ASP.NET Controls – Problem sorting GridView with SqlDataSource control

Let me start by saying that Microsoft don't consider this issue as a problem, as you can see here this is a “by design” behavior.

The problem is well described in the referred Connect feedback and it contains a workaround.

Although simple, the workaround requires you to always register the GridView Sorting event and make the tweak according to the current GridView settings. Well, if are like me you will forget to do it half the times needed.

So, I made a not so simple workaround that will take care of the issue for me.

I override the OnSorting method from GridView so I can handle the GridViewEventArgs instance and override its SortDirection value.

To turn this into a general solution I partially reproduce the ParseSortString method from DataTable to find out if the current SortExpression contains either the ASC or DESC keywords.

Here is the code:

public class GridView : global::System.Web.UI.WebControls.GridView
{
    protected override void OnSorting(GridViewSortEventArgs e)
    {
        if (!string.IsNullOrEmpty(this.SortExpression))
        {
            if (this.SortExpression.Equals(this.SortExpression))
            {
                bool isMultipleSortExpression;
                SortDirection? sortDirection = GetSortDirection(this.SortExpression, out isMultipleSortExpression);
                if (sortDirection.HasValue)
                {
                    // To undo bug in GridView.HandleSort(string sortExpression) and then in GridView.CreateDataSourceSelectArguments()
                    e.SortDirection = SortDirection.Ascending;
                }
            }
        }
        base.OnSorting(e);
    }

    private SortDirection? GetSortDirection(string sortExpression, out bool isMultipleSortExpression)
    {
        SortDirection? sortDirection = null;
        isMultipleSortExpression = false;

        string[] strArray = sortExpression.Split(new char[] { ',' });
        for (int i = 0; i < strArray.Length; i++)
        {
            string strA = strArray[i].Trim();
            int length = strA.Length;
            if ((length >= 5) && (string.Compare(strA, length - 4, " ASC", 0, 4, StringComparison.OrdinalIgnoreCase) == 0))
            {
                sortDirection = SortDirection.Ascending;
            }
            else if ((length >= 6) && (string.Compare(strA, length - 5, " DESC", 0, 5, StringComparison.OrdinalIgnoreCase) == 0))
            {
                sortDirection = SortDirection.Descending;
            }
            if (!sortDirection.HasValue)
            {
                break;
            }
        }
        if (sortDirection.HasValue)
        {
            if (strArray.Length > 1)
            {
                isMultipleSortExpression = true;
            }
        }
        return sortDirection;
    }
}

Enjoy it.

Patch For ASP.NET Vulnerability Available

Microsoft has published a Security Advisory (2416728) about a security vulnerability in ASP.NET on Saturday, September 18th. This vulnerability exists in all versions of ASP.NET and was publically disclosed late Friday at a security conference.

Scott Guthrie has provided information on workarounds (please see Important: ASP.NET Security Vulnerability and ASP.NET Security Vulnerability) to prevent attackers from using this vulnerability against their ASP.NET applications.

To help with Microsoft’s response to the new padding oracle vulnerability, a new forum was also set up: Security Vulnerability.

Microsoft has now announced the release of an out-of-band security update to address the ASP.NET Security Vulnerability.

Applying the update addresses the ASP.NET Security Vulnerability, and once the update is applied to your system the workarounds Scott has previously blogged about will no longer be required. But, until the update has been installed, those workarounds must be used.

You can learn more about this security update release from this reading the Microsoft Security Response Center Blog Post as well as the official Advance Notification Bulletin.

Important Links: