|
>
 Monday, April 02, 2007
 |
|
 |
|
|
|
|
|
Once again a fantastic conference in Orlando. Dev Connections just keeps getting better and I always enjoy being part of it. Not to mention the weather in Orlando isn't bad! Here are links to my code samples for each talk I delivered. Enjoy! .NET Technology Roadmap Tutorial ASP.NET and WCF ASP.NET and CardSpace - Demonstrations in this talk can be found here:
WCF Federated Security - My claims-based samples can be found here:
- And, my STS sample here (NOTE: this sample will be updated shortly with an upcoming article, stay tuned!):
WCF Contracts and Versioning ASP.NET Performance (Updated 06/07/2007) Ok people, I had this in my Windows Live Writer to send a long time ago, and somehow it did not post...but since I haven't posted in a while I didn't notice. Many apologies for the delay. Does the "better late than never" statement apply here? I hope so... - In this talk I covered a lot of ground, and theory around performance including simpler performance tips, the progression of asynchronous handlers to component distribution, and the importance of performance counters for your SLAs.
- You can look at my ASP.NET Sandboxing articles and samples for more resources on component distribution.
- See also the following data demos for examples of data caching
- My LocalizedGallery globalization example (posted here) illustrates the use of complex output caching based on custom caching by browser, culture and profile
- Asynchronous HTTP handlers:
- Here is an example showing how to create custom performance counters:
- Here is an example illustrating some of the health monitoring configuration features of ASP.NET 2.0:
|
|
|
 |
|
 |
Friday, March 23, 2007
|
|
|
|
|
|
|
|
|
I created a presentation in November of last year with the goal of helping folks make sense of the vast number of Microsoft technologies from development tools, language, data, windows, web and SOA development. This blog post holds the latest links to resources and code for each section. System Requirements The links below use the following technology platforms: - Visual Studio 2005 and .NET 2.0
- .NET 3.0
- NET 3.0 Runtime (installed with Vista)
- Windows SDK for .NET 3.0
- Visual Studio 2005 Orcas Extensions for .NET 3.0:
- WCF&WPF (Nov 2006)
- WF (Nov 2006)
- ADO.NET and LINQ CTP for VS 2005 (May 2006)
- LINQ CTP
- ADO.NET vNext CTP
- ADO.NET vNext Entity Data Model Designer Prototype, CTP
- Visual Studio Orcas CTP (March 2007)
Development Tools In this section I reviewed the stack of development tools and explained how to choose between them. Language Enhancements In this section I talked about moving from .NET 1.1 to 2.0, and discussed the key features of 2.0 that folks should be leveraging. Then, I focused on the language enhancements forthcoming with C# 3.0 and VB 9.0. Demos: Data Access In this section I focused on data access technologies, designing the data access tier, and key features of ADO.NET 2.0, vNext and LINQ to give you some idea how to prepare for the next set of innovations. Demos: - When you install ADO.NET vNext and LINQ there are literally 100s of samples that will really help you get up to speed here. I show a selection of these in this presentation.
Windows Development
In this section I review Windows Forms 2.0 innovations, primarily ClickOnce, and then talk about how to prepare for WPF, explaining the various deployment models. I also talk about practical approaches to choosing the right platform for your development efforts. Demos:
Web Development
In this section I showed an ASP.NET sample application that illustrates key features of ASP.NET 2.0 and practical application of those features. Then we looked at AJAX and discussed trends on the Web compared to Windows development. Popular AJAX Frameworks: Demos: Distributed System Programming In this section I reviewed the typical use for earlier distributed computing technologies like remoting, enterprise services and ASMX web services with WSE, and compared them with WCF. BPM and Workflow In this section I discussed BPM, BizTalk and workflow and trends for BizTalk vNext. DinnerNow To pull it all together, there is a sample you can download here: www.dinnernow.com that illustrates all of the technologies in a practical example. It includes WCF, WF, WPF, AJAX, Vista gadgets and mobile apps.
|
|
|
|
|
|
|
Sunday, November 12, 2006
|
|
|
|
|
|
|
|
|
A big thanks to all the participated in this monstrous tutorial at Dev Connections. Whew, I can fully admit it was a lot of work to put all the information together in one place, but I hope that you got a lot out of it. For those that didn't attend, the goal of the tutorial was to provide an overview of the current state of the various technologies and tools for Microsoft developers, with an emphasis on the reasons for moving forward with each technology stack, and hopefully some enlightenment on when you might choose each technology. I'll be keeping this one day session current for future conferences, and for on-site sessions with clients. If you are interested in such a thing, contact me at IDesign: www.idesign.net.
Here are the resources I promised from the tutorial.
Development Tools
In this section I reviewed the stack of development tools and explained how to choose between them.
Language Enhancements
In this section I talked about moving from .NET 1.1 to 2.0, and discussed the key features of 2.0 that folks should be leveraging. Then, I focused on the language enhancements forthcoming with C# 3.0 and VB 9.0.
Demos:
Data Access
In this section I focused on data access technologies, designing the data access tier, and key features of ADO.NET 2.0, vNext and LINQ to give you some idea how to prepare for the next set of innovations.
