C#
Because it's just better than VB.Net
Those of us using FxCop or Visual Studio's code analysis are well used to seeing the plaintive plea to strong name our assemblies. Strong names provide versioning and verification as well as allowing assemblies to be placed into the global assembly cache. They are generally a good thing. But there's a problem. Like any type of code or message signing they require a keyset and that keyset should be kept secret. What happens in open source projects or in corporate environments? Ideally the strong naming should become part of the build process; but that requires the key files to be...
Well I didn't manage to get socks stuck on the projector this time around. The slide deck and demos are available for download. Every DDD session this year has been filmed; so if you missed it watch the DDD site for the video. Technorati Tags: developer day,ddd,ddd7
Yesterday saw the release of the beta version of the P&P team’s WCF Security guide. The guide, Improving Web Services Security: Scenarios and Implementation Guidance for WCF, is the Microsoft recipe book for Windows Communication Foundation. It aims to show you how to build secure services using WCF and promises to be "a compendium of proven practices, product team recommendations, and insights from the field", including application scenarios and step-by-step how-tos. Best of all it’s free; published as a PDF for download. The chapters are Security Fundamentals for Web Services Threats and Countermeasures...
On Channel9 last week Amiga forever! wanted to know how to pass multiple parameters to a WCF callback; so as I covered callbacks at DDD Scotland briefly this seemed like a perfect excuse to illustrate how to create a callback in WCF. So why do we want callbacks? One of remoting's more useful features was the ability for a server to trigger events on a client; WCF callbacks provide the same sort of facility. To start lets create a new WCF project by choosing the WCF Service Library in VS2008; You can see I'm targeting...
I received the email last night; I’m speaking at DDD again, this time on WCF in a presentation entitled Web Services; we don’t need no stinking web server Remoting is dead. Long live WCF. This session aims to cover the creation of web services with WCF, inside and outside of IIS, including one way and two way services, as well as contracts, faults, authentication, authorisation and security. I think I’ll try to sneak something CardSpace related in there *grin* As an added bonus I’m also sitting on the recruitment round table discussion sharing my personal thoughts on where candidates...
On the suggestion of one of our members, Adrian Sutcliffe (nxtgenug - the listening usergroup *grin*) we grabbed Jean Paul Boodhoo as soon as he got off the plane from the US, putting him in the boot of my card and dragging him out to Oxford. Jean Paul is taking time out from his "Nothing but .NET" course in London to come out and cover the fundamentals of .NET programming. Not to be missed. What:Nothing But Jean Paul BoodhooInternational renowed presenter Jean Paul Boodhoo covers loads of fundamentals of .NET programming. If you’re programming with .NET, don’t miss it. Nuff...
Last night I gave a nugget on Duck Typing. The presentation deck is available, the library I talked about is from http://www.deftflux.net/blog/page/Duck-Typing-Project.aspx. What’s a nugget you say? Well at nxtgenug we encourage our members to stand up and talk, if only to allow them to escape hearing Chris, Dave, Rich, myself or any of the other organisers for months on end. The topics can be what you like, the length can be between 5 and 15 minutes. It’s a gentle introduction to speaking. Want to try? Then let us know, we’ll give you as much help as you want or need ... Technorati...
A while back the call went out for a .NET speakers who would come to Ireland; and now the Irish Microsoft Technology Conference has been finally announced by Claire Dillon. Yes, I am speaking, giving my "Hacking Web Sites for Fun & Profit" talk (which doesn't appear to be as trendy as all the other topics, but Dominick Baier beat me to a CardSpace presentation!). I'm not sure this counts as an international engagement for me as I was born north of the border, but it does give me a a birthday cake, as my birthday is the day after and...
