Community Heart and Vascular:

Link
Title: Cardiology Indianapolis
Description: We currently don’t have any Cardiology Health Professionals in Indianapolis but these are here to help

The Indiana Heart Hospital named one of the nation’s top cardiovascular hospitals by Thomson Reuters four consecutive years.
Thomson Reuters Top 100 Hospitals Cardiovascular 2006-2009The Indiana Heart Hospital has been named one of the nation’s 100 Top Hospitals® for cardiovascular care by Thomson Reuters for four consecutive years.

Thomson Reuters’ annual study-100 Top Hospitals: Cardiovascular Benchmarks-examined the performance of 971 hospitals by analyzing clinical outcomes for patients diagnosed with heart failure and heart attacks and for those who received coronary bypass surgery or percutaneous cardiovascular interventions (PCI) such as angioplasties. The 2009 winners were announced November 16 in Modern Healthcare magazine.

Request validation, a feature of ASP.NET since version 1.1, prevents the server from accepting content containing un-encoded HTML. This feature is designed to help prevent some script-injection attacks whereby client script code or HTML can be unknowingly submitted to a server, stored, and then presented to other users. We still strongly recommend that you validate all input data and HTML encode it when appropriate.

For example, you create a Web page that requests a user’s e-mail address and then stores that e-mail address in a database. If the user enters <SCRIPT>alert(”hello from script”)</SCRIPT> instead of a valid e-mail address, when that data is presented, this script can be executed if the content was not properly encoded. The request validation feature of ASP.NET prevents this from happening.

Why this feature is useful

Many sites are not aware that they are open to simple script injection attacks. Whether the purpose of these attacks is to deface the site by displaying HTML, or to potentially execute client script to redirect the user to a hacker’s site, script injection attacks are a problem that Web developers must contend with.

Script injection attacks are a concern of all web developers, whether they are using ASP.NET, ASP, or other web development technologies.

The ASP.NET request validation feature proactively prevents these attacks by not allowing unencoded HTML content to be processed by the server unless the developer decides to allow that content.

What to expect: Error Page

The screen shot below shows some sample ASP.NET code:

Running this code results in a simple page that allows you to enter some text in the textbox, click the button, and display the text in the label control:

However, were JavaScript, such as <script>alert("hello!")</script> to be entered and submitted we would get an exception:

The error message states that a ?potentially dangerous Request.Form value was detected?? and provides more details in the description as to exactly what occurred and how to change the behavior. For example:

Request validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Disabling request validation on a page

To disable request validation on a page you must set the validateRequest attribute of the Page directive to false:

<%@ Page validateRequest="false" %>Caution: When request validation is disabled, content can be submitted to a page; it is the responsibility of the page developer to ensure that content is properly encoded or processed.

Disabling request validation for your application

To disable request validation for your application, you must modify or create a Web.config file for your application and set the validateRequest attribute of the <pages /> section to false:

<configuration> <system.web> <pages validateRequest="false" /> </system.web> </configuration>If you wish to disable request validation for all applications on your server, you can make this modification to your Machine.config file.

Caution: When request validation is disabled, content can be submitted to your application; it is the responsibility of the application developer to ensure that content is properly encoded or processed.

The code below is modified to turn off request validation:

Now if the following JavaScript was entered into the textbox <script>alert("hello!")</script> the result would be:

To prevent this from happening, with request validation turned off, we need to HTML encode the content.

How to HTML encode content

If you have disabled request validation, it is good practice to HTML-encode content that will be stored for future use. HTML encoding will automatically replace any ‘<’ or ‘>’ (together with several other symbols) with their corresponding HTML encoded representation. For example, ‘<’ is replaced by ‘&lt;’ and ‘>’ is replaced by ‘&gt;’. Browsers use these special codes to display the ‘<’ or ‘>’ in the browser.

Content can be easily HTML-encoded on the server using the Server.HtmlEncode(string) API. Content can also be easily HTML-decoded, that is, reverted back to standard HTML using the Server.HtmlDecode(string) method.

Resulting in:

This is a continuation of an article on client side state management. This section will discuss hidden fields and ASP.Net viewstate.

Hidden Fields

The next client side state management technique for ASP.Net is hidden fields. Hidden fields have been around for a long time. This is where you place a text field control on your html page. Then you set the control to hidden. That means that your user cannot see the control or its value on the page when the page loads. It is sitting silently in the background undetected. Well, not exactly.