Demos:
- When you install ADO.NET vNext and LINQ there are numerous overview documents, tutorials, and samples that will really help you get up to speed here. These are the demos that I showed in the tutorial.
Windows Development
In this section I reviewed Windows Forms 2.0 innovations, primarily ClickOnce, and then talked about how to prepare for WPF and who should use it today.
Demos:
Web Development
In this section I showed an ASP.NET sample application that illustrates key features of ASP.NET 2.0 and practical application of those features. Then we looked at AJAX and discussed trends on the Web compared to Windows development.
Popular AJAX Frameworks:
Demos:
Distributed System Programming
In this section I reviewed the typical use for earlier distributed computing technologies like remoting, enterprise services and ASMX web services with WSE, and compared them with WCF.
BPM and Workflow
In this section I discussed BPM, BizTalk and workflow.
|
|
|
|
|
|
|
Thursday, October 26, 2006
|
|
|
|
|
|
|
|
|
As some of you may now, localization architcture is one of the subject areas that I have always enjoyed. THough I am in the midst of my WCF book, a few months ago I did wrap up a whitepaper for MSDN on the subject of custom resource providers and custom localization expressions. I also learned a lot in the process, with some great feedback from the product team, specifically Simon Calvert and Eilon Lipton, who pointed me in the right direction for how things work under the covers. In this article you'll learn about custom resource managers, storing resources in the database, accessing resources from external assemblies instead of using the App_GlobalResources directory, and creating custom localization expressions to tie it all together. I hope you enjoy this!
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/ExASPNET20RPM.asp
I'll be writing two follow up whitepapers in this series, a little later this year when I wrap up my book. The subject will be hooking the IDE to help you with your localization dev process and creating complex culture hierarchies that are customizable for personalization. Stay tuned!
|
|
|
|
|
|
|
Tuesday, June 27, 2006
|
|
|
|
|
|
|
|
|
For my webcast today, I illustrated several layers of security features for ASP.NET with the following samples (some samples are extra beyond what we had time for in 1 hour):
Also see my Publications page for articles on this subject for The Server Side .NET
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For my webcast today, I illustrated custom HTTP modules and handlers with the following samples:
Also, look at my RSS for ASP.NET for other posts on similar subjects!
|
|
|
|
|
|
|
Monday, June 26, 2006
Monday, June 19, 2006
|
|
|
|
|
|
|
|
|
In this session at Tech Ed in Boston last week, I discussed how you can apply Enterprise Services (COM+) and MSMQ to build scalable applications pre-WCF. The sample code that I demonstrated is listed below. Don't forget also to look at my Publications page to get more background, specifically the articles I wrote for The Server Side on security and sandboxing which discuss many of the EnterpriseServices features used.
Enjoy!
|
|
|
|
|
|
|
Saturday, June 17, 2006
|
|
|
|
|
|
|
|
|
Yes, at last, I am posting my code for my SDC conference sessions. I am quite sorry about this delay, but I have been travelling non-stop since the conference, and I had at least one million other deadlines upon me and Internet issues during the week following when I had promised to post. So, hopefully apology accepted...here is the code references for all 4 of my sessions!!!!
How ASP.NET 2.0 Processes Requests - Handlers, Modules, Caching, Session and other fun objects involved in the round-trip
- HttpHandlers.zip
- HttpHandlersVB.zip
- If you get ASP.NET Pro magazine, I also wrote an article on this subject, which was reprinted with permission in the SDC magazine for this conference
ASP.NET Security - It's About More than Just Credentials
Applied ASP.NET 2.0 - Essentials for Building Professional Web Sites
Performance Tuning and Monitoring your ASP.NET Applications
|
|
|
|
|
|
|
Saturday, May 06, 2006
Friday, April 28, 2006
|
|
|
|
|
|
|
|
|
I recently updated my PhotoGallery sample code that illustrates many techniques including:
- The use of profiles that store preferred theme and culture
- Dynamic theme selection at runtime based on profile settings
- The use of ASP.NET 2.0 localization features
- Setting the request thread's culture dynamically based on profile settings
- Database localization (table selection by culture)
- Caching by culture and theme
- Workaround for retrieving profile information for custom caching (GetVaryByCustomString())
The sample update is at this link: http://www.dasblonde.net/downloads/VS2005/Globalization/GalleryDemo20.zip
These features were always in the sample, but I came up with some improvements for caching and profiles, and I updated the sample so that all pages cache appropriately. I also created a full SQL script that would create the database and insert records, so that you no longer have to restore a full databas to create those records. Otherwise the sample is much the same. Enjoy!
|
|
|
|
|
|
|
Tuesday, January 24, 2006
|
|
|
|
|
|
|
|
|
I just started a new column for ASP.NET Pro: ASP.NET Under the Hood
In the first edition, I answered a reader's question about dynamically applying themes based on user profile settings at runtime. You can check out the column here: http://www.aspnetpro.com/features/2006/02/asp200602mb_f/asp200602mb_f.asp
If you have other questions, don't forget to send them my way and if I write about it in the column, of course I will also answer you personally in the process.
Cheers!
|
|
|
|
|
|
|
Wednesday, December 07, 2005
|
|
|
|
|
|
|
|
|
I just presented the ASP.NET session for the launch yesterday in Anaheim...lots of people indicated how excited they are about the improvements to ASP.NET...and I agree. I promised some tips on “getting started” with all the new features, to guide you on your way. If you look at these sections in the MSDN library, including articles written by myself and others...that should help!
This article link will take you to the ASP.NET\Infrastructure articles (look at the treeview on the left!): http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnvs05/html/asp2local.asp
If you scroll down in the MSDN on the left side, you'll see a number of other categories, all based on ASP.NET 2.0...this is a good start for reviewing a collection of articles on ASP.NET 2.0.
|
|
|
|
|
|
|
Wednesday, November 30, 2005
|
|
|
|
|
|
|
|
|
In a recent exchange on this forum: http://forums.asp.net/1126817/ShowPost.aspx a few people are looking for tools to help them with the localization process. WARNING, the thread is really long, it will take you two hours to get through it!!! I have already made a lot of remarks in the forum, but it is pretty clear that although ASP.NET 2.0 has taken some of the pain away with the new tools they provided including:
- Generation of local page resources
- Declarative expressions that generate code to link control properties to local or shared global resources
- ResourceManager lifetime management
- Automatic culture selection from browser settings
...people (of course) still want and need more. I have a perspective on this that is based on my experiences, but you all may have other challenges that differ, so this blog entry is an attempt to collect feedback from you on the tools you'd like to see improved for localization of Web sites. Here's my synopsis of what is needed, and the roles that use the tool:
Improvements to developer tools (VS IDE):
- Help me associate control properties to local or shared resources and manage my shared resources as well if I have made those links. Currently this can be done with IDE extensibility, no tools on the market.
- Don't let me compile without notification that resource should be regenerated due to changes in the page. In other words, developers are concerned that the page changes might be out of sink with resources associated to the page...and not resolved because the developer forgets to generate resources again.
- Provide a tool to automatically (programmatically) generate resources for all pages.
- Help me link a resource entry to a database field. THis would be like data binding, with a custom localization expression linking a $Resource entry to a database field, which implies I need a way to configure the connection string for design time as well. This would still look like an explicit localization expression for a shared resource, but connect to the database instead. THis can be done with extensibility but no robust solutions currently exist.
- Perform change management to reconcile changes to invariant resx (local or global) and make sure keys are reconciled with variant (NOTE: I don't agree that this is necessary in the IDE, I think it belongs in change management, but let's keep it here and see what people think).
Change management tools:
- Create a difference report for resources on check-in (VSS or VSTS or external tool that can be run against selected source files).
- Allow the difference reports to be reconciled from last translator shipment to the latest build (what resources were added, changed, deleted in the invariant version? reconcile this against variant resources)
- Pull all resx into a single file, allow translators to edit that single file, the push all translated values into appropriate individual resources again (easy, with XML, and clients have done custom work on this, no tool on the market that I know of)
- Pull database content and file content for translators into a localization package for editing by translators offline, then reconcile after changes are made (lots of variations here, what tools do people use today for database access besides running reports and pushing in translated values with script?)
- A way to manage this process and keep track of all relevant files/changes
I know this is not an exhaustive list, but it is relevant to the discussions on the thread I mention above.
Please comment or add requests in this blog entry. I speak with this team at Microsoft with some regularity, and have told them about this blog entry...and they are just a great group so they are really interested in hearing this feedback!!!
|
|
|
|
|
|
|
Thursday, November 17, 2005
|
|
|
|
|
|
|
|
|
I for one had a great time yesterday at the launch. Bernard Wong invited Tim Huckaby and myself to help out presenting smart client and ASP.NET, respectively, while he demonstrated code from the Visual Studio 2005 launch event.
For all of you who attended, I offered some content that you might find relevant to ASP.NET and ClickOnce. All of my content references are in my most recent blog entries from DevConnections (see below) but the most relevant are these two:
I also wanted to make sure you all know about the .NET course curriculum at UCSD Extension. You can get links to all the courses from our new community blog here: www.ucsdxcommunity.com We'll post special advanced classes here, and also link you to our new course blogs (this is new, not a lot of content yet). I am the advisor to the program (since 1993!) so if you have any special requests, ask away!
<blatant_sales_pitch>
At IDesign we do architecture consulting, but we also do training. I teach the official IDesign Master Class at UCSD 2x per year (www.ucsdxcommunity.com/masterclass) and also do on site training, someone asked about this as well. See www.idesign.net for more information about those courses.
</blatant_sales_pitch>
I hope you enjoyed the day, please keep in touch!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Here are the samples I used (or referred to) in this presentation, enjoy!
- ConfigurationUtility – illustrates how to encrypt a connection string, also shows complext data binding statements, early bound (not using Eva() evil)
- DataDemos – some simple demos of master-details and caching, not presented but consider it extra code!
- PhotoUploadApp – this is the application I demonstrated in the talk
Regarding the SQL cache dependency that didn’t quite work on stage…I forgot to “enable” it on the control, simple silly mistake…I cracked under pressure what can I say?!?