The nxtgenug crew have grabbing Denis Cruz again for a couple of two day training courses, March in Leamington Spa and April in London. Having sat on the panel with Denis during the Ed Gibson road shows and having seen him at various DeveloperDays I can't recommend him enough (even if Dave thought we were both about to punch either other during the panel discussion <g>). He's insanely passionate about security and scarily knowledgeable. The course aims to cover such topics as Security Principles, .NET Framework Architecture, Threat Modeling, Discovering Vulnerabilities, Penetration Testing Techniques and Secure Coding Techniques. If he...
One of the things I try to hammer home in my presentation is you should never emit user input without making it safe. The HttpUtility class provides developers with two main methods for this, HtmlEncode and UrlEncode. HtmlEncode will take a string and escape it so that it is safely displayable on screen, removing the risk of Cross Site Scripting attacks. UrlEncode takes a string and escapes it to a format suitable for use in a URL and is usually used to encode query values, escaping such characters as = and & into their encoded values; but what happens...
Not content with having DeveloperDay twice a year at no cost there's now a new UK event, WebDD. Like DDD it's free, held on a Saturday at Microsoft, the 3rd of February to be precise. This free conference features some rather stunning speakers including ASP.NET's very own Scott Guthrie, Dave Verwer of the Ruby world and two guys from Telerik, Hristo Deshev and Zhivko Dimitrov. Oh, and me. Again. (Yes, my name isn't spelt right on the speaker list yet, but frankly the idea of meeting Scott Guthrie overshadows that by a long shot! [edit] five minutes and it's fixed, heh.) The...
A slightly more relaxed Developer Day yesterday, with calming blue speaker polo shirts. This time I covered "Security ASP.NET Applications and Communications" which attempted to give an overview of ASP.NET's security model, guide the choices made when choosing authentication and authorisation strategies, a brief look at how to secure communications between tears and some how tos supporting the options I had covered previously. The slides and notes are available.
I ended up with a full session, with a couple of people sitting on the floor at the sides of the room, always quite intimidating and ego boasting at the same time....
Component Factory are distributing the new release of DotNetMagic Krypton Toolkit; downloadable here. It provides user interface controls for Windows Forms, targeted at Visual Studio 2005 and .NET Framework 2.0. It's even free for commercial use. Best of all, blog all that stuff and lo, a free license is yours. Now, being a slut, I'd go for that. But if you go to the site I've linked to, and watch the demos, well, looks actually looks like a nice set of components. Bonus! If only it had a nice grid. Anyone giving away a decent grid? <g>
It's encouraging to see people thinking and acting on my presentation (encouraging? Heck, I'm smug about it!). Charles Cook noticed that a Visual Studio generated project has multiple ItemGroups in it (forgive me for stealing your example Charles!)
<Project DefaultTargets="Build"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Reference Include="System" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
As Charles points out this is functionality equivilant to a single item group
<Project DefaultTargets="Build"
xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Reference Include="System" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>
So the question arises why have or allow multiple ItemGroups. First we need to look at what an Item is, in MSBuild Terms. Items are inputs into the build, grouped into...
As the comments on the second Developer Day start to hit blogs around the country it is rather ego inflating to see my name in "lights". Last time we were scored by attendees and I assume this time we'll be scored as well, although as I missed the speaker briefing due to the traffic jam at the entrance to the Microsoft Campus I completely forgot to remind people to fill in their score sheets. This may not be a bad thing though because, as usual, I got carried away <g>
The problem with scoring sheets though is you don't get any...
Well that was fun! First there was the traffic jam getting into the Microsoft Campus 45 minutes before it starts, but 15 minutes before the speaker briefing (sorry Melita!) and managed to sit down with Annie who was highly amused to be called a big name speaker. I was highly amused when, upon booting her laptop the hard drive went rather weird and error messages complaining about missing system directories appeared. Panic ensued. I volunteered to dash home to get my identical work laptop, and we could put her drive in an external usb enclosure and copy files. As she...
MSDN just published an article on "Building ASP.NET 2.0 Web Sites Using Web Standards" by Stephen Walther from superexpert.com. Whilst overall it's useful, it's not perfect, I want to take issue with 3 points it makes.
