|
>
 Wednesday, November 14, 2007
 |
|
 |
|
|
|
|
|
Thanks to all that attended the full-day tutorial at Dev Connections last Monday - Improve Your SOA: Designing a Secure, Reliable and Scalable System. It was certainly an avalanche of rich topics related to SOA and WCF. At last I have compiled the long list of resources from the day, including references to some getting started resources for those new to WCF. Getting Started Demos Code from the book is organized by subject matter. I specifically illustrates samples from these subdirectories: \Exceptions, \Security, \Security\ClaimsBased, \Instancing, \Concurrency, \Bindings, \QueuedMessages, \Transactions, \ReliableSessions. If there are other resources you are looking for specifically, please drop me an email and I'll add to this post. Thanks! Technorati Tags: Dev Connections, WCF, SOA |
|
|
 |
|
 |
Monday, November 12, 2007
|
|
|
|
|
|
|
|
|
I just returned from another fantastic Dev Connections conference in Las Vegas. For the four sessions I delivered, this post lists the code samples and resources I referenced. If you are looking for something specific and can't find it here, shoot me an email. Tutorial resources will be posted separately. Enjoy! Introduction to C# 3.0 Exploring Windows CardSpace ASP.NET and WCF: Meet Your New Web Service Architectural Considerations for ASP.NET Applications - GalleryDemo20 - This sample illustrates different globalization techniques including the use of generated resources for page content, the use of resources to select localized images and dynamically loaded user controls, the use of localized database tables, and caching based on theme, culture and query string params
- CustomResourceProviders - This sample illustrates the use of custom localization expressions and custom resource providers. The code is based on this article: http://msdn2.microsoft.com/en-us/library/aa905797.aspx and updated for VS 2008.
- Extending the Visual Studio IDE for localization - I wrote a follow on article on this for MSDN, it has not yet been published, hopefully soon (backlog) but I will post the code here in an update to this post, after a quick review later this week.
- Distributed Boundaries - This sample was based on the ConnectionOrientedBindings lab from Chapter 3 of my book Learning WCF. All the code for my book is here: http://www.thatindigogirl.com/LearningWCFCode.aspx. This particular sample shows how to use a WCF service behind your ASP.NET applications to introduce a security boundary between NETWORK SERVICE and access to data and other resources. I talked about this in two articles for the server side, long ago:
- TransactionsOverHttp - This shows how to flow transactions over WCF web services, but I have many more examples of WCF transactions here: http://www.thatindigogirl.com/LearningWCFCode.aspx
- MessagingIntermediaryVia - Illustrates a pass-through router over HTTP where even reliable messaging headers can pass through both directions.
- MessagingIntermediaryDuplex - Illustrates a duplex router that supports reliable messaging headers two-way out of band over named pipes.
|
|
|
|
|
|
|
Sunday, November 12, 2006
|
|
|
|
|
|
|
|
|
A big thanks to all the participated in this monstrous tutorial at Dev Connections. Whew, I can fully admit it was a lot of work to put all the information together in one place, but I hope that you got a lot out of it. For those that didn't attend, the goal of the tutorial was to provide an overview of the current state of the various technologies and tools for Microsoft developers, with an emphasis on the reasons for moving forward with each technology stack, and hopefully some enlightenment on when you might choose each technology. I'll be keeping this one day session current for future conferences, and for on-site sessions with clients. If you are interested in such a thing, contact me at IDesign: www.idesign.net.
Here are the resources I promised from the tutorial.
Development Tools
In this section I reviewed the stack of development tools and explained how to choose between them.
Language Enhancements
In this section I talked about moving from .NET 1.1 to 2.0, and discussed the key features of 2.0 that folks should be leveraging. Then, I focused on the language enhancements forthcoming with C# 3.0 and VB 9.0.
Demos:
Data Access
In this section I focused on data access technologies, designing the data access tier, and key features of ADO.NET 2.0, vNext and LINQ to give you some idea how to prepare for the next set of innovations.
Demos:
- When you install ADO.NET vNext and LINQ there are numerous overview documents, tutorials, and samples that will really help you get up to speed here. These are the demos that I showed in the tutorial.
Windows Development
In this section I reviewed Windows Forms 2.0 innovations, primarily ClickOnce, and then talked about how to prepare for WPF and who should use it today.
