About Me · Send mail to the author(s) E-mail · Twitter

At GROSSWEBER we practice what we preach. We offer trainings for modern software technologies like Behavior Driven Development, Clean Code and Git. Our staff is fluent in a variety of languages, including English.

Feed Icon


Open Source Projects


Blogs of friends

Now playing [?]

Error retrieving information from external service.
Page 1 of 2 in the dasBlog category Next Page

New DasBlog Macros for On-Page Navigation and Post Modification Date

Posted in dasBlog at Sunday, 30 December 2007 16:08 W. Europe Standard Time

Per Torsten's request I created a couple of new macros for DasBlog.

On-Page Navigation

Torsten wanted to enable on-page navigation to the next and previous post, comparable to the mail navigation introduced in Outlook 2007:

 Outlook 2007 Navigation

Previous and Next Macros Sample OutputThe OnPageNextLink and OnPagePreviousLink macros display a link to the next and previous post on the current page in list view. Please note that these macros don't create link across pages. For example, the last post on the page doesn't have a previous link, even though there might me older posts.

Because I use URL rewriting to get rid of /default.aspx in my home page URL an issue with the browser reloading the whole page came up, making is necessary to create a couple of overloads:

  • OnPageNextLink(navigationText)
    Renders a link to the next/previous post on the current page. The CSS class for the anchor tag is next and previous, respectively. The navigationText parameter takes a string containing different locale versions of the text to be displayed as used in the LocalString macro.
    The first post on the page does not have a "next" link, whereas the last post on the page does not have a "previous" link.
  • OnPageNextLink(navigationText, removeUrlFragmentRegex)
    OnPagePreviousLink(navigationText, removeUrlFragmentRegex)
    Same as above. The regular expression specified by the removeUrlFragments parameter will be used to remove parts from the URL.
    If you use URL rewriting for /default.aspx, the regular expression is default\.aspx$.
  • OnPageNextLink(navigationText, cssClass, removeUrlFragmentRegex)
    OnPagePreviousLink(navigationText, cssClass, removeUrlFragmentRegex)
    Same as above, but you are able to set the CSS class explicitly.


In your itemTemplate.blogtemplate, embed the macro markup for the on-page navigation. Note that in this example uses a regular expression to remove a tailing "default.aspx" from URLs:

<% OnPageNextLink("Next|DE:Weiter", "default\.aspx$") %>
<% OnPagePreviousLink("Previous|DE:Zurück", "default\.aspx$") %>

This will render the following HTML for /default.aspx which can be styled using CSS:

<a class="next" href="<some-guid>">Next</a>
<a class="previous" href="<some-guid>">Previous</a>

The HTML for URLs other than /default.aspx:

<a class="next" href=",page,1.aspx#<some-guid>">Next</a>
<a class="previous" href=",page,1.aspx#<some-guid>">Previous</a>

Post Modification Date

Another requirement Torsten had is to be able to display the modification date of a post. For unedited posts this date is equal to the creation date, which we use to decide whether to display the modification date or not. There are a couple of overloads:

  • Modified
    Displays the modification date if the post has been modified. (Comparable to the When macro.)
  • FormattedModified(format)
    Displays the formatted modification date if the post has been modified and appends the timezone the blog is hosted in. (Comparable to the FormattedWhen macro.)
  • FormattedModifiedBare(format)
    Displays the formatted modification date if the post has been modified and does not append the timezone the blog is hosted in. (Comparable to the FormattedWhenBare macro.)
  • IfModified(expression)
    Displays localized text if the post has been modified. The expression parameter takes a string containing different locale versions of the text as used in the LocalString macro.


In your itemTemplate.blogtemplate, embed the macro markup for the post creation date and the modification date:

<% LocalString("Posted in|DE:Veröffentlicht unter") %> <% categoryLinks %>
<% LocalString("at|DE:am") %> <% FormattedWhen("f") %>
<% IfModified(" and changed at |DE: und verändert am ") %><% FormattedModified("f") %>

This will render the following HTML for an edited post:

Modification Date

Now Playing [?]: Ulrich SchnaussGoodbyeStars

How To Secure Your dasBlog Installation

Posted in dasBlog | Security at Friday, 08 June 2007 09:44 W. Europe Daylight Time

dasBlog LogodasBlog has a pretty large user base, and while browsing some dasBlog sites I occassionally check if they're set up securely. It's not that dasBlog is inherently insecure, but some installations allow for information leakage and most users aren't even aware of this.

Basic setup

There are a couple of locations where you can set up security for any ASP.NET application:

  • NTFS security,
  • IIS virtual directory and folder security,
  • web.config <authentication> element or a HttpForbiddenHandler for certain ASP.NET file extensions.

