It's Microsoft's World, and I'm just living in it
View Clarence Klopfstein's profile on LinkedIn

Clarence Klopfstein's Facebook profile

This site is under construction...


New Comments

Referring Sites


  • This is MY blog. The views represented here are not in relation to anybody else. Please read my full disclaimer for a more complete disclaimer.

P3P Header

December 9, 2009 03:00 by ckincincy


One thing I learned over the past few months had to do with sharing a website from one site to another via an iFrame.  The problem arises when the domains don’t match.  If your primary site is example.com and the site in the iFrame is exampleinaniframe.com, by default exampleinaniframe.com cannot set cookies or execute certain JavaScript.  Browsers see this as a potential hijacking and throw a security error.

The fix for this is pretty simple, but not simple all at the same time.  There is a header you can add to  your site telling browsers that it should allow it to be put in an iFrame.  Those are called P3P Header’s.  Now the hard part to this is that a search online returns a lot of conflicting answers to what your header should look like.  Then one night, as I was trying to figure out how to do Facebook development, it hit me.  That is how Facebook works.  All of those applications you use in Facebook are really hosted on another site, you just see it seamlessly via an iFrame.  Now since Facebook has 350,000,000 users I figured they probably have this figured out.

A brief search found this very simple and concise P3P header, all you have to do is include this somewhere early in your page load life cycle (global.asax, httpmodule, basepage, etc…):

HttpContext.Current.Response.AddHeader("p3p", "CP=\"CAO PSA OUR\"");

That will tell the user’s browser to not throw a security exception and allow the site to function as needed.

Orchard, Oxite and ASP.NET MVC

December 7, 2009 03:00 by ckincincy

I have been an ASP.NET developer since I joined the team at Cintech in 2006.  I’ve been in the web form world and all the wonders of the PostBack page model since then. 

oxiteThen around the end of 2008 I remember hearing some noise about an ASP.NET MVC project released by Microsoft that got some bad reaction.  Talking about how it wasn’t a good start to MVC.  I never took the time to look deeper as I had other things going on in life, and was happy with my PostBack world.  Turns out this was a project called “Oxite” that is hosted over on CodePlex.

Then July of this year I took a job with a long time friend at Epsilon.  My friend is a Java developer, and through our conversations he kept telling me about this “MVC" way of doing web development.  About how it is so different than how he was being forced to develop on the .NET project we were working on together. 

The more he talked the more I got interested in learning about this new ASP.NET MVC that Microsoft had released.  Around this time CINNUG hosted a firestarter event going over ASP.NET MVC.  I took a Saturday to attend the event and learn some more.

In general I’m eager to learn more and put some of this in action.  This is when I went looking for that project that Microsoft put out.  Upon finding Oxite I see that it was basically a dead project.  The only thing I could find was a post on Erik Porters blog stating this in the comments:

October 08, 2009
Jeff, there is news coming about Oxite, but unfortunately I can't share anything until some other news happens. :( It's looking right now like that news is still a month and a half out. Really sorry! :(

OrchardLogoCodeplexNow this is on top of the fact that Oxite had not moved much since July.  Check ins, yes.  But nothing worth writing home about.  Then in the comments there was some guessing that Oxite was going to become “Orchard”, which was discussed as being a full featured CMS backed by Microsoft, though still being open source. 

Now I had high hopes for Orchard.  Since Oxite had been dead for months, I figured this new Orchard product would be ready to go when released.  I was stoked and waiting for it to be released.  I was all set to move this site to use the Orchard codebase.  When it got officially released I downloaded it, compiled it.. then ran it locally.  Wow, was I ever disappointed.  Orchard is months away from being usable, so here we are in the community with nothing to use.  From what my brief research shows me, at least a year after the release of ASP.NET MVC we have made very little progress in expanding this for people to actually use. 