Hidden fields are not displayed on the web browser, but if you view source, you can see both the hidden field and it’s value. Not very secure. They do allow you to post information to other pages, or back to the same page.

The disadvantages of hidden fields?
Increases the HTML size of the page.
You still cannot store structured data
Because you can view page of an HTML page, there is no security
There is no way to persist the data
So even though hidden fields provide some value to your web page, there are still serious limitations that have to be overcome to make it viable as a safe and secure way to store sensitive data from your app.
ViewState
Next on our list of client side state management methods is Viewstate. This is an ASP.Net tool that allows you to maintain the state of your controls like textbox and listbox across page postbacks.

Viewstate has advantages the other 3 methods don’t have. One of the most important is the ability of viewstate to support structured data. This means that control values are maintainable across page postbacks.

Using viewstate can be easy for nonpostback controls.

//use a keyvalue pair to save an object to viewstate.
ViewState["sName"] = strName;

//Then to retrieve viewstate you have to convert to the object type
//by unboxing the object using an explicit conversion.
string sRetrieve;
sRetrieve = (string) ViewState["sName"];

Disadvantages of viewstate
The more controls you have on the form the larger the size of viewstate and the larger the size of the HTML you send back and forth to the server.
Only works when pages postback to themselves.
You can’t persist data to other pages.
Even though the viewstate data is encrypted, it would be easy to hack the encrypted data. So you still don’t want to save connection strings, passwords or credit card information in viewstate. The really cool thing about viewstate is it’s ability to save structured data. Makes it very valuable to pass structured data back to itself on a page instead of going back to the database and re-retrieving the info or recreating the information each time.

Since viewstate is saved as HTML, ASP.Net gives you the ability to disable viewstate for individual controls, for entire pages, for an entire application and even for an entire machine. Very powerful.

For an individual control, just change the EnableViewState property to false to disable the control’s viewstate. When a page doesn’t postback to itself, meaning it is always sent to a new page, you can disable the page viewstate by addding a page directive.

 <%@ Page EnableViewState=”false” %>

At the application level you turn off view state in the web.config file. By disabling viewstate here, you disable the ability of any page to postback to itself and remember it’s control’s values.

 <pages enableViewState=”false” >

So, to summarize, there are 4 types of client side state management techniques. You can use querystrings, hidden fields, cookies and viewstate. They all have their advantages and disadvantages. You have to weigh the need to save the data before you can choose the proper technique. If you want to save structured data you have to choose viewstate. You want to persist data until the next time the user comes to your site? Then your choice is cookies. You want to hide information on a form and then send it to another site, then use hidden text boxes. Send information to another page, use the querystring.

But, remember the limitations of all of them. They are all client side, and they all have limited ability to secure data from the prying eyes of others. To increase security use Session state which is a server side state management technique.

If your page doesn’t load slowly and you are not on a web farm, this little tipp might help you. Most people suggest to add the following attributes to the Page directive:

 

<pages enableEventValidation=“false“ viewStateEncryptionMode =“Never“

 

This is known to be a security risk and in my case it didn’t fix the problem.

I think I found another way to eliminate the Error, add this to your Button which triggers the Postback Event:

Just post it back to the same site explicitly and you should be fine.

Edit: Another discovery, you can use the maxPageSateFieldLength attribute of the Pages element in the web.config. That will split the viewstate across multiple hidden fields if the content length is larger than maxPageSateFieldLength.

Hope that helps!

Introduction

ReSharper is undoubtedly the most intelligent add-in to Microsoft Visual Studio. It comes equipped with a rich set of features that greatly increase the productivity of C# and Visual Basic.NET developers. With ReSharper, you get in-depth code analysis, intelligent coding assistance, on-the-fly error highlighting, solution-wide analysis, quick error correction, code formatting & cleanup in one go, industry-leading set of automated code refactorings, advanced integrated unit testing solution, and powerful solution-wide navigation and search. Essential ReSharper features are available in C#, VB.NET, XML, ASP.NET, XAML, and build scripts. ReSharper provides extensive cross-language functionality for C# and VB.NET which enables .NET developers to efficiently handle mixed projects.

Interested? Find out more about key ReSharper features below.

About ReSharper 4.5

We have just released the long-awaited ReSharper 4.5!

