Debugging ASP.NET Application events

Lately, I've been working on some ASP.NET sites. I wanted to debug items that get created during the Application.* events (in this case, OnStart specifically).

Sadly, if you just put a breakpoint in the code and hit F5, you get the maddening experience of the debugger not stopping on your breakpoint.

Thankfully, through the magic of System.Diagnostics.Debugger.Break(), you can force a window to popup, asking which version of Visual Studio you want to attach as a debugger!

Happy debugging!
jk

Moving an SVN repository between machines

I thought this was a pretty nice, straightforward howto on migrating a
repository from one machine to another machine. I naively thought one
could just copy and paste the directories, heh heh.

enjoy!

jk

Alice & Bob

Things like patterns and best practices help out developers by promoting consistency and communication.  e.g.

 

In describing a piece of code to a fellow developer, which is easier to understand:

1)       I defined a family of algorithms, encapsulated each one as an object, and made them interchangeable
-or-

2)      “I used a Strategy Pattern” (http://en.wikipedia.org/wiki/Strategy_pattern)

 

Clearly #2 is easier to understand.  Not only did I use a tried-and-true coding technique (the pattern), but the term “Strategy Pattern” conveys special meaning and becomes part of the common language amongst developers.

 

In that same vein, the Security Community uses a common set of terms to represent characters in a system:  http://en.wikipedia.org/wiki/Characters_in_cryptography

.  The canonical example of this is: ‘Alice sends a message to Bob, but does not want Eve to read the message’.  When two security professionals sit down to discuss a scenario, this common verbiage raises the level and efficiency of communication.

 

Please read the ‘Characters in cryptography’ link and familiarize yourself with the characters.  I think these characters can have potential value in many developers day-to-day lives, just like design patterns already do.  Improving communication and developing a common set of terms will only help a team be more successful!

 

jk

 

 

 

 

 

 

Spring is almost here; so is Twin Cities Code Camp : Spring 2007

Mr. Bock (http://www.jasonbock.net) is organizing the 2^nd Twin Cities Code Camp (http://www.twincitiescodecamp.com/TCCC/Spring2007/Sessions.aspx) on April 28th, 2007.

I’m very excited to do a session with Dan (check out his feed at http://feeds.feedburner.com/humanstuff). We’re going to tackle the newly released (December 2006) Web Service Software Factory for WCF put out by the Microsoft Patterns and Practices Group.

The 1^st code camp was a great time; don’t miss this one! The .Net folks got along with the Ruby folks who got along with the Java folks - it was one big geek-love-fest (no, no, nothing dirty) :) Please register here:

Current sessions (75 minutes) and Chalk Talks (30 minutes) include:

Sessions
-3D Construction Basics in WPF - Mike Hodnick
-CPU and Game Emulation Design - David Pinch
-Delegation and Kerberos in the Enterprise - David Baldauff
-Developing for Windows Vista using Visual Studio 2005 - Cory Smith
-Extending Microsoft Office 2007 as a Platform - Scott Yokiel
-If Darwin Could Write Code - Jake Good
-Inside the WCF Web Service Software Factory - Jeff Knutson and Dan Mork
-An Introduction to LINQ and the ADO.NET Entity Framework - Adam Grocholski
-An Introduction to PowerShell - Neil Iversen
-There Must be Fifty Ways to Unit Test your Software - Jon Stonecash
-What Ruby on Rails can Teach .NET Developers - Dan Mork and John Howes

Chalk Talks
-Beyond Orcas - Where is .NET Going? - Jason Bock
-SSIS Tips and Tricks - David Baldauff
-Web Part Development - Neil Iversen

jk

.NET 3.0 links

We're all excited that .NET 3.0 is here. Here are a few links and comments to help you out...

If you have previous versions of .NET 3.0, PLEASE PLEASE PLEASE do yourself and your friends a huge favor and run the Pre-released Microsoft .NET Framework 3.0 Uninstall Tool.

Once you've installed, the RTM link to .NET 3.0 is: here

UPDATE: 11/30/2006 : 3:11pm
Apparently i'm not the only one happy about .NET 3.0 shipping.  Aaron Skonnard just posted a link of Doug and Don dancing and singing on channel 9

jk

Code Camp 2006 - What a great day

The inaugural Twin Cities Code Camp was yesterday at New Horizons of Minnesota in Edina, MN.  I don't have the exact stats, but I heard there about 140 attended!