Let me know if you have any questions!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For my globalization talk, I illustrated how to architect Windows Forms and ASP.NET applications for localization, leveraging .NET resources where appropriate. Here are the samples:
Don't forget to read the instructions for the Web application, it requires a database restore step. If you have any trouble, let me know!
Additional globalization resources:
Cheers!
|
|
|
|
|
|
|
Monday, September 12, 2005
|
|
|
|
|
|
|
|
|
We put on a 1 day seminar at UCSD Extension on Saturday for those interested in getting up to speed on the upcoming release of .NET 2.0. I'm posting a bunch of 2.0 samples here directly related to the topics we covered at the event.
Dave McCarter gave a great overview of the VS 2005 IDE and its productivity features. No code to share on that one, you have to be there to see it!
I presented a talk on VB.NET and C# language enhancements. Samples include a few new VB.NET samples:
Several C# samples that are posted on the IDesign site:
I also presented a talk on ClickOnce and Smart Clients...the code sample is better seen in “live demo“ but here's the finished product of what I demonstrated:
And to wrap things up, Scott Mitchell gave a great talk on ASP.NET 2.0...he did most of his demos live, but I told him I'd post some of my finished ASP.NET 2.0 samples here that were related to his talk...since I have them handy:
aspnet20samples.zip
For more IDesign samples go here:
http://www.idesign.net/idesign/DesktopDefault.aspx?tabindex=5&tabid=8
Enjoy!
|
|
|
|
|
|
|
Wednesday, September 07, 2005
|
|
|
|
|
|
|
|
|
For all you dasBloggers out there...if you want to have nested blogs like I have here:
www.ucsdxcommunity.com
www.ucsdxcommunity.com/ASPNET
...you have to first configure the subdirectory as an IIS application, then remove the <httpModules> section of the web.config in the nested blog. Modules can only be loaded 1x per appdomain, and the nested blog is loaded into the same appdomain by default.
The funny thing is, the error message tells you that it can't load the module twice, so this is actually pretty obvious, but if you are like me, you may have seen this error and started looking for a “bigger“ problem (I always do that...dunno why) ...therefore I didn't pay attention to the error message 'literally“ at first.
|
|
|
|
|
|
|
Monday, August 22, 2005
|
|
|
|
|
|
|
|
|
If you haven't tried this already, I have definitely saved you at least one hour, for the two I spent playing, toying, testing, and writing this little blog. The issue is when you want to combine formatting statements with binding activity. Of course the trusty Eval() function will allow us to provide a format statement:
<asp:Image id=Image2 width=200 height=200 BorderWidth=2 runat="server" ImageUrl='<%# Eval("url", "~/Photos/{0}") %>' ></asp:Image>
But what if I don't want to hard-code the path? What if I want to use AppSettings, for example? It really isn't so difficult, but it required a little playing around before I realized that I can literally use the binding statement for any code output, including the String.Format...and, within the context of the binding statement <%# ... %> I can use Container.DataItem to get at row values. This example pulls together AppSettings with row values to build the ImageUrl property:
<asp:Image id=Image2 width=200 height=200 BorderWidth=2 runat="server" ImageUrl='<%# String.Format("{0}{1}", System.Configuration.ConfigurationManager.AppSettings["PhotosDir"], ((System.Data.DataRowView)Container.DataItem)["url"])%>' ></asp:Image>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sure, the syntax got easier. Instead of the cumbersome:
<%# DataBinder.Eval(Container.DataItem, "url") %>
We get to save some strokes and remove the entire confusion around “what the heck is Container.DataItem?“:
<%# Eval("url") %>
But, this isn't all its cracked up to be. Eval() STILL uses reflection to evaluate expressions, therefore for every bound column/row displayed in your ASP.NET pages, you are adding overhead, unnecessarily. Of course, what this really means is, just like with 1.1, you should be using explicit casts to cast Container.DataItem to its actual type:
<%# ((System.Data.DataRowView)Container.DataItem)["url"]) %>
Of course the trick is to know...you guessed it...what the heck is Container.DataItem??? A quick way to find this out for various objects you may choose to employ in binding, is to bind just to Container.DataItem as a test. In the attached example I bound the GridView control to the Web configuration sections:
Configuration webConfig = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
ConfigurationSectionCollection webConfigSections = webConfig.Sections;
GridView1.DataSource = webConfigSections;
In the GridView declaration I included these labels in a template column:
<asp:Label ID="Label2" runat="server" Text='<%# Container.DataItem%>'></asp:Label>:
<asp:Label ID="Label3" runat="server" Text='<%# ((ConfigurationSection)Container.DataItem).SectionInformation.SectionName %>'></asp:Label>
Now you can consider yourself early bound. ConfigurationUtility.zip (60.58 KB)
|
|
|
|
|
|
|
Saturday, August 20, 2005
Saturday, June 11, 2005
|
|
|
|
|
|
|
|
|
In this talk I presented approaches to the following key areas for a professionally designed ASP.NET application:
- Page Design & Navigation
- Error Handling
- Data Access
- Caching
- Localization
- Configuration & State Management
- Role-based Security
- Reduce Attack Surface
- Protect Sensitive Data
- Component Design & Deployment
The code sample that implements many of the concepts I discussed can be found here:
GalleryDemos2003_2.0 Migration.zip (1.44 MB)
In fact, this is the “before” code sample that I later use to migrate to 2.0 in my migration talk. So, if you looking at designing 1.1 applications for migration you’ll like some of my approaches here.
Other resources:
• My MSDN Whidbey Articles
– http://msdn.microsoft.com/asp.net/community/authors/mlb/default.aspx
• ASP.NET Whidbey Team Resources & Book
– http://www.asp.net/whidbey
• ASP.NET Forum
– http://www.asp.net/forums
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This API has been recently updated and posted here:
http://www.asp.net/memberroles/memberroles.htm
You’ll notice that the license has been updated to be slightly less restrictive from the original post. Now you can continue using the 1.1 API on production for 3 months after the release of ASP.NET 2.0, which we expect to be later this year. This is still somewhate limiting, because it presumes you have a go-live plan so soon after the release that you may as well be going live today with Beta 2. I’m not sure if the license will change again, so I encourage you to read the license in the download, when you download it…to confirm my statements are still accurate. For what it is worth, my sample code will demonstrate how to put it to use with 1.1.
|
|
|
|
|
|
|
Friday, May 06, 2005
|
|
|
|
|
|
|
|
|
Ok, so I just had a long discussion with one of the smartest guys I know, my colleague, mentor and friend - Juval. We were talking about strong names, full trust the global assembly cache and .NET assemblies. It started out innocently enough, however as the discussion continued, we both insisted on being right...and as it turns out, we were both right...but I still lost $1 due to my own muddy description of the bet. Perhaps you've been confused by this as well? Read on...
She said:
When you deploy assemblies to the GAC, they get full trust.
He said:
No, you're wrong. The GAC has nothing to do with the assignment of privileges. You want to bet? I can prove it.
She said:
No, I'm sure of this, I do it all the time with my ASP.NET applications when I deploy business objects to the GAC. They get full trust. This is important because it is the only way I can reduce the privileges of the ASP.NET application assemblies (using the <trust> element as I discuss in my article here: http://www.theserverside.net/articles/showarticle.tss?id=SandboxingComponents), and then elevate privileges as needed to invoke assemblies that demand full trust or other permissions. The stack walk would fail, if I were not able to elevate privileges at some point, and assert to circumvent the stalk walk. I certainly don't want ASP.NET application assembly to run with full trust if I can avoid it.
He said:
Ha, I'm right. You see?
So, he demos his client app (EXE), with a dependency on another assembly (DLL) that was deployed to the GAC. He removed full trust for assemblies deployed to local machine. Then he invoked a .NET assembly that required full trust. Sure enough, the permission demand fails.
She said:
Crap. Thinking thinking thinking...Well, wait a minute, you need the policy to at least grant full trust based on the strong name or something like that? Darn it, what is it? I know there is something...ok I didn't describe this right...(fumbling)...I mean...er...I wasn't trying to say GAC = full trust, but that you need to deploy to the GAC, at least with ASP.NET...to get full trust...hmmm...ok, here's your damn dollar.
ABOUT AN HOUR LATER
She said:
Aha! I went and reread my article (above) and it jogged my memory...basically, ASP.NET runtime uses different security policies to assign permissions. Inside the security policies for ASP.NET such as web_lowtrust.config, web_hightrust.config, etc...there is a setting that pulls in full trust for GAC assemblies, automatically.
<CodeGroup
class="UnionCodeGroup"
version="1"
PermissionSetName="FullTrust">
<IMembershipCondition
class="UrlMembershipCondition"
Url="$Gac$/*"
version="1"
/>
If only I could remember these things in the heat of discussion, I would be $1 richer right now.
Ok, you were right...but so was I :) Ego somewhat repaired.
|
|
|
|
|
|
|
Tuesday, April 26, 2005
|
|
|
|
|
|
|
|
|
Sometimes defaults are bad. The latest Beta release has a default setting for each @Page directive, that adds the Culture and UICulture parameters as follows:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" Culture="auto" meta:resourcekey="PageResource1" UICulture="auto" %>
At first blush this may seem reasonable, even good. However we have to consider how these settings are employed at runtime to understand the hidden issues.
Automatic culture setting (as discussed in my article here: http://msdn.microsoft.com/asp.net/community/authors/mlb/default.aspx?pull=/library/en-us/dnvs05/html/asp2local.asp) is intended to automatically initialize each request thread to the Culture and UICulture matching the calling user's browser language preferences. That's cool, really cool.
But, in a real world application, we don't just use the browser settings to determine user preferences. We usually collect user preferences in some other way, and persist them in a profile or other data store. I may want to select the default browser setting the first time the user accesses the site, but once I collect their preferences I would prefer to use those going forward.
The <globalization> setting for culture and uiCulture in the web.config is a better place to configure automatic culture selection, since it will apply to all pages in the site (why would you, after all, exclude a page from this?).
<globalization culture=“auto“ uiCulture=“auto“></globalization>
With this configuration, the request thread's culture settings are initialized very early in the request cycle, even before we intercept the HttpApplication.BeginRequest event. That means we can modify this default, to draw from a data store, before the page handler is executed, and centralize the management of this process.
If the page setting is also configured, guess what? It proceeds to update the request thread with those settings, before the page is processed. The best thing to do for now, is remove those parameters from your pages after you generate resources, to avoid problems.
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" meta:resourcekey="PageResource1" %>
I know the guys working on this aspect of .NET well enough to know this is probably an oversight of the beta that will be fixed before the final release. And if I'm wrong on that, I guess we will just have some manual labor but at minimum we have a workaround. This doesn't cause any insurmountable problems.
My next article on www.TheServerSide.NET will have some code samples with this solution just for you.
|
|
|
|
|
|
|
Sunday, April 24, 2005
|
|
|
|
|
|
|
|
|
As I prepare a speech for Tech Ed US in Orlando, and a few new articles on the localization front for 2.0, I've noticed a few things you might want to prepare for as you migrate your code samples from Beta 1. Now, there is a site that lists some of the relevant changes from Beta 1 to Beta 2, here:
http://msdn.microsoft.com/asp.net/whidbey/beta2update.aspx
And, I'm duplicating a few of these entries just to provide you with more specifics, and also because I captured this information before I knew about the site :) Here goes...
1. @Page, @Control attribute changes
The CompileWith and ClassName attribute names have changed to CodeFile and Inherits, respectively. So, in your content and master pages you'll change this:
<% @Page Language="C#" MasterPageFile="~/site.master" CompileWith="otherResources.aspx.cs" ClassName="otherResources_aspx" %>
to this:
<% @Page Language="C#" MasterPageFile="~/site.master" CodeFile="otherResources.aspx.cs" Inherits="otherResources_aspx" %>
It looks like there is not a migration tool to automate this process for you, likely because changes between beta releases aren't worthy of a tool. So, deal with it :)
2. <localize> controls require id attribute
The message you get here might be cryptic, if the <localize> element is embedded in existing user controls consumed by one or more pages. Check your <localize> elements and provide an id for them, and magically errors should disappear.
This:
<localize runat="server" meta:resourcekey="LiteralResource1">Culture:</localize>
changes to this:
<localize id="l1" runat="server" meta:resourcekey="LiteralResource1">Culture:</localize>
3. Explicit localization expression syntax change
In previous versions you could specify a default value that would be presented in the absence of supporting .resx files. This would be useful to Web developers, enabling them to design pages without requiring access to resources. It appears the syntax has changed so that any default values specified on explicit localization expressions for shared resources, is not supported. So this:
<%$ Resources:Glossary, BlogTitle, "dasBlonde" %>
changes to this:
<%$ Resources:Glossary, BlogTitle %>
The question is, how should Web developers work with this change? What will they see in the absence of a default, or, is there another way to specify a default? I'm still looking into these details...but I wanted to get these thoughts up here right now lest I forget to blog it! Will update this entry with my findings.
4. Pages and User control class declarations require base class
Previously the partial class generated for the code file of a content page, master page or user control did not specify base class inheritance. Now this is a requirement, and the error messages can be confusing because they refer to the inability to override the base class methods such as GetHashCode() or FrameworkInitialize(). To repair the problem, specify a base class for content pages as System.Web.UI.Page, for master pages as System.Web.UI.MasterPage, and for user controls as System.Web.UI.UserControl. For example this:
public partial class loginMenu_ascx
changes to this:
public partial class loginMenu_ascx : System.Web.UI.UserControl
or, in VB.NET,
Partial Class sidebar_ascx
Inherits System.Web.UI.UserControl
5. Localization API changes
If you use the Page level APIs to access local page resources, or shared resources, the new methods for this are GetLocalResourceObject and GetGlobalResourceObject, respectively. For example this:
this.lnkLogin.Text = (string)this.GetPageResourceObject("Login");
changes to this:
this.lnkLogin.Text = (string)this.GetLocalResourceObject("Login");
6. Event handlers must be protected
Previously event handler declarations were private (no accessibility modifer provided on event handlers). Even handlers must be protected to be accessible therefore a modifier is required. For example this declaration:
void dlCountries_DataBinding(object sender, EventArgs e)
now must be:
protected void dlCountries_DataBinding(object sender, EventArgs e)
I'm confused by this requirement, since partial classes are supposed to be "the same class" why should the event handler have to be protected? I need to look into this as well, and post my findings.
That's all for now, hope this helps you migrate more quickly! In a few weeks look for a new article on TheServerSide.NET from yours truly related to globalization. And, don't forget my globalization resource site: http://www.dotnetdashboard.net/sessions/globalization.aspx
Ciao for now!
|
|
|
|
|
|
|
Saturday, March 26, 2005
|
|
|
|
|
|
|
|
|
In this talk I discussed architectural approaches to address incremental steps to scaling .NET applications.
Here are my references for this talk, thanks for coming out:
- HTTP Handler references:
- Here’s my scalability page that takes you to my MSDN article discussed in the session, and other resources on scalability:
- I also wrote some articles for The Server Side.NET regarding distributing components and security. Find those and more security resources here:
|
|
|
|
|
|
|
Monday, March 21, 2005
Saturday, January 08, 2005
|
|
|
|
|
|
|
|
|
I recently recieved this question from a SearchWebServices.com reader:
I am designing a sample app that has 3 tiers - Web browser, .NET application & DB server. I believe (correct me if I am wrong) that given that each individual user will not be connecting to SQL server directly (except maybe for DB Admin's etc) it is desirable to create a login for IIS to connect to the server and a user login to connect to the DB in question with the appropriate permissions. The .NET application will be connecting to the DB using ADO.NET. Is this true, or am I barking up the wrong tree?
Interestingly this is a subject I have been writing about recently. Here's the answer I posted for this question.
Let’s first clarify the physical tiers you describe here. The Web browser on the client tier, but really doesn’t participate in the description of tiers for the server-side application. Users will provide credentials through the browser that must ultimately be authenticated by IIS or passed through to ASP.NET for custom authentication. The .NET application I presume is hosted on the Web server physical tier, along with IIS. The database server physical tier hosting…well…the database application. potentially The server-side then has two physical tiers. If this is an intranet-based application, the Web site is likely configured for Windows authentication in IIS, which means IIS will authenticate the user within the Windows domain. Authorized requests will be forwarded to the ASP.NET runtime for processing, and if the application is configured to impersonate the authenticated user, application code will be governed by what the impersonated account is authorized to do:
<identity impersonate=”true” />
For example, if the logged in user is authorized to access the database (which really means, whichever database objects the account is granted access to, and for whatever type of access like db_datareader, dbdatawriter) then functionality to access the database will execute without exception. But this is not realistic as you mention. That means the code that tries to access the database must first impersonate an account that is granted appropriate access to the database objects. If the intranet application impersonates the logged in user, then this impersonation must be handled on the fly, and must be reverted so that the logged in user is once again the identity under which the remainder of the request thread executes.
If the application does not impersonate the logged in user, ASP.NET application requests will be executed with the ASP.NET identity configured in the <processModel> section of the machine.config. This is usually the NETWORKSERVICE account, which has limited privileges (by design). In theory you could have the application impersonate a higher privilege account for all requests that also has access to the appropriate database objects. BUT - DO NOT DO THIS. This is the lazy man’s solution to gaining access to protected resources, and it seriously compromises the safety of the application. If a hacker were to gain access to an executing thread inside the worker process, they will have access whatever privileges have been granted that thread. By default, we prefer this to be the NETWORKSERVICE account, or the account of the logged in user for intranet applications.
So, the solution?
- Either impersonate the logged in user or run the application under the NETWORKSERVICE account
- For calls to the database, either impersonate a privileged account at runtime, or use EnterpriseServices to invoke a serviced component that runs with the required account with database privileges (better). This decouples the configuration of the required account to access the database from the code, allowing it to be modified as needed through serviced component configuration (COM+). This also has the benefit that later you could distribute the database access component to another tier for scalability and security requirements.
What accounts do you need?
- It is useful to have an account that can only read the database (db_datareader privileges to appropriate objects), and another that can read and write (db_datareader and db_datawriter privileges). This way, during read operations you are not vulnerable to write attacks.
For more information on this subject, see my article on The Server Side.NET referenced here in my blog: http://www.dasblonde.net/PermaLink.aspx?guid=aa616d20-1089-4a24-8f0c-14326f2a731c
|
|
|
|
|
|
|
Wednesday, November 24, 2004
|
|
|
|
|
|
|
|
|
Glad to see everyone last night at this presentation, it was quite enjoyable, great questions from the audience as well which always makes my day! Here's the link to the site with access to my slide deck and other resources:
http://www.dotnetdashboard.net/resources/scalability.aspx
You can get the Enterprise Services sample from there, and a reference to my article which provide more detail. In addition, I demonstrated some asynchronous handler examples, but I found a great article from Fritz Onion on the subject, so here's the link to his article with access to his samples for the article, that will be even more detailed from that I demonstrated:
http://msdn.microsoft.com/msdnmag/issues/03/06/Threading/default.aspx
If you are new to handlers, check out my handlers page, with reference to some other articles I've written as well:
http://www.dotnetdashboard.net/sessions/handlers.aspx
Enjoy!
|
|
|
|
|
|
|
Friday, October 22, 2004
|
|
|
|
|
|
|
|
|
This whitepaper is finally live and you will not believe how cool the new localization features are for ASP.NET 2.0, I'm duly impressed with the new integrated IDE support for resources, and in particular with the extensibility of localization expressions. Peaked your interest? Read it here:
http://msdn.microsoft.com/asp.net/whidbey/default.aspx?pull=/library/en-us/dnvs05/html/ASP2local.asp
I really enjoyed working with Achim Ruopp and Simon Calvert of the localization team at Microsoft on this paper. They were a fantastic resource for getting me up to speed on the underpinnings of the new localization features of ASP.NET 2.0. I could not have written this paper with as much detail without some insider feedback so I really have to thank you guys for answering all of my detailed questions and for all the time you took to give comprehensive feedback during each review cycle. Thanks guys!