Demos:
Web Development
In this section I showed an ASP.NET sample application that illustrates key features of ASP.NET 2.0 and practical application of those features. Then we looked at AJAX and discussed trends on the Web compared to Windows development.
Popular AJAX Frameworks:
Demos:
Distributed System Programming
In this section I reviewed the typical use for earlier distributed computing technologies like remoting, enterprise services and ASMX web services with WSE, and compared them with WCF.
BPM and Workflow
In this section I discussed BPM, BizTalk and workflow.
|
|
|
|
|
|
|
Saturday, May 06, 2006
Thursday, November 17, 2005
|
|
|
|
|
|
|
|
|
Here are the samples I used (or referred to) in this presentation, enjoy!
- ConfigurationUtility – illustrates how to encrypt a connection string, also shows complext data binding statements, early bound (not using Eva() evil)
- DataDemos – some simple demos of master-details and caching, not presented but consider it extra code!
- PhotoUploadApp – this is the application I demonstrated in the talk
Regarding the SQL cache dependency that didn’t quite work on stage…I forgot to “enable” it on the control, simple silly mistake…I cracked under pressure what can I say?!?
Let me know if you have any questions!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For my globalization talk, I illustrated how to architect Windows Forms and ASP.NET applications for localization, leveraging .NET resources where appropriate. Here are the samples:
Don't forget to read the instructions for the Web application, it requires a database restore step. If you have any trouble, let me know!
Additional globalization resources:
Cheers!
|
|
|
|
|
|
|
Wednesday, November 16, 2005
|
|
|
|
|
|
|
|
|
I delivered these two WCF/Indigo talks at DevConnections last week, and this post contains sample code demonstrated in both talks.
NOTE: I am building all sample code with November 2005 bits, so they will NOT work with PDC bits. I will update these samples for the very next public CTP so you can look for that.
- HelloIndigo – a simple WCF service, decoupled host
- ComplexTypes – serialization via DataContract
- ComplexTypesV2 – serialization of base types and interfaces
- CustomMessage – my WS-Transfer implementation is not compiling with the current build I have, so I will update this when the issue is resolved
- Messaging – illustrates sessions and instancing
- SimpleQueue – simple msmq example
- WindowsAuthentication – windows auth and security context information display
- SecureService – windows auth and username auth demo, with custom membership provider
I am also posting the slides from this talk. I took this talk over at the last minute for Clemens, and we didn’t have time to get the slides in for the printed books.
VID307DesigningServicesWithIndigo.zip (55.37 KB)
I also promised a tutorial, and my plan is to get permission from my publisher to post a few labs from each chapter in my book, including the security tutorial I showed in the security session. I will update this post to let you know where that will be found…stay tuned for a few more days.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For this half day smart client tutorial, I talked about UI design, globalization, deployment, versioning, security, offline data and download on demand using the System.Deployment APIs. The sample code uploaded here is drawn from my demos, and a few extras listed here:
UI Design
Thread Safety
Globalization
ClickOnce
Also, we have number of other advanced samples on the IDesign site, don't forget to check out our downloads section of the site.
Thanks for attending the tutorial, and let me know if you have any questions about the code samples.
Cheers!
-Michele
|
|
|
|
|
|
|
Friday, November 11, 2005
|
|
|
|
|
|
|
|
|
What a great conference! I talked to many attendees throughout the week in Las Vegas for Dev Connections...and was really pleased to hear about all the interesting enterprise systems (not just applications :)) that folks are buliding on .NET 2.0, and later technologies like WCF and WWF. Very cool.
Now, to business...if you attended any of my tutorial or 6 other talks...I will post a single entry PER TALK this weekend, with code. If you are looking for code I have already posted on this blog that is similar, search under the RSS for Speaking/Events. However, keep in mind, those samples will be pre-RTM for the 2.0 stuff. My posts this weekend will ALL be RTM content :)
First, I have a client to take care of today and tomorrow...so stay tuned after Sunday for the posts!
I hope you enjoyed your entire experience at Dev Connections...it has become one of my absolute favorite conferences to speak at, because of the overall quality of speakers that they have been able to get, and the organization of the entire event, not to mention the people that run it...so if you liked it, tell your friends to come to the Spring conference in Orlando, or come back next year to Vegas!
|
|
|
|
|
|
|
Wednesday, November 09, 2005
|
|
|
|
|
|
|
|
|
In my tutorial yesterday here at DevConnections I tossed the slides for the last half (those are for your reference) and basically spent the time demonstrating varioius aspects of ClickOnce: deployment, versioning, security, download on demand, globalization and offline data deployment. Whew, even without slides that was a lot to cover, and we opened many a can of worms that just leads to additional questions on the entire lifecycle of a smart client app deployed with ClickOnce.
One thing that really hit home is the “rights” users have to install applications. There are a variety of answers to that question, some of which were only vaguely answered in our discussion, and one item I wanted to follow up on...which I did with my colleague Brian Noyes.
Q. Who can install a click once application?
Any user can click a link to a ClickOnce application and install the application. If the appilcation requires greater trust than the zone they are installed from will grant (Intranet, Internet, My Computer) they will be prompted to approve the installation.
HA! That's that part I wasn't expecting (thanks Brian)...because I thought that ClickOnce was secure by default, meaning...users can't just click “ok“ to accept the download and elevation of application privileges...apparently I'm wrong...and I could swear I remembered speaking to someone “who knew“ about this in the past...but my memory may fail me...too much stuff in there I guess.
Q. What's the prompt for?
The download prompt is for one thing only: do you want to elevate security of this application you are downloading, beyond the security settings for its zone?
Are you sure? Are you REALLY sure?
And away we go, the app gets all the security it needs to run...that is, if there is sufficient permissions to complete the installation...
Q. Are users ALWAYS prompted to elevate security?
They are prompted every time the application is updated if it requires additional permissions beyond what the zone allowed.
UNLESS...the certificate is installed in the trusted publishers section of the certificate store, and if the issuer of the certificate is installed in the trusted roots section. Administrators can push the certs out to machines within the domain so that users are not prompted to elevate security for trusted publishers.
For non-trusted publishers, users will continue to be asked...WHAT??!? Yep, users by default have the right to “decide“ if they want to trust an application...and yes, it could be an application that when run deletes that special project they have been slaving over...or some other malicious behavior... and all because they were asked a question to which they responded...
duh...ok!
Q. Can administrators protect users from downloading untrusted applications?
Yes. If the prompting behavior is turned off, only applications that are trusted (cert has been installed) will be allowed to elevate security. Other apps can only run within the confines of the zone they belong to. So, if you install the application with an MSI, you get My Computer zone, and that grants full trust by default. Internet or Intranet downloads are granted less.
To turn off prompting behavior, set up the registry key:
KLM\Software\Microsoft\.NETFramework\Security\TrustManager\PromptingLevel
From Brian Noyes MSDN article:
The registry key \HKLM\Software\Microsoft\.NETFramework\Security\TrustManager\PromptingLevel is the one that allows you to customize the prompting behavior. This key is not present by default after a .NET Framework 2.0 installation, so you will have to create it manually if you want to customize these settings.
Under that registry key, you can add any of 5 string values, named MyComputer, LocalIntranet, Internet, TrustedSites, and UntrustedSites. These correspond to their respective zones. As a value for these, you can set one of three strings: Enabled, Disabled, or AuthenticodeRequired. Enabled is the default for the MyComputer, LocalIntranet and TrustedSites zones. The Internet default is AuthenticodeRequired, and the UntrustedSites default is Disabled. Table 2 shows the values that you can set for each zone and their effects. Figure 4 shows the registry key values set to their default behavior, but keep in mind this key does not exist by default so you will typically only create it if you are going to set them to different values than the defaults.
My take on this, the key should have been enabled by default. Why?
To make life difficult for users? no
To make life difficult for Mort? no
To make it difficult to accidentally trust a malicious third party and give them full access to the machine? yes, absolutely
So, administrators get your SMS push ready and get that registry setting up and running...pronto! Unless you don't concern yourself with the users ability to install apps to the corporate domain.
Conclusions:
- by default anyone can install an application and elevate trust unless admins turn off the prompting features
- applications that have publisher certificates installed are trusted to elevate security
- application installations over the Web or via MSI still may need administrative if the bootstrapper calls for adding components to the GAC, or downloading SQL Server Express which requires an admin as well...so ClickOnce is not necessarily removing the pain of installing complex applications...but it sure makes it easy for apps that don't require admin installation privileges
- in any case, once installed updates that don't bootstrap additional functionality that requires admin installation rights...can be easily handled by any user
Hope this is helpful to those that were new to ClickOnce...since we really couldn't get through all the nit picky details in my talk.
Please visit my collegue Brian's talk tomorrow for more:
Wed 2:00-3:15pm - VSM351: Secure Smart Client ClickOnce Deployments
Unless you want to come to my talk on Indigo/WCF security:
Wed 2:00-3:15pm - VID304: Indigo and Security: Experience the Magic
See you around!
|
|
|
|
|
|
|
Saturday, November 05, 2005
|
|
|
|
|
|
|
|
|
I decided to get BlogJet working for my Dev Connections posts…in honor of the Smart Client tutorial I’m giving Monday afternoon. In fact, if you are wondering why I (once again) went dark on posting to the blog for a while, well, I ended up getting an extra WCF slot at the conference, along with my 5 other talks (now 6!) and tutorial…so it has been busy busy busy as usual…getting ready to head to Vegas…after all, I have to try and enjoy some time at the black jack table too!
Speaking of black jack…maybe you saw in my latest post I lost bad in the Microsoft After Dark game…but it was for a good cause…I’ll do much better in Vegas I think, I’m more careful with my own money!
So, if you are coming to Dev Connections (I don’t see why you wouldn’t, it is now the biggest and best independently run Microsoft technologies conference out there!!!) here’s what I’ll be doing…come by and say hello…maybe give me some blackjack tips!
Here are my sessions at the conference…whew…this one is going to be busy busy busy…
Monday, November 7th
VPR203: Return of the Smart Client – What the heck do I do now? (1:00 PM - 4:00 PM)
Before the Web took over, developers spent their time designing, developing and building deployment strategies for rich client applications. End-users expected that rich user interface where tab-order and keyboard-only access was perfectly tuned, and perfectly tailored controls delivered functionality and ease-of-use. At first, the masses cringed at the less functional Web experience – and then ASP.NET came along making it incredibly easy to deliver a fairly rich experience, deployed to any Internet-connected PC. Now, we face a new paradigm shift. Users want it all: rich, user-friendly interfaces; no-touch deployment; automatic updates; offline work capabilities with applications that can later connect to central data stores. The Smart Client experience promises to deliver all of these requirements and more – but, we are entering a new phase where developers have to re-acquaint with best practices for rich client user interface design, and deployment and update strategies. They also have to learn how to handle the complexity introduced by supporting offline functionality, and hosting services for connected synchronization. This session will review the concepts every developer should know to handle the return to the new thick smart client.
Tuesday, November 8th – MICROSOFT DAY!!!
Wednesday, November 9th
VPO357: Best Practice Approaches to .NET 2.0 Localization Architecture
When the .NET Framework was released, a new paradigm for localization architecture was born – simplifying some of the tedium of loading and managing resource lifetime, and selecting the best match for the user’s selected culture at runtime. Through IDE integration, robust assembly deployment and versioning features, and built-in support from localization class libraries, both Windows and Web applications were more easily localized. Built on this strong foundation, new localization features have been introduced with .NET 2.0 to bringing strongly typed resources, tighter IDE integration, and a much better localization story for ASP.NET applications. In this session you will be provided with a step by step, best practices approach to localizing your applications. You’ll learn how to control culture selection, how to work with XML resources and satellite assemblies, and see demonstrations of best practice deployment models.
VID304: Indigo and Security: Experience the Magic
The Indigo platform will unify our programming model for how components communicate: be they distributed or not, accessible beyond firewalls, or available through interoperable interfaces. Transport level and SOAP message security features, like other aspects of Indigo, can be enabled through XML configuration or programmatically through the Indigo API layer. In this session, you’ll learn the difference between single hop and message level security; how to apply security through endpoint binding configuration and behaviors; and see first hand how quickly you can secure your messaging layer. More importantly, you’ll see demonstrations that illustrate the amount of security goo that is encapsulated in the Indigo plumbing, in particular the elegance of its Web services security implementation which shields you from the XML that handles policy exchange, message authentication, integrity, confidentiality, and key exchange.
APF301: Performance Tuning and Monitoring your ASP.NET Applications
Sometimes the smallest details can make all the difference. This statement is true also of ASP.NET application performance. This session will provide you with a checklist designed to help you squeeze every dime of performance from your applications. You’ll learn techniques for reducing pressure on the garbage collector, best practices for state management, and how to reduce page load footprint. In addition, you’ll learn how to employ output and data caching mechanisms, leverage database caching, trigger batch site compilation, and avoid common pitfalls. Lastly, you’ll see how to leverage performance counters to baseline site performance and monitor statistics to meet service level agreements.
Thursday, November 10th
VID307: Designing Services with Indigo (Windows Communications Framework)
Services are the natural evolution of distributed components and RPC, providing greater possibilities for reuse and distribution from earlier component-oriented approaches. The Windows Communications Framework (WCF) introduces interesting possibilities for enterprise system design, specifically with regards to service design. Services are not RPC or Remote objects however they do solve the same problems. With WCF a service design approach applies to accessing functionality near or far, and satisfies the same implementation goals of Enterprise Services, Remoting and Web Services all in one. In this session you’ll see several examples of exchange patterns and transfer modes and see how to apply WCF principles to system design. You’ll learn how various WCF contracts and configurations can be applied to specific exchange patterns, how application-level messaging improves upon the parameter list approach, and see how common enterprise system design practices can now be more easily approached with the progressive service design and distribution support of the WCF.
ADX352: Beyond Drag & Drop Data Access: How to Decouple ASP.NET 2.0 Data Binding from Presentation
You can build data-centric Web sites in fewer steps than ever before with ASP.NET 2.0, but as always this can lead to poor design practices. This session first shows you how to leverage Server Explorer to quickly build prototypes of your data-bound Web pages, and subsequently shows you how to shuffle generated code into appropriate layers to promote decoupling and reusability, distribution and scalability, and reduction of maintenance overhead. You will see examples that employ the richness of the new GridView and DetailsView controls; learn best practices for employing data source controls to support decoupled two-way data-binding; learn how to employ data caching for performance; and techniques for storing and encrypting connection strings – all while maintaining a level of re-use and maintainability.
AGN351: 10 Essentials for a Professional ASP.NET 2.0 Application
Every ASP.NET application should be designed with a few essential requirements in mind. With the release of ASP.NET 2.0, developers need an updated checklist for constructing applications that follow some simple best practices. In this session, you'll be provided with 10 essential guidelines for developing professional ASP.NET 2.0 applications, including best practices for page layout and design, navigation, error handling, caching, state management, authentication and authorization, configuration and encryption, component design and deployment, component security and sandboxing, and more. At the end of this session, you'll have access to samples that demonstrate each of these guidelines, with some reusable application templates to help you build secure, maintainable and professional ASP.NET 2.0 applications.
Feel free to ask questions about what I’m covering in more detail…or tell me what you are hoping to get out of any of these sessions you are attending…see you in Vegas babies!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
I had the distinct honor to sit at the blackjack tables at Microsoft Studios in Redmond…just a few weeks ago. This event – called “Microsoft After Dark” – is in honor of the upcoming launch this week in San Fransisco. Basically, we chatted a bit about the products tied to the launch, and I was commissioned to “ask the tough questions” that our clients have been wondering about…so the heat was on, hot studio lights, hot topics, and hot competition at the tables…WHEW!
Of course, I should have known I was doomed when I opened the game saying something along the lines of “I’m going to crush you all…”. THAT was a mistake…because with $100,000 to play with (about 1000x more than I would ever consider bringing to the blackjack table) I figured…why not take some big risks…
The real problems started once I decided to up my bet to $50,000, and I had a PERFECT hand for double-down…argghh…and the dealer didn’t bust!!! I lost almost everything right there…oh well…ahem…letting…the VPs win was probably strategically smart given I was kind of pointed with my questions…and you know they had great answers for all of them :)
I’m afraid to watch this…so let me know what you think of it…
Speaking of Vegas…Dev Connections is coming…next week…and many of us are going to blog about our talks and sessions…plus…I’ll definitely try my hand at blackjack with my buddy Kimberly Tripp…join us :)
|
|
|
|
|
|
|
|
|
ON THIS PAGE
|
|
|
|
SEARCH
|
|
|
|
CATEGORIES
|
|
|
|
ARCHIVES
|
| | Sun | Mon | Tue | Wed | Thu | Fri | Sat | | 29 | 30 | 31 | 1 | 2 | 3 | 4 | | 5 | 6 | 7 | 8 | 9 | 10 | 11 | | 12 | 13 | 14 | 15 | 16 | 17 | 18 | | 19 | 20 | 21 | 22 | 23 | 24 | 25 | | 26 | 27 | 28 | 29 | 30 | 1 | 2 | | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
|
|
BLOGROLL
|
|
|
|
|
 |
|