After significantly expanding the set of ReSharper features in previous releases, we’ve shifted focus to the issues of performance and memory usage. Making the tool more agile, robust and responsive was our main goal when developing ReSharper 4.5. Facing the challenge common to all modern productivity-enhancing tools for developers, we’ve managed to provide strong performance levels in major areas. Particularly, ReSharper 4.5 loads solutions and websites about 30% faster, searches for commonly used members more than twice as fast as version 4.1, takes approximately 45% time less than before on typing and IntelliSense assistance. Memory consumption on analyzing large files has been greatly reduced, which should benefit ASP.NET and LINQ to SQL developers. Overall, the range of solutions that ReSharper is able to handle without degrading responsiveness has now grown wider than ever.

ReSharper Performance Improvements

ReSharper 4.5 also brings a wide-ranging set of improvements that go way beyond performance enhancements:

• New solution-wide warnings and suggestions: Analyze usage of non-private types and type members on-the-fly within your whole solution.
• Visual Basic 9 support: ReSharper’s cross-language refactorings and editing experience enhancements now support VB9 code, including implicitly typed local variables, object initializers, anonymous types, extension methods, and more.
• Improved setup for naming conventions: You can now define custom naming style settings for different languages and symbols, and precisely align the way ReSharper completes and generates code with your specific coding guidelines.
• New Inline Field refactoring and productivity enhancements in existing refactorings.
• Go to Implementation: Go from usage of a base type or member straight to any of its end implementations, bypassing intermediate abstract classes and/or interfaces.

To get your hands on the new, faster ReSharper, download it now!

ReSharper Key Features

In-depth Analysis of C# 3.0 Code

ReSharper analyzes errors and warnings in your C# code across your whole solution and highlights them in the editor on the fly (while you type). For most errors it offers to solve the problem instantly, with intelligent quick-fixes. It also offers code suggestions and hints, which provide insights into code structure and logic to draw your attention to potential design flaws. You can also annotate your code to make ReSharper analyze it even better.

ReSharper provides comprehensive support for C# 3.0, including LINQ, implicitly typed locals and arrays, extension methods, automatic properties, lambda expressions, object & collection initializers, anonymous types, expression trees, and partial methods. Whenever there’s an error or inefficiency in your C# 3.0 code, ReSharper will let you know instantly.

• Read more about C# code analysis »

Advanced Coding Assistance

ReSharper offers a number of shortcuts for streamlining common coding tasks to increase your productivity and save your time. In the screenshot above, ReSharper smartly suggests to insert a missing using or Import directive right after you’ve entered a type name. It also enables you to quickly generate code using various code templates, view documentation for types and their members right in the editor, and perform code transformations using the so-called “context actions”, and a lot more.

ReSharper extends and improves native Visual Studio IntelliSense with three types of Code Completion. Symbol Completion only suggests types accessible at the current location. Smart Completion works at the right-hand side of assignments, filtering the list of methods and variables to match the expected type of expression. Import Symbol Completion, completes the names of types and extension methods available in the current project; it also automatically adds the appropriate using directives when necessary. In addition, there’s Complete Statement – a feature that inserts necessary syntax elements (braces, semicolons etc.) and gets you to the position to start the next statement, all with a single shortcut.

• Read more about ReSharper’s advanced coding assistance »

Numerous Code Refactorings

ReSharper provides the richest set of automated code refactorings for C# 3.0 and Visual Basic available in the Visual Studio ecosystem:

Change Signature	Copy Type	Make Method Non-Static (Non-Shared)
Convert Abstract Class to Interface	Encapsulate Field	Make Method Static (Shared)
Convert Anonymous to Named Type	Extract Class from Parameters	Move Static Member
Convert Extension Method to Plain Static	Extract Interface	Move Type to Another File or Namespace
Convert Indexer (Default Property) to Method	Extract Method	Move Type to Outer Scope
Convert Interface to Abstract Class	Extract Superclass	Pull Members Up
Convert Method to Indexer (Default Property)	Inline Method	Push Members Down
Convert Method to Property	Inline Variable/Field	Rename
Convert Property to Auto-Property	Introduce Field	Replace Constructor with Factory Method
Convert Property to Method(s)	Introduce Parameter	Safe Delete
Convert Static to Extension Method	Introduce Variable	Use Base Type where Possible

Each code refactoring analyzes the entire scope of the code selection to which it is applied (which can be as wide as your whole solution), including cross-language code, and uses this insight to update the code structure in the most intelligent way possible. You can rename, move, and safe delete symbols; introduce and inline fields, variables, and parameters; convert properties to auto-properties and methods, static to extension methods, and a lot more. In addition, all kinds of simpler code transformations (which are just as convenient and useful) are made possible with Quick-Fixes and Context Actions.

