.NET Programming





The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.

Share tech news, updates, or what's on your mind.

Sign up to Post

Burp Suite versus Xenotics?

OSWASP has a free Anti-XSS tool called Xenotics. I like the 4800+ payloads and their use of the term "Target Reconnaissance." It's pretty scary if you imagine a hacker using that against your site. Other tools of interest are Burp Suite.

Any experience with either?

I hope for a tool that is easy for our team to quickly come up to speed and be able to use at least the majority of advanced features.

Suggestions about which of the two is better? Also, feel free to suggest one you have had personal experience with.

ALSO, if we chose to use the .NET Anti-XSS Library from Microsoft, how might that decision influence our choice of  test tool?

I am trying to work with two radio buttons in a simple VB.net app that allows a user to select and open a PDF using the Process object. One PDF will be assigned to each radio button. Here is the code:

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdOK.Click

            If RadioButton1.Checked = True Then

            'Use the Select Case statement to select which PDF the user will open.
            Dim test As String
            Dim path As String
            Select Case test
                Case 1
                    path = "C:\test_3\johnson.pdf"
                Case 2
                    path = "C:\test_3\Ross.pdf"
            End Select

            'Process object
            Dim psi As New ProcessStartInfo()
            psi.UseShellExecute = True
        psi.FileName = ?Case
        End If

Please give me some help to write the code.

This is not homework for a class. It is self-study using books.
Using VB.NET with ODP.NET OracleConnection. Need to update data in Oracle DB.

I thought I could just create an OracleCommand with a SQL update statement as the CommandText. Here is the SQL command:

update Rig_Dates set Est_Rig_Off='25-Mar-18', Est_Rig_On='09-Mar-18' Where XPrime='6913B5020BCECE4CB54370CC1F21A00A'

I run this in Oracle and it works fine. However, when I run it using an OracleCommand, it just locks up the process and I have to kill the code.

After doing more research, I find others that use parameters. I changed my code to:

        Dim ocmd As New OracleCommand
        ocmd.CommandType = CommandType.Text
        ocmd.BindByName = True
        Dim oconn As New OracleConnection
        oconn.ConnectionString = "DATA SOURCE=xs-bhm-dbd-1:1521/WLCD;USER ID=user;Password=password"
        ocmd.Connection = oconn
        sql = "update Rig_Dates set "
        sql = sql & "Est_Rig_On= :EstRigOn, Est_Rig_Off= :EstRigOff Where XPrime= :XPrime"
        ocmd.Parameters.Add("EstRigOn", OracleDbType.Date).Value = Format(CDate(currentRow("Est_Rig_On")), "dd-MMM-yy")
        ocmd.Parameters.Add("EstRigOff", OracleDbType.Date).Value = Format(CDate(currentRow("Est_Rig_Off")), "dd-MMM-yy")
        ocmd.Parameters.Add("XPrime", OracleDbType.Varchar2).Value = currentRow("XRig_Dates").ToString
        ocmd.CommandText = sql
        Catch ex As Exception
I've had the question answered regarding how to display a XAML image in a button.

            <Button Width="32" Height="32" MouseLeftButtonDown="Button_MouseLeftButtonDown" MouseDown="Button_MouseDown">
                <Viewbox VerticalAlignment="Center" HorizontalAlignment="Center" Stretch="Fill">
                    <ContentPresenter ContentTemplate="{StaticResource icon-drag}"/>

Open in new window

However, I need to do the same as an icon on a menu item. This doesn't cut it.

        <Menu Grid.Column="0">
            <MenuItem Header="_File">
                <MenuItem Header="_New" Icon="{StaticResource icon-drag}"/>

Open in new window

I want to leave behind icon/PNG images as much as possible and use XAML geometry so that my images can be scaled just as the other XAML controls can be.

Is it possible?
In WPF, I have many icons which I want to display within their own button using XAML. However, I want to use images which are purely XAML-based. These are basically converted from SVG.

I've been able to create my splash screen using XAML images by adding a DataTemplate and referring to it with a ContentPresenter in a Canvas and specifically adding the size and position by doing this.

                <Canvas Margin="25,40,0,0">
                    <ContentPresenter Width="175" x:Name="imagelogoplay" ContentTemplate="{StaticResource img-circled-play}"/>

Open in new window

I've been using the below code to create an image with an image inside.

        <StackPanel HorizontalAlignment="Right" VerticalAlignment="Center" Grid.Column="1">
            <Button Width="64" Height="64">
                    <ContentPresenter ContentTemplate="{StaticResource img-hand}"/>

Open in new window

However, the image stays a static size no matter what values I use either in the canvas or the content presenter.

XAML bases image within a button showing outside of the area
I also thought about putting the canvas in to a viewbox. However, this makes the image disappear completely.

I'm pretty new to XAML so would appreciate if someone could shed light on this.

I've attached the icons.xaml file which I am using as a resource which contains the "img-hand" data template.
Anti-XSS Test Tool plan for Firefox

We need to support Firefox only, so I  wonder if that limitation helps me to hone my list of options, as I seek an Anti-XSS Test Tool?

I would consider at least:

and review:

plus whatever else you suggest for me to consider. So, I wonder if the fact that our site is limited to Firefox support helps us find a smaller set of AntiXSS test tools from which to choose?

FindControl will not work when searching for control in gridview which in on master page.  Neither one of the 'Dim ....' options listed below will work.  This is on a master page, but it is in the RowDataBound routine where I am trying to access the control.

Protected Sub SchLayer1GridView_RowDataBound(ByVal sender As Object, ByVal e As GridViewRowEventArgs)

Dim NewNameDrpDn As DropDownList = CType(e.Row.FindControl("DrpDnName1"), DropDownList)

Dim NewNameDrpDn As DropDownList = DirectCast(e.Row.FindControl("DrpDnName1"), DropDownList)

End Sub

Any help would be appreciated.

From a security standpoint, are all of these equivalent or is one of them better than the others from preventing prying eyes when extracting the data?  As much as possible, these are supposed to be used immediately, rather than assigning them to a standard string variable.

Dim ssPassword as New Security.SecureString

' Set SSPassword somewhere here ...

'Option 1

'Option 2
New Net.NetworkCredential("", ssPassword).Password)))

'Option 3
Friend Function ExtractSSPassword(ss As Security.SecureString) As String
    Return Runtime.InteropServices.Marshal.PtrToStringBSTR(Runtime.InteropServices.Marshal.SecureStringToBSTR(ssPassword)
End Function

Open in new window


I am using C# and am just getting into Entity Framework and need a little help here. Probably not a hard problem but I have found no good examples.

I have 3 related tables in my database. Using datasets I can load the tables into a single dataset and bind the separate tables to different DataGridViews. That's basically what I'm trying to do here...start with something "simple" and go from there. If you look at the screen shot, you will see the 3 tables and their relations. How can I load related results into 3 DataGridViews? I am able to get the first table to load (tbl_PumpSeries) but not the corresponding records. I would prefer to do it all in code but the designer would be fine too.

I have a vb.net function that does this....
val = StrConv(dr(VariableField).ToString(), vbProperCase)

However within that string is time that is " Am " or " Pm "

I am trying to pick out and set just tat section to UPPER case

This is not working
val.Replace(" Am ", " AM ").Replace(" Pm ", " PM ")
Looking for a tool to test XSS Vulnerabilities on our site

I need to find a tool we can run which will enable us to help find XSS Vulnerabilities and to test our Anti-XSS fixes.

What can you suggest?

Is it possible to call a method from a loaded user control?

MainWindow.xaml.vb loads user control Login.Xaml.vb.  Login.Xaml.vb has a button on it.  When that button is clicked, I want the method MainWindow.LoadUC(UserControl) to run.