|
|
|
|
|
|
|
Thursday, October 21, 2004
Tuesday, October 12, 2004
Wednesday, September 22, 2004
|
|
|
|
|
|
|
|
|
Before I get to the resources for this event, I have to tell you about the events surrounding it...just for fun. I landed in Boston Sunday at 4:30pm last Sunday, took a beautful drive to Richmond, VT to present at the .NET user group run by Julie Lerman. The drive from Boston to Richmond was really beautiful, and, even as the night fell the moonlight accentuated the walls of trees around the otherwise pitch-black highway. When I arrived a Julie's, starving, she was the most fabulous host - she had a home-cooked meal waiting in the oven, and a freshly made (delicious) apple pie saved for us (Julie, her husband and myself) to eat afterward. Yum. The next morning, we each worked and chatted for a while, then went for a 2 hour hike up one of the many mountain trails (I can see why you'd want to be an outdoorsy person in VT, really really beautiful views) and some lunch, before getting ready to go to the user group. I thoroughly enjoyed myself, thank you so much Julie, for the great hospitality and for taking time off to show me around a little bit :)
Thanks also to the group for coming out for this talk. It seemed like the topic was really well appreciated, and that always makes me a very happy camper.
Ok, so I have a few relevant resource pages for this talk here:
http://www.dotnetdashboard.net/sessions/handlers.aspx
http://www.dotnetdashboard.net/sessions/soapext.aspx
I am always updating these pages, so please do check them periodically for updates (I try to mark the date of each updated sample).
|
|
|
|
|
|
|
Sunday, July 04, 2004
|
|
|
|
|
|
|
|
|
Slight delay posting this, had a little trouble with the wireless in my Amsterdam hotel, and have been flying for a day to get back home!
I have resource sites related to the topic of this session, they are listed here in my post from Tech Ed San Deigo.
Thanks so much for the great feedback I received so far on this talk. I will be posting an update to my sample code in a few days, as soon as I get caught up on some seriously pressing deadlines. Right now, the code sample has everything I demonstrated with the exception of the HTTP handler that forces "Save As" download for configured resources such as XML files.
If you have other ideas for modules, handlers and SOAP extensions you are completely welcome to ask me, I may have some code lying around that I haven't cleaned up and posted yet!
Cheers!
|
|
|
|
|
|
|
Friday, July 02, 2004
Monday, June 21, 2004
|
|
|
|
|
|
|
|
|
When I presented the Security Summit in Anaheim earlier this month, one of the attendees asked me how to override the 50 year authentication ticket. That's right, FormsAuthenticationTicket.Expiration is set to DateTime.Now.AddYears(50) by default. This propagates to the HttpCookie returned with the response as well.
Well, I don't know about you but I'm highly doubting that I'd need a ticket to last me 50 years, so here is the code to workaround this (rather lame) default setting.
Dim redirectUrl As String = FormsAuthentication.GetRedirectUrl(userName, False)
Dim authCookie As HttpCookie = FormsAuthentication.GetAuthCookie(userName, True)
authCookie.Expires = DateTime.Now.AddMinutes(20)
Response.Cookies.Add(authCookie)
Response.Redirect(redirectUrl)
I'd probably go ahead and externally configure the 20 minute timeout interval as well. Oh, and I believe this also resolves the incompatibility issue with other browsers that don't quite know what to make of the 50 year token.
|
|
|
|
|
|
|
Wednesday, June 16, 2004
Thursday, June 10, 2004
|
|
|
|
|
|
|
|
|
A the Security Summit this week, several people asked me about the .mspx extension Microsoft uses for some of its resources. You can create a custom HTTP handler to process requests for custom extensions. That means you first have to register IIS to pass request for that extension to ASP.NET. This article mentions how to do this. Then, you create a custom handler to process the request, by registering an HTTP handler or handler factory (see more resources on handlers and factories) to do the work. The handler factory's job is to return the right HTTP handler for the request, so ultimately, you are building a handler. The handler might even generate HTML on the fly.
In the case of .mspx extensions, Microsoft uses this extension to generate XML-driven HTML content. This article talks more about the architecture.
http://www.microsoft.com/backstage/bkst_column_46.mspx
|
|
|
|
|
|
|
Wednesday, May 26, 2004
|
|
|
|
|
|
|
|
|
Thanks to everyone for getting up so early to attend this session! Wow, what a turn out! The resources for this talk are here:
The latest code is already uploaded to the site, and more samples are bound to be there soon...
|
|
|
|
|
|
|
|
|
ON THIS PAGE
|
|
|
|
SEARCH
|
|
|
|
CATEGORIES
|
|
|
|
ARCHIVES
|
| | Sun | Mon | Tue | Wed | Thu | Fri | Sat | | 28 | 29 | 30 | 1 | 2 | 3 | 4 | | 5 | 6 | 7 | 8 | 9 | 10 | 11 | | 12 | 13 | 14 | 15 | 16 | 17 | 18 | | 19 | 20 | 21 | 22 | 23 | 24 | 25 | | 26 | 27 | 28 | 29 | 30 | 31 | 1 | | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
|
|
BLOGROLL
|
|
|
|
|
 |
|