Loading blog entries.. loading

Blogs which referenced tag: [ASP.NET]


URL Rewrite Rules used by WayneYe.com

Written by Wayne Ye  Sunday, October 16, 2011

I've successfully transferred my website to winhost, now the architecture is IIS 7.5 + ASP.NET 4.0 + SQL Server 2008 R2 + HTML5, this blog post is a summary about URL Rewrite Rules used by WayneYe.com.

RESTful URL for blogs

Blog posts are absolutely the soul of a blog website, comparing with blog URL format: "/yyyy/MM/{Blog_Title}", I actually prefer "/Blog/{Blog_Title}", more simpler/shorter, in additional and more important, generally speacking,valuable content is valuable no matter when it was posted, for example, a developer is searching C# covariance & contravariance articles, two articles separately posted on 3/28/2010 and 1/25/2011 won't make ANY difference for this developer.

Now that all my blogs take URI format like: "http://WayneYe.com/Blog/{Blog_Title}", it is so called "Permalink", I must ensure there is no duplicate blog titles (not case sensetive even if I can enable URL case sensitive through IIS manager, it would be quite confuse to the end user), so actually in my backend blog post page I did a DB check for existing blog titiles:)

Here is the Blog URL rewrite config XML stored in my Web.config:

 <rule name="BlogPermalinkRewrite">
    <match url="^Blog/([A-Za-z0-9-_()^%]{1,})$" />
    <action type="Rewrite" url="ViewBlog.aspx?Permalink={R:1}" />

Navigate Links

That's so simply, rewrite to an ASPX page under a matched directory:

 <rule name="NaviAlbum" patternSyntax="ExactMatch">
    <match url="Album" />
    <action type="Rewrite" url="Album/Index.aspx" />
<rule name="NaviVideo" patternSyntax="ExactMatch">
    <match url="Video" />
    <action type="Rewrite" url="Video/Index.aspx" />
<rule name="NaviTags" patternSyntax="ExactMatch">
    <match url="Tags" />
    <action type="Rewrite" url="Tags/Index.aspx" />
<rule name="NaviVisitRecord" patternSyntax="ExactMatch">
    <match url="VisitRecord" />
    <action type="Rewrite" url="VisitRecord/Index.aspx" />
<rule name="NaviAboutMe" patternSyntax="ExactMatch">
    <match url="AboutMe" />
    <action type="Rewrite" url="AboutMe/Index.aspx" />


These three type of URLs are similar, but makes a log of sense to a website comforming REST.

 <rule name="CategoryRewrite">
    <match url="^Category/([A-Za-z0-9-_/]{1,})$" />
    <action type="Rewrite" url="ShowBlogs.aspx?Condition=Category&amp;Cat={R:1}" />
<rule name="BlogTagRewrite">
    <match url="^Tag/(.*)$" />
    <action type="Rewrite" url="SearchTag.aspx?t={R:1}" />
<rule name="ArchiveYearRewrite">
    <match url="^Archive/(\d{4})$" />
    <action type="Rewrite" url="ShowBlogs.aspx?Condition=Time&amp;Year={R:1}" />
<rule name="ArchiveYearMonthRewrite">
    <match url="^Archive/(\d{4})/(\d{2})$" />
    <action type="Rewrite" url="ShowBlogs.aspx?Condition=Time&amp;Year={R:1}&amp;Month={R:2}" />
<rule name="ArchiveYearMonthDayRewrite">
    <match url="^Archive/(\d{4})/(\d{2})/(\d{1,2})$" />
    <action type="Rewrite" url="ShowBlogs.aspx?Condition=Time&amp;Year={R:1}&amp;Month={R:2}&amp;Day={R:3}" />

Define Atom/RSS feeds MIME type

WayneYe.com programmatically generates Atom/RSS feeds in plain XML format, the two XML file exists phisically under Feeds/Atom/Atom.xml and Feeds/RSS/RSS.xml, other then rewrite URL for both, one more important thing to do is override the "text/xml" MIME type to follow the standard:

  1. Atom feeds MIME type should be "application/atom+xml"
  2. RSS feeds MIME type should be "application/rss+xml".

To achieve this needs a little bit more work: intercepting response stream and overriding server variable, this requires adding an "Allowed Server Variables": this is done by the following steps:

View Post»


AJAX Cross-Origin HTTP request

Written by Wayne Ye  Friday, April 1, 2011


Cross-Origin Request Sharing - CORS (A.K.A. Cross-Domain AJAX request) is an issue that most web developers might encounter, according to Same-Origin-Policy, browsers restrict client JavaScript in a security sandbox, usually JS cannot directly communicate with a remote server from a different domain. In the past developers created many tricky ways to achieve Cross-Domain resource request, most commonly using ways are:

  1. Use Flash/Silverlight or server side as a "proxy" to communicate with remote.
  2. JSON With Padding (JSONP).
  3. Embeds remote server in an iframe and communicate through fragment or window.name, refer here.

And so on..

Those tricky ways have more or less some issues, for example JSONP might result in security hole if developers simply "eval" it, and #3 above, although it works, both domains should build strict contract between each other, it neither flexible nor elegant IMHO:)

W3C had introduced Cross-Origin Resource Sharing (CORS) as a standard solution to provide a safe, flexible and a recommended standard way to solve this issue. 


From a high level we can simply deem CORS is a contract between client AJAX call from domain A and a page hosted on domain B, a tipical Cross-Origin request/response would be:

DomainA AJAX request headers

Host DomainB.com
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0) Gecko/20100101 Firefox/4.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,application/json
Accept-Language en-us;
Accept-Encoding gzip, deflate
Keep-Alive 115
Origin http://DomainA.com 

DomainB response headers

Cache-Control private
Content-Type application/json; charset=utf-8
Access-Control-Allow-Origin DomainA.com
Content-Length 87
Proxy-Connection Keep-Alive
Connection Keep-Alive

The blue parts I marked above were the kernal facts, "Origin" request header "indicates where the cross-origin request or preflight request originates from", the "Access-Control-Allow-Origin" response header indicates this page allows remote request from DomainA (if the value is * indicate allows remote requests from any domain).

View Post»


IP Address to Geolocation

Written by Wayne Ye  Thursday, December 30, 2010


Few months ago I found an interesting website: http://ipinfodb.com/, it provided API which could "translate" any IP Address into a geography location including City/Region/Country as well as latitude/longitude and time zone information, to invoke its API, a registered API key is required (which is free). Since beforehand I stored visitor's IP Addresses into my own database, I decided to utilize InfoDB API to store visitor's GEO locations.

Just few days ago, I casually emitted an idea: summarize those GEO location records and display them on Google Map, hum, it is feasible:)

So, the process is: Track visitor's IP addresses -> "Translate" them to Geography location -> Show them on Google Map!

(PS, I've been used Google Analytics for my Geek Place - http://WayneYe.com for more than two years, it is no double extremely powerful, and it already contains a feature "Map Overlay", however, due to privacy policy, Google Analytics does NOT display visitor's IP address, see http://www.google.com/support/analytics/bin/answer.py?hl=en&answer=86214).


The first task I need to do is track visitor's IP Address, most of the time, user visits a website in browser submits an HTTP GET request (an HTTP data package) based on Transmission Control Protocol (most of the time) , browser passed the ball to DNS server and DNS server delivered the request to the designation - the web host server, during the process, the original Http request was possibly transferred through a number of routers/proxies and many other stuff, the request's header information might have been updated: Via (Standard HTTP request header) or X-Forwarded-For (non-standard header but widely used), could be the original ISP's information/IP Address OR possibly one of the proxy's IP Address.

So, usually the server received the request and saw Via/X-Forwarded-For header information, it got to know visitor's IP address (NOT all the time, some times ISP's IP address), in ASP.NET, it is simply to call Request.UserHostAddress, however, we can never simply trust this because of two major reasons:

  1. Malicious application can forge HTTP request with modified X-Forwareded-To header (for example: X-Forwarded-To: dangerous code), if you are unlucky to trust it and have it inserted into Database, then SQL Injection hole will be utilized by Malicious application.

  2. Not all the visitors are human-been, part of them could be search engine spiders, I must distinguish human visitors and spiders, otherwise for example, I will be happy to see a lot of "visitors" came from "Mountain View, CA" ^_^.

For #1: I use regular expression to validate the string I got from Request.UserHostAddress:
public static Boolean IsValidIP(string ip)
if (System.Text.RegularExpressions.Regex.IsMatch(ip, "[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}"))
string[] ips = ip.Split('.');
if (ips.Length == 4 || ips.Length == 6)
if (System.Int32.Parse(ips[0]) < 256 && System.Int32.Parse(ips[1]) < 256
& System.Int32.Parse(ips[2]) < 256 & System.Int32.Parse(ips[3]) < 256)
return true;
return false;
return false;
return false;

If the result is "", I will

View Post»


Utilize gzip compression in IIS

Written by Wayne Ye  Friday, December 10, 2010

GZIP format is developed by GNU Project and standardized by IETF in RFC 1952, which MUST be considered by web developers to improve their websites' performance, there are several Quintessential articles documented using gzip compression, they are:

10 Tips for Writing High-Performance Web Applications
Best Practices for Speeding Up Your Web Site
How To Optimize Your Site With GZIP Compression
IIS 7 Compression. Good? Bad? How much?

A gzip compressed HTTP package can significantly save bandwidth thus speed up browser rendering after use hitting enter, so that user experience got improved finally, nowadays most of the popular browsers such as IE, Firefox, Chrome, Opera support gzip encoded content (please refer: http://en.wikipedia.org/wiki/HTTP_compression).

PS: the other compression encoding is deflate, "but it's less effective and less popular" (refer: http://developer.yahoo.com/performance/rules.html). Yahoo uses gzip compression and suggest developers do that:


Compression in IIS

For ASP.NET developer who host website

View Post»


这几天研究Url Rewrite:)

Written by Wayne Ye  Friday, March 21, 2008

在开发这个自己用的Blog时,决定认真研究一下以前接触过的URL Rewrite,我见过类似这样的域名: xxx.com/Archive/2008/03/21/,一直不知道怎么实现的,正好借这次机会研究一下。


其实简单点说,个人觉得对于ASP.NET开发者实现URL Rewrite基本有3种途径:

1. 修改IIS ISAPI扩展,例如把”.xx”交给aspnet_isapi.dll ISAPI 扩展,就成了这样:”xxx.htm?q=blah”,这样就是最简单直接的SEO,但由于我是虚拟主机所以我仅仅只在本地试了下,不知道精英科技的管理面板是否支持,我没有试。
2. 修改WebConfig,添加

View Post»