ASP.NET 4 SEO Improvements (VS 2010 and .NET 4.0 Series)

Why SEO?

Search engine optimization (SEO) is important for any publically facing web-site.  A large percentage of traffic to sites now comes from search engines, and improving the search relevancy of your site will lead to more user traffic to your site from search engine queries (which can directly or indirectly increase the revenue you make through your site).

ASP.NET 4 SEO Improvements

ASP.NET 4 includes a bunch of new runtime features that can help you to further optimize your site for SEO.  Some of these new features include:

• New Page.MetaKeywords and Page.MetaDescription properties
• New URL Routing support for ASP.NET Web Forms
• New Response.RedirectPermanent() method

Below are details about how you can take advantage of them to further improve your search engine relevancy.

Page.MetaKeywords and Page.MetaDescription properties

One simple recommendation to improve the search relevancy of pages is to make sure you always output relevant “keywords” and “description” <meta> tags within the <head> section of your HTML.  For example:

One of the nice improvements with ASP.NET 4 Web Forms is the addition of two new properties to the Page class: MetaKeywords and MetaDescription that make programmatically setting these values within your code-behind classes much easier and cleaner. 

ASP.NET 4’s <head> server control now looks at these values and will use them when outputting the <head> section of pages.  This behavior is particularly useful for scenarios where you are using master-pages within your site – and the <head> section ends up being in a .master file that is separate from the .aspx file that contains the page specific content.  You can now set the new MetaKeywords and MetaDescription properties in the .aspx page and have their values automatically rendered by the <head> control within the master page.

Below is a simple code snippet that demonstrates setting these properties programmatically within a Page_Load() event handler:

In addition to setting the Keywords and Description properties programmatically in your code-behind, you can also now declaratively set them within the @Page directive at the top of .aspx pages.  The below snippet demonstrates how to-do this:

As you’d probably expect, if you set the values programmatically they will override any values declaratively set in either the <head> section or the via the @Page attribute. 

URL Routing with ASP.NET Web Forms

URL routing was a capability we first introduced with ASP.NET 3.5 SP1, and which is already used within ASP.NET MVC applications to expose clean, SEO-friendly “web 2.0” URLs.  URL routing lets you configure an application to accept request URLs that do not map to physical files. Instead, you can use routing to define URLs that are semantically meaningful to users and that can help with search-engine optimization (SEO).

For example, the URL for a traditional page that displays product categories might look like below:

http://www.mysite.com/products.aspx?category=software

Using the URL routing engine in ASP.NET 4 you can now configure the application to accept the following URL instead to render the same information:

http://www.mysite.com/products/software

With ASP.NET 4.0, URLs like above can now be mapped to both ASP.NET MVC Controller classes, as well as ASP.NET Web Forms based pages.  You can even have a single application that contains both Web Forms and MVC Controllers, and use a single set of routing rules to map URLs between them.

Please read my previous URL Routing with ASP.NET 4 Web Forms blog post to learn more about how the new URL Routing features in ASP.NET 4 support Web Forms based pages.

Response.RedirectPermanent() Method

It is pretty common within web applications to move pages and other content around over time, which can lead to an accumulation of stale links in search engines.

In ASP.NET, developers have often handled requests to old URLs by using the Response.Redirect() method to programmatically forward a request to the new URL.  However, what many developers don’t realize is that the Response.Redirect() method issues an HTTP 302 Found (temporary redirect) response, which results in an extra HTTP round trip when users attempt to access the old URLs.  Search engines typically will not follow across multiple redirection hops – which means using a temporary redirect can negatively impact your page ranking.  You can use the SEO Toolkit to identify places within a site where you might have this issue.

ASP.NET 4 introduces a new Response.RedirectPermanent(string url) helper method that can be used to perform a redirect using an HTTP 301 (moved permanently) response.  This will cause search engines and other user agents that recognize permanent redirects to store and use the new URL that is associated with the content.  This will enable your content to be indexed and your search engine page ranking to improve.

Below is an example of using the new Response.RedirectPermanent() method to redirect to a specific URL:

ASP.NET 4 also introduces new Response.RedirectToRoute(string routeName) and Response.RedirectToRoutePermanent(string routeName) helper methods that can be used to redirect users using either a temporary or permanent redirect using the URL routing engine.  The code snippets below demonstrate how to issue temporary and permanent redirects to named routes (that take a category parameter) registered with the URL routing system.

You can use the above routes and methods for both ASP.NET Web Forms and ASP.NET MVC based URLs.

Video footage reveals armed raid on MegaUpload founder's home

New Zealand-based news channel 3News hasreleased new video footage of the armed raid launched against Kim Dotcom, MegaUpload's former head man. The video was courtesy of an "elite officer" involved in the operation and supports Dotcom's criticism of the "aggressive" raid performed on his $30 million New Zealand mansion.

