 |
|
|
Hello.
This code is excellent...
but i am trying to apply this online.. this is not working.
my according.. when i use http://asd.cmn/asd.css
in this case httphandler is not working..
can u give me solution for this problem. as soon as possible.
Thanks & Regards
Rakesh Yadav
Rakesh Yadav
|
|
|
|
|
|
|
Make sure *.css is mapped for the website in IIS.
Don't ask for something "as soon as possible". This is a volunteer site; those of us who submit articles or answer forums have other things to do besides solve your problems. I make every effort to respond on a timely basis, but that is dependent upon my available time.
only two letters away from being an asset
|
|
|
|
|
|
|
hi,
i downloaded your example, and it works on my machine, but when i implement exactly the same code in my web app, the httphandler code doesnt get hit. I have no idea where i am going wrong. Any pointers?
Thanks!
saumin
|
|
|
|
|
|
|
If you are using the first method you must remember to update the setting for the website to allow *.css files to be processed by the ASP.NET engine.
only two letters away from being an asset
|
|
|
|
|
|
|
I am using your method, where you have the handler code in another Csharp project. Do i have to update the setting for the website to allow *.css files to be processed by the asp.net engine? Please let me know.
Thanks!
Saumin
|
|
|
|
|
|
|
YES. Was this not clear in my first response?
only two letters away from being an asset
|
|
|
|
|
|
|
Hi Mark,
I have one more problem. I have implemented this in my web application. The web app has a login page which also uses the css. After i registered css in asp.net engine, the login page lost all its styling. In the debug mode, i am seeing CSSHandler code is not being hit. Only when i enter username/password and click on submit button, the handler code is being hit. Do you have any suggestions on how i can fix this?
Thanks!
Saumin
|
|
|
|
|
|
|
This works well for me.
I recently upgraded a web project from 1.1 to 2.0 and I was using a http handler to dynamically replace some values in a css document. The handler still worked in 2.0, but the new xhtml doctype that VS 2005 uses was really messing up my styles in mozilla.
If you use a separate handler and register it in your web.config, don't you have to register the .css application extension in IIS? This was the real problem because the css was getting served as text/html instead of text/css, causing FireFox to render the page in Quirks mode.
Using the Generic Handler you provided here works like a charm. Thanks!
|
|
|
|
|
|
|
The "better" method of handling the css files raises a question for me. Maybe the answer is simple but I don't see it.
Anway, the sample shows variables stored in web.config. I have a master page that inherits a basepage where numerous variable values are loaded from database. For example, background color of a page.
With the query string approach I can add those variables to the query string and handle them in the ashx file. However .... how can I send the value of background color and other variables from my basepage on to the handler with the "better" approach.
|
|
|
|
|
|
|
By accessing the database in the handler and substituting the appropriate values.
only two letters away from being an asset
|
|
|
|
|
|
|
Thank you so much for this article, and for taking time to share it!
The reason I would like to underline the above is that the comments you have received are unappreciative, unimaginative, and frankly rude.
When someone sits down to give to the community, it is pretty small of you to try to show off through your comments. If you are so brilliant, I suggest you try writing your own articles. What is wrong with you people?!
I know this is from a while back, but I just came across this today. So, sorry for my late remarks.
- But this is good stuff! It is as simple as it is brilliant, and to me it seems to have a lot of positive implications.
I've been playing around with this for a few hours, and in my opinion you have opened a door to a much better way of managing Themes. It appears this would allow me to dedicate whole sections of my CSS files to specific browser/browser versions (see below).
What I have done so far is to play around with simple whitespace removal. Themes and css friendly controls create a big pile of css files. Even if the size increase from whitespace is marginal, its worth doing when it can be done cheaply. And if I can use a single set of css files on both the development and the production server, I am certainly better off.
A couple of discoveries I would like to share: browsers seem to accept and handle headers on text/css files as well. Hence, you could benefit from adding cache headers. I tried the following headers, and they seem to create the effect I wanted, at least in IE7, FF, and Opera (well, opera goes without saying, as it seems to be caching everything, but..):
Dim reader As System.IO.StreamReader = New System.IO.StreamReader(File)
Dim CSS As String = reader.ReadToEnd()
Using (reader)
'this is not important. this should be regex based
CSS = CSS.Replace(Environment.NewLine, " ")
CSS = CSS.Replace(" ", " ")
End Using
context.Response.Cache.SetExpires(Now.AddDays(10))
context.Response.Cache.SetValidUntilExpires(True)
context.Response.Cache.SetLastModified(Now.ToUniversalTime)
context.Response.Cache.SetMaxAge(New TimeSpan(10, 0, 0, 0))
context.Response.Cache.SetRevalidation(HttpCacheRevalidation.None)
context.Response.Cache.SetCacheability(HttpCacheability.Public) //could be serverandprivate, too.
context.Response.Cache.SetSlidingExpiration(True)
context.Response.BufferOutput = True
context.Response.ContentType = "Text/Css"
context.Response.Write(CSS)
(pardon my vb)
Not sure what would be an ideal configuration of the cache, but I have noted that Firefox seems to go nuts if the ContentType = "Text/Css" is not present.
Looking at the File objects in IE, these headers are added, and the browsers all seem to reuse the cached objects.