Note that web.config settings only apply to file extensions mapped to ASP.NET on Windows Server 2003 and before. I am working on IIS 6 here and while I like my security settings in (mostly) one place I usually go with a generic read access configuration in IIS and set the more fine-grained settings using NTFS.

When deploying dasBlog to your web server you will likely enable read access to the dasBlog folder for the IUSR and NETWORK SERVICE accounts on the NTFS Security tab. This gives the IIS and ASP.NET runtimes the rights they need to work. On the /logs, /content and /SiteConfig directories you will also need to enable change access for the NETWORK SERVICE account since this is where dasBlog stores its working data. (dasBlog is represented by the IIS worker process identity, which is NETWORK SERVICE on Windows Server 2003 and ASPNET on Windows 2000 and XP.) If anything is set up incorrectly you'll see the configuration error page when you're trying configure your blog or post a blog entry.

Folder IUSR access NETWORK SERVICE access Notes
/dasBlog root R R  
  /bin RI RI Contents protected by ASP.NET
  /content RI RI, W Blog posts, comments, trackbacks
    /binary RI RI, WI Binary content, i.e. images and enclosures
    /profiles RI RI, WI User profiles
  /DatePicker RI RI  
  /ftb RI RI  
  /images RI RI  
  /logs RI RI, W Log files
  /SiteConfig RI RI, W Config and error pages
  /smilies RI RI  
  /themes RI RI  
Legend: R=Read, RI=Read (inherited), W=Write, WI=Write (inherited)

The /logs folder

Sometimes when I visit a random dasBlog site I try to download one of dasBlog's log files which are located in the /logs folder. Since IUSR's read access is most likely inherited (RI) in this folder, anonymous users can download log files. The log file name format is publicy available so, for example, the /logs/ file contains the referrers for today. This information leakage could be easily mitigated by denying IUSR read access to the /logs folder. However, I've found at least three high-traffic blogs where this was not the case (I e-mailed the owners, things are fixed now).


Another problem that came up recently on the developer mailing list was how to keep blog templates private. Since we already incorporate the HttpForbiddenHandler for *.blogtemplate files and IIS doesn't serve files when there's no MIME type available this is really a non-issue. The template's manifest file, however, will be served but that should not bother you since there's no valuable information in it.

Special Case: The /content folder

One rather interesting place is the /content folder. Your posts, comments and blogged binary content like images are stored there. The /content/binary subfolder holds images and enclosures, i.e. basically everything you attach to a certain post. The /content/profiles folder serves as a container for user profiles stored in <Username>.format.html files. Please note that *.format.html files are always templated and served through FormatPage.aspx, that is, are never accessed by IUSR directly.

With the basic setup above, read access for anonymous users is enabled in the /content folder and its subfolders. Thus, anonymous users are able to get the raw post data by requesting the *.dayentry.xml and *.dayfeedback.xml files for a certain date, i.e. /content/2007-06-08.dayentry.xml. Again, the file name pattern is no secret.

This last piece of public information should only be served through certain channels like the templated font page or RSS. Because of dasBlog's folder structure securing the /content folder it is kind of tricky:

  • First, deny read access to the /content folder for the IUSR account.
  • In the next step, open the security tab of the /content/binary folder and break NTFS inheritance there copying all existing ACLs.
  • Delete the Deny ACL for IUSR.

Secure Configuration

In the end the NTFS security settings that work best for me look like this: (Changes red)

Folder IUSR access NETWORK SERVICE access Notes
/dasBlog root R R  
  /bin RI RI Contents protected by ASP.NET
  /content RI, RD RI, W Blog posts, comments, trackbacks
    /binary R R, W Binary content, i.e. images and enclosures
    /profiles RI, RDI RI, WI User profiles
  /DatePicker RI RI  
  /ftb RI RI  
  /images RI RI  
  /logs RI, RD RI, W Log files
  /SiteConfig RI, RD RI, W Config and error pages
  /smilies RI RI  
  /themes RI RI  
Legend: R=Read, RI=Read (inherited), W=Write, WI=Write (inherited), RD=Deny read, RDI=Deny read (inherited)

Please note that on Windows Deny ACLs have always preference over Allow ACLs.


If you're a dasBlog developer or user, please feel free to leave a comment if you (dis)like this solution, have a question or suggestions for a better solution.

Now Playing [?]: Robert Mechs – The OGD Sessions Vol. 2

dasBlog 1.9 Released

Posted in dasBlog | Design at Friday, 22 September 2006 15:16 W. Europe Daylight Time

After a long time since the last release Omar decided that we're eventually ready to release dasBlog 1.9.6264. Why I say we? Well, I've joined the development team and contributed some stuff.

In the 1.9 release, you'll find the User Click Throughs in the admin area. This features pulls out those click throughs that are performed by real persons and not some Google/MSN robot. You can configure robots based on user agents and domains in the SiteConfig\robots.config file.

There are other things I've contributed, for example passwords inside SiteConfig\siteSecurity.config are now encrypted. No need to bother about passwords in shared hosting environments anymore. The German translation has been extended by me and is now level with the English resources. There are parts of dasBlog that are not prepared for localization, though.

Read more about the new features on Scott Hanselman's blog.

With the current release we provide dasBlog buttons and badges for the first time. The current set is available here.

dasBlog Blue dasBlog Gray dasBlog Green dasBlog Red
dasBlog Blue dasBlog Gray dasBlog Green dasBlog Red

I'm adding more artwork in other formats later.

Now playing: Zero 7 - The Garden - Your place

Weblog Layout Update

Posted in dasBlog | Design | General at Monday, 11 September 2006 00:33 W. Europe Daylight Time

After sticking to a hastily created customized dasBlog theme for a year I spent today in front of Photoshop and SelfHTML and redesigned some parts of this weblog. I've included some new images, removed most of the gray boxes framing visual elements and made the text a little bigger. I found that bigger fonts help reading large texts especially on monitors with higher resolution so you don't loose the line-endings every so often. These changes hopefully improve the readability of the page and perhaps you'll find it looks a little more Web 2.0-ish. ;-)

Hope you like it!

Now playing: Marilyn Manson - The golden age of grotesque - (s)AINT

Audioscrobbler Plugin for dasBlog

Posted in dasBlog at Sunday, 22 January 2006 20:16 W. Europe Standard Time

Discovered today and immediately integrated into dasBlog: Audioscrobbler.

The service gives you the ability to upload information about the tracks you're listening to. It's hosted on, a social web radio service. They're tracking incoming song information and build charts and personal recommendations on top of them. I didn't test these features until now, but I believe that over time they'll give additional input to my music discovery process.

To use the service there are a few simple steps to take:

  1. Create a profile.
  2. Download and install the plugin for you favorite music player.

Your music player will then upload song information if you're online.

Macro OutputNow on to the best part: Audioscrobbler supports a Web Service interface to your profile and data. In my opinion, and ideal way to extend your blog. So did I, writing a macro assembly for use with dasBlog. Currently there are only two macros, one for showing a little Audioscrobbler icon. The other one displays the last songs played. The Web Service limits these to ten, the macro can be instructed to reduce the number of results even more.

Macro Description
<% Button()|Audioscrobbler %> Displays the Audioscrobbler logo.
<% RecentTracks(n)|Audioscrobbler %> Displays the n recent tracks. Values of n greater than 10 yield just 10 entries as the Web Service limits the output to this value.

Have a look at the right-hand side of this page. There you can see the outputs of these two macros under "Now Playing". (RecentTracks has been limited to 5.)

There are some configuration settings to make before you can use these custom macros.

  1. Download the macro and supplemental images.
  2. Copy Softwareschmiede.DasBlog.Macros.dll into the dasBlog\bin directory. (The binaries of dasBlog reside there, i.e. newtelligence.DasBlog.Runtime.dll)
  3. Copy the Audioscrobbler logo and the little icon that will be shown next to each track in the list to the dasBlog\images directory. Of course you can override these images in your custom theme.
  4. Edit theme.manifest adding the Audioscrobber logo image. (This step can be omitted if you don't plan to use the Button macro.)
    <?xml version="1.0" encoding="utf-8" ?>
    theme name="YourTheme" title="YourTheme" templateDirectory="themes/YourTheme" imageDirectory="themes/YourTheme"> <image name="AudioscrobblerButton" fileName="AudioscrobblerButton.png" />
  5. Edit dasBlog\web.config to let dasBlog know about the new macros.
    Depending on your configuration, uncomment or add the first and add the second line under /configuration/configSections.
    <section name="newtelligence.DasBlog.Macros" type="newtelligence.DasBlog.Web.Core.MacroSectionHandler, newtelligence.DasBlog.Web.Core" />
    <section name="Softwareschmiede.DasBlog.Macros.Audioscrobbler" type="Softwareschmiede.DasBlog.Macros.AudioscrobblerConfigSectionHandler, Softwareschmiede.DasBlog.Macros" />
    Uncomment or add the following lines under /configuration.
    	<add macro="Audioscrobbler" type="Softwareschmiede.DasBlog.Macros.Audioscrobbler.Macros, Softwareschmiede.DasBlog.Macros"/>
  6. Enter your user information under /configuration
    	<add setting="UserName" value="<Enter your user name here>"/>

Now you're ready to use the two macros as described above in your .blogtemplate files.

<% RecentTracks(5)|Audioscrobbler %>
<% Button()|Audioscrobbler %>

DownloadIf anyone is interested in extending the macros, download the Visual Studio Project.

Page 1 of 2 in the dasBlog category Next Page