• Read more about refactoring C# and VB.NET code with ReSharper »

Navigation and Search

Whenever you need to find a certain type, field, method, or any other symbol, ReSharper provides you with a variety of ways to do it. You can find a symbol by name, navigate to a symbol declaration from its reference in the code, or find and highlight symbol usages. You can also use a single shortcut for all navigation actions available at the current position, called Navigate From Here.

In addition, ReSharper enables you to thoroughly review type hierarchies and file structures, with its dedicated tool windows that are smartly integrated into the Visual Studio user interface.

ReSharper extends the set of navigation and search features with Recent Edits, a drop-down list that shows files and symbols that you recently modified.

• Read more about navigation and search »

Code Cleanup

Code Cleanup is a shortcut for a dozen of ReSharper features, letting you reformat your code according to a customizable style, arrange ‘this’ qualifier, remove code redundancies, convert properties with backup fields to auto-properties, make fields read-only if possible, optimize using directives, shorten qualified references, update file header, replace explicit types with vars, and revamp your C# code with many more settings.

For VB.NET, you can optimize ‘import’ directives, shorten qualified references, and reformat your code according to a formatting style. Code Cleanup works in batch mode, so that you can instantly clean the whole project or even solution.

• Read more about Code Cleanup »

Cross-Language Functionality

For mixed C# and VB.NET projects, ReSharper helps you keep all parts of code working together smoothly and navigate around your code with ease.

All navigation and search actions take code in all languages into account, including C#, VB.NET, ASP.NET, and XAML. You can navigate to usages, declarations, inheritors, base types and more – across languages. Automated reference correction resulting from the use of refactorings, context actions or quick-fixes also covers both major languages whenever possible. Unit testing is available and equally useful for unit tests written in either C# or VB.NET.

• Read more about ReSharper’s cross-language functionality »

ASP.NET Support

Now, you can edit ASP.NET files with both pleasure and increased productivity. Take advantage of error highlighting, quick-fixes, context actions, coding assistance, navigation, refactoring, and other features. With ReSharper, you can edit and refactor C# code within ASP.NET as well as Web control properties and events, data sources, and content placeholders, without hassle.

• Read more about ASP.NET support »

XML Support

ReSharper offers a number of time-saving XML features, including type completion; navigation to referenced types; highlighting, replacing and moving tags; navigating between tags and to opening/closing tags; useful coding assistance; and live templates.

• Read more about XML Support »

XAML Support

XAML features include XML editing in XAML code, all of ReSharper’s standard code completion features, several refactorings (including Rename refactoring), and on-the-fly error, syntax and semantic analysis. The screenshot above shows how Smart Code Completion works in XAML resources.

• Read more about XAML Support »

Integrated Unit Testing

ReSharper automatically detects unit tests in your code and offers comprehensive unit testing support. You are able to run and debug tests right from the code editor. At the same time, a dedicated Unit Test Explorer window lets you see the structure of your unit tests and run any combination of tests in one or more unit test sessions.

• Read more about Unit Testing with ReSharper »

NAnt and MS Build Scripts Editing

Advanced editing capabilities, previously available only for C#, are now extended to NAnt and MSBuild scripts. Full coding assistance, many navigation and search features, File Structure, on-the-fly error highlighting, and quick-fixes are provided for build scripts.

• Read more about NAnt and MS Build Scripts Editing »

To get the full story on ReSharper’s feature set, please visit the ReSharper Features page.

Why ReSharper

With unparalleled support for C# 3.0, Visual Basic .NET, XML, XAML, and ASP.NET, including comprehensive cross-language functionality, ReSharper is sure to satisfy more Visual Studio developers than ever before.

The tool decreases the time you spend on routine, repetitive handwork and gives you more time to focus on the task at hand. Its robust set of features for automatic error-checking and code correction cuts development time and increases your efficiency. You’ll find that ReSharper quickly pays back its cost in increased developer productivity and improved code quality. With ReSharper, .NET developers can experience what we mean when we say “Develop with pleasure!”