Hence, if one can easily add to this varyby browser/version, I suppose this could be a real step towards overcoming all css hacks with asp.net, too?
I imagine one can easily employ regex to handle a css file that uses special comments markup to target specific browsers, e.g.:
/*<Generic>*/
css for all browsers
/*</Generic>*/
/*<ContemporaryBrowsers>*/
css for new browsers
/*</ContemporaryBrowsers>*/
/*<IE6>*/
only for IE6 here.
/*</IE6>*/
etc.
Hope that was constructive. And thank you again!
-- modified at 7:19 Thursday 15th February, 2007
(had to clean it up a little  )
Jo
|
|
|
|
|
|
|
Thanks for the comments. I'm glad you found the article useful, and above all, food for thought. Most here don't want to think, just have it handed to them.
only two letters away from being an asset
|
|
|
|
|
|
|
I agree with the previous comment about security issue.
You must validate which content you are going to sent to client!
Two performance improvements here:
1. I am recommending to use regular expressions instate of String.Replace() it is much faster.
2. CSS content is somthing that not chage frequently, so cache here will increase the server performance and the network utilization. I am recommending to cache the output in the server side (vary by param file) inorder to avoid redundant calculations. In addtion I am recommending to define client side caching (for reasonable yet configurable time frame) inorder to avoid redundant HTTP requests.
Evyatar Ben-Shitrit
|
|
|
|
|
|
|
Agreed. This was a project to demonstrate the concept, not a complete solution for everyone.
Yes, not checking the file extention on the first example was my laziness (and was corrected). As I have pointed out below, however, using the second method, which I point out is a better solution, this is not an issue.
only two letters away from being an asset
|
|
|
|
|
|
|
Your first code example has a serious security issues. Fetching a filename from the querystring like this is dangerous. This way a hacker can download every file from your website, not only the stylesheet files. Your readers should be aware of this.
http://www.cuttingedge.it/blogs/steven/
|
|
|
|
|
|
|
Could you be a little more specific on your reference rather than pointing to your entire blog please? Unless I'm really missing something, which is possible, I don't see a "serious security issues".
As with any code posted here, or elsewhere, it goes without saying, use at your own risk, evaluate it for your needs and circumstances.
only two letters away from being an asset
|
|
|
|
|
|
|
Mark,
I'm really sorry. The link to my blog has nothing to do with my reply. The link was supposed to be shown as signature, but somehow it didn't.
The security issue I tried to point out has to do with the first code example. In this example you read a file name from the querystring like this: string File = context.Request.QueryString["file"];.
Doing this allows anyone to download any file from your website. Look at the example below that enables anyone to download the web.config: http://localhost/Website/CSSHandler.ashx?file=Web.Config.
You are right about the use at own risk, but a little warning about this won't do any harm
My blog
|
|
|
|
|
|
|
Can you show a specific reference to this being a security risk, or is it just your opinion? Bearing in mind your example is also running from localhost and probably under and adminstrator account also.
At most you would be able to get aspx files, code behind, such as cs files are not served by default and would not be accessable under any normal means. If you have logic embedded in you page rather than in the code behind, or better yet business logic layer, than you have larger problems to worry about. If the site were deployed using the precompiled option the only thing accessible would be the placeholder files since it is looking for a physical file, not one compiled into an assembly. There are many aspects to designing and deploying a secure site.
only two letters away from being an asset
|
|
|
|
|
|
|
IIS and the .Net framework actively reject any attempt by a browser to get files with a .config extension. Your example code bypasses that protection by enabling the browser to use your handler to get any named file. A hacker could use it to get your web.config file and view all of the settings IIS has been so careul to protect.
It's common for the web.config file to include database connection strings, for example. Sometimes this will include the server, catalogue, UID and password for a SQL database (no matter how often everyone advises against it).
It's easy enough, of course, to modify your example so that only CSS files can be obtained.
Brian
----@
|
|
|
|
|
|
|
Ah yes I see your point, much better articulated than "I think it's bad". It was a lazy mistake on my part to not check the file extention, not a dangerous serious security issue. Also, using the second method I describe, and point out is a better solution, this is not an issue.
I've updated the article to correct this flaw.
only two letters away from being an asset
|
|
|
|
|
|
|
Mark,
Don't be such a defensive stubborn asset. Wtf, it isn't clear to you after he first articulated the possible risk ?
|
|
|
|
|
|
|
Ahh, i c u r an asset to everyone 
|
|
|
|
|
|
|
This is a great concept and I've been using a solution found at http://www.madskristensen.dk/blog/CommentView,guid,9b4acb83-3ab4-45a0-be95-b4279f4da7d1.aspx
Extremely handy for any CSS development.
michael
|
|
|
|
|
|
|
|
|
|
Yah, I guess it's not so much "better" as "different" - sorry.
Though the solution is not without its own issues, the main advantage I've found is to be able to define the constants within the CSS file as opposed to appsettings. So the CSS file looks like this:
define BG_COLOR = Red;
body
{
background-color: BG_COLOR;
}
You can also use any C# expressions, does some client side cache maanagement which addresses some of the performance issues people are concerned about. It also removes whitespace from the file reducing its size and download time.
But again, just different. The concept is surprisingly handy for larger CSS files.
Thanks again.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin