Good web site http://css-tricks.com/

http://www.andybudd.com/archives/2004/02/css_crib_sheet_3_centering_a_div/

body {
	text-align: center;
	min-width: 600px;
}

#wrapper {
	margin:0 auto;
	width:600px;
	text-align: left;
}

Web 2.0 addresses the new web technologies that are used to bring more interactivity to web
applications.

Additionally, Web 2.0 also includes a behavioral shift on the web, where users are
encouraged to customize their own content on web applications rather than view static/
generic content supplied by an organization.

In addition to the technology and behavior changes, Web 2.0 can also mean the shift
from shrink-wrapped software to software as a service.

Another aspect of Web 2.0 are mash-up and plug-in pages. (Personal google page)

Injection attacks are based on a single problem that persists in many technologies: namely,
no strict separation exists between program instructions and user data (also referred to as
user input). This problem allows for attackers to sneak program instructions into places
where the developer expected only benign data. By sneaking in program instructions, the
attacker can instruct the program to perform actions of the attacker’s choosing.

Input Injection

SQL Injection

SELECT id FROM user_table WHERE username = '' OR 1=1 -- ' AND password
= PASSWORD('x')

Injection attacks are not necessary blind attacks. Many web applications are developed
with open-source tools. To make injection attacks more successful, download free or
evaluation copies of products and set up your own test system. Once you have found an
error in your test system, it is highly probable that the same issue will exist on all web
applications using that tool.

Cure: 1. constrain data types, escape user input, prepared statements (the best)

XPath Injection

//users[username/text()='admin' and password/text()='' or '1'='1' ]/id/text()

Command Injection (Escape)

Directory Transversal Attacks
XXE (XML eXternal Entity) Attacks (prohibit the external entity in XML parser)

LDAP Injection
whitelisting characters—that is, allow
alphanumeric characters (a–z, A–Z, and 0–9) and deny all other characters.
Buffer Overflows
The injection aspect of buffer overflows is that the attacker injects
machine instructions (called shell code) into some user input. The attacker somewhat needs to
know where the shell code will end up in the memory of the computer running the web
application. Then the attacker overwrites the return address to point to the memory location
of the shell code.

                                               Security

HTTP offers integrated mechanisms for authenticating users. Collectively referred to as HTTP authentication, these mechanisms provide a way for users to be authenticated without the necessity of any server-side programming logic. This can be especially helpful for restricting access to static resources (such as images or HTML files). Of course, server-side scripts can also implement HTTP authentication, although Web developers often authenticate users in the application logic itself.

There are two basic types of HTTP authentication:

• Basic authentication

• Digest authentication

An elegant solution to these types of problems is SSL, Secure Sockets Layer. In 1994, Netscape released the specification of Secure Sockets Layer. By 1995, version 3.0 of SSL was released, and it has since taken the Web by storm. SSL has dramatically changed the way people use the Web, and it provides a very good solution to many of the Web's shortcomings, most importantly:

• Data integrity— SSL can help ensure that data (HTTP messages) cannot be changed while in transit.

• Data confidentiality— SSL provides strong cryptographic techniques used to encrypt HTTP messages.

• Identification— SSL can offer reasonable assurance as to the identity of a Web server. It can also be used to validate the identity of a client, but this is less common.

A digital certificate is a document that declares that a particular public key is owned by a particular Web site (see Figure 18.3). The CA's role is very similar to a notary whose responsibility is to ensure the correct identity of people signing a legal document.

SSL is basically a protocol that employs both symmetric and asymmetric cryptography to protect messages that use TCP as the transport-level protocol. Because of the high performance expense of asymmetric cryptography, it is only used to exchange the randomly generated symmetric key that is then used for the symmetric encryption of the HTTP messages.

https on port 443

Whenever a Web browser connects to a Web site over a secure connection, it requires that the SSL certificate the Web server presents meets three main conditions:

• The domain name on the certificate must match the domain name the Web browser believes itself to be requesting a resource from.

• The certificate must be valid (not expired).

• The certificate must be signed by a trusted certificate authority (CA).

Transport Layer Security (TLS) is a formally standardized version of SSL. The biggest difference, in fact, is that TLS is defined and maintained by an international standards body, the Internet Engineering Task Force (IETF). SSL is developed and maintained by Netscape.

One of the advantages of the IETF's involvement in TLS is that they also control the HTTP protocol. This situation can possibly be credited for RFC 2817, which describes a method for using the Upgrade general header to upgrade to HTTP over TLS. The significance of this is that it allows for a change in protocol without having to utilize a separate port. Thus, a Web server that supports this technique can implement TLS over port 80. An example of a Web client's request is the following:

GET / HTTP/1.1 
Host: 127.0.0.1 
Upgrade: TLS/1.0 
Connection: Upgrade 

A Web server that accepts this upgrade will issue an HTTP response similar to the following:

HTTP/1.1 101 Switching Protocols 
Upgrade: TLS/1.0, HTTP/1.1 
Connection: Upgrade 

At this point, a typical SSL handshake will take place over the current connection. It is sometimes confusing to consider that the SSL handshake can take place over port 80 at this point while the Web server can still accept normal HTTP requests over the same port. Note that the upgrade only affects the current TCP connection. Just as a Web server does not (barring extremely odd memory collisions) send the wrong HTTP response to the wrong Web client, it can also keep protocol upgrades straight.

Maintaining State

If a unique response per client is desired, something in the HTTP request itself must be unique.

Once a method of state management has been established, you need only to authenticate the user once. Because state management provides a way to identify a Web client, user identification simply requires that you remember which user is associated with which client upon authentication.

When I speak of maintaining state, I am only speaking of client identification, which is accomplished by associating multiple HTTP requests.

Maintaining session, on the other hand, requires two related tasks:

• Identifying the client (state management)

• Retaining information about the client

Although cookies are most often described in conversation as if they are entities (for example, "a Web server sends you a cookie"), they are much easier to understand at a functional level if you consider them an extension of the HTTP protocol, which is actually more correct. Cookies can be defined as the addition of two HTTP headers:

• Set-Cookie response header

• Cookie request header

    A common question seen on mailing lists and discussion forums for Web developers is how to test whether the client is accepting cookies, and many people do not understand the answer. As is evident in Figure 11.3, it is impossible to determine whether the client accepted the cookie until the second request is sent (step 3 in the figure). If the cookie is included in the second request, the client accepted it. If not, the client rejected it.

Some developers choose to force the issue of determining whether the client accepts cookies by redirecting the client to a second URL upon entrance.

Cookies have become a source of privacy concern in recent years. As with most technologies in the computer industry, this reputation has been earned by the misuse of the technology more than the technology itself.

Whether using files or a database to store the session information, there are three basic elements you will want to store for each session's record:

• Unique identifier

• Timestamp of last access

• Client data

Improve the performance

Caching can refer to many concepts. The general meaning of cache is to store a copy of something to prevent the necessity of retrieving it again. When speaking of Web development, there are three main types of caching:

• Caching on the server— Storing a complete or partially generated resource on the server to keep from having to regenerate it.

• Caching on the client— Storing a resource on the client to keep from having to receive the entire resource again.

• Proxy caching— Storing a resource on a proxy to allow direct replies to an HTTP request rather than having to receive the entire resource from the origin server again.

Although there are many side advantages to caching, there are three core benefits:

• Improve response time from a user perspective— This is what most Web developers focus on, the user experience.

• Lessen network load— Many Web developers overlook this metric because bandwidth is often viewed as an expendable resource, where more can be purchased as needed.

• Lessen server load— This metric is more difficult to overlook, as it directly impacts the user experience in terms of performance and reliability (stressed servers fail more often).

It is important to remember that an HTTP response completes the HTTP transaction. Many people new to Web development have a difficult time distinguishing between server-side code (code that executes on the server) and client-side code (code that executes on the client). Scripting languages such as PHP, ColdFusion, and JSP are executed on the server, and their output is included in the HTTP response. In fact, their output is the content of the HTTP response, and most modern Web scripting languages also allow for some manipulation of the HTTP as well, such as altering or adding headers, changing status codes, and so on. Once the Web client receives the HTTP response, the transaction is complete. The Web client will then render the page, execute client-side scripts such as JavaScript, load images (by issuing separate GET requests), and so on.

With HTTP/1.1, persistent connections are the default behavior. This means that the Web server will not close the connection after sending the HTTP response unless the client intends to close the connection after receiving it. In this case, the client will include the following header in the HTTP request:

          
            Connection: close 
          
        

Alternatively, the server can close the connection upon sending the HTTP response, although it should be polite and include the same header as shown previously so that the Web client expects this action.

An HTTP response is broken into the following three logical pieces:

• Status line

• HTTP headers

• Content

An example status line is as follows:

HTTP/1.1 200 OK 

The status line contains three elements:

• The version of HTTP being used, in the format HTTP/x.x

• The status code

• A short description of the status code

There are three types of HTTP headers allowed in a response:

• General headers

• Response headers

• Entity headers

Status codes are grouped into the following ranges:

• Informational (100-199)

• Successful (200-299)

• Redirection (300-399)

• Client error (400-499)

• Server error (500-599)

• 100 Continue
• 101 Switching Protocols
• 200 OK
• 400 Bad Request
• 401 Unauthorized
• 403 Forbidden
• 404 Not Found
• 500 Internal Server Error
• 502 Bad Gateway
• 503 Service Unavailable

Content-Disposition, combined with a proper Content-Type header, provides the developer absolute control over the interpretation of the resource's media type.

