.NET

Those who know me as a developer, and those who attended the boot camp I ran for the last two weeks, have an idea that I  like analysis tools (in the boot camp I present a session on my favorite 7 tools, 3 of them are analysis tools). That said I have been following a team at Microsoft for ages who have been building a tool called CAT.NET, which is another static analysis tool. This one focuses on analyzing code for security issues. I looks good, but it really doesn’t blow me away.

What’s the first thing you do when you get a new tool? Run it against your own code and then the Microsoft code ;) No where could I get this code to ever give me a security issue – which is either a good or bad thing. When it’s done it provides a report in HTML and XML which is boring as hell:

The report on System.Web.Services.dll

To see a problem I looked at the rules, which are defined in XML, to actually force an issue.  I decided to take a stab at the process command execution rule, with the amazingly complex code like this:

This produced a nice report like this:

That said during one of my tests with it I did get a different result, a nice crash when checking System.Data.dll

StackOverflowException in the security application.

But none of the above is the reason why it does not blow me away, it doesn’t blow me away because it’s another tool that is actually not needed. Looking at the files and code (thanks to reflector) this could have easily been built into FXCop and made that a better solution overall. It is in beta still, so hopefully this is an indication of a tool that has been grown in the dark and now that the light of the public the team will start to understand real world scenarios.

If you needed an indication of the beta status of this tool, check out how many NotImplementedExceptions are in the code still :(

You can download the bits here: 32 Bit or 64 Bit

If you create a standard WCF service it does not work with Silverlight, it needs a few tweaks to get it to work. First is that Silverlight only supports connecting to a basicHTTP service and not a wsHTTP service, so you need to enable a second service or change your primary to basicHTTP, you can find out the reasons why by reading: Accessing SOAP Services

Second you need to attribute your class with: [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]. For example:

   1: namespace SilverlightApplication1Web

   2: {

   3:     [ServiceContract(Namespace = "")]

   4:     [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]

   5:     public class CustomerService

   6:     {

   7:         [OperationContract]

   8:         public int CountUsers()

   9:         {

  10:             return 2;

  11:         }

The third tweak is the biggest: Normally your WCF service and Silverlight application do not sit in the web application (either in Visual Studio or on the server) and due to the security put in place to prevent cross site attacks your service calls will fail. Obviously creating a web application with everything in is a solution, but if you haven’t you must add a security file to the WCF service web application. There are two files you can create in the root of your website, the first one is a crossdomain.xml. Crossdomain.xml is a format created by Macromedia. I do not recommend this one for Silverlight scenarios as Silverlight only supports a subset of the functionality but if you need to deal with Flash based clients then this is the route you must follow. Your other option is the Microsoft way, which is to create a file called clientaccesspolicy.xml. A clientaccesspolicy.xml to allow all methods, from all clients, to all URLS looks like this:

<?xml version="1.0" encoding="utf-8"?>

<access-policy>

  <cross-domain-access>

    <policy>

      <allow-from http-request-headers="*">

        <domain uri="*"/>

      </allow-from>

      <grant-to>

        <resource path="/" include-subpaths="true"/>

      </grant-to>

    </policy>

  </cross-domain-access>

</access-policy>

That is not normally what you want to do in production because of the security issues, but for early development it can help. Note: You can use BOTH files to get Silverlight and Flash clients to have the best experience. More details on both those files can be found at: http://msdn.microsoft.com/en-us/library/cc197955(VS.95).aspx

The last tip is the usage of WCF in Silverlight. It is still WCF so you are required to open and close your service connection. However since Silverlight makes web calls using async methods you need to chain up commands using events. i.e. you would create a event handler for when the connection is open and then open the connection. In the open event handler you would do the work, and once that completes you close the connection.

Chaining event handlers for getting Silverlight + WCF in code and program flow. 

Special thanks to Herman (the delegator) and Willy for prompting me to write this post… especially since Herman won’t blog on this.

Seriously I am grinning like mad this morning, because my first development love has returned: DELPHI! Many years ago it stopped being a good choice for work, if you could get any work, but that changed recently with the announcement of Delphi Prism. DP makes use of Visual Studio to host the Delphi language, that’s right all the power and beauty of VS! The language has been enhanced to support all the cool things that C# can do (LINQ, Silverlight)! So that is very cool, and using Oxygene Compiler you can target .NET, Win32, Mono (so you can run on Linux) with full GUI support for GTK#, and Cocoa for OSX (Tiger and Leopard)!

