Thursday

URL Access: How to Prevent Direct URL Access In MVC

Introduction

Here is writing another article to make more secure of your MVC application. I’ll explore all aspects here, how to prevent direct URL access in MVC application. Before to go through this article, you are required to detail about these articles as given below.
  1. Asp.net mvc session management example
  2. Prevent Cross-Site Request Forgery using AntiForgeryToken() in MVC

Namespace Used

To apply this feature into your MVC application is used System.Web.Routing namespace to prevent direct URL access in MVC.
How to Prevent Direct URL Access In MVC

using System.Web.Routing

Apply this feature in FilterConfig.cs file

We have to call this feature under OnActionExecuting of Action filter. We have to apply filter as below written lines to prevent direct URL access in MVC. If we are tempering URL in browser then it will forcibly throw you to Logout action of Home Controller lying under Main area.

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class NoDirectAccessAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.HttpContext.Request.UrlReferrer == null ||
 filterContext.HttpContext.Request.Url.Host != filterContext.HttpContext.Request.UrlReferrer.Host)
        {
     filterContext.Result = new RedirectToRouteResult(new
                               RouteValueDictionary(new { controller = "Home", action = "Logout", area = "Main" }));
        }
    }
}

Prevent Direct Access to Class (Apply on Controller Class)

We can apply NoDirectAccess Attribute to Class and it will follow to all containing methods, if any methods accessed directly under the whole controller. It will throw you specified action (here’s throwing Logout action) like MyWebsiteURL.com/Main/PersonalDetail/Index

[NoDirectAccess]
public class PersonalDetailController : Controller
{
      //
      // GET: /Main/PersonalDetail/
      public ActionResult Index()
      {
          return View();
      }
}

Apply NoDirectAccess Attribute to Action

Alternatively, we can apply NoDirectAccess Attribute to specific Action rather than to whole Controller class. Suppose, we are accessing directly like MyWebsiteURL.com/Main/Home/login

[NoDirectAccess]
public ActionResult Login()
{
   return View();
}

Conclusion

I have here demonstrated all necessary steps to prevent direct URL access in MVC to make our MVC application more secured and robust over internet. These are the healthy features to make our MVC application more reliable across the internet.

Tuesday

MVC Session: Asp.net mvc session management example

Introduction

In this example, showing how to use and validate session (HttpContext.Current.Session) in MVC application. In my earlier article, one of more secured feature to keep up your website healthy cross-site request forgery explained. MVC application has provided us facility to apply filter like
  1.  Authorization 
  2.  Action Filter 
  3.  Result Filter 
  4.  On Error Filter
I am here applying OnActionExecuting filter helps us to manage ASP.net MVC session management whether session is preserving or not, if session is expired, it will not let you access your authorised area and throw away to login area or someone page.
Asp.net mvc session management example

Add below code in FilterConfig.cs under App_Start folder

This code is written under OnActionExecuting in FilterConfig.cs file
public class UserSessionActionFilter : ActionFilterAttribute, IActionFilter
{
    public override void OnActionExecuting(ActionExecutingContext filterContextORG)
    {
        HttpContext ctx = HttpContext.Current;
        if (HttpContext.Current.Session["User"] == null)
        {
            /// this handles session when data is requested through Ajax json
            if (filterContextORG.HttpContext.Request.IsAjaxRequest())
            {
                JsonResult result = new JsonResult { Data = "Session Timeout!" };
                filterContextORG.Result = result;
            }
            else
            {
                /// If session is expired then redirected to logout page which further redirect to login page. 
            filterContextORG.Result = new RedirectResult("~/Main/Home/Logout");
                return;
            }
        }
}

In Global.asax Should register FilterConfig.cs

protected void Application_Start()
{
 AreaRegistration.RegisterAllAreas();
 WebApiConfig.Register(GlobalConfiguration.Configuration);
 FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
 RouteConfig.RegisterRoutes(RouteTable.Routes);
}

Checking Session is expired or not

We have to call action attribute [UserSessionActionFilter] in MVC controller to check whether session is preserving or not. If session is expired it will throw to other page.
[UserSessionActionFilter]
public ActionResult ContactDetail()
{
 return View();
}

Conclusion

This example is showing how to handle session in ASP.net MVC application. This example helps us to asp.net MVC session management example with all required steps.

