirty way to hash a password in ASP.NET, although some might criticize its use. If you would like to at a SALT to your password, read this article at donetjunkies.

The Output Cache

Using the output cache is probably the easiest implementation of caching in ASP.NET because all you need to do is add a line to your header. This will essentially cache the entire page. This way, when you load the page a second time, it will serve up the generated HTML of the cached page rather than by going through the page lifecycle and reloading the page.

Here’s the line of code you need to add  to the top of your .ASPX pages to implement the Output Cache:

<%@ OutputCache Duration="60" VaryByParam="*" %>

The “Duration” property indicates the number of seconds that the cache is good for. The “VaryByParam” property allows you to create separate cached versions of the page if it’s given different querystrings. For example, if you had a content management system where your Page’s looked like http://www.example.org/Default.aspx?PageID=85, you wouldn’t want that to show up the same as http://www.example.org/Default.aspx?PageID=92. They’re separate dynamic pages on the site that’s generated from the page. You don’t want to cache one sub-page then serve that cache for the entire site.

The Data Cache

If you need to cache any sort of information in ASP.NET, such as a DataSet, a DataTable, or even a variable, you can use the ASP.NET DataCache. This works a lot like a session or application variable, but it has some added cache-related methods as well.

Here’s how to store something in the cache in C#:

DataTable dtToBeCached = new DataTable();
Cache["CachedTable"] = dtToBeCached;

Here’s how to turn that cached object back into a DataTable:

DataTable dtToBeCached = new DataTable();
if(Cache["CachedTable"] != null)
{
dtToBeCached = (DataTable)Cache["CachedTable"];
}

If you would like to remove something from the cache at a later time, you can simply use the Cache.Remove() method.

Partial Page Caching:

There are some cases, such as when having a website that allows for users to login, that you would want to cache some parts of page but not the entireity. Let’s say that you cached a page where one user was authenticated and that paged was cached. Then, the authenticated version of that page would be served to everyone, including individuals that aren’t logged in. In that case, you don’t want to use the Output cache onthe entire page. 

Instead, you want to make use of the DataCache to store shared data that would be frequently read from the database. The other strategy you can use in this case is to cache ASP.NET user controls that you develop. You cache these much in the same way that you would cache a page on a website, but instead you would add that code to the user control’s header instead of the page’s header.

You might also want to read these articles related to ASP.NET Caching:

• ASP.NET Caching: Techniques and Best Practices (MSDN)
• Advanced Caching Techniques in ASP.NET 2.0 (DevCity)
• Caching Techniques in ASP.NET 2.0 (Bean Software).
• Caching with ASP.NET (4 Guys From Rolla)