The bust was comprised of about 100 officers, some of which wielded glock handguns and automatic assault weapons like the Colt Commando M4. The initial assault team was swiftly dropped in by helicopter at the front of the home. Moments later, additional forces surrounded the mansion on foot, complete with ground vehicles and canine units.

Inside the home were roughly a dozen people: former employees, friends, Dotcom's wife and children. 

Not knowing what was happening, Dotcom claims he isolated himself inside a large, unlocked room with his hands in the air. His goal, he recollected, was to avoid being shot by startling one of the armed invaders. Once authorities found Dotcom, he purports they applied questionable force, punching him in the face, kneeing  his ribs, kicking him to the ground and rupturing one of Dotcom's fingernails by standing on the man's hand.

I have to admit, for capturing a non-violent copyright criminal, the show of force sounds quite excessive.

During the raid, police managed to seize 18 vehicles and roughly $42 million in suspected ill-gotten gains. Confiscated vehicles included such extravagant makes Maserati, a Lamborghini and Rolls Royce. The Rolls Royce had a license plate that read, "GOD".

Regardless of feelings for Kim Dotcom, his truly excessive lifestyle and MegaUpload's supposed "business" model, it does appear authorities overstepped their boundaries. Recently, a New Zealand judge ruled that the warrants given to authorities were too vague to have legally carried out the operation. It also appears New Zealand officers managed to miss their mark of "matching the threat level" of Kim Dotcom and his crew.

During the hearing, authorities were criticized for brandishing such force without wearing full body armor -- a sign that officers knew to expect little resistance. When asked about this, an officer responded:

"We wanted to match the threat level, in this case a low threat with our dress," he added "We made that conscious decision not to wear full tactical kit."

The officer also stated that the team's primary objective was to "secure [the] suspect as soon as possible to prevent destruction of evidence". However, according to Dotcom's defense, the FBI had already secured the data they needed at the data center before the raid unfolded. Dotcom insisted, "there was no chance of anyone doing anything to that evidence."

Ouya console available for pre-order starting at $109, ships in April

Ouya ended their Kickstarter campaign less than 24 hours ago with an impressive $8.5 million haul from over 63,000 backers. If you missed the opportunity to secure a console during the fundraising event, fear not as the company is now taking pre-orders directly on their website.

Buyers in the United States can pre-order a single console and controller for $109 which includes $10 for shipping. If you need more controllers, there are console + controller packages that include two or four controllers for $139 or $199, respectively. International customers are offered the same controller packages with a $10 premium per selection to cover shipping.

Expected delivery date is listed as April 2013 regardless of which configuration you purchase. That is, of course, assuming there are no hiccups in the manufacturing process between now and then. It’s worth pointing out that there aren’t any money-back guarantees following a successful Kickstarter campaign.

If you aren’t familiar, Ouya is an Android-based gaming and media hub that is powered by an Nvidia Tegra 3 processor, 1GB of system memory and has 8GB of onboard storage. The wireless controller that ships with the console features a familiar button layout with two analog sticks, a directional pad, eight action buttons and a touchpad. Both the console and the controller were created by designer Yves Behar of One Laptop per Child and Jawbone Jambox fame.

Does the Ouya console look like something you’d be interested in or are you content to stick with your Android phone / tablet for media consumption?

Using 3D technology to enhance customer experience

Lingerie brand Empreinte has been pushing the boundaries of in-store technology with 3D holographic models

Empreinte has been using holographic models to enhance the experience of the customer.

What was the thinking behind the hologram campaign?

The idea of the campaign was to create a real buzz around the brand and our new concept store. The hologram was actually just one piece in an otherwise global communication strategy, which had two main objectives – create awareness and drive people to the store.

This global strategy also included meeting with bloggers, advertising on fashion blogs and with social media insiders, posting a hologram video on YouTube, and a PR strategy targeting consumers and women's magazines

How does the hologram work?

It's an advanced form of photography that allows an image to be recorded in three dimensions – it's in fact a recording of an interference pattern made by the interaction of two beams of light.

Holograms work by creating an image composed of two superimposed two-dimensional pictures of the same object seen from different reference points. Holography requires the use of light of a single exact wavelength, so lasers have to be used.

Basically, when viewing any object, the human eyes each receive a distinct image but from slightly offset reference points. The brain combines them into a three-dimensional image – the hologram just produces the effect artificially.

How have customers and consumers reacted?

We've had great feedback so far and for two main reasons. Firstly, because using technology in this way helps create a new brand experience, one that allows customers to engage and interact with the brand and its products in a sensorial way.

We have also received good feedback because consumers are looking for innovation online and in real life too – that's what we tried to give them by using something new and unique.

Why did you choose to display the hologram after 9pm? Why not in the day-time?

It's a projection (with a video projector) so it works only in a dark room or a similar environment – the hologram needs to be played after 9pm, during sunset.