Suggested Reading

Thursday

Fix Error 9002: Transaction Log Full For SQL Server

Overview of SQL Server Error 9002

Sometimes while working on SQL Server database we come across an error 9002. Which indicates that Transaction log for SQL Server is full. There may be several reasons through which the log file may become very large and run out of space or become full. Transaction log error 9002 generally occur when a log file is full or the disk space in which log file stored is full and cannot expand the log files further. In such circumstances, database remains online, but can only be read and no update operation can be performed. If this error occur while recovery then databases marked as resource pending.

Error 9002 msg:
The log file for database '%*Is' is full. Back up the transaction log for the database to free up some log space.
SQL Server database records all the transactions and the modifications done by each transaction. Transaction log must be regularly truncated to maintain the log space and keep it away from filling up. Some operations can be minimally logged to reduce their impact on transaction log size.
If the error 9002 occurred, when database was in recovery mode then after resolving problem ALTER DATABASE database_name SET ONLINE must be used.

How to Fix SQL Server Error 9002?

Following action can be performed for troubleshooting SQL Server transaction log full Error 9002:
  • Log backup can be done.
  • Log file can be moved to some other disk having sufficient space.
  • Log file size can be increased.
  • Freeing disk space so that the log file may grow automatically.
  • Long running transactions could be killed.
  • Adding a log file to other disk.
However, Transaction log is an essential part of database, which is required to return the database in consistent state if any system failure occurred. That’s why shrinking, deleting or moving transaction log be done after fully understanding the outcome of the action performed.
The above actions performed for troubleshooting t-sql error 9002 described below:

Transaction Log Backup

In case database uses the full or bulk-logged recovery model, and transaction log backup has not been done recently. Then there is need to take recent backup of the transaction log to free some space and supports restoring the database from a specific point. Log backup should be taken frequently to keep the log from filling up again.

Moving Log File to Another Disk

If creating enough space on the disk that containing the log file is not possible, then log file should be moved to some other disk having sufficient space. While moving log file one should never place the log file on a compressed file system. The log file can be moved by using concept of database detach and attach.
sp_detach_db executed to detach database.
sp_attach_db executed to attach database.

Increase Log File Size

As maximum size for log file is two terabytes(TB). So if space available on the disk log file size can be increased. Size can be increased manually to produce a single grow increment in case autogrow disable and a database is online. Also, we can enable autogrow by using ALTER DATABASE statement.

Freeing Disk Space

The disk containing the transaction log file can be freed by deleting or moving some files from that disk to another disk. Freeing the disk space will enlarge the log file automatically on that disc.

Add Log file to Another Disk

A new log file can be added to the database on the different disk by using ALTER DATABASE ADD LOG FILE.

Conclusion

We get to know about SQL Server Transaction Log Error 9002. Error 9002 in SQL Server occurred when the transaction log file is full. While moving or deleting a transaction log file the outcome of the action performed should be kept in mind. Several actions which can be performed to solve this error are discussed briefly.

Suggested Reading

MVC Areas: Organizing an Application using Areas

Introduction

MVC architecture is inherently separated into three separate layers like Model (database), Presentation (UI, View), and Controller (Business layer). Releasing of MVC 2 introduces new feature of Area which provide solid capability to further separate files of file structure. Using with Area, we can define same controller in different areas to make our application more modular, manageable and robust. In this demonstration, I have used two areas Main (Public website) and blog area. In my earlier article, how to stop cross-site request forgery. I am explaining all steps how to organizing an application using areas in MVC.
mvc area

Why We Need MVC Areas

When we need multiple departments to maintain with different controllers even having with the same name in different areas. It makes our application more manageable, easy and maintainable to make our development faster.

Create a New MVC Project

First of all, create a new fresh project of MVC

create new project mvc area

New Project Crated

New project created for playing MVC feature of Area.

new project created

Create a New Area

Let’s now start to create a new area. Right click on project then move to Add >>> Area then provide a new relevant name of area.
Create mvc area

Creating Blog Area

Here typing relevant new area name like “Blog”.
type blog area name

Blog Area Created

Now you can see new created area “Blog” under the project.
Area Blog Created

Blog Area File Registration

You can see a new file crated of Blog Area Registration (BlogAreaRegistration.cs) under blog area.

public override string AreaName
{
    get
    {
 return "Blog";
    }
}

public override void RegisterArea(AreaRegistrationContext context)
{
    context.MapRoute("Blog_default",
        "Blog/{controller}/{action}/{id}",
 new { action = "Index", id = UrlParameter.Optional }
    );
}

Area Registration in Global.asax

Area registration is also done in Global.asax file.
public class MvcApplication : System.Web.HttpApplication
{
    protected void Application_Start()
    {
    AreaRegistration.RegisterAllAreas();

        WebApiConfig.Register(GlobalConfiguration.Configuration);
    FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        RouteConfig.RegisterRoutes(RouteTable.Routes);
    }
} 

Main Area Creation

Next one new main area is crating in this section.
Main blog area created
Area Registration File Created
In the same way, as in blog area a registration file (MainAreaRegistration.cs) is also created.

public class MainAreaRegistration : AreaRegistration
{
 public override string AreaName
        {
        get
        {
            return "Main";
        }
    }

public override void RegisterArea(AreaRegistrationContext context)
    {
        context.MapRoute(
            "Main_default",
            "Main/{controller}/{action}/{id}",
            new { action = "Index", id = UrlParameter.Optional }
        );
    }

Create Home Controller for Main Area

Creating home controller under main area.
Home controller for main area

Create Home Controller For Blog

Alike main area, Home controller is also creating under blog area. Area feature let allow us to create same controller name to make our development more lucrative.
Home controller for blog area

Create View for Both Home controllers of Main & Blog

Here is creating view for Blog and main area.

@{
ViewBag.Title = "Index";
}
<h2>Welcome to Blog Area</h2>
<div> @Html.ActionLink("Back to Main", "Index", "Home", new { area = "Main" }, new { }) </div>
 Main Area View
@{ ViewBag.Title = "Index"; }
<h2>Welcome to Main Area</h2>
<div>
    @Html.ActionLink("Go to Blog", "Index", "Home", new { area = "Blog" }, new { })
</div>

Set Default Area/Controller/Action

Here, you can set your default area, controller and method to launch your application (landing page of your application). Before to set, you need to right click on project and click on properties to navigate on Web tab to set application default page (Area/controller/action).

Area Default Page

or Alternatively can set in RouteConfig.cs

Routes.MapRoute(
                name: "Default",
                url: "{controller}/{action}/{id}",
                defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional },
                namespaces: new[] { "slnMvcArea.Areas.Main.Controllers" }
            ).DataTokens.Add("area","Main");

Now Run your MVC area application

Finally run your MVC app to see how works MVC area feature.

welcome to main area

Navigate to Blog Area

Click on “Go to Blog” to navigate blog area.

welcome to blog area
Now you are on blog area, here is also a link to navigate “Back to Main”.

Conclusion

MVC areas helps us to make more manageable our MVC application to further divides into different files. In each area, we can define same controller like Main area contain “Home” Controller then also other areas can contain same area name “Home”, this code will compile perfectly even we have same controller name in different areas. Thus, it will help us to make large volume of applications with multiple departments so that can build awesome MVC apps with area feature. I tried here to demonstrates all necessary steps to organize an application using areas in MVC app.

Video: This video also demonostrates about Organizing an Application using Areas.

Wednesday

How To Own ASP.Net MVC Page Life Cycle For Free

Introduction

Before to start over to know about MVC complete Life Cycle, it is mandatory to add required namespaces in web.config which are automatically added when we add MVC package in our MVC application. We all know the basic behaviour of MVC is based on HTTP requests. In my recent article, I have already explained how to create amazing charts using MVC.