Validating XHTML Pages
The section on validating XHTML pages offers up the W3C validation service as an alternative to the internal VS 2005 validator. This is a great recommendation, but should not be considered an alternative, but a "must do". The internal VS 2005 validator looks at the xhtml as you type. It does not, and cannot check...
If you missed the presentation I gave on "Hacking Web Sites for Fun and Profit" at the first Developer! Developer! Developer! day I'm presenting it aain on the 14 September at Anglia Polytechnic University through vbug. vbug started as a VB organisation I'm a member despite using C#. They arrange technical talks all around the country which are normally free for members, as well as lots of other benefits included discounted Microsoft Software, MSDN magazine subscriptions and, ummm, people like me I guess.
Over on channel9 I saw one of my pet hates, a try {} catch (System.Exception) {} block and responded with the refrain that people I've worked with (Hi Simon!) will have heard, "Don't catch System.Exception". Ok, I'm exaggerating for effect, but a single try {} catch {} statement is generally bad. Catches should be granular, you catch what you can react to and what you can "fix". For example, if you're trying some file operations I would expect to see
try
{
// My very complicated file open statements would go here
}
catch (FileNotFoundException ex)
{
// Reaction
}
You should know the exceptions each statement you...
I spent the afternoon with Tony, the MVP behind sqlserverfaq and the UK SQL Server user group. Aside from getting to see him, his wife and their new son Tony had the need to consume a particular RSS feed onto his site, so I had to work for my dinner as well. The advantage of pulling RSS into a .net DataSet is that you can then leverage data binding to display the feed how you like. So, quick and dirty code time; basically we create an XmlTextReader pointing to the RSS feed and apply an XSLT to extract the information...
So DeveloperDeveloperDeveloper is done and dusted. It was the first time I've given a presentation on how to hack web sites; I now await the results of the speaker score sheets. As if presenting wasn't stressful enough <g>. Unfortunately I didn't have as much time for questions and answers as I would have wished, but the wireless mic was rather fun. For those that are interested and can't wait till my presentation appears on the conference web site (Craig is stuck in a hotel with just a modem connection) I've uploaded the powerpoint deck and sample code.
Remember don't try this...
For the first time ever in the UK, Microsoft is hosting a unique event for developers to learn, share and hear from other developers - but NO Microsoft speakers will be presenting.
Instead the event will feature speakers from the UK .NET Developer Community. <panic>Which includes me</panic>.
It is a FREE event being held at Microsoft UK Reading Offices on Saturday 14th May 2005.
I had planned to cover what is new in SQL2005, but Dave Sussman is doing that and I can't compete! So I'm covering "Hacking websites for fun and profit", which is shoe horned into the SQL track due...
The promise of xcopy deploy, the ability to simple copy your files onto a destination machine and have your problem run was one of .net's big attractions after the pain of COM, installers and the wrestling match that dllhell produced. As you can reading having to force Crystal Reports onto NT4 threw the concept of xcopy deployment away for that application.
An added hurdle is use of the Windows Event Log. The .net framework provides the System.Diagnostics.EventLog classes to enable you to easily write (and read) events. Merrily you scatter log events throughout your code;
// Put my really...
So I'm writing a set of interfaces and base objects for the c# persistence layer I wrote about last week. As you expect you have an interface every object for persistence must implement (IBaseEntity if you must know, it basically requires an implementation of an IsDirty property), some relevant exception classes, and then the base persister class. Here a CLR "limitation" raises its ugly head.
My persistence base class has a constructor that accepts a SQL connection string and four Save methods, all with the internal access modifier. As you may know this limits access to these methods to classes contained...
I'm currently consulting on two banking projects, which provide translation, validation and distribution of various data feeds from various mainframe based systems. It's almost a BizTalk system, but BizTalk is too heavy in terms of infrastructure requirements and licensing costs, even the Microsoft representative suggested that a roll your own solution would be better. We've currently discussing object persistence and where it should happen.