Do you think 3D technology will change the way retailers interact with customers?

Brand value has increasingly been defined, not through the narrow lens of price, but in terms of the total experience that consumers have when they interact with a given brand. That's why l'Atelier lingerie Empreintehas developed a total digital experience thanks to this hologram and to a touch-screen interactive table that gives product and service presentations.

Retailers are working to redefine the shopping experience with new technologies, such as 3D. In any case, technology must be useful and feed the brand content – shoppers don't want technology just for the sake of it.

Alexandre Rostaing is strategic planner at Groupe Carlin International

How to avoid being hacked like Honan

A tech writer has just had his digital life erased by one or more hackers. Sarah Taylor would like to know what the rest of us should do to avoid a similar fate

Hackers used an iCloud account to perform a remote wipe on Mat Honan's iPhone, iPad and MacBook, deleting all his data. Photograph: M4OS Photos/Alamy

I read about Mat Honan, the journalist who had his email hacked and his devices wiped. What should we all be doing to avoid this kind of thing?
Sarah Taylor

For those who missed the story, Wired journalist Mat Honan had hisGmail and Twitter accounts hacked, which is not all that unusual. What made the story "epic" was that the hacker(s) used his Apple iCloud account to perform a "remote wipe" on his iPhone, iPad and MacBook, deleting all his data. Worse still, he didn't have backups.

It was evident that something had gone wrong from the tweets the hacker sent from Honan's Twitter account and Gizmodo's account, to which it was linked. (He used to work there.) Honan went public on 3 August 2012 in a blogpost: Yes, I was hacked. Hard. At the time, he blamed his old seven-digit alphanumeric password.

Honan followed up on Monday 6 August with a full account in Wired: How Apple and Amazon Security Flaws Led to My Epic Hacking. It turned out that it was not a password crack but "social engineering". The hacker had phoned AppleCare technical support and been given a temporary password to Honan's .Me account. Honan says: "It did this despite the caller's inability to answer security questions I had set up. And it did this after the hacker supplied only two pieces of information that anyone with an internet connection and a phone can discover … a billing address and the last four digits of my credit card."

The billing address came from the Whois data that Honan had used to register his domain name, and the credit card numbers from Amazon. (See Apple and Amazon patch security flaws exposed by hack heard round the world for more details.)

Once the hacker had control of Honan's email, he could get the passwords reset on other accounts, such as Twitter.

There are several things that will help prevent this from happening to you. These include: (1) use two-factor authentication; (2) don't put all your eggs in one basket; and most of all (3) backup, backup, backup.

Two-factor authentication

With two-factor authentication, security depends on two different things. Often these are something you have, such as a credit card, and something you know, such as a four-digit pin (personal identification number). The "something you have" could also be a dongle or, with biometrics, your face, fingerprints, or iris patterns. With online services, it's usually a mobile phone. Set up two-factor authentication with Gmail, for example, and when you ask for your forgotten password to be reset, Google will send a verification code to your mobile.

Google's Matt Cutts has posted a video on how to do this: Please turn on two-factor authentication.

Facebook introduced a similar system in May 2011. For instructions, seeIntroducing Login Approvals: "[It] requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer. Once you have entered this security code, you'll have the option to save the device to your account so that you don't see this challenge on future logins."

But two-factor authentication can be somewhat tedious, and also there's the risk of losing your mobile. Perhaps it might be worth using an old smartphone with a prepaid (PAYG or "pay as you go") account for this single purpose.

Eggs in multiple baskets…

I've given this advice numerous times, but it's risky to put all your eggs in one basket. Honan was an extreme case in his dependence on Apple's iCloud, but many people are dependent on Google or Microsoft or even Yahoo. The question is, if you lost access to your account, would you also lose access to your calendar, contacts, online photos, documents, and other data?

Apple, for example, wants you to use a single ID (identity) for iCloud, its App Store, buying things from iTunes etc. This is a bad idea. As far as possible, you should use different IDs, passwords, and even different credit cards for different purposes. Google, Microsoft and Yahoo have also been pushing people towards using the same account for multiple services on multiple devices, and this will get worse when a Microsoft ID is used to log on to Windows 8.

Your stuff will be more secure if you spread it around.

If you must use a single supplier, make sure you have backups elsewhere. For example, most email services provide "mail forwarding". Set this up so that every email that reaches (say) your Gmail inbox is automatically sent to a Yahoo, Hotmail or other inbox as well.

Microsoft has just launched an improved email service at Outlook.com to replace Hotmail. Register and you can get your new Outlook inbox to fetch all the emails from your Gmail or other account, providing a backup. You've missed the opening "land grab" but plenty of good outlook.com names should still be available.