I have provided all necessary MVC life cycle steps here.
<namespaces> 
<add namespace="System.Web.Helpers">
<add namespace="System.Web.Mvc">
<add namespace="System.Web.Mvc.Ajax">
<add namespace="System.Web.Mvc.Html">
<add namespace="System.Web.Optimization">
<add namespace="System.Web.Routing">
<add namespace="System.Web.WebPages">
</namespaces>

1) We send our request through HTTP to our server.
2) Then request goes through our MVC routing.
3) Our web request sends through Global.asax file where all routes are registered under this file, according to our MVC request then request is forwarded according to matching route.
ASP.Net MVC Page Life Cycle

protected void Application_Start()
{
    AreaRegistration.RegisterAllAreas();
    WebApiConfig.Register(GlobalConfiguration.Configuration);
    FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
    RouteConfig.RegisterRoutes(RouteTable.Routes);
    BundleConfig.RegisterBundles(BundleTable.Bundles);
    AuthConfig.RegisterAuth();
    //ModelBinders.Binders.DefaultBinder = new Microsoft.Web.Mvc.DataAnnotations.DataAnnotationsModelBinder();
    AreaRegistration.RegisterAllAreas();
}
4) Route is filled in Route.Config file where our controller, view and parameter (optional) are given to complete our request.

public static void RegisterRoutes(RouteCollection routes)
{
    routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
    routes.MapRoute(
    name: "Default",
        url: "{controller}/{action}/{id}",
        defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
    );
}
5) After filling the route through Route.config, now request is redirected to our controller.

  public ActionResult Index()
  {
   return View();
  }
6) At the end, Result is shown in a view of MVC controller attribute where all desired information is displayed over here.

@{ ViewBag.Title = "Home"; } 
<!DOCTYPE html> 
<html lang="en"> 
<head> <meta charset="utf-8" /> 
<title>@ViewBag.Title</title> 
<link href="~/favicon.ico" rel="shortcut icon" type="image/x-icon" /> 
<meta name="viewport" content="width=device-width" /> 
</head>
 <body> <div> Welcome to Technology Crowds </div> </body> 
</html>

Conclusion

In this article has shown how works MVC life cycle when we request through HTTP in our web browser. Requests, Routing, controller, view, MVC handler (Razor etc) are key components of MVC.

Suggested Reading

Monday

Fix SQL error: 26 - A network-related error occurred in SQL Server

Introduction

This article explains how to configure an instance of the SQL Server Database Engine to listen on a particular fixed port by utilizing the SQL Server Configuration Manager. The default example of the SQL Server Database Engine listens on TCP port 1433. Named instances of the Database Engine and SQL Server Compact are arranged for dynamic ports. This implies they select an accessible port when the SQL Server administration is begun. When you are interfacing with a named instance through a firewall, setup the Database Engine to listen on a particular port, so that the fitting port can be opened in the firewall. Here are given 5 different approaches to get resolution of 26 - A network-related error occurred in SQL Server. In my earlier, I have already explained how to find and delete duplicate values in SQL server.

Error Description:

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified) (Microsoft SQL Server, Error: -1)

Approach 1: We can run this query to view your TCP endpoints 


SELECT name, protocol_desc, type_desc, state_desc, is_admin_endpoint, port, is_dynamic_port, ip_address FROM sys.tcp_endpoints

tcp endpoints

Approach 2: Here you can check which SQL port is running on your machine.


USE MASTER
GO
xp_readerrorlog 0, 1, N'Server is listening on'
GO

Approach 3: Run below command to check applications listening on ports, try this command on command line:


netstat -ap TCP

Approach 4:


i) Open Immediate Window (Windows + R) on your machine.
ii) Next type %windir%\System32\cliconfg.exe and click on Enter button.
iii) Now a new window will open, left side will show disabled port and right side will show enabled port.
disable tcp ip protocols

iv) Now Select TCP/IP disabled protocols and click on Enable button to add in enabled protocols list.

tcp ip properties

v) Now you will enabled TCP/IP protocols and click on properties, then finally you will see SQL Server port i.e. 1433



sql port 1433

Approach 5: 

  • Start from open your SQL Server Configuration Manager
  • Next click  on "SQL Server Network Configuration" and click on "Protocols for Name".
  • Now right click on TCP/IP, click on properties and make sure it is enabled.
  • Presently Select "IP Addresses" Tab - and-Go to the last passage "IP All".
  • Now enter SQL server port TCP/IP 1433
  • Remove 0 (keep totally blank) from TCP Dynamic Ports property
  • Now restart your SQL Server (Right click on SQL server Management Studio and click restart button).