Server: new a socket –> bind to listen port –> Accept a connection –> send/receive –>close
Client: new a socket –> connect –>send/receive –> close

http://myname:mypass@httphandbook.org:80/mydir/myfile.html?myvar=myvalue#myfrag

HTTP is often referred to as a stateless protocol. Although this is accurate, it does little to explain the nature of the Web. All this means, however, is that each transaction is atomic, and there is nothing required by HTTP that associates one request with another. A transaction refers to a single HTTP request and the corresponding HTTP response.

When I speak of a connection in HTTP, I refer to a TCP connection.

A single connection can support multiple HTTP transactions. In many cases, multiple HTTP transactions are required to properly render a URL in a Web browser due to images and other associated content.

Get and Post

GET and POST basically allow information to be sent back to the webserver from a browser (or other HTTP client for that matter).

Imagine that you have a form on a HTML page and clicking the "submit" button sends the data in the form back to the server, as "name=value" pairs.

Choosing GET as the "method" will append all of the data to the URL and it will show up in the URL bar of your browser. The amount of information you can send back using a GET is restricted as URLs can only be 1024 characters.

A POST on the other hand will (typically) send the information through a socket back to the webserver and it won't show up in the URL bar. You can send much more information to the server this way - and it's not restricted to textual data either. It is possible to send files and even binary data such as serialized Java objects!

A PUT allows you to "put" (upload) a resource (file) on to a webserver so that it be found under a specified URI. DELETE allows you to delete a resource (file). These are both additions to HTTP/1.1 and are not usually used. HEAD returns just the HTTP headers for a resource. TRACE and OPTIONS are also HTTP/1.1 additions and also rarely used.

Although client-side data validation can add to user convenience by avoiding unnecessary HTTP transactions, you should never depend on this technique to ensure the data is valid.

          GET /search?hl=en&q=HTTP&btnG=Google+Search HTTP/1.1 Host: www.google.com
User-Agent: Mozilla/5.0 Galeon/1.2.0 (X11; Linux i686; U;) Gecko/20020326 Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9, text/plain;q=0.8,
video/x-mng,image/png,image/jpeg,image/gif;q=0.2, text/css,*/*;q=0.1 Accept-Language:
en Accept-Encoding: gzip, deflate, compress;q=0.9 Accept-Charset: ISO-8859-1, utf-8;q=0.66,
*;q=0.66 Keep-Alive: 300 Connection: keep-alive
        

Broken down, the request line is

An HTTP request, which is the message sent from a Web client to a Web server, is comprised of three basic elements:

• Request line

• HTTP headers

• Content

The first line of an HTTP request is always the request line. The request line specifies the request method, the location of the resource, and the version of HTTP being used. These three elements are delimited by spaces. For example:

GET / HTTP/1.1 

This example specifies the GET request method, the resource located at / (document root), and HTTP/1.1 as the version of protocol used.

The second section of an HTTP request is the headers. HTTP headers include supporting information that can help to explain the Web client's request more clearly. There are three types of HTTP headers that can appear in a request:

• General headers

• Request headers

• Entity headers

There is no requirement pertaining to the order of the headers. Also, because entity headers specify information about the content, they are rarely present in HTTP requests.

In general, it is fairly easy to discern which category a header belongs to. Request headers specifically relate to something unique to an HTTP request, such as the User-Agent header which identifies the client software being used. General headers are common headers that can (at least theoretically) be used in either an HTTP request or an HTTP response. Entity headers relay information about the content itself (the entity). As this request has no content, it also lacks entity headers.

There are eight request methods in HTTP/1.1: GET, POST, PUT, DELETE, HEAD, TRACE, OPTIONS, and CONNECT. HTTP/1.0 specifies three methods (GET, HEAD, and POST), although four others are implemented by some servers and clients claiming to be HTTP/1.0. The support for these four other methods (PUT, DELETE, LINK, and UNLINK) is inconsistent and mostly undefined, although they are each briefly referenced in Appendix D of RFC 1945, the HTTP/1.0 specification.

A GET request is basically a request to receive the content located at a specific URL. Obtaining a URL using the GET method allows users to bookmark the URL, create a link to the URL, email the URL to a friend, and the like. There is a limited amount of data that can be sent from the Web client using get, and this limit is very inconsistently implemented.

The POST method is commonly supported by browsers as a method of submitting form data.
As with the query string of a URL, the data in a POST consists of name/value pairs separated by the & character. Special characters are URL encoded, and the Content-Type header references this fact.

For many forms, the POST method is preferable.

The PUT method is not nearly as common as GET or POST. However, it is useful in certain situations because it allows the Web client to send content that will be stored on the Web server.
It should be noted that the PUT method is very rarely implemented in Web clients. A common misconception is that the PUT method is required for uploading files. However, this capability is actually an enhancement to the POST method as identified in RFC 1867, "Form-based File Upload in HTML".

HEAD is a very useful request method for people who are interested in finding out more information about the way a certain transaction behaves. The HEAD method is supposed to behave exactly like GET, except that the content is not present. Thus, HEAD is like a normal GET request with all of the HTML stripped away.

TRACE is another diagnostic request method. This method allows the client to gain more perspective into any intermediary proxies that lie between the client and the server. As each proxy forwards the TRACE request on route to the destination Web server, it will add itself to the Via header, with the first proxy being responsible for adding the Via header. When the response is given, the content is actually the final request including the Via header.

Sometimes it is helpful to simply identify the capabilities of the Web server you want to interact with prior to actually making a request. For this purpose, HTTP provides the OPTIONS request method.

The CONNECT request method is reserved explicitly for use by intermediary servers to create a tunnel to the destination server. The intermediary, not the HTTP client, issues the CONNECT request to the destination server.
The most common use of the CONNECT method is by a Web client that must use a proxy to request a secure resource using SSL (Secure Sockets Layer) or TLS (Transport Layer Security). The client will tunnel the request through the proxy so that the proxy will simply route the HTTP messages to and from the Web server without trying to examine or interpret them.

Accept Header

Authorization Header
Once the browser has successfully authenticated with a Web server in this way, it will appear to a user as if all further requests do not require reauthentication. However, due to the stateless nature of the Web, every request must include the Authorization header, otherwise the server will respond with a 401 Unauthorized response. The convenient behavior of most modern Web browsers involves the browser storing the access credentials and sending the Authorization header with all HTTP requests for a URL within a domain previously discovered to be protected. Because this utilizes the browser's memory, this convenience lasts as long as the browser (at least one instance of the browser) remains active, and the user will be unaware that this authentication takes place in subsequent requests. This can be a very important factor when debugging HTTP authentication, because if you receive a 401 Unauthorized response without being prompted for a username and password, this suggests that the browser is using incorrect credentials in the Authorization header. Restarting the browser will resolve this situation.

http://vimeo.com/6960507

http://www.noupe.com/design/101-css-techniques-of-all-time-part-1.html

http://www.noupe.com/css/101-css-techniques-of-all-time-part2.html

http://www.noupe.com/menu/7-advanced-css-menu-for-your-next-design.html

http://www.roscripts.com/8_web_menus_you_just_can%5C%5C%27t_miss-116.html

http://www.toxel.com/design/2009/01/11/top-50-best-css-articles-and-resources/

http://www.smashingmagazine.com/2009/07/20/50-new-css-techniques-for-your-next-web-design/

http://www.schillmania.com/projects/dialog2/
http://www.schillmania.com/projects/dialog2/basic.html

from: http://www.cnblogs.com/me-sa/archive/2009/10/17/9way1to1m.html

http://www.mytino.com/cn/group/group_details.php?id=204606&group_id=113

http://www.wpftutorial.net/WPFIntroduction.html

http://psd.tutsplus.com/tutorials/interface-tutorials/photoshop-paper-texture-from-scratch-then-create-a-grungy-web-design-with-it/

Add “overflow:hidden;” when background picture does not repeat.

http://nixbox.com/lavalamptest.html?e=Bounce

WCF + REST  http://msdn.microsoft.com/en-us/netframework/cc950529.aspx

Ext JS http://extjs.com/products/extjs/

Aptana http://www.aptana.com/

http://teethgrinder.co.uk/open-flash-chart/gallery-js-2.php

IIS 6 doesn't handle extensionless URLs. You'll need to change your routes to use the .mvc extension.

For example,

  routes.Add(new Route("Links.mvc/{categoryName}",...

Make sure that IIS 6 maps .mvc to the aspnet_isapi.dll.

http://learn.iis.net/page.aspx/387/using-visual-studio-2008-with-iis-70/

Using Visual Studio 2008 with IIS 7.0

Author: Mike Volodarsky

Published on March 05, 2008 by mvolo

Updated on March 12, 2008 by mvolo

Average Rating   Rate It (0) Thank you for your feedback!

Tags

IIS 7.0 Visual Studio 2008 debugging publishing web site web application

Introduction

Visual Studio® provides several options for working with IIS when developing web sites and applications. These include the Web application and Web site projects.  In Visual Studio 2008, these features receive a much awaited upgrade to properly support IIS 7.0 in Windows Vista® and Windows Server® 2008. In addition, the recently released Web Deployment Project 2008 also provides support for IIS 7.0.

This article provides an overview of using Visual Studio 2008 Web development features with IIS 7.0, including information on the steps necessary to enable these features to work correctly.

Prerequisites

To use Visual Studio 2008 to work with Web sites and applications on your local machine, do the following:

1. Install IIS 7.0
2. Install ASP.NET
3. Install IIS 6.0 Metabase Compatibility
On Windows Vista, open the Control Panel, click Programs and Features, click the Turn Windows features on and off link, check the “Internet Information Services” check box, as well as the “Web Management Tools \ IIS 6 Management Compatibility \ IIS Metabase and IIS 6 configuration compatibility” and “World Wide Web Services \ Application Development Features \ ASP.NET” check boxes under it.  

On Windows Server 2008, use the Server Manager tool to install the Web Server (IIS) role, and add the “Management Tools \ IIS 6 Management Compatibility \ IIS 6 Metabase Compatibility” and “Application Development \ ASP.NET“ role services. For more information, see Installing IIS 7.0 on Windows Server 2008.

To use Visual Studio 2008 to work with Web sites and applications on a remote machine, see the "Using Visual Studio 2008 with a Remote IIS 7.0 Server" section later in this article.

Starting Visual Studio 2008 as Administrator

Certain tasks, including debugging and creating local IIS applications, require starting Visual Studio as a user with Administrative privileges. On Windows Vista, and Windows Server 2008 when not running as the built-in Administrator account, this requires right-clicking the Visual Studio 2008 icon in the Start Menu and choosing “Run As Administrator”.

To make this process easier, you can create a shortcut and check the “Run this program as an administrator” check box in the Compatibility tab of the shortcut properties.

Create a New IIS 7.0 Web Site or Application Project

Visual Studio provides two conceptual models for working with Web applications: the Web site project model, and the Web application project model.

While both options allow you to create Web applications and publish them to an IIS 7.0 server, they do have significant differences in how the corresponding ASP.NET application is built and deployed. Some of the differences between the two models are:

• The Web application project option requires the source application files to be located on the local file system, or, on a network share. However, you can subsequently publish the Web application to a remote IIS 7.0 Web site by using a network share, FTP, or Front Page Server Extensions.
• The Web site project option allows you to connect directly to a local IIS 7.0 Web site, or to a remote IIS 7.0 Web site by using a network share, FTP, or Front Page Server Extensions. With the Web site project, you work directly with the content of your IIS 7.0 Web site and there is no project file.

You can find the detailed explanation of the two models and their differences in http://msdn2.microsoft.com/en-us/library/aa730880(VS.80).aspx.

Note: Visual Studio 2008 provides the options to create a New project and Open an existing project.  This does not necessarily mean that you must create a new IIS web application or open an existing application – you can use either of the options with an existing IIS web application.

To create a new project using the Web application project option:

• In Visual Studio, use the “File menu \ New \ Project ...” option and select the “ASP.NET Web Application” template.

Note: Unlike the Web site project option, you must place the application files on the local file system or a network share, and later use the Publish option to publish the contents of your application to an IIS 7.0 Web site.

To publish the project to an IIS 7.0 Web site:

1. Create the IIS 7.0 Web site using IIS Manager, AppCmd, or another configuration tool.

For more information, see http://technet2.microsoft.com/windowsserver2008/en/library/f6c26eb7-ad7e-4fe2-9239-9f5aa4ff44ce1033.mspx?mfr=true. Alternatively, use an existing IIS 7.0 Web site.

2. In Visual Studio, use the "Build \ Publish" option to publish the contents of your Web application to an IIS 7.0 Web site.

Note: The Publish Web dialog by default publishes only the parts of your project that comprise your web application - it does not publish the project file, obj directory, and other files. This is important because exposing these components to your web users may be a security risk.

By clicking the "…" button, you can chose one of the four options for publishing your Web site:

• File System. When using this option, Visual Studio opens / creates the web application as a folder, and uses the built-in ASP.NET Development Server to host the Web site. This option may be sufficient for basic testing of ASP.NET applications – however, this mode does not support running ASP.NET applications in Integrated mode, and it does not support application technologies other than ASP.NET (such as PHP, ASP, CGI, etc).
• Local IIS. When using this option, Visual Studio allows you to publish your application files to a local IIS 7.0 Web site or application. You can also use the dialog to create new IIS 7.0 applications or virtual directories to publish your files to.
• FTP Site. When using this option, Visual Studio supports editing your application files if they are shared through FTP.  You can still use Visual Studio to debug your applications by configuring the URL of your application in project start settings. For more information, see Using Visual Studio 2008 with a Remote IIS 7.0 Server section later in this article.
• Remote Site. Using this option, Visual Studio can connect to a remote IIS server. To use this option, you need to have Front Page Server Extensions installed on the remote server and configure your Web site to use FPSE.  For more information on this, see the "Using Visual Studio 2008 with a Remote IIS 7.0 Server" section later in this article.

You can also map the Web application project directory as a virtual directory on the local IIS 7.0 installation by opening the project Properties, clicking the “Web” tab, and using the “Create Virtual Directory” button.  You can use the “Create Virtual Directory” option as a quick way to host your Web application locally on IIS without going through the “Publish Web” option.

However, this option is not generally recommended because it places all of the project files, source files, object files, and other temporary files in the servable namespace of the IIS 7.0 virtual directory, which may result in a security risk.  Using the Publish options which by default only publish the web servable portions of the project is a better practice.

3. Configure debugging.

By default, projects created using the Web application project model use the built-in ASP.NET Development Server when testing or debugging your project.

This provides a convenient way to test your ASP.NET application without IIS 7.0 – however, we recommend that you instead configure Visual Studio to test your application in the IIS 7.0 environment.  The reasons for this are:

• The ASP.NET Development Server does not support hosting ASP.NET applications in Integrated mode, which is the default mode of operation used by IIS 7.0. This may introduce differences in application behavior. 
• The ASP.NET Development Server does not support many of the IIS configuration features, so if your application relies or uses them, it’s behavior may be different or incorrect when hosted under the ASP.NET Development Server.
• The ASP.NET Development Server does not support hosting portions of your application that utilize application technologies other than ASP.NET, such as PHP, CGI, and other third party frameworks.

If you are developing on Windows Vista, you can easily take advantage of IIS 7.0 to test your application locally using the same environment it will be on when it is deployed - use the "Create Virtual Directory" option or the Publish Web dialog as discussed earlier in this article. 

Alternatively, you can configure Visual Studio to connect to the a remote IIS 7.0 server to which you publish your application.

In those cases, you can configure Visual Studio to debug your application in the IIS 7.0 environment. To do this, right-click on the project node, chose "Properties …", and click the "Web" tab.  In the "Web" tab, select the "Use IIS Web server" radio button and type in the base URL of your Web application on the remote server.

For more information on configuring remote debugging, see "Debugging IIS 7.0 Web Applications" later in this article.

To create a new project using the Web site project option:

1. Create the IIS 7.0 Web site using IIS Manager, AppCmd, or another configuration tool. For more information, see http://technet2.microsoft.com/windowsserver2008/en/library/f6c26eb7-ad7e-4fe2-9239-9f5aa4ff44ce1033.mspx?mfr=true. Alternatively, use an existing IIS 7.0 Web site.

2. In Visual Studio, use the “File menu \ New \ Web Site …” option to create a new Web site project using the IIS 7.0 Web site you created.

In the “New Web Site” dialog, select one of the Visual Studio Web site templates, such as the ASP.NET Web Site.

Next, indicate where this web site should be located. To do this, click the “Browse …” button, which displays a dialog similar to what you get when publishing a Web application project.  Here, click the “Local IIS” button again to select an existing Web site or application on the local machine, or create a new Web application or virtual directory to host your project files. 

Alternatively, you will have the option to place your new Web site project on the local File System for use with the ASP.NET Development Server, upload it to a remote server using FTP, or upload it to a remote IIS server using Front Page Extensions.  For more information on connecting to a remote server, see the "Using Visual Studio 2008 with a Remote IIS 7.0 Server" section later in this article.

To Open an Existing IIS 7.0 Web Site or Application

To create a project based on an existing IIS 7.0 Web site:

1. Open the existing IIS 7.0 Web site using the “File menu \ Open \ Web Site …” option. 

Click “Local IIS” to connect to the local IIS 7.0 server. 

In the resulting dialog, you can select the Web site or a child application to open.  Alternatively, you can use the “Create New Web Application”, “Create New Virtual Directory”, and “Delete” buttons in the top right hand corner to manage the web site hierarchy.

Note: Be sure to back up your configuration first before making changes.

If you do not have IIS 7.0 or any of the prerequisites installed, Visual Studio 2008 displays a message when you attempt to connect to the Local IIS server telling you to install the required components. To do this, see the "Prerequisites" section earlier in this article.

Note: Visual Studio provides several different options for working with existing Web sites, in addition to connecting to an existing IIS 7.0 Web site. These options include:

• File System. When using this option, Visual Studio opens / creates the web application as a folder, and uses the built-in ASP.NET Development Server to host the Web site. You can use this option to connect to an existing IIS 7.0 web site by opening its virtual directory’s root folder on the local file system or through a network share.
• FTP Site. When using this option, Visual Studio supports editing your application files if they are shared through FTP. For more information, see the "Using Visual Studio 2008 with a Remote IIS 7.0 Server" section later in this article.
• Remote Site. Using this option, Visual Studio can connect to a remote IIS server. To use this option, you need to have Front Page Server Extensions installed on the remote server and configure your Web site to use FPSE.  For more information on this, see the "Using Visual Studio 2008 with a Remote IIS 7.0 Server" section later in this article.

2. Configure debugging. 

If you have opened an existing IIS 7.0 Web site using the Local IIS or Remote Site options, your project is automatically configured to use the IIS 7.0 Web site when debugging so no further action is necessary (the Remote Site option requires additional configuration to enable remote debugging, as explained later in the article). 

If you have opened your Web site project using the File System or FTP site options, it is by default configured to use the ASP.NET Development Server for testing and debugging. It is recommended that you configure Visual Studio to use the IIS 7.0 server on which the Web site is located for debugging.

To do this, right-click on the Web site project node, chose "Start Options ...".  In the dialog, select "Use custom server" radio button and type in the base URL of your Web application on the remote server.

Using Visual Studio 2008 with a Remote IIS 7.0 Server

In order to open an existing Web site or create a new Web site on a remote IIS server, you can use many of the options mentioned earlier:

• File System. You can create a file share pointing to the root virtual directory of your Web application, and use the "File System" option to connect to it.  To use this option, select the "File System" button in the “Open Web Site” dialog. You then have to configure the URL of your application in project start settings to be able to debug the application using Visual Studio. You cannot create new IIS Web sites, applications, or virtual directories on the remote machine using this option.

• FTP Site. If your Web site or application files are shared using FTP, you can access these files using this option. You then have to configure the URL of your application in project start settings to be able to debug the application using Visual Studio. To use this option, select the "FTP Site" button in the "Open Web Site" dialog.  You cannot create new IIS Web sites, applications, or virtual directories on the remote machine using this option.

• Remote Site.  This option uses Front Page Server Extensions to connect to a remote IIS server.  To use this option to connect to a remote IIS 7.0 server on Windows Server 2008 or Windows Vista computers, you first need to install Front Page Server Extensions on the remote computer.

Connect to an IIS 7.0 Web site using FTP

You can use the FTP Site option if you have used FTP to share the IIS 7.0 virtual directory you want to publish to.

Note: When using FTP, you cannot create or edit IIS 7.0 Web sites, applications, or virtual directories, but you can publish and edit files.

To use this option, provide the address of the FTP server, the port, the directory to which you are connecting, and logon credentials if not using anonymous access.

For more information on using the FTP server included in Windows Vista and Windows Server 2008, see FTP Site Setup (IIS 6.0). To use the new FTP 7.0, which is available as a download from IIS.NET, see Adding FTP to a Web Site.

Connect to an IIS 7.0 Web Site Using Front Page Server Extensions

You can use the Remote Site option if you have shared the IIS 7.0 Web site you want to publish to using Front Page Server Extensions. Unlike the FTP Site option, you can create and edit IIS 7.0 applications and virtual directories when using this option.

Front Page Server Extensions for IIS 7.0 are available as a free download for Windows Vista and Windows Server 2008.   For more information on installing and enabling Front Page Server Extensions for IIS 7.0 Web sites, see Installing Front Page Server Extensions for IIS 7.0.

To quickly enable a remote Web site to be used with the “Remote Site” option in Visual Studio, do the following:

1. Download and install FPSE on the remote IIS 7.0 server. The provided installer automatically installs all required IIS 7.0 components.

2. Create an IIS 7.0 web site to connect to (optional, if the site does not already exist).

3. Enable either Basic Authentication or Windows Authentication methods for the Web site. This is required for FPSE to be able to manage the site.

Note: If you use Basic authentication, the username and password are transmitted in clear text so you should not use it for connecting to web sites over public networks unless you also use SSL to protect the communication.

4. Enable the web site to be managed with FPSE. You can do this by executing the following from the command line:

> "%CommonProgramFiles%\Microsoft Shared\Web Server Extensions\50\bin\owsadm.exe" -o install -p LM/W3SVC/<SITEID> -u <USERNAME>

Where <SITEID> is the site id of the Web site you want to enable for FPSE, and the <USERNAME> is the Windows account that can act as FPSE administrator.

5. Connect to the site Using the “Remote Site” option in the Open Web Site dialog or the New Site dialog. This allows you to connect to an existing Front Page Server Extensions – enabled web site, or create new Web applications and virtual directories.

If you receive the following error dialog during connection, double-check that you have installed FPSE on the remote server, and have enabled FPSE management for the Web site you are attempting to connect to.

If you are using Windows authentication for your FPSE-enabled Web site, Visual Studio attempts to authenticate using the account under which it was started.  If this authentication fails, it prompts you to provide credentials for authentication with the remote server. 

If you are using Basic authentication, Visual Studio immediately prompts you for credentials.

Note: Basic authentication sends credentials in clear text, so it can lead to unintended disclosure of your username and password if the site is not protected with SSL. For this reason, we recommend using Windows authentication for intranet environments, and using Basic authentication over SSL for internet environments.

If you have not enabled a suitable authentication method (Windows Authentication, Basic Authentication, or Digest Authentication), you receive the following error dialog when connecting. Turn on one of the above authentication methods to fix this problem.

Note: The "New Web Site …" button in the "Remote Site" dialog cannot be used to create a new IIS 7.0 Web site.  Instead, it is used to create a new Web application with the specified path for an existing Front Page Server Extensions – enabled IIS 7.0 Web site.

Debugging IIS 7.0 Web Applications

After you have opened a Web site or application in Visual Studio, you can take advantage of Visual Studio debugging features to test it. In doing so, you have the following options:

• Use F5 debugging to debug from Visual Studio. If you have opened an IIS 7.0 Web site project using one of the options discussed earlier, this gives you the most convenient way to debug your web application. You can debug it simply by pressing F5, and then interacting with your application using a browser window. In the rest of this article, we will focus on this option.
• Attach to the IIS worker process directly. If you know which IIS worker process is hosting your application, you can use this option to attach directly to that process.

Use F5 to Debug a Local IIS 7.0 Web Application from Visual Studio

F5 debugging provides the most convenient way to debug your Web application with Visual Studio. To use it, do the following:

1. Open an IIS 7.0 Web site using one of the options discussed earlier.

2. Select the project file to which you want to make the initial request (optional).

3. Set the desired breakpoints in your application source code (optional, you can also set them during debugging).

4. Press F5 to begin debugging.  Visual Studio will make an initial request to the IIS 7.0 web application, attach to the hosting IIS worker process, and open a new browser window where you can interact with your application.

In order to successfully debug a local IIS 7.0 Web application, you must meet the following requirements:

1. Be logged on as a user that has Administrative privileges on the local computer (Either the built-in Administrator account, or an account that is a member of the built-in Administrators group).

2. Start Visual Studio in Administrator mode by right-clicking the Visual Studio 2008 icon in the Start menu, and selecting “Run As Administrator”. 

If you do not do this, Visual Studio receives a filtered UAC token and cannot debug.

If you have opened an ASP.NET application using the “File System” option, Visual Studio by default starts the ASP.NET Development Server to host your application.  In this option, IIS 7.0 is not involved, and you are not required to be an Administrator to debug your application.

However, when using the ASP.NET Development Server, you do not have the full range of features and services that IIS 7.0 environment provides, which may make your application behave differently from when it is deployed on IIS 7.0. This includes the following:

• No support for ASP.NET Integrated Mode.
• No support for IIS 7.0 features such as compression, native URL authentication, request filtering, and others.
• No support for application technologies other than ASP.NET, such as PHP, ASP, CGI, and others.

Use F5 to Debug a Remote IIS 7.0 Web Application from Visual Studio

You can use F5 to debug an IIS 7.0 Web application running on a remote server. The process is similar to what was described earlier for debugging local IIS 7.0 applications, but requires additional configuration to enable remote debugging to take place.

In addition, you must open the remote IIS 7.0 Web site or application project using the File System, FTP Site or Remote Site options as discussed in the "Using Visual Studio 2008 with a Remote IIS 7.0 Server" section earlier in this article.

In order to successfully debug a remote application, you must also meet the following requirements:

1. Install the Remote Debugging components on the server machine. For more information, see How to: Set Up Remote Debugging.

2. Run the Remote Debugging monitor (msvsmon.exe) on the server machine.  See notes further about how to do this properly.

3. Open the required firewall ports for remote debugging. 

When you run msvsmon.exe for the first time on the remote machine, it warns you if the ports are not open, and offers to open them automatically. If you want to configure the firewall manually or to see which ports are opened, see How to: Manually Configure the Windows Vista Firewall for Remote Debugging.

4. If you are using a Web application project and publishing to a remote IIS 7.0 server, or if you have opened the remote Web site project using the "File System" or "FTP Site" options, you must configure Visual Studio project start options to enable debugging.

To do this for a Web site project, right-click on the Web site project node, chose "Start Options …".  In the dialog, select "Use custom server" radio button and type in the base URL of your Web application on the remote server.

For a Web application project, right-click on the project node, chose "Properties …", and click the "Web" tab.  In the "Web" tab, select the "Use IIS Web server" radio button and type in the base URL of your Web application on the remote server.

This process is described in detail earlier in the article.

5. Configure permissions to allow debugging to take place.  See notes further about how to do this properly.

How you run the Remote Debugging monitor (msvsmon.exe) and configure your permissions depends on whether your are operating in a domain or workgroup environment.

To set up remote debugging in a workgroup environment

1. Create an account with the same username and password on both the Visual Studio 2008 client computer and the remote server computer. This account must have Administrative rights on the remote server computer.

Note: If you are using Windows Authentication in your application, this account must be the built-in Administrator account.  This means that the built-in Administrator account must have the same password on both computers.

2. Log on to the remote server computer using the account created in Step 1, and run the Visual Studio 2008 Remote Debugger from the Start menu by right-clicking it, and choosing "Run As Administrator".

This is important – otherwise the Remote Debugging monitor receives a UAC-filtered token and cannot debug IIS worker processes.

Note: Do not use the RunAs.exe command to run the msvsmon.exe process, as this always results in a UAC-filtered token and prevents debugging from working.

You also have an option to run the Remote Debugging monitor as a service by opening the Visual Studio 2008 Remote Debugger Configuration Wizard from the Start menu.  If using this option, you must configure the Remote Debugging monitor to log on using the account created in Step 1.  You then also must grant the corresponding account the "Log On As A Service" right in the computer’s Local Security Policy console.

3. Log on to the Visual Studio 2008 client computer with the account created in step #1.  Run Visual Studio 2008 by right-clicking its icon in the Start menu, and choosing "Run As Administrator".

Note: It is very important to both log in using the account created in Step 1, and use the "Run As Administrator" option when running Visual Studio.  As mentioned in Step 1, the account you are using MUST be an Administrative user on the remote server machine.

4. Open the remote IIS 7.0 Web site (using the File System, FTP Site or the Remote Site option).

If you are using Windows Authentication in your IIS 7.0 Web site, you must be running Visual Studio 2008 using the built-in Administrator account and therefore also running the Remote Debugging monitor on the remote computer using the built-in Administrator account. The password for the Administrator account must be the same on the client and remote server computers.

In addition, you can do the following:

• Use the FTP Site option to connect to the remote IIS 7.0 Web site, and use Anonymous authentication. Then, you do not need to use the built-in Administrator account, as long as the account you are using is an Administrative user on the remote server computer.

• Use the Remote Site option to connect to the remote IIS 7.0 Web site, and use Basic or Digest authentication. Then, you do not need to use the built-in Administrator account, as long as the account you are using is an Administrative user on the remote server computer.

If you need to use Windows Authentication in your IIS 7.0 Web site, and you cannot use synchronized Administrator accounts, you must turn off UAC on the remote server computer and reboot prior to attempting to debug.  This is not recommended for production servers as it may negatively affect the security of your server.

To set up remote debugging in a domain environment

Debugging in a domain environment is simpler to configure. To debug in a domain environment, you must:

1. Make the domain account you will be using to run Visual Studio 2008 a member of the Administrators group on the remote server computer.

2. Log on to the remote server computer using the domain account, and run the Remote Debugging monitor (msvsmon.exe) using the "Run As Administrator" option.

You also have an option to run the Remote Debugging monitor as a service by right clicking the Visual Studio 2008 Remote Debugger Configuration Wizard from the Start menu, and choosing "Run As Administrator".  You can let the Remote Debugging monitor service run as LocalSystem.

3. Log on to the Visual Studio 2008 client computer with the domain account.  Run Visual Studio 2008 by right-clicking its icon in the Start menu, and choosing "Run As Administrator".

4. Open the remote IIS 7.0 Web site using the FTP Site or the Remote Site option.

http://weblogs.asp.net/scottgu/archive/2007/11/19/visual-studio-2008-and-net-3-5-released.aspx

Quick Tour of Some of the New Features

Visual Studio 2008 and .NET 3.5 contain a ton of new functionality and improvements.  Below are links to blog posts I've done myself as well as links to videos you can watch to learn more about it:

VS 2008 Multi-Targeting Support

VS 2008 enables you to build applications that target multiple versions of the .NET Framework.  This means you can use VS 2008 to open, edit and build existing .NET 2.0 and ASP.NET 2.0 applications (including ASP.NET 2.0 applications using ASP.NET AJAX 1.0), and continue to deploy these application on .NET 2.0 machines.  You can learn more about how this works from my blog post here:

• VS 2008 Multi-Targeting Support

ASP.NET AJAX and JavaScript Support

.NET 3.5 has ASP.NET AJAX built-in (no separate download required).  In addition to including all of the features in ASP.NET AJAX 1.0, ASP.NET 3.5 also now includes richer support for UpdatePanels integrating with WebParts, ASP.NET AJAX integration with controls like <asp:menu> and <asp:treeview>, WCF support for JSON, and many other AJAX improvements.

VS 2008 and Visual Web Developer 2008 also now have great support for integrating JavaScript and AJAX into your applications.  You can learn more about this from my blog posts here:

• VS 2008 JavaScript Intellisense
• VS 2008 JavaScript Debugging
• VS 2008 ASP.NET AJAX Control Extender Support
• VS 2008 JavaScript Intellisense for Silverlight

You can watch some videos that discuss ASP.NET AJAX and Visual Studio 2008 support for it here. 

I also highly recommend the excellent ASP.NET AJAX in Action book to learn more about ASP.NET AJAX (both client-side and server-side).

VS 2008 Web Designer and CSS Support

VS 2008 and Visual Web Developer 2008 Express includes a significantly improved HTML web designer (the same one that ships with Expression Web).  This delivers support for split-view editing, nested master pages, and great CSS integration.  Below are some articles I've written that discuss this more:

• VS 2008 Web Designer and CSS Support
• VS 2008 Nested Master Page Support
• VS 2008 Vertical Split View Support
• VS 2008 Support to Treat CSS and JavaScript Validation Issues as Warnings instead of Errors

ASP.NET 3.5 also has a new <asp:ListView> control that provides the ability to perform rich data scenarios with total control over the markup.  It works nicely with the new CSS support in VS 2008.  You can learn more about it from my article here:

• ASP.NET 3.5 ListView Control

You can watch some videos that discuss the new Visual Studio 2008 web designer features and the new ListView/DataPager controls here. 

Language Improvements and LINQ

The new VB and C# compilers in VS 2008 deliver significant improvements to the languages.  Both add functional programming concepts that enable you to write cleaner, terser, and more expressive code.  These features also enable a new programming model we call LINQ (language integrated query) that makes querying and working with data a first-class programming concept with .NET. 

Below are some of the articles I've written that explore these new language features using C#:

• Automatic Properties, Object Initializer and Collection Initializers
• Extension Methods
• Lambda Expressions
• Query Syntax
• Anonymous Types

Here are a few additional blog posts I've written that show off some of the new VS 2008 code editing support and some cool ways to use these new language features:

• VS 2008 Code Editing Features
• Tip/Trick: Building a ToJson() Extension Method using .NET 3.5
• The C# ?? null coalescing operator (and using it with LINQ)
• Using LINQ to XML (and how to build a custom RSS Feed Reader with it)

The Visual Basic team has also created some great free videos that cover LINQ.  You can watch them here.

Data Access Improvements with LINQ to SQL

LINQ to SQL is a built-in OR/M (object relational mapper) in .NET 3.5.  It enables you to model relational databases using a .NET object model.  You can then query the database using LINQ, as well as update/insert/delete data from it.  LINQ to SQL fully supports transactions, views, and stored procedures.  It also provides an easy way to integrate business logic and validation rules into your data model.  Below are some of the articles I've written that explore how to use it:

• Part 1: Introduction to LINQ to SQL
• Part 2: Defining our Data Model Classes
• Part 3: Querying our Database
• Part 4: Updating our Database
• Part 5: Binding UI using the ASP:LinqDataSource Control
• Part 6: Retrieving Data Using Stored Procedures
• Part 7: Updating our Database using Stored Procedures
• Part 8: Executing Custom SQL Expressions
• Part 9: Using a Custom LINQ Expression with the <asp:LinqDataSource> control

I think you'll find that LINQ and LINQ to SQL makes it much easier to build much cleaner data models, and write much cleaner data code.  I'll be adding more posts to my LINQ to SQL series in the weeks and months ahead (sorry for the delay in finishing them earlier - so much to-do and so little time to-do it all!).

Scott Stanfield is also working on creating some great LINQ to SQL videos for the www.asp.net site based on my article series above (all videos are in both VB and C#).  You can watch the first 4 videos in this series here.

Browsing the .NET Framework Library Source using Visual Studio

As I blogged a few weeks ago, we will be releasing a reference version of the .NET Framework library source code as part of this release.  Visual Studio 2008 has built-in debugger support to automatically step-into and debug this code on demand (VS 2008 can pull down the source for the appropriate .NET Framework library file automatically for you).

We are deploying the source servers to enable this right now, and will be publishing the steps to turn this feature on in the next few weeks.

Lots of other improvements

The list above is only a small set of the improvements coming.  For client development VS 2008 includes WPF designer and project support.  ClickOnce and WPF XBAPs now work with FireFox.  WinForms and WPF projects can also now use the ASP.NET Application Services (Membership, Roles, Profile) for roaming user data. 

Office development is much richer - including support for integrating with the Office 2007 ribbon, and with Outlook.  Visual Studio Tools for Office support is also now built-into Visual Studio (you no longer need to buy a separate product).

New WCF and Workflow projects and designers are now included in VS 2008.  Unit testing support is now much faster and included in VS Professional (and no longer just VSTS).  Continuous Integration support is now built-in with TFS.  AJAX web testing (unit and load) is now supported in the VS Test SKU.  And there is much, much more...

Installation Suggestions

People often ask me for suggestions on how best to upgrade from previous betas of Visual Studio 2008.  In general I'd recommend uninstalling the Beta2 bits explicitly.  As part of this you should uninstall Visual Studio 2008 Beta2, .NET Framework Beta2, as well as the Visual Studio Web Authoring Component (these are all separate installs and need to be uninstalled separately).  I then usually recommend rebooting the machine after uninstalling just to make sure everything is clean before you kick off the new install.  You can then install the final release of VS 2008 and .NET 3.5 on the machine.

Once installed, I usually recommend explicitly running the Tools->Import and Export Settings menu option, choosing the "Reset Settings" option, and then re-pick your preferred profile.  This helps ensure that older settings from the Beta2 release are no longer around (and sometimes seems to help with performance).

Note that VS 2008 runs side-by-side with VS 2005 - so it is totally fine to have both on the same machine (you will not have any problems with them on the same box).

Silverlight Tools and VS Web Deployment Project Add-Ins

Two popular add-ins to Visual Studio are not yet available to download for the final VS 2008 release.  These are the Silverlight 1.1 Tools Alpha for Visual Studio and the Web Deployment Project add-in for Visual Studio.  Our hope is to post updates to both of them to work with the final VS 2008 release in the next two weeks.  If you are doing Silverlight 1.1 development using VS 2008 Beta2 you'll want to stick with with VS 2008 Beta2 until this updated Silverlight Tools Add-In is available. 

Hope this helps,

Scott

http://wiki.asp.net/page.aspx/295/how-to-postback-asynchornously-from-inside-a-gridview/

<ItemTemplate>
    <tr class='<%# (Container.DataItemIndex % 2 == 0)?"even":"odd" %>'>    


<td> 


<asp:LinkButton ID="EditButton" CommandName="Edit" runat="server" 


Text="Edit"></asp:LinkButton> <asp:LinkButton ID="DeleteButton" 


OnClientClick="return confirm('Delete Record?');" 


CommandName="Delete" CommandArgument='<%# Eval("CustomerID")%>' 


runat="server" Text="Delete"></asp:LinkButton> </td> <td> <%#
Eval("CustomerID") %> </td> <td> <%# Eval("CompanyName") %> </td>
<td> <%# Eval("ContactName") %> </td> <td> <%# Eval("ContactTitle")
%> </td> <td> <%# Eval("Address") %> </td> <td> <%#
Eval("City") %> </td> <td> <%# Eval("Country") %> </td>
<td> <asp:LinkButton ID="lbOrders" runat="server" Text="Orders" 


CommandName="ViewOrders" 


CommandArgument='<%# Eval("CustomerID") %>' /> </td> </tr> <tr
id="trOrders" runat="server" visible="false"> <td>&nbsp;</td> <td
colspan="8"> <asp:GridView id="gvOrders" runat="server" AutoGenerateColumns="False"
BackColor="White" BorderColor="#999999" BorderStyle="Solid" 


BorderWidth="1px" CellPadding="3" ForeColor="Black" GridLines="Vertical" Width="500px"
EnableViewState="false"> <FooterStyle BackColor="#CCCCCC" /> <Columns>
<asp:BoundField DataField="OrderID" HeaderText="OrderID" SortExpression="OrderID"
/> <asp:BoundField DataField="OrderDate" HeaderText="OrderDate" SortExpression="OrderDate"
HtmlEncode="false" 


DataFormatString="{0:d}" /> <asp:BoundField DataField="RequiredDate" 


HeaderText="RequiredDate" SortExpression="RequiredDate" HtmlEncode="false" 


DataFormatString="{0:d}" /> <asp:BoundField DataField="ShippedDate" 


HeaderText="ShippedDate" SortExpression="ShippedDate" HtmlEncode="false" 


DataFormatString="{0:d}" /> </Columns> <AlternatingRowStyle BackColor="#eaeaea"
/> </asp:GridView> </td> </tr> </ItemTemplate> 

Update: David Findley posted something that I hadn't thought of using that's even easier.  Adding this to web.config will dump email messages sent from an ASP.NET application to the specified path:

<system.net>
  <mailSettings>
    <!--
    Production setting
    
    <smtp deliveryMethod="Network">
      <network host="localhost" port="25" />
    </smtp>
    
    -->

    <smtp deliveryMethod="SpecifiedPickupDirectory">
      <specifiedPickupDirectory pickupDirectoryLocation="C:\TestMessages" />
    </smtp>

  </mailSettings>
</system.net>

http://daptivate.com/archive/2008/02/12/top-10-best-practices-for-production-asp-net-applications.aspx

Top 10 Best Practices for Production ASP.NET Applications

In no particular order, here are the top ten things I've learned to pay attention to when dealing with production ASP.NET applications.  Hopefully they will help you save you some time and headaches.  As always, your thoughts and additions are welcome.

1.  Generate new encryption keys

When moving an application to production for the first time it is a good idea to generate new encryption keys.  This includes the machine validation key and decryption key as well as any other custom keys your application may be using.  There is an article on CodeProject that talks about generating machineKeys specifically that should be helpful with this.

2.  Encrypt sensitive sections of your web.config

This includes both the connection string and machine key sections.  See Scott Guthrie's post for some good references.  Note that if your application runs in a clustered environment you will need to share a custom key using the RSA provider as described in an MSDN article.

3.  Use trusted SQL connections

Both Barry Dorrans and Alex Chang have articles which discuss this in detail.

4.  Set retail="true" in your machine.config

<configuration>

5.  Create a new application pool for your site

When setting up your new site for the first time do not share an existing application pool.  Create a new application pool which will be used by only by the new web application.

6.  Set the memory limit for your application pool

When creating the application pool, specifically set the memory limit rather than the time limit which is set by default.  Asp.net has a good whitepaper which explains the value of this:

By default IIS 6.0 does not set a limit on the amount of memory that IIS is allowed to use. ASP.NET’s Cache feature relies on a limitation of memory so the Cache can proactively remove unused items from memory.

It is recommended that you configure the memory recycling feature of IIS 6.0.

7.  Create and appropriately use an app_Offline.htm file

There are many benefits to using this file.  It provides an easy way to take your application offline in a somewhat user friendly way (you can at least have a pretty explanation) while fixing critical issues or pushing a major update.  It also forces an application restart in case you forget to do this for a deployment.  Once again, ScottGu is the best source for more information on this.

8.  Develop a repeatable deployment process and automate it

It is way too easy to make mistakes when deploying any type of software.  This is especially the case with software that uses configuration files that may be different between the development, staging, or production environments.  I would argue that the process you come up with is not nearly as important as it being easily repeatable and automated.  You can fine tune the process as needed, but you don't want a simple typo to bring a site down.

9.  Build and reference release versions of all assemblies

In addition to making sure ASP.NET is not configured in debug mode, also make sure that your assemblies are not debug assemblies.  There are of course exceptions if you are trying to solve a unique issue in your production environment ... but in most cases you should always deploy with release builds for all assemblies.

10.  Load test

This goes without saying.  Inevitably, good load testing will uncover threading and memory issues not otherwise considered.

http://kuler.adobe.com/#

http://developer.apple.com/iphone/devcenter/designingcontent.html

http://www.practicalecommerce.com/blogs/developers-diary/archives/104

I'm getting ready to setup an HTC Excalibur and I wanted to post my list of favorite sites to visit with my Mobile Browser and a list of the apps I really need to install to make my Windows Mobile Smartphone complete.

• Amazon Mobile - http://m.amazon.com - A basic, but very usable site, focused on search, that lets folks who've setup their Amazon account ahead of time purchase directly from the phone. Nice if you have Amazon Prime Free Shipping.
• BBC PDA - http://www.bbc.co.uk/mobile/pda or http://www.bbc.co.uk/mobile - BBC has a mobile site and a PDA site, but the PDA site looks best on Smartphones or Blackberries. The best of the BBC on my phone. The mobile site would look good on an old black-and-white WAP Nokia.
• CNN Mobile - http://m.cnn.com - Same here, mobile CNN, some pics, I use this site a lot.
• Engadget Mobile - http://m.engadget.com - My favorite tech and gadget blog, now with mobiley goodness. I wish I could see comments though.
• Hanselman.com - http://www.hanselman.com - Ha! See what I did right there? Back in the day, we taught dasBlog about mobile devices and if you hit hanselman.com from a Blackberry or Windows Mobile browser (and a number of other tiny browsers), we'll detect it and give you a mobile experience. Yay!
• Facebook - http://m.facebook.com - In terms of pure functionality, I'd say that Facebook's mobile site is, hands-down, the most functional. It feels like you can most everything you'd ever want to using only Tiny HTML. This site and this company continue to impress, probably because it's running entirely on Red Bull and 20-year-olds.
• Flight Stats - http://mobile.flightstats.com - This fine site has saved my tuckus a number of times while traveling. Their Airport Chatter section is interesting also.
• Google - http://www.google.com/xhtml - The Tiny XHTML version of Google includes location specific searches and personalization with News, Weather, Movies, etc.
  • +1-800-GOOG-411 (+1-800-4664-411) - If you're able to call this number, either domestically or internationally, it's worth a try because it's amazing. Much better than the "1-800-Tell-Me stuff back in the day, but still of the same vein. I use this a LOT.
• Microsoft Live - http://wls.live.com or http://m.live.com - If you hit wls you'll get your browser detected and possible prompted to download a nice applet for your phone. If you hit m.live.com you'll get tiny Windows Live Search.
• Gmail - http://m.gmail.com - If you hit gmail with your phone you should get detected and sent over to the mobile version. If not, you can hit m.gmail.com or https://mail.google.com/mail/x/ where the x is magic. If you're running Google Apps for Your Domain (GAFYD) you can hack that URL also.
• Joystiq - http://m.joystiq.com - Tiny Gaming Site. Interestingly, while they use (I think) the same back end as Engadget, sometimes the fonts are all wonky.
• Mobile MSN - http://m.msn.com - A decent mobile portal and good jumping off point. The mobile stocks are particularly good.
• MSNBC - http://www.msnbc.msn.com - It's astonishingly LAME that you can't get to this site from http://m.msnbc.com but perhaps they'll read this and make that DNS change, because this is a really good tiny news site.
• Alarm.com - https://www.alarm.com/pda - I use Alarm.com to manage my security systems at the house and our rentals from my phone. If you've got a service available over the web, you really ought to have a minimal mobile website so kudos to them for having one.
• Twitter - http://m.twitter.com - Does exactly what it says it does...mobile twitter, although I'd like to be able to see Direct Replies in the interface.
• Wapedia (Mobile Wikipedia) - http://wapedia.mobi/en - Very useful for winning arguments with the wife self-edification, it's the mobile Wikipedia.

I think it's funny that folks thought that the ".mobi" top level domain extension was a good idea and that the internet just changed "www.foo.com" to "m.foo.com" and saved the registration fee. Plus, I don't have to tap out the "obi" which saves me, like minutes.

What are your must-have mobile websites, Dear Reader?

http://www.askmehelpdesk.com/taxes/f1-status-self-employment-19049.html

http://www.aaronlerch.com/blog/2008/01/01/unifying-web-sites-and-web-services-with-the-aspnet-mvc-framework/

http://www.aaronlerch.com/blog/2008/01/01/unifying-web-sites-and-web-services-with-the-aspnet-mvc-framework/

http://www.imaginativeuniversal.com/SessionExpiredMonitorWithASPNETAJAX.aspx

1&1 VPS FAQ

http://www.faq.1and1.com/dedicated_servers/virtual_private_servers/windows_vps/general_information/index.html

1. install .Net 3.5, SQL Express 2005, MSSMSE

2. Modify the registry table to remove "mscorlib.tlb could not be loaded" http://kbalertz.com/918685/Error-message-install-Server-could.aspx

3. Open IIS to create the new web site.

4. Change the permission from "no script" to "script only"

5 Open MSSMSE to add "Network Service" login account and customized user login account.

6 Add a new user for the target db (better use the same name with the customized user login created in step 5)

7. Don't forget the grand the permission.

8. connection string for .Net 2.0 and above is like this:

Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;User ID=myDomain\myUsername;Password=myPassword;

http://www.connectionstrings.com/default.aspx?carrier=sqlserver2005

9. Have to activate the Plesk to create a backup of VPS image manually, which will consume lots of resource though for the $29.99 plan.

http://msdn2.microsoft.com/en-us/library/dct97kc3.aspx

Both master pages and content pages can contain event handlers for controls. For controls, events are handled locally—a control in a content page raises an event in the content page, and a control in the master page raises an event in the master page. Controls events are not sent from the content page to the master page. Similarly, you cannot handle an event from a master page control in a content page.

In some cases, the same event is raised in both the content and the master page. For example, both pages raise Init and Load events. The general rule for how events are raised is that the initialization events are raised from the innermost control to the outermost one, and all other events are raised from the outermost control to the innermost one. It is helpful to remember that the master page is merged into the content page and treated as a control in the content page.

The following is the sequence in which events occur when a master page is merged with a content page:

1. Master page controls Init event.

2. Content controls Init event.

3. Master page Init event.

4. Content page Init event.

5. Content page Load event.

6. Master page Load event.

7. Content controls Load event.

8. Content page PreRender event.

9. Master page PreRender event.

10. Master page controls PreRender event.

11. Content controls PreRender event.

The sequence of events in master and content pages rarely is important for you as page developer. However, if you are creating event handlers that depend on the availability of certain controls, you will find it helpful to understand the event sequence in master and content pages.

http://web-harvest.sourceforge.net/

http://lucene.apache.org/

http://iframe.in/

http://forums.asp.net/t/1127834.aspx

you can use the following javascript function to set the active tab: 

function SetActiveTab(tabControl, tabNumber)
{
  var ctrl = $find(tabControl);
  ctrl.set_activeTab(ctrl.get_tabs()[tabNumber]);
}

tabControl: ID from the TabContainer Controls
tabNumber: Number of the new Tab (starting at 0)

Or

$find('<%=TabContainer1.ClientID%>').get_activeTabIndex();

and

$find('<%=TabContainer1.ClientID%>').set_activeTabIndex(2);

http://blenitz.blogspot.com/2007/09/hidden-columns-with-values-aspgridview.html

(If you don't want to show empty headtitle, put the hidden filed in with other field in one grid colomn)

If you set Column Visible property to false, this column won't rendered. But if you want these values available, What will you do?
My trick was, set HeaderText to empty, convert the BoundField in TemplateField, and use a HiddenField control. The effect the column won't be visible. Also you can use the controls array to access to value property.

<Columns><asp:BoundField DataField="CompanyCode"
HeaderText="Company" SortExpression="CompanyCode" />
...
<Columns>
<asp:TemplateField><ItemTemplate><asp:HiddenField
id="hf1" Value='<%# Bind("CompanyCode") %>'
runat="server"></asp:HiddenField></ItemTemplate>
...
// accesing the value property
int tmpID =
Convert.ToInt32(((HiddenField)GridView1.SelectedRow.Cells[3].Controls[1]).Value);

http://www.cj.com/faq.html

http://forum.abestweb.com/forumdisplay.php?f=34

Buy.com

http://www.buy.com/corp/affiliate_faq.asp?loc=13898

今天看了一篇关于网站运作、服务器负载的文章，讲得很独到,也很有意义，很现实，建议大家都看看，这些问题我相关很多创业项目忽略或处理得不够深。
这个文章中提到的问题很多看起来是很细的一件事情，但恰恰这就直接导致运作的成败
大家讨论，一定要仔细看完！
原文：

我做过多个2.0公司的技术顾问，简单的谈谈2.0公司遇到的问题(涉及隐私，我用A B C D代替)，这里就不再赘述大家众所周知的页面静态化，缓存和代码安全等问题了，有点技术的2.0公司的CTO都知道这些东西，我们谈点发展之后的问题
A公司
A公司做的是SNS网站，程序是两个毛头小伙子做的，目标直指51，程序开发是一帆风顺，功能也比51牛多了，推广也是一帆风顺（A公司有自己独到的推广方式。但是当ALEXA到2W的时候问题出来了，每天下午4点左右，网站速度慢的惊人，基本上打不开，公司三台服务器CPU100%，让人郁闷的是公司的网络配置方式，居然是双WEB的集群，而单独一台DB数据库。整个瓶颈在数据库，于是我建议做DB的集群，分析了一下数据结构，MD，典型的WEB程序员的作品，没有一点数据库设计规范，功能实现是可以，如果要扩展，不可能，集群基本上是不可能的，怎么办？不能办，于是，一个月的时间修改程序，数据结构基本上换了一遍 前期砸进去的几十万打了水飘，用户走光了。
结论：WEB2.0前期设计的时候不应该只考虑功能，应该认真考虑一下底层和数据结构了。
B公司
B公司也是做的SNS网站，程序是3个人开发的，CEO是某名牌大学的经济学硕士，有点知己网的味道，又有一些特色出来，说实话，公司的潜力不错，CEO 有很强的运作能力，感觉前景不错。系统架构还行，但是---但是系统崩溃了，why?系统没有考虑到用户有个海量的说法，文件也有个海量的说法，用户的相册，图片全部存贮在WEB服务器的一个分区上，每个用户一个目录，而打开性能监视器，磁盘的IO高的惊人，基本上无暇响应。众所周知，文件系统也是一个数据库，单独大文件无所谓，关键是整个是300多个G的零碎文件，大量的读写操作，系统崩溃，数据丢失，文件系统的一个链断了，用户数据全部丢失！！！这是一个非常沉重的问题，系统整整停了一个月来做数据恢复（单独文件很容易，但是海量文件目前还没有一个软件能组织起来软件架构）。解决方案：修改程序架构，做分布式文件存贮（程序修改用了8天，但是文件转移却又用去了将近一个月），20万用户损失殆尽
结论：WEB2.0前期的设计应该有应付海量存贮的考虑，整个涉及了程序架构的修改，前期规划不好的话基本上思路一条。
C公司
C公司是一个值得尊敬的公司，CEO技术出身，和比尔盖茨一样，大学未毕业出来做网络，01到03年做短信狠赚了一笔，后来做的小项目也小有所成，说实话，我很佩服。公司做的是校友方面，但是更偏重myspace风格，注重个人主页，推广方面也下了大手笔。系统崩溃的原因其实很简单，由于采用的是微软的 SqlServer，而微软直接就告诉了我们，SQLSERVER不支持集群，他们的数据库超负载，100%就没有下去过，只能横向增加配置，采用了4路 4核CPU系统，但是系统还是崩溃了... 高互动注定了高负载。解决方案：现从基本入手，解决掉几个程序耗能大户，对数据库采用横向切割，将用户每10万进行分组，同时对数据库系统进行散列，将多个表垂直分割，同时进行文件分组，解决问题. 因为修改了数据结构，程序也基本上大动了一下。 好在系统没有出大错，损失不算很大，不过对用户体验造成了很坏的影响。
结论：WEB2.0前期设计应该有良好的散列考虑，程序应该能有配合的扩充性，符合数据库的扩充
D公司
D公司是一个各个方面做的比较好的公司，做了CDN加速，图片也独立分出了N个服务器，数据库不错的一个，(CTO是个数据库专家），系统崩溃的原因在于 WEB，按道理说WEB很容易做集群的，但是发现集群并解决不掉问题，他们的集群只允许做4台的WEB集群，但是4台都当掉了。仔细分析，找到原因，我估计整个也是大部分CTO最容易犯的一个错误，或者说他们根本就想不到的问题，就是WEB上传的问题，上传的时候由于时间的原因，线程是保持链接的，300 个线程就可以把一个WEB Server当掉了。解决方案：这个最简单，把上传和其他耗能大户分离出独立出来。程序改动不是很大，但是之前半个月速度满对用户体验的损失也不可小视。
结论：没有什么结论了，毕竟有海量访问经验的CTO不多，也就是那几个大站的。
总结：不是泼冷水，模仿其实是很容易的，随便找几个WEB程序员就能做到，并且很简单，速度可能还很高效，因为WEB2.0无非就是跟数据库打交道，会操作数据库就会做。但是真正做大并不容易，因为能应付海量访问的程序并不简单，现在的程序员都太自命不凡，其实真正有经验的并不多，不要相信一个月薪5K- -10K的程序员能给你多大的惊喜，能应付海量访问的程序员不是那个价格。如果您想做2.0，想做大，有几个个建议：
一.找DBMS的专家设计好数据库，大部分程序员都不知道分区视图，数据散列，数据组的概念
二.设计好程序架构（这个其实不难，有个高人指导就行了），保持良好的扩展性，成本考虑可以找兼职的系统架构设计师做好系统架构，确定将来的发展瓶颈。
三.考虑好文件存贮的问题。文件存贮的技术含量看起来很低，其实是很高的，可以考虑反向代理的方案。文件存贮出问题了，站点基本上就完蛋了，不仅仅是RAID的问题和存贮服务器的问题，不过道理倒是一点就破的
四.中国国情考虑，这个最致命，需要考虑电信和网通的问题，CDN并不能解决所有问题。互动性的东西并CDN并不是很有效。最关键的是，现有的双线机房遇到DDOS攻击基本上都会当掉，原因很简单，双线机房都是私人机房，本身就不会有太高的带宽，随便攻击一下就可以D掉（顺带提一个笑话，我知道一个双线机房的老总总共1G的带宽却买了4G的金盾墙，很简单800M的攻击就可以搞定）。
五.网络延迟的问题，这是分布式系统必须要考虑的，程序要能容忍0到100秒的数据延迟的功能，也就是同步的问题。不要小看这几十秒，问题很大的，如果你的站点有交互式功能，比如即时聊天，你可以想象一下是个什么结果。对于即时聊天的东西，可以用反向代理来解决（成本较高）。但是对于留言和评论的影响不大，但是如果系统为了健壮做了缓存和静态化的时候，这个东西可能就是灾难性的了。
六.分散你的程序，如果你没有太多的资金构筑动辄百万的服务器，建议把功能分散开来，比如相册一台服务器，留言一台服务器
七.看好你的程序员，如果没有很好的激励措施的话你的程序员很容易写出敷衍性的代码，而这个可能就是将来的大患，程序架构定下来后要修改可能就要费牛劲了。最好你的CTO能对你100%的衷心，100%的负责。
八.文件同步的问题，这个问题可能你觉得没有必要，如果你看一下网通和电信的TTL就明白了，同步要支持续传，并且不能是持续的，否则你的成本会高出N倍，不要期望能通过你的软件实现，交给你的程序员吧，把上面的话告诉他他就知道怎么做了。
九.最狠的一个问题了，也是吃亏最大的问题，不管您跟网警的关系多好，看好你的用户，审核好你的东西，一被停机可能就致命，本人就吃过N次亏。
十.最后，祝各位站长一番风顺，大展宏图。

朋友发的，不知道哪里看到的

http://msdn2.microsoft.com/en-us/asp.net/Aa336613.aspx

http://aspnet.4guysfromrolla.com/articles/080206-1.aspx

Sending web page by email:

http://www.devhood.com/tutorials/tutorial_details.aspx?tutorial_id=758

http://www.ifxplus.com/post/Send-Mail-through-SMTP-with-SSL-Authentication-like-GMail.aspx

http://www.doshdosh.com/learn-from-adsense-millionaire-markus-frind/

The quoted text is extracted from some of Markus’s blog posts as well as interviews over the past few years. All of the specific references are left at the bottom of the post and do visit them to read more, if you’re interested.

1. Enter the Market at the Right Time. “As for the growth, a think a lot of that was accidental or first-mover advantage. Here in Canada LavaLife was the only real dating site, and they had a monopoly. I had a couple of my friends sign up from the major cities and after that the site just started to grow and spread.”
2. Free is a Powerful Business Model. “I always liked free sites and couldn’t see why companies had to change insane amounts of money for something that was trivial to make.”

   “The community was really built by word of mouth. There was a need for a free site and because no one else was providing it, it just grew like a weed. A lot of people just don’t want to pay for dating sites.”

3. You Don’t Need a Team. “It’s just me right now, my girlfriend helps with some of the customer service stuff when I don’t want to do it. I am planning on expanding into other markets but I don’t think I need to hire any employees any time soon. Nearly all the work can be automated away except for user stupidity that leads to crazy questions.”
4. Offline Marketing is Not Essential. “Offline promo works well when marketing to huge existing customer base. It does not work well when trying to grow big…Like nearly every other site I sort of ignore offline marketing, as it is far too expensive when you don’t have huge numbers of people in your target market already using your service.”
5. Success Doesn’t Just Depend on One Thing. “I like simplicity, and I am not a graphic designer at all. Success doesn’t come down to just one thing. Its not like Microsoft can clone Google’s layout and be the largest search engine. Success is a combination of things and having the right idea at the right time.”
6. Uptime is Just as Important as Innovation. “I redesign my site every couple of weeks so it doesn’t get crushed by the sheer number of users online. As for front-end design I could care less, lots of users are using my site and more are coming every day, my number one focus is making sure the site stays up for another day.”
7. Create Unique Sites that Stand Out. “Google pays out $500 million a quarter to AdSense users. That money is going somewhere, and if you look at the top 1000 sites not a hell of a lot of them have AdSense.

   Statistically speaking those sites that have low numbers of users and high EPC [Earnings Per Click] will make the most money. Build sites that no one else has done before, stuff only goes viral the first 1 or 2 times after that you have to buy your way into a market.”

8. You Need to Have a Rigorous Work Ethic. “When I came home from work I sat down and I forced myself to code for a hour or 2. The enemy was thinking, whenever I paused or started to think I would force myself to type something, its amazing how much you can get done when you just type.

   For that business its just a matter of repetition and fighting boredom. At the end of the day you just need to sit down and DO it. Most people don’t.”

9. Site Value and Functions Trump Design. “Function over form to build an emotional connection with the user. Blend ads into content, No flashing crap, make the site useful. Basically all those things that everyone knows you are supposed to do, but very few people actually do.

   There is no magic bullet, but you should always test new designs or new text etc to get the result that you want. You will never have the worst design and never the best, but through testing you can always improve.”

10. Think of Monetization Potential Before Starting a Site. “Build something useful, simple in ways that people will use. Explore things like Ad Sense, affiliate programs, and just explore ways of making money. Most 2.0 companies will never make a dime and they’re not built to make a dime.

    So I would start looking at how to make money before you even design or think about starting a business.”

11. Don’t be Discouraged With Low Income. “I had a single affiliate program but it didn’t even make $40/month. I went and added Adsense pretty quick, I made a whole $5.63 cents my first month, but that was more then enough for me to realize that I wouldn’t go broke running the site and I could make a business out of this with enough traffic.”
12. Learn What You Need to Know. “Basically I spent every waking minute when I wasn’t at my day job reading, studying, and learning. I picked out “enemies” and did everything I could to defeat them which meant being bigger then them. I refused to accept defeat of any kind, and I constantly forced myself to test new things.”
13. When You Have Traffic, Look Beyond Adsense. “The main goal is to start replacing adsense/dating ads and hire sales people. I spent the last few weeks working long days optimizing my ad revenue and as a result adding over a million a year net per week of work.

    At the end of the day its not possible for me optimize revenues myself or to outsource sales as no one vender could sell more than 3% of my inventory. I am at a size now were there are no off the shelf solutions and everything has to be built from the ground up.”

14. Know the Limits of Your Business Model. “If I wanted to generate $100 million in revenues per year it would be pretty easy, all I need to do is convert to a paid site. To generate 100 million a year as a free site is virtually impossible as the market isn’t big enough.

    I’m already the largest player in the UK, Canada, and US. Growing the company another 10 to 20 fold just isn’t realistic.”

15. Always Have a Goal to Work Towards. “If you are working in a cubicle, your goal may be to experience the world outside of your cage, or stay at a 5 star whenever you want, or to go on vacation whenever you want.

    For me i’d set my goal to owning the whole resort and the yacht out front and making 100 million a year instead of just millions.

    Just because you are already successful doesn’t mean you don’t need a goal to work towards. Don’t assume that anyone successful thinks differently then you.”

16. Success Doesn’t Happen, It’s Created. “Now I know most of the people reading this are aspiring to create a business of some kind. Many will just day dream all day but never actually do anything.

    I was like that a few years ago, then I finally sat down and did something, and kept forcing myself to do it till it became a pattern and it turned out hugely successful.”

17. Weigh Your Costs to Estimate Profitability. “In my opinion if the cost of your operations are 2-3 cents a unique visitor chances are plain advertising will bring you to profitability. If your costs are over 10 cents a unique visitor then you will need to sell a product or service.

    This of course assumes a high traffic site with at least 100k uniques per day. In about 2 years from now we will probably see a 30-50% decrease in operational costs as hardware and software costs continue to fall.”

http://www.opensourcetemplates.org/

http://up-file.com/index.php with a 1024mb (1 gig limit)
http://www.spread-it.com/ 500mb
http://www.megaupload.com/ 250mb
http://turboupload.com/ 70mb
http://rapidshare.de/files/

http://depositfiles.com/en/

http://websterflooble.com/program_id.html

http://www.dynamicdrive.com/ (Dynamic Javascript and DHTML)

http://css.maxdesign.com.au/ (Great Layout and List CSS Tutorial)

http://webhost4life.com/wss.asp ($29.95/Month)

http://www.sharepointhosting.com/ (Video tutorials available)

Copy and paste the text below
<marquee scrollamount="1" scrolldelay="10" direction="up" width="200" height="50" style="font-family: Verdana; font-size: 8pt">
ENTER TEXT MESSAGE HERE 
</marquee>

http://www.comriesoftware.net/codewidgets/product....

http://www.alexa.com/

http://www.problogger.net/archives/2007/02/08/how-i-make-money-from-blogs-my-top-earners/