… and multiple email accounts

I hadn't considered this before, but Honan's case also shows that there is a risk in using the same email address for all your online accounts, which is exactly what I do. I must have a couple of dozen accounts for Twitter, Facebook, LinkedIn, Quora, Bitly and so on, but all the password reset tokens would end up in the same email inbox.

It would be more secure, but not as handy, to use a different email address for each service. This isn't impractical if you use a desktop email program such as Thunderbird, Windows Live Mail, or Microsoft Outlook, because a single "send/receive all mail" will collect email from multiple email accounts. If these addresses are only used for passwords and similar purposes, there should not be much email to collect. I'm now thinking about setting up WLM for this purpose.

Creating programmatic email addresses (xyz4twitter@outlook.com, xyz4quora@outlook.com etc) would make things simpler, but if you take this approach, think of a format that's less easy to guess.

Backup, backup, backup

Schofield's Second Law of Computing says data doesn't really exist unless you have two copies of it. Preferably more. And the only person who can be held responsible for that is you.

A simple solution is to have a desktop or laptop PC backed up to an external hard drive and synchronised using a program such asFreeFileSync, which is what I happen to use. There are lots of alternatives. Ideally, you should also store copies of important things online, using a service such as Dropbox, Carbonite or Mozy.

Since your online storage can be hacked and deleted, it is vital to have physical backups on one or more external hard drives, thumb drives, SD cards, CD-Roms or DVDs. For more on this topic, see an earlier answer:CD, DVD or SD: what's best for backups?.

One extra advantage of having 16GB of data on an SD card or USB memory stick is that you can keep it "off site" in a trusted friend or relative's house. This provides some protection from physical threats such as earthquakes, flooding, fire and theft.

If you use a service that allows devices to be wiped remotely, this increases the need to have separate backups. Honan fell victim to Apple's optional Find My Mac feature, which allows users to locate and wipe a stolen device. There are similar services such as Prey, which also works on Windows, Linux and Android. Use with care.

A cloudy future

There's clearly a trend towards keeping data online ("in the cloud" is the new jargon) and accessing it from numerous devices including PCs, tablets and smartphones. While this can be convenient, it also brings risks. As Schofield's Third Law of Computing states: "The easier it is for you to access your data, the easier it is for someone else to access your data."

Strong passwords don't protect you if someone using the same public Wi-Fi can easily hijack your session cookies with Firesheep and get instant access to your email and Facebook accounts. (See my previous answer, Using a VPN to protect your web use.)

Also, it's now scarily easy to add a cheap, inconspicuous keylogger to any publicly accessible computer, as I was recently reminded by DJ Walker-Morgan.

Honan wrote: "My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms – which can be cracked, reset, and socially engineered – no longer suffice in the era of cloud computing."

Until we come up with something better, always use secure https connections rather than http, when available. We now need all websites to support https all the time.

Bundling and Minifying Inline Css and Js

Introduction:

                    Application performance is the very important factor for an application success. Yahoo's Best Practices for Speeding Up Your Web Site is a great resource for increasing your application performance. Out of these practices, 'Putting Stylesheets at the Top','Putting Scripts at the Bottom' and 'Minifying(external and inline) JavaScript and CSS' are very important practices. Minifying inline css and js is also very important. From Yahoo Best Practices page 'In addition to minifying external scripts and styles, inlined <script> and <style> blocks can and should also be minified. Even if you gzip your scripts and styles, minifying them will still reduce the size by 5% or more. As the use and size of JavaScript and CSS increases, so will the savings gained by minifying your code '. So, in this article, I will show you how to minify and bundle(combine all css/js) your inline css/js.

        Description:

                    Open your ASP.NET application(WebForm or MVC) and install BundleMinifyInlineJsCss nuget package.

                     

                    Then register the response filter. If you are using WebForm, you can register response filter in a master page and if you are MVC, you can use register response filter in an action filter.  

01	public partial class SiteMaster : System.Web.UI.MasterPage

02

{

03	protected void Page_Load(object sender, EventArgs e)

04

{

05	Response.Filter = new BundleAndMinifyResponseFilter(Response.Filter);

06

}

07

}

08	public class BundleMinifyInlineCssJsAttribute : ActionFilterAttribute

09

{

10	public override void OnActionExecuting(ActionExecutingContext filterContext)

11

{

12	filterContext.HttpContext.Response.Filter = newBundleAndMinifyResponseFilter(filterContext.HttpContext.Response.Filter);

13

}

14

}

15	[BundleMinifyInlineCssJs]

16	public class HomeController : Controller

                    Now just run your application. If a page view-source is,

                    After using the above response filter, it will become,

.

                    Note in the above screen the inline css moved to top, inline javascript moved to bottom and inline javascript/css is minified and bundled. 

        Summary:

                    In this article, I showed you how to you quickly and easily put all your inline css at the top, put all your js at bottom and minifying/bundle all your inline  javascript/css using a response filter. Hopefully you will enjoy this article too.