Conclusion

Here are given 5 different approaches to resolve issue 26 - A network-related error occurred in SQL Server. Hopefully, these approaches would work to all who are looking to resolve issue 26 - A network-related error occurred in SQL Server.

Relevant Reading

SQL Server Schema Corruption Error 211: A Technical Solution

Introduction

The SQL Schema is a logical collection of SQL Objects including the tables, associated with columns, its relevant entries, or other elements. While creating the schema, a user will be able to access the database in more effective manner. However, a situation occurs in SQL server that different errors occurs while accessing it. One such error is SQL server error 211, which occurs when the server table is getting updated. In the following section, we will cover reasons for corruption in the server Schema and then possible solutions to overcome this error.

Problem Statement

Suppose a user tries to update some database tables on his server and meanwhile a schema corruption error message occurs on the system. This error can exist in any version of SQL Server such as Server 2005, 2008 etc.
“Msg: 211, Level 23, State 51, Line 1 Possible schema corruption.
Run DBCC CHECKCATALOG
Msg 0, Level 20, State 0, Line 0”

Reasons Behind SQL Server Error 211

Generally, schema corruption in database evolve very rarely in the SQL Server. When this error took place, a user have to check out the main cause of the error i.e., either via SQL error Log files or some other.
There are multiple reasons where schema gets corrupted and some of them are mentioned below:
  • Due to improper computer activities by server users
  • Sudden software failure leads to Schema corruption
  • Hardware failure is the major issue behind corruption

How to Fix Corruption Error 211 in SQL Server

There are several methods to resolve this server error. A user can choose any one approach to remove or delete the schema corruption which is present within the server. Following are the all possible solutions to fix the error:
  • One of the compatible solution for resolving this error is to restore the backup files of the database. In addition, go through following scenarios that will help you in restoring backup files:
    1. If a user has backup of transaction log, then take a backup of tail-log and restore the latest backup completely with entire transaction logs that are ending with tail-log backup. In such case, the result will become in 0 data loss.
    2. If a user does not have a backup of the transaction log then, develop a new database and import more data as possible or if a user is able to determine culprit table, then drop that table & recreate it.
  • The another approach is to repair entire MDF database file and then, you will have to deploy the database again.
  • The last manual trick is to execute DBCC CHECKCATALOG command on the server screen.
When you will run DBCC command the error will be displayed. Sometimes, much exceptions might occur while executing the Transact-SQL statement through SQL users with dedicated Schema. Make sure, a user will get the suitable suggestion from SQL server database by running DBCC CHECKCATALOG syntax. With the help of this command, users will get to know the location and reason behind the SQL server error 211. However, DBCC CHECKCATALOG signifies no error, but it is not possible at all time.

Alternate Solution to Resolve SQL Server Database Corruption

The most appropriate solution for fixing SQL error code 211 is third party SQL recovery tool. It is safe and secure way to troubleshoot this error with help of following steps:
Step1: Launch SQL Recovery, Add MDF file and press Open button

Step 2: Analyze all your data of the server file and then click on Export button

Step 3: Now, select an option between two i.e., with the only Schema or with Schema & Data for exporting MDF file and click on save to start migration process

Finally, you will be able to get a healthy MDF file with help of this solution and hence, fix SQL server error 211.

Conclusion

Here we are ending with one of the server error, which create hurdle while accessing the SQL Server database. The best possible solutions are also discussed to overcome this possible Corruption Schema error. Well, it is recommended to first restore the backup file of server, if a user is having it. Else, you can go for other solution for resolving SQL server schema corruption error 211.

Suggested Reading