As harsh as this may sound, I blame Microsoft and I blame the Oxite team. A person named Adam created a discussion on CodePlex stating the following:

October 12, 2009

At the moment, I feel that Oxite is hindering developers from creating new ASP.NET MVC blog engines because Oxite is already there, on the other hand, the current official release of Oxite is missing load of features and cannot be compared to other popular engines.

If you are not planning to release soon or you are very busy, just declare this project as no longer supported to open the chance for other developers to start their own engines...



I totally agree.  People don't want to waste their time recreating the wheel when there is a project already out there.  But here we are, over a year has passed and we have very little ‘real’ stuff to show.

Microsoft needs to get its act together.  Many great developers are abandoning the .NET platform for platforms like Ruby, and if you lose developers you lose the market.  Customers don’t care what platform people use, they just want their problems solved.  If those problems are solved and the developer chooses a non-Microsoft technology, then Microsoft loses.

Maybe Orchard is the answer.  Maybe six months from now this blog post looks like the most foolish blog post on the web.  For now, however, I’m still looking for the next big thing.  What comes after .NET for me professionally?  .NET won’t be around forever and being a fairly young man, I have to look toward the future to keep myself professionally relevant. 

Finding Talent is Hard

October 4, 2009 21:31 by ckincincy

At my current employer, I am the round One interview.  I don’t negotiate or care about salary.  I just talk about .NET.  I have 20 standard questions I ask each and every person, then I throw in a few question specific to their resume. 

Now keep in mind these aren’t hard questions to answer.

What is the difference between session state and viewstate? 

What is the life cycle of an ASP.NET page? 

I don’t go into these interviews looking for a person to know every one of the answers, but there are a few that I consider critical.  I just want to measure their depth and breadth of knowledge of the .NET framework.  What I’ve come to realize is finding talent is hard.  So when I browsed to FoxNews.com and saw this article, I know exactly what they are talking about.  You’d think with unemployment hovering around 10% that talented people would be available.

Then when you do find somebody worth hiring, its not a done deal.  Due to the extremely tight market when you find a developer you want, you are battling with other companies.  Even meeting salary expectations isn’t enough, because of the market the employee can pick and choose which company they want to work for, with little risk of letting a good opportunity pass them by. 

Now just so this post isn’t one big rant I want to throw my thoughts out on a few aspects of this topic.

What does this mean for companies?

1. It means you need to be willing to pay top dollar.  This isn’t a market where you can negotiate down a persons salary.  If they say it is going to take 80K to get them on board, then you need to be prepared to pay 80K.

2. It means you better pay the employees you have.  I’m new to my job, and while money was far from the primary or only factor, it was a factor.  Companies need to pay the employees they don’t want to lose top dollar.  This, surprisingly, isn’t a market where a 5% raise guarantees an employee sticking around.

3. The cost of development has gone up.  The out-sourcing movement has had its affect on the market and there is no India to turn to to drive cost down.  Talented workers are expensive workers.

What can be done about it?

1. Training must be encouraged.  As the previous article stated in another way, you aren’t going to take the factory worker and plug them into these jobs.  People like me have been constantly learning for years to get to where we are.  They need to understand that just because they were a lead worker on their factory line, they will have to be the follower in their new line of work.

2. Government incentives.  I think this is a place where a focused tax benefit could come in handy.  Give companies a significant tax break for hiring entry level workers for these positions.  It cost money to train them and their newbie mistakes cost money.  Give companies a reason to hire relatively new people.

3. College for all.  Yep, the small government Republican just said that.  We need to find a way to get more people into college.  We can’t compete if we don’t have the skills to compete.

What does this mean for the worker?

1. Don’t be afraid to look around.  One of the big causes of the tight job market is that people are afraid to switch jobs.  I’ve never been one to play into this fear much.  I know that with some risk comes reward. 

2. Don’t be afraid to ask for more money.  Lets be real here when I say, they don’t have much of a choice in the matter.

3. Stay up to date on your skills.  This is why there is an allusion of age discrimination in the IT field.  People get comfortable in what they are doing and when technology moves on, they can’t find a job when they need one. 

With all of that being said, my employer is still looking to hire several .NET developers.  If you are interested contact me and let me know.  Going through me, does offer some incentive as I do get a referral bonus.  Not that I’d take it any easier on you in the phone interview, but it sure does make me like you more :-).

[Referenced article in PDF form]


October 19, 2008 19:48 by ckincincy

I've done some odd things in life, but this may be the oddest!  However, I am proud to say, "I AM A PC".

Unless you've been living in a cave you have seen the ads by Microsoft. Many different kinds of people stating how they are a PC, this ad campaign is certainly in retaliation to the Mac vs. PC ad campaign. 

A buddy of mine and I go out to lunch pretty much daily (as he is a co-worker, and fellow programmer).  He was talking about his Halloween costume, dressing up as the PC guy.  And the topic of custom plates came up due to one of the owners of the company we working for recently getting a custom plate of his own.  We determined that when we got back to the office we were going to see if personalized tags were available.  Sure enough we found a few variations of the tag line that we could register.  Since it was his idea I gave him the choice of the primary one "I AM A PC" or a secondary one "IM A PC 2".  He graciously let me have the primary one, and he registered the other.  So here we are with our custom plates!

Here this week we are going to take a photo of both of us side by side and send it into Microsoft's ad campaign.



Categories: .NET | ASP.NET | Microsoft
Actions: E-mail | Permalink | Comments (8) | Comment RSS

Deprecated functions in .NET

October 10, 2008 03:00 by ckincincy

When I started at my employer I inherited a bit of code that was poor at best.  Over the year I've been working with it, I've been refactoring the code significantly. 

Then we hired another developer and this process sped up a bit and I needed to mark some classes as deprecated.  So over time old code could be replaced with the new code.  I've done this before, but had to do a quick search and as an FYI here is the answer:

[Obsolete("Deprecated: Use GetCustomerID", false)]
public int GetCustomer(int custId)
           .... code in here


The first parameter is the warning/error message to show in the compiler.  The second option is whether or not to cause an error.  So basically you can say, this is broke don't use it.  Or this is old, use something else.  The first breaks the code, the second allows it to go on for a bit.

HT: Karpach.com

'.', hexadecimal value 0x00, is an invalid character. Line 1, position...

October 5, 2008 16:00 by ckincincy

Last week we upgraded our company from Sybase to SQL Server 2005.  All of a sudden one of our web applications started throwing this error:

'.', hexadecimal value 0x00, is an invalid character. Line 1, position 198128.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Xml.XmlException: '.', hexadecimal value 0x00, is an invalid character. Line 1, position 198128.

This was happening when I was calling a .NET web service via an ASPX page.  The web service call returned a serialized object:

For understanding, I have a class similar to this:

Model.Customer cust = new Customer();
cust.Id = 1;
cust.Name = "CK IN CINCY";

Now for the code that gave me this error (ie the ASPX code behind):

Model.Customer cust = new Customer();
WebSvc.GetCustomer(1, out cust);

This would blow up.

The web service looked like this:

public int GetCustomer(int Id, out Model.Customer cust)
     // Fill cust object from database
     return 1;

The problem was the data in the database contained null characters.  This is to understood as different than null records.  A null record is self explanitory and can be deal with inside the sql with an isnull call.  The problem was that the record existed but somehow has a null character.  CK IN [NULL CHARACTER] CINCY.  In this case, isnull won't solve the problem.  So after about five hours of searching I found this post.  Which contained this function, which did the trick for me.  Hopefully this saves you 5 hours of your time :-).


/// <summary>
/// Removes control characters and other non-UTF-8 characters
/// </summary>
/// <param name="inString">The string to process</param>
/// <returns>A string with no control characters or entities above 0x00FD</returns>
public static string RemoveTroublesomeCharacters(string inString)
    if (inString == null) return null;

    StringBuilder newString = new StringBuilder();
    char ch;

    for (int i = 0; i < inString.Length; i++)

        ch = inString[i];
        // remove any characters outside the valid UTF-8 range as well as all control characters
        // except tabs and new lines
        if ((ch < 0x00FD && ch > 0x001F) || ch == '\t' || ch == '\n' || ch == '\r')
    return newString.ToString();


Failed to access IIS metabase

August 10, 2008 03:00 by ckincincy

At work we've recently hired a few new developers and they got this error.

Having worked at setting up many development boxes in the past I knew what the issue was, but honestly I need to post about it so I have a quick reference to the fix... and I figured it may help you as well.

The problem?  .NET framework was installed before IIS.  The fix is pretty easy, you need to 'reinstall' the .NET framework.  Thankfully Microsoft makes it fairly easy.

Open up a command line and type the following and you will be good to go.

c:\windows\microsoft.net\framework\v2.0.50727\aspnet_regiis.exe -i

Which will look something like this after the fact:


More info here.

How To List All Session Variables ASP.NET

August 6, 2008 03:00 by ckincincy

Recently I needed to display all Session Variables when a crash would happen.  A crash would happen and I have this website I was working on send me an email with the stack trace and now the session variables.  However I wasn't aware of how to list all session variables, so I went to my friend Google and came up with the following code:

string strSessions;
for(int i=0;i<Session.Count;i++)
       strSessions += Session.Keys[i].ToString() + " - " + Session[i].ToString() + Environment.NewLine;

Works like a champ!

HT: davidj.org

Response.Redirect, Server.Transfer

August 2, 2008 03:00 by ckincincy

After recently launching a website, I had some built in error reporting in it.  Starting seeing a few 'Thread is being Aborted' errors.  I remembered dealing with this at my previous job and that it was related to the Response.Redirect call.

So hopefully with the help of a few of my readers we can put a list of issues related to the various calls that you can make to redirect a user to another page.

Response.Redirect was something I first used in classic ASP.  now due to the nature of that platform I didn't see any issues with it.  But in .NET its a different story.  Microsoft gives us a few versions of this call.

1. Response.Redirect("URL")  - The parameter is just the URL that you want the user sent to.  Pretty strait forward.
2. Response.Redirect("URL", true/false) - The second parameter is what causes the error above.  By default version one of this call sets the second parameter to true.  However what that does is 'abort the thread' so as your page goes down to the next call it will see that the page is being aborted.  By setting this to false, you fix the issue.  However this is not idea because by setting it to true you are getting a bit more overhead on your HTTP traffic because you are telling the server to continue the request. Even though you have moved on.

Server.Transfer is a lot like Response.Redirect in that you have two versions to call.

1. Server.Transfer("URL")
2. Server.Transfer("URL", True/False) - The second parameter determines whether or not you can use the objects (like text boxes) on the original page.  If it is set to true, you can use the objects.  If it is set to false, you can't.  Those items expire when the new page loads.

Now from my reading there are a few other distinct differences between the two.

1. Response.Redirect allows you to redirect to pages external to your site. The Server.Transfer HAS to be on your server.
2. Server.Transfer is just like Response.Redirect with a true passed in.  Except it doesn't throw the original error.  This allows you to save server resources as you transfer from page to page.

Well do you have anything to add?  Did I miss anything?

HT: Microsoft
HT: Karl Moore

Refactoring Code

July 29, 2008 03:00 by ckincincy

When I started at my new job I inherited a website that was, to put it mildly, written poorly.  Unfortunately due to the nature of a fast paced business you can't always take the time to make code right.  You have to just pile bad on top of bad because it works.

However recently I took the time to refactor a page.  Before starting it had 2,411 lines of code... after I was done, 649!!!  What used to be a pain to add onto or edit, is now a breeze. 

So when the time is write, refactor.  It makes life a lot better.  Better yet... write it right to begin with!