This is my MainWindow.Xaml code:
Imports System.IO
Imports Microsoft.PointOfService
Imports System.Data
Imports System.Data.SqlClient
Imports System.Data.Sql
Imports System.Net.NetworkInformation

Class MainWindow
    Public Sub MainWindow()

    End Sub

    Public Sub Window_Loaded()
    End Sub

    Public Sub Load_Login()

    End Sub

    Public Sub btnAdmin_Click()

    End Sub

    Public Sub btnLogOut_Click()

    End Sub

    Public Sub LoadUC(ByVal userControl As UserControl)
    End Sub

    Private Sub LoadLogin()
        Dim LoginScreen As New Login
        'Content = LoginScreen


    End Sub

End Class

Open in new window

And the Login User Control code is:
Public Class Login
    Public uc As UserControl

    Public Sub numberclick()
        MsgBox("Number Click")
    End Sub

    Public Sub Login()

    End Sub
    Public Sub enterclick() Handles btnZero_Copy9.Click
        MsgBox("Number Click")
    End Sub
    Public Sub clearclick()
        MsgBox("Number Click")
        uc = New UC_Text
        'Not sure how to send "uc" back to MainWindow.
        'This is what I want to do, but doesn't work:

    End Sub
End Class

Open in new window

Maybe there's a better way to go about it.  Basically, I need to load various user controls, and put them in the MainWindow's area, replacing the User Control that was there before.

Thanks for your help!!!
What causes certain characters to be "unsafe"?

What is it about the spaces and quotes here
var example = "\"Quoted Value with spaces and &\"";

which makes them unsafe?

After encoding the encoded that string, it becomes: %22Quoted%20Value%20with%20spaces%20and%20%26%22.


I have a listbox with several acronyms, when I hover the mouse over each row how do I display their definition on a tooltip box?

Kind regards,

What does this <img> tag do below?

And is the / simply in place of a space between img and id?

For example:


and what about this?


I try to register the script below, and show on default.aspx

the codes look right but don't work to me. Please help.
protected void Page_Load(object sender, EventArgs e)
	string googleScript = string.Empty;
	if (domainName.Contains("aaa.com"))
	 googleScript = "<script async src='https://www.googletagmanager.com/gtag/js?id=UA-923423499-4'></script>" +
               "<script> window.dataLayer = window.dataLayer || []; " +
               " function gtag(){ dataLayer.push(arguments); } " +
               " gtag('js', new Date()); " +
               " gtag('config', 'UA-923423499-4'); " +
	if (googleScript != "")
                Page.ClientScript.RegisterStartupScript(this.GetType(), googleScript,"",true);

//my goal is to add <script></script> on aspx webpage

Open in new window

Hey all,

I am working on redesigning our main CRM for a rewrite.  We are primarily a .NET shop so I am thinking MVC for the front end, but I am trying to figure out the best design approach for the middle tier (business logic).  I am pretty sure I want to expose the data layer via a restful API, so WebAPI on .NET CORE seems to be a good fit.  

In my research, I had a couple question.
  1. As I delve more and more into MVC, it seems that could just as easily return an "object" from a controller as I could a view.  If that is the case, is there any reason not to just include my API logic in the MVC application instead of making a separate project?
  2. I have learned that I can use scaffolding to generate classes automatically from the database, is there a way to automatically generate controllers for my classes?
  3. (I know this one is pretty general) Are there other/better technologies I should be looking at?

Thanks in advance.
I have a computer with Visual Studio and no internet connection.

I'm programming in C#.

I would like to have some code metrics for my project. I see there's a Microsoft.CodeAnalysis.CSharp which looks promising; however, I have no internet connection so I cannot use NuGet to download it.

Is there a way I can download whatever is required to another computer, burn it to a DVD, and install it on my computer? How may I do that?

Bonus question: Any recommendations on open source code metric software for C#?
What is the latest version of the Anti-XSS library from Microsoft?
How do I keep abreast of known security exposures when using Anti-XSS library from Microsoft?