There are two distinct camps, with one group who believe that objects should have an understanding of their own persistence mechanisms and the other camp, where I am commandant, believes persistence should be in a separate logical...
If you're writing a tracing and logging component you may well want to pass the current method name to your logging component. Rather than hard code it (then forget to change it when you change the method name) you can use reflection and the MethodBase class to retrieve the name.
System.Reflection.MethodBase currentMethod = System.Reflection.MethodBase.GetCurrentMethod();
System.Diagnostics.Debug.WriteLine(currentMethod.Name);
System.Diagnostics.Debug.WriteLine(currentMethod.DeclaringType.Name);
System.Diagnostics.Debug.WriteLine(currentMethod.DeclaringType.Namespace);
Following on from DataSet date filtering is not culture sensitive I did some asking of people I know at Microsoft. They suggested I log a bug report. That's a lot easier now, as bug logging for all the .net framework 2 betas are open to the public at lab.msdn.microsoft.com. So I present to you Bug Details: ADO.Net view filtering is not culture sensitive. Go vote on its importance.
This week I gave a quick one hour overview of ADO.Net to the developers I am currently mentoring. When I covered relationships within datasets, basically a primary / foreign key constraint I was asked where that would be useful. Aside from enforcing data integrity on inserts and deletes you can use relationships to make nesting asp.net repeaters easy.
If you look at my spam pages you can see there is an obvious data hierarchy, each month has a collection of days which show a daily spam count. Rather than send a request to the SQL server to give me...
One of the nicer things about the .net framework is its support for cultures, if you're running on a UK machine dates are handled in UK format, if you're in France date displays will display Lundi instead of Monday. By using satellite assemblies for string resources your software can use culture specific information with no extra work and if you want to do the same in asp.net then components like Localizer will do the work for you. But there's a little problem...
I recently produced an appointment calendar for the wife so she can allow her clients to see her availability...
SPF is a great anti-spam method. It verifies that the SMTP server sending an email is authorised to send email on behalf of the domain in the FROM: header. However programmers don't seem to be helping. dasBlog and Wallop, as well as other numerous web applications, including ebay send emails using the address you give them. So when I sent out wallop invites to hotmail addresses they bounced.
Diagnostic-Code: smtp;550 207.68.176.8 does not pass SPF requirements for domain wallop@idunno.org
Damn right it didn't pass. My mail server is the only SMTP server that should be sending emails from my domain. So what...
HTTP modules are great. I finally implemented the blogger api as one, using the excellent Cook Computing XML:RPC library from Cook Computing. The problem comes when you create applications under your root application. This is a common enough scenario and necessary sometimes (for example nGallery needs to be in its own application because it uses its own authentication modules). The problem arises when you add HTTP modules and handlers to your root application. Suddenly you discover that your new application needs them too.
But wait, there appears to be a solution, the <remove> functionality, or even <clear> You would think that...
One of the painful things about good old ASP was string formatting, VBScript simply didn't have anything useful. C# (and VB.Net) do, but MSDN doesn't provide a quick reference to the formatting options. So here's a quick reference.
To compare string formatting in C# to those in C lets have an example,
char szOutput[256];
sprintf(szOutput, "At loop position %d.\n", i);
sprintf takes an output buffer, a format string and any number of arguments to substitute into the format string.
The C# equivalent for sprintf is String.Format, which takes a format string and the arguments. It returns a string, ...
Recently I've been working on some .net code at Microsoft UK. Part of the daily build process involves checking the code submitted into source control against design guidelines, some of which are listed on MSDN. This is all very nice, especially when it's automatic, but a thought occurred, why is hungarian notation considered harmful?
Never heard of hungarian notation? In the DOS years Dr Charles Simonyi, Microsoft's chief architect introduced an identifier naming convention ...
The SQL source on logging page referrals has been updated to create a last updated column, a trigger to keep it updated and a click count column. Thanks to Scott Mackey from www.scomak.com for pointing out I had missed that in the table creation sql, but the stored procedures were attempting to use the tables.