That’s right one fully featured language targeting 4 different platforms (Old Windows (Win32); New Windows (.NET); Linux; Mac OSX) right from within Visual Studio!

In reality though it has just been press announcements and demo’s at PDC so nothing for me to truly base this on… but hopefully soon.

InfoQ has a nice into article on the subject too: http://www.infoq.com/news/2008/11/Delphi-Prism

Herman, who you may know as “The man without a blog” or “The Delegator” or the guy who works over the partition from me, has released a poster detailing UI interface choices there are and what are the factors involved with choosing that. Very good to have if you trying to decide between Silverlight, Flash, Flex, ASP.NET, WinForms, WPF etc…

Download details available on Willy’s blog.

A picture of the poster… it’s much bigger when you download it.

Update 10 Jan 2011 - The link to Willy-Peter's blog no longer works.

Next is web based management console for the system, however the web based management console is a prototype and comes with no official support from Microsoft. The advantage of the web based management console is all the source code is provided so you can either use it as a base for building your own or for samples to build integration into your existing management system. As a side note there are a number of third party management consoles out there, which I would highly recommend looking into if you are reading this for building your own system.

The last part of the package is documents, documents and more documents. The SDK provided goes over all the systems in the engine and how to expand it and is really useful (I’ll cover why in part 5). However more useful than that is the deployment guide which takes you step by step in how to deploy the solution for an sample company. The only piece of documentation I would add to those is the unofficial consolidated deployment guide which is additive to the actual guide but provides details on how to do HMC without the 20+ needed servers you normally need and only use 8!

To deploy HMC you really just step through the guide however it will take a number of days and a lot of diverse skills to get it right (expect to need a .Net developer, an AD expert, an Exchange expert and someone with clustering experience would be bare minimum skills) and you should have a working system which is the same as all others.

Expect severe punishment though for not following the guide word for word. For example we initially tried to have a pure Windows 2008 Server x64 environment despite what the guide said and we were punished. Unfortunately all that work had to be scrapped as HMC did not not work. In the end the call to change the servers to match what the guide said, enabled a semi-normal sleep life again.

Another example of not following the guide to the is that HMC is built on .Net 2.0 RTM, however a fix included in 2.0 SP1 actually breaks HMC. That means you cannot install .Net 3.0 or 3.5 on any key HMC server as they will install the service pack for you and bork HMC :( Patches do exist for this bug but it may be worthwhile to wait for the upcoming 4.5 release of HMC if you are thinking about deploying this anytime soon.

I had a great chance to write some kick ass Silverlight code last week as a proof of concept for a potential new business venture the company I work at is thinking about, and hopefully in 6 months to a year I will be able to talk about it. The final solution won’t be Silverlight based but for the POC it provided the delivery method, functionality and UI that gets the message across.

Part of that POC was to be able to have a local XML file (local as on the server) loaded when the application was open and parsed. So the only way to do that is to use the WebClient class and call the DownloadStringAsync method with the URI to the XML file and then parse that in an XDocument. Not rocket science at all, but when I tried it I kept getting a message “An exception of type ‘System.NotSupportedException’ occurred in System.Windows.dll but was not handled in user code Additional Information: Specified method not supported.”

No matter what I tried I could not get it to work :( Eventually I figured out that it only was occurring when debugging/running from within Visual Studio. Publishing it to an actual web server and running it as a user would worked perfectly. This is a big issue for me, since it makes ad-hoc testing and debugging very difficult. Thankfully for me it was just a POC, but this could be a big pain for serious projects.

• ASP.NET MVC: This model view controller (MVC) framework for ASP.NET provides a structured model that enables a clear separation of concerns within web applications, and makes it easier to unit test your code and support a TDD workflow. It also helps provide more control over the URLs you publish in your applications, and more control over the HTML that is emitted from them.
• ASP.NET Silverlight Support: With the ASP.NET 3.5 Extensions release we'll deliver support for easily integrating Silverlight within your ASP.NET applications.  Included will be new controls that make it easy to integrate Silverlight video/media and interactive content within your sites.
• ADO.NET Data Service (codename "Astoria"): In parallel with the ASP.NET Extensions release we will also be releasing the ADO.NET Entity Framework.  This provides a modeling framework that enables developers to define a conceptual model of a database schema that closely aligns to a real world view of the information.  We will also be shipping a new set of data services (codename "Astoria") that make it easy to expose REST based API endpoints from within your ASP.NET applications.