I see a security exposure of using the Anti-XSS library from Microsoft in that hackers. If they can crack that library, then millions of sites are exposed.

Where can I keep current for exposures so at least I can look for other ways to remediate such an exposure? Or, at least be made on the lookout for an update from Microsoft?

For example, I found this exposure, but it's 6 years old.


How do I get a list of only these exposures?

How good is the Anti-XSS library from Microsoft?

In the debates between a Content Security Policy vs. the Anti-XSS library from Microsoft, is there a need for both?

It seem the Anti-XSS library from Microsoft will mitigate a variety of potential XSS attacks. But, where is it lacking?

What aspects of CSP are needed when trying to close all the exposures, that the Anti-XSS library from Microsoft does not close?

Anti-XSS library from Microsoft to mitigate XSS attacks

I am new to a large project and plan to use the Anti-XSS library from Microsoft to mitigate XSS attacks. This is a very large MVC C# application, and it has been determined this library from MS will be low-impact, yet close many exposures.

Any suggestions on how to approach this integration?

C# project needing to disable TLS1.0 and 1.1.

I have a c# project running under an application pool of .net 2. I am under the assumption that in order to upgrade to TLS 1.2, we should be using .net 4 as the app pool as well as installing the most recent SQL driver. Is this true?

We are under a deadline from our payment gateway to disable TLS1.0 and 1.1. However when I disabled TLS 1 and 1.1, we got the following error. We are currently working on a new upgraded version of the app, but I don't think it will be ready in time for the deadline of our payment gateway, so I need a stop gap until we can finish the new app that uses .Net 4.5.

Is there a way to use TLS 1.2 for the payment gateway communication only? Or is this a server wide setting?

[HttpException (0x80004005): Unable to validate data.]
   System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo, Boolean signData) +4359547
   System.Web.UI.Page.EncryptStringWithIV(String s, IVType ivType) +155
   System.Web.Handlers.AssemblyResourceLoader.FormatWebResourceUrl(String assemblyName, String resourceName, Int64 assemblyDate, Boolean htmlEncoded) +68
   System.Web.Handlers.AssemblyResourceLoader.GetWebResourceUrlInternal(Assembly assembly, String …
Hello Experts,
Below is my line of code in web.config file.  I have been asked to send the Cookies in SSL.  What should I do?  

Many thanks in advance.

    <sessionState mode="InProc"
                              sqlConnectionString="data source=xxx.x.0.1;
                              user id=sa;password="
                              cookieless="false" timeout="300" />
Hello. I have a page where I have images floated to the right.  But the image that comes before the bullet list pushes the text up or down on the page and leaves a bunch of white space.  Can someone tell me how to fix it? My code is below.  The problem is with the image named campusPic.jpg:

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="heels2.aspx.vb" Inherits="heels2" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <link href="/igc.ms.styles.css?ver=1" rel="stylesheet" type="text/css" /> 
    <link href="/core.css?ver=1" rel="stylesheet" type="text/css" /> 
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css" integrity="sha384-rwoIResjU2yc3z8GV/NPeZWAv56rSmLldC3R/AZzGRnGxQQKnKkoFVhFQhNUwEyJ" crossorigin="anonymous" />
    <link rel="stylesheet" href="css/styles.css" media="screen" />
    <link href="https://fonts.googleapis.com/css?family=Shrikhand" rel="stylesheet" />
    <script type="text/javascript" src="/js.js?ver=1"></script>
    <form id="form2" runat="server">

<%--<div style="width: 100%; height: 169px; background-image: url('http://localhost:51150/images/headerBg.gif');">--%>
<div style="width: 100%; height: 169px; background-image: url('/images/headerBg.gif');">
   <table cellpadding="0" cellspacing="0" border="0" width="960" align="center" runat="server" id="Table2" style="">

Open in new window


.NET Programming





The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.