The facilities were first rate, Magenic provided plenty of pizza and soda for lunch, and the camaraderie was excellent.  I saw .Net people talking to Ruby people talking to Java people; it really warmed the heart :)

I attended the following sessions:

• Neil Iversen's SharePoint as a Development Platform
  
• Jason Bock's State of Languages in the CLR
  
• Robert Boedigheimer's Utilizing .NET Cryptography
  
• Andy Morrison's Building Reusable Business Processes in BizTalk
  
• (my session) Securing Web Serivces in WCF
  
• Scot Yokiel's Intro to WCF

Being a security enthusiast, Robert's session was one of my favorites. It distilled the essence of hashing and crypto into very tidy, bite-sized pieces to digest. Grab the slides/code and check it out. Robert has a really nice demo on how to tamperproof querystrings, which Schwans.com has implemented.

The content was first rate, I got to meet a lot of people, see a lot of old friends, learned a lot (technical and about presenting) and the post-event speaker party was good clean fun as well.

Thanks again to Jason Bock for getting this started.  Thanks to all of you who attended, presented and sponsored food/prizes.  I'm looking forward to the next one (April 2007???)!

jk

Some Halloween pairing wisdom from Mr. Fowler

I was catching up on some blogs this afternoon and ran across this one from Martin Fowler's posted on 10/31/2006...

http://martinfowler.com/bliki/PairProgrammingMisconceptions.html

From my experience, XP/Agile has a lot to do with doing what makes sense in development and getting rid of the stuff that doesn't and if something is 'Agile', very little is mandated or else it wouldn't be very 'Agile', right? :)

I've been on teams where pairing is done.  One particular project we did a lot of pair programming which turned out very nice IMHO.  There were few bugs, we hit our estimates and the code was clean and well-factored.  Most importantly, the client loved it and it solved a real business problem!!!

Another pairing benefit (which Mr. Fowler alludes to in his final point) is in the area of code reviews (you *ALL* do code reviews, right?).  Just like documentation, security, and testing, code reviews are sadly one of the first qualities to go when a project gets behind because “there's not time to do it”, even when the reality is that “there's not time not to do it”.  I see too much poor quality code get written and developers spending too much time firefighting because of hastily constructed in “heroic code“.

The final point in Mr. Fowler's post is about code smell; I have nothing to add except “RIGHT ON”!  Developers constantly raise the layer of abstraction to raise productivity which is why we don't write business apps in assembly anymore.  Duplicated code stinks, espically when there is a bug in it and it gets copied throughout the organization...grrr...

I think developers should give pairing more thought; if for no other reason than to reduce the chance of carpal tunnel syndrome by 50% :) 

jk

VB 6.0 + Microsoft InteropForms Toolkit 1.0

Brad Abrams posted a link to the Microsoft InteropForms Toolkit 1.0 on his blog today. This should be very helpful in gracefully pulling existing VB 6.0 resources into the .Net Framework.

jk

Arithmetic overflows/underflows in C#; yes it is possible

I've been meaning to write about this for a few weeks; better late than never!

On day 3 of Building Connected Systems, Mr. Brown mentioned that it is possible to overflow numeric variables in C#. This surprised many other students in class (myself included) as developers assume 'managed code' takes care of this like it does with array bounds checking. From my understanding, VB.NET does not allow this scenario (I have not verified this, but trust Mr. Brown's assertion)!

When I started writing this entry, I was just going to do Int32, but after expanding to other integral and float types, I noticed differing behavior in how the .NET runtime handles this scenario. So, to try this out, I fired up a C# console app Visual Studio 2005 and here's what I found:

• int.MaxValue + 1 == int.MinValue (it overflows and wraps around with no exception)
• uint.MaxValue + 1 == 0 (it overflows to zero since it is unsigned; no exception thrown)
• float.MaxValue + 1 == float.MaxValue (yes, the runtime handles the overflow, no exception is thrown, but it behaves differently tha int and uint)
• double.MaxValue + 1 == double.MaxValue (same as float)
• decimal.MaxValue + 1 throws a System.OverflowException

Keith's recommended turning on overflow checking for all C# projects and then using the 'unchecked' statement if you really need to squeeze performance out of your code. (My aside on this is that if you're really writing high perf code, perhaps managed code is not the optimal tool for the job?? One of my favorite Fergesonisms (circa 1998) is: "Use the right tool for the right job".
To turn on overflow/underflow checking in your C# project:
1. Right click on your project in the Solution Explorer and select Properties
2. On the Build tab, click the Advanced button
3. Make sure "Check for arithmetic overflow/underflow" is checked

An FxCop Rule or source control checkin policy would be two good tools to build around this! :)

jk

New metasyntactic variable or What is a Manamana?

I think that Manamana would make an excellent metasyntactic variable.

If not, at least you can watch the video and get a moment of levity during your work day! :) It is highly recommended to start scrum meetings with :)

cheers
jk

WSSF for WCF RC1

For those who missed Aaron Skonnard's post on this today, the PAG team just released the new version of the Web Service Software Factory for WCF RC1. This is the same WSSF that I was referring to on Day 2. This is just the WCF version and not the ASMX version.

jk

IIS 7 Resources

Last week while I was in training, Eric Deily, a Program Manager on the IIS 7 team, came in to talk about the work they are doing. I tried to take good notes to pass along!

• They have their own web site with code samples/demos/forums. http://www.iis.net. Eric says the product team members actively monitor and watch the forums.


• There is a link to the feature matrix  


• There is a much better extensibility story. Developers will be able to swap in/out components. e.g. if you don't like how the static file handler works, you can write your own and replace the one that ships with IIS (via config)


• That beast Metabase.xml is going away, replaced with a much better configuration UI and XML structure (much rejoicing there)


• For those using PHP, there will be a module to support you


• CGI is turned off by default (in the spirit of reducing your attack surface area)


• It has web services exposed for remote server config (no more DCOM here) secured via Transport Layer Security (TLS/HTTPS)


• Appcmd.exe will replace the admin scripts


• They are VERY concerned with backwards compatibility - no web site left behind :)


• Inetfino.exe is not installed unless you install the "IIS 6 management compatibility" component. This is a BIG CHANGE if you have scripts/developers who use iisreset on a regular basis.


• Much more diagnostics/tracing built in. You will be able to do a dump at the app domain level if needed.


• Microsoft PSS helped write more detailed error messages with suggested courses of action


• You can play with this before Vista/Longhorn server comes out at http://virtuallabs.iis.net


• IIS7 will NOT BE on SERVER 2003. Eric said this was a technical limitation, not a marketing one!


• For Longhorn Server, the team is focusing on the server-farm scenario


• Eric did a very cool demo/sample at http://iis.net of writing your own module to replace the directory browser to build a photo gallery type of feature!

jk

Building Connected Systems - Day 5 (the last day)

WOW, what a great week; this was a top-notch experience all-around!

Kudos to Pluralsight for putting on a great class. Covering this many topics in a week is a tall order but they pulled it off admirably!

The class was held at the Redmond Marriott Town Center where we received first class treatment and accommodations. I hope Pluralsight is able to keep using this location for future events.  (As a bad pun, their employees were very 'service oriented') :)

Clearly, Pluralsight has some of the best instructors in the industry (which is why I wanted to come here in the first place; if you're going to spend time and money on training, it had better be good training!).

• Aaron Skonnard


• Keith Brown


• Fritz Onion

Today, we're down to the eye-candy topics: WPF, Fritz did an AJAX demo with Atlas.

From a personal standpoint, I got to see my friend Brian (a Microsoftie) a couple times. Eric Deily from the IIS7 team came out to talk about features of IIS 7.0 which was very intresting. The IIS7 team has spent a great deal of effort in allowing you to swap in/out modules via config at a server->application level. This helps an admin pare down the server features to reduce attack surface, which is a good thing. If you want to write your own modules, you can swap out the built-in ones with your own (e.g. if you think you can build a better static content handler, go-for-it)!

Please feel free to email me (jeffk at Magenic dot com) if any of the blog posts about this week raise questions, etc...espically the areas of WCF and security!

It's fun being here in Seattle, but I'm realy looking forward to getting home again!

jk

Building Connected Systems - Day 4

Ok, my mind is oatmeal now :) but i'm going to blog about today anyway!

Keith did the Workflow WWF (WF) lecture and lab today. In WF:

• the Activity is the main unit of execution, reuse and composition


• right now, integration between WF and WCF is not a great developer experience right now (this will improve as the WF and WCF teams have merged to the Connected Systems Division)

After the WF lecture, Keith left us in the very capabable hands of Mr. Fritz Onion who led us through ASP.NET 2.0 stuff for the rest of the day (UI, Data and web parts). After 3 days of solid learning, Fritz was kind to the class and didn't beat on us too much! :)

At the end of the day, Don Smith from the Microsoft Patterns & Practices Team (PAG) came in to talk about the good work they're doing and did demo of the WCF Service Factory. I'm really looking forward to the new build of this tool which supports the RC1 of the .NET 3.0 framework! Don was a blast to listen to and I know the class was glad he came out to talk to us!

One more day! :)
jk

Building Connected Systems - Day 3

Today is 'Security Day' with the esteemed Keith Brown leading the class. We talked about lots of WCF-Security stuff, and also a lot about web security.

Some of the more interesting web security things were:

• The Code Room - Vegas starring Keith Brown et. all.  It is a fun little poke at security on web sites and shows session hijacking and SQL injection.


• Keith has an excellent set of tutorials about input validation located at http://pluralsight.com/wiki/default.aspx/Keith/InputValidationModules.html. All developers should be using these techniques to improve web site security!


• Integer overflow in managed code exists in C#!!!! This suprises a lot of people (myself included). Keith recommended turning on checking at a project level, and use the 'unchecked' statment if you really need to 'squeeze' performance and bypass the overflow/underflow checking.


• I got Keith to sign my copy of The .NET Developer's Guide to Windows Security (ok, a bit nerdy I admit)


• The Cookies and tamper detection module is excellent!


• We did a lab on input validation using regular expressions. Here is a good link to the PAG site on common regular expressions. Remember, all user input is EVIL and NOT TO BE TRUSTED!


• Manageability (instrumentation) often gets overlooked in apps because we're too busy building features. However, when it comes time to debug, it is difficult to impossible to quickly find the problem. The .Net Framework makes it trivial to write to the event log and Windows performance counters and there is no reason not to do it!

My brain is full for today. Time to relax for a bit and get ready for days 4 and 5.

jk

Building Connected Systems - Day 2

Day 2 was excellent. Aaron did a demo on the Web Service Software Factory. If you have not seen this, check it out. It is something the PAG team built to help accelerate initial project creation. It creates a solution with multiple projects (web service layer, biz object layer, a mapping layer, and even some test projects). Ther is also one available for WCF, but as of this post there is no a version for RC1 available yet. I strongly encourage y'all to check this out as it seemed very useful! After that We focued on WCF concepts; contracts, serializers, behaviors and bindings. To end the day, Microsoft Connected Systems Division (think: WCF + BizTalk) Archtect Steve Swartz came in and talked about potential future directions. Some interesting comments were:

• WCF is happy with SOAP or REST


• MSFT is going to push more services "into the clouds": e.g. there is already a beta STS service available here


• MSFT is going to try to make BizTalk more of a .Net extension and not a silo of its own.


• Improve developer tools; e.g. if a developer wants to publish an RSS feed, it should be as simple as instantiating a class and 'start pumping RSS out'.


• Start thinking about 'claims' in the security space. Check out Kim Cameron's blog for more information.


• Autonomy is 'a' value - it is not the 'one' correct architecture value. (think: 4 tenets of SOA)

Steve was a blast to listen to; scary-smart guy!

jk

Building Connected Systems - Day 1

Day 1 was good. There are only 16 people in the class (2 Microsofties, and 2 former Microsofties, myself included) which is nice for personal attention and discussion. Today we reviewed SO, Web Services and the existing technology stack (ASMX 2.0, WSE 3.0). A lot of it was just tablesetting and laying the justification groundwork for WCF, WF and BizTalk. Near the end of the day we started on some BizTalk 2006, which will flow into tomorrow (about 1 hour left of the lab). Aaron Skonnard was our instructor. I love listening to people who are passionate and knowledgable about a topic. Some of the more intresting comments were:

• ".Net Remoting has the least optimistic future of the communication models (ASMX, WSE, Enterprise Services, Remoting & MSMQ)"


• It would be really interesting to see a WCF Channel for SQL Service Broker


• The REST vs. SOAP debate: one thing in favor of SOAP is the existing tools (which is likely why Google chose SOAP for their SOAP Search API and not REST


• Contract first vs. Code first for web services; typically collaberation drives contract first and smaller projects tend to migrate toward code first

I'm really looking forward to Day 2 which will cover WCF.

Early bedtime tonight! :)

jk

.NET Campsight: Building Connected Systems

It begins:  http://www.pluralsight.com/courses/CampsightConnectedSystems.aspx

More to come as I have time to post! :)

jk

Foo has a name

Nearly every developer has used the word 'Foo', 'Bar' etc...Apparently there is a Wikipedia entry for it: Metasyntactic variable - Wikipedia, the free encyclopedia

jk

Twin Cities Code Camp - Nov 11, 2006

The inaugural Twin Cities Code Camp will be held Nov 11, 2006. Check out the sessions here.

As of this post, 3 other Magenicons will be presenting (Jason Bock, Michael Dunn and Rocky Lhotka). I will be doing a session on using the security features of Indigo Windows Communication Foundation (WCF). Best of all, it's FREE!!!!!! Hope to see y'all there!

jk