Saturday, September 29, 2012 Security - Validating Uploaded Image File Format

I found two really good links talking about how to upload image file and validate file format in more secure way rather than just checking file extension.

You should also check image file content before you try checking for header of image file.

I found both the articles have missed this code.  Here is that missing code for validating file extension.

private Boolean CheckFileType()
            string[] acceptedTypes = new string[]

            if (!acceptedTypes.Contains(fuPhoto1.PostedFile.ContentType))
                return false;
                return true;

Note: This article is basically bookmark for my future reference.

Friday, September 28, 2012

All About ASP.NET Website Performance Improvement

In this article i will be explaining some of quick, easy and must use Website Performance Improvement tips. Performance Improvement checklist is divided into 4 broad categories

  1. Identifying which part of web application requires optimization.
  2. Optimizing web project to improve website performance
  3. Tips for writing code in order to enhance performance.
  4. Database Optimization to improve performance (I will be explaining for SQL Server but same tips will also apply to MySQL, Oracle or any other DB by changing syntactical meaning respectively.)
I will be discussing each of performance improvement categories in detail.

Identifying which part of web application requires optimization.

It is very important to identify which part of your application requires more attention in order to improve website performance.  

1 Using VS.Net 2010 Profiler
2 Tracing web application
3 Extension (Firefox Firebug, YSlow, Google Chrome Speed Tracer, IE9 Developer Tools)
4 Monitoring tools like fiddler will also be helpful.

Optimizing web project to improve website performance.

In order to improve web page performance most important thing we should consider is
  • Reduce page size - By reducing page size page it will get download quickly and thus load quickly on user's browser.  It will also reduce bandwidth consumption of your website.  
  • Reduce number of HTTP request -  It is very important to reduce number of HTTP requests on your server, it will help in reducing the server load and allowing more visitors to access your website.
  • Avoid round trip to server.

In order to reduce page size.

1) Avoid viewstate - viewstate is used to persist data of web page on page postback.  This increase page size.  I always prefer to turn off viewstate at page level and only turn on viewstate to specific control whose data i need to persist over page postback.  

You can do so by <%@ Page  EnableViewState="false" %>

Situation in which you must avoid viewstate.
  • Only page which take user input or control whose values you want to persist on page postback will require viewstate.  Example: If user press submit button and if there are error on page we should persist user input, so in that case we should make EnableViewState="true" for those control or may be at page level.
  • Display pages or page which will not require page postback.  Example: Page on which you are displaying customers information in datagrid, doesn't require viewstate so in this situation you can turn of viewstate.
2) Use div instead of table. - Make use of div and css to replace table.  Combination of div and css is much more faster than table.

3) Avoid big name for server control and CSS class tag - Do not give big name for ID field of server control,  specially to ContentPlaceHolder server control in master page.  ContentPlaceHolder ID name is appended to each and every server control inside child page, so if you choose a big name for your server control it will increase html file size.

Similarly if you choose a big name for CSS class tag, it will have long name on every instance you make use of that class tag and in return it increase html size.

For this reason, I prefer to choose very short name for any controls or css tag definition.
Example: <asp:ContentPlaceHolder ID="CC" runat="server">

4) Remove unnecessary white space (Compress generated HTML Size)
  • Remove white spaces between tags and lines of html render by page.  In order to remove white space dynamically on all page, you should put "render" method inside master page class file.
  • Remove unused tags from CSS file and also remove unused script from Javascript file.
  • Remove white spaces from CSS file while deploying to production server.  Remember, Comments and whitespace inside your CSS and Javascript file are not needed for execution; Removing them will speed up css rendering time and script execution times.  You can add this step to your deployment checklist. You can take advantage of online compress css tool and online javascript compress tool.

5) Make use of JQuery instead of Ajax Control toolkit.  
I have observed that JQuery can do the task with less code and light weight, while Ajax control toolkit is bulkier and increase page size.  Find more on JQuery vs Ajax control toolkit.

Reduce number of HTTP request
With help of Firebug, Firefox extension, you can find out how many resource request was made by your web page.  It is very important to reduce number of HTTP requests on your server, it will help in reducing the server load and allowing more visitors to access your website.

1) Make minimum use of Images.  Images are good for UI but can increase size of web page and also results in too many http request.

2) Combine multiple db request into single db request.  Find more details on How to avoid multiple database request to improve performance

3) Combine 2 or more css file into 1 file, since most of modern browser do cache css file, it will only take little more time for 1st request, all sub subsequent request will be super fast.  Combining multiple css file into 1 will reduce number of http request.

4) Combine 2 or more javascript file into 1 file, since most of modern browser do cache javascript file, it will only take little more time for 1st request, all sub subsequent request will be super fast.  Combining multiple javascript file into 1 will reduce number of http request.

5) Special tips if your web application is using JQuery
    • Try to use Jquery from CDN (Content distribution network) link for google CDN
    • While adding JQuery try using min version (Example: jquery-1.6.2.min.js), which is less file size, since space and line break are removed from that.  This will help in faster loading of file and also improves performance of web application.
    • Avoid too many third party jquery controls rather make use of JQuery UI, which supports too many control within one js file.

Avoid round trip to server
In order to give user a lightning fast effect, it is important that you avoid round trip to server.  You can use:
  • Caching
  • JQuery Ajax

Tips for writing code in order to enhance performance.

1 VS.Net 2010 Code Analysis

Database Optimizing tips to improve website performance.
1. Thumb rule decrease as many joins as possible.  It will be very helpful in improving search query performance.
2. In order to avoid too many joins, make optimal use of "xml datatype".  That will help you to reduce needs of number of tables for small data structure, also be helpful in storing complex data-type.  (In summary, I am in love of xml datatype, If you know correct way to use that, you can optimize performance.)
3 Check out DB Optimization tricks
4 Use PL\SQL Programming instead of making too many DB Request.
One of the most resource efficient and performance improvement technique is to make use of PL\SQL Programming inside stored procedure to avoid round trip.  But be careful with this technique if you don't know how to use it efficiently, it may adversely affect performance.
Example: To Improve Performance through

Finally i want to say it is also important to check your web application architecture.  Try to identify what all bad architectural design was taken in past and how to rectify those in order to improve performance of your web application.  Its very important to design architecture of web application nicely.  I understand that it is not always possible to design things right at first point, but it is continuous improvement process, you should always keep on identifying things and correct it asap.  Hope my checklist had helped you too.

Please note: I have been writing this article since long and I am still in process of improving this article on regular basis.  Please share your suggestions and comments here so that it will help everybody to improve their website performance.  At present most of performance improvement topics here are purely related to web forms, but i will be going to make a list of mvc specific performance improvement checklist in my future article.  Thank you. :)

Sunday, September 23, 2012

Internet works for some sites and doesn't work for some sites

I know this is a Off topic for this blog, but it might help or remind you when you run into similar problem.

I was stuck with weird problem, Internet was working for some sites and was not working for some sites, I thought may be it could be internet problem, but it was NOT, my internet was working good.  Since i have habit of running my PC day and night i though PC might need some rest so restart my PC but things were not change even after restart.

Cause of Problem
The point i want to make here is my PC got infected with Virus.  Anytime you stuck in similar situation where your PC is behaving weird or start doing something unusual you should do a virus scan, since it could be virus which has made changes to registry and that is causing all sorts of problem in my case.

Best solution i personally believe when you feel that your PC is infected with virus is "Restore your system" to last good state, I do believe that antivirus are good and do good job, but i personally don't trust them 100%.

On my Win 7 PC, I did

  • Start > All Programs > Accessories > System Tools > "System Restore"
"System Restore" is a utility provided by Microsoft OS which saves a restore point automatically at regular interval of time. (Mostly when you install any programs.)  I know lots of people know about this option but when you are stuck in problem you try to find solution, but in this case i believe solution might not fix the things 100% and it is better to restore your system to last known good state.

System Restore program will allow you an option to select different date of restore point it has made and will restore your PC to that point
  • Good thing about System Restore is, it will not delete any of file created by you during this time period, but it will uninstall any of programs installed between that time frame.
  • After system restore, I have found everything on my PC is normal.

Other Solutions
  • Trust your antivirus, do scan your system and remove virus identified by your antivirus.
  • Open MSConfig tool (Run menu > MSConfig) and try to check "Startup" and "Service" tab to see is there any bad program getting started when you start your PC.
  • If you consider yourself as registry expert, then you can try to identify what changes are recently made to registry and validate those changes.
  • Use third party tools like CCleaner,... to check whether they can help you?

I personally like to restore my system back to good known state, that is the best solution whenever you run into problem.

Sunday, September 16, 2012

Error: Cannot insert explicit value for identity column in table 'Users' when IDENTITY_INSERT is set to OFF

I run into situation where i have to insert explicit value for identity column and run into following error, which is expected. Incase you run into similar situation here is the solution to insert value into Identity column in SQL Server.

Error: Msg 544, Level 16, State 1, Line 1
Cannot insert explicit value for identity column in table 'Users' when IDENTITY_INSERT is set to OFF.

Cause of error: Trying to insert record including ID field where ID field is IDENTITY Column.

1) Make sure that you are in situation where you really want to insert ID, If that is not the requirement than simply remove ID field from your insert statement and try to execute the insert statement again.

2) Since i was sure that i want to insert ID in Identity column, here is solution...


(IDENTITY Column, Column1...ColumnN)
(IDENTITY Value, Value1, ...., ValueN)


Make sure that your insert statement does include all column name list, otherwise you will run into this error.

Msg 8101, Level 16, State 1, Line 1
An explicit value for the identity column in table 'Users' can only be specified when a column list is used and IDENTITY_INSERT is ON.

Wrong Insert Statement
(IDENTITY Value, Value1, ...., ValueN)

Correct Insert Statement
(IDENTITY Column, Column1...ColumnN)
(IDENTITY Value, Value1, ...., ValueN)

Most Recent Post

Subscribe Blog via Email

Enter your email address:

Disclaimers:We have tried hard to provide accurate information, as a user, you agree that you bear sole responsibility for your own decisions to use any programs, documents, source code, tips, articles or any other information provided on this Blog.
Page copy protected against web site content infringement by Copyscape