Feeds:
Posts
Comments

Posts Tagged ‘ASP.NET MVC Framework’

WPF, Hackers, jQuery QUnit, Static Analysis, and MVC

Another day full of great sessions…although as the days go by and I procrastinate on writing up my notes, my mind is getting a bit foggy. Hopefully, you can get something from my notes…

Sessions Attended:

  • WPF Validation – Techniques & Styles (Miguel Castro)
  • Hack Proofing Your ASP.NET Web Forms and MVC Applications (Adam Tuliper)
  • Introduction to jQuery QUnit (John Petersen)
  • Static Analysis in .NET (Jason Bock)
  • Extending ASP.NET MVC with jQuery/Ajax and jSON (John Petersen)

WPF Validation – Techniques & Styles

The validation that comes out of the box in VS2010 is not that great. MVVM is better. Data annotation is good for quick validation on the code side.

There is a difference between validation and business rules. Business rules act on an object and validation does not. Validation is usually a check field – yes/no questions. With business rules, it is more like if this field has this then do this or some other stuff.

We should reject user input as early as we can and do NOT touch valid input. How many times have we run across a website where we enter an invalid value and the site comes back with an error and all the fields are wiped out? Or even worse…no error message at all and we are left to guess at what we did wrong.

We should have one place to go to check for validation of an object (one routine to check). Validation should not be done in multiple places unless we just can’t help it. Validation should be done as early as possible, and rules code should be reusable.

The out of the box validation is view based validation (ValidationRule class) and requires view-based code to perform validation. The validation is done at the XAML level and it cannot be tested. We don’t get information back on what field is invalid, and the error message is put in a hover message.

  • Style Trigger
  • Validation.HasError
  • Set ToolTip property

In MVVM, validation is totally decoupled from the view and we can test it. IDataErrorInfo can be implemented in ViewModel or Model. The indexer method gets the name of the property that changed. The view model is bound to the view and drives state. Anytime a field changes the OnPropertyChanged is called. We drive our buttons with commands not click events. Every command (DelegateCommand) has a method that drives the command and a method that determines if the command can happen.

Error message can include field info. Attributes set on the binding in XAML. Set ValidatesOnDataErrors to true to use validation. IDataErrorInfo can be extended to incorporate rules engine and interface can be implemented by the base class.

With Data Annotations (System.ComponentModel.DataAnnotations), we have to do the checking. An attribute is only as good as its use. Attributes are used by decorating the property, and the attribute values have to be a constant.

Code will use reflection to get the property value and runs the property through validation by using the Validator static class. We can write custom data annotations by overriding IsValid, and we can do multiple validations.

  • this.GetType().GetProperty(PropertyName).GetValue(this, null)
  • Check data validation (Validator.TryValidateProperty)
  • AdornedElementPlaceholder

Recommended Reading:

  • WPF 4 Unleashed (Adam Nathan)
  • WPF Programmer’s Reference: Windows Presentation Foundation with C# 2010 and .NET 4 (Rod Stephens)

Related Sites:

Hack Proofing Your ASP.NET Web Forms and MVC Applications

One big issue we have with web applications is SQL Injection. But we also have to deal with cross site scripting, cross site request forgery, parameter tampering, information leakage, and encryption.

SQL injection is when code gets injected into the data channel and values are altered to create SQL commands when data is expected.

  • URI tampering
  • Parameter tampering
  • Cookie tampering

We should not be using inline SQL, but instead use parameritized queries. Don’t use dynamic strings. Do use ORMs, escape/whitelist input, and audit table permissions. We can use Rank() Order by and pass a number to sort by different things. We can pass parameters in dynamic SQL and use sp_ExecuteSQL.

Cross site scripting (XSS) is when script gets injected into the page, the database, or the cookies. The main types are reflected, persistent, and DOM based. We can also have scriptless attacks.

To prevent XSS, we use HTMLEncode or AttributeEncode for all output (@, <%:, HtmlEncode(), HtmlAttributeEncode()). Do not use the WebForm’s ValidateRequest=false. In ASP.NET 4.5 the HtmlEncode will be embedded in the databind.

He ran out of time to finish his slides, but did leave us with one last tidbit of info. To prevent Information Leakage, Use Retail Mode!! Setting RetailMode = TRUE turns off debugging and tracking which is the main source for Information Leakage.

Related Sites:

Introduction to jQuery QUnit

Why should we test? We can get immediate feedback of our code with unit testing. Testable code is better code. Unit testing makes automated builds worth something.

JavaScript has been challenging to test. JS is not C# or VB, usually embedded in HTML docs and often disorganized.

jQuery QUnit addresses the challenges of testing our JS. It’s a testing framework that is easy to use and integrates with other coding tools like Telerik’s JustCode (a test runner).

Static Analysis in .NET

This was a fascinating session. I found out that maybe I should have gone with Premium or Ultimate instead of getting the Professional edition of VS2010. Code analysis is only available for Premium and Ultimate. However, Jason believes someone on Codeplex has written an add-in to Professional.

We can also use FX Cop…it’s a free tool that offers command line tools for performing static code analysis of .NET code.

In source, an attribute is added to the code to suppress. In project file, we can suppress the instance but it does not get updated if we refactor it. Custom rules are not officially supported.

Other tools: Nitriq CodeAnalysis, NDepend, CodeIt..Right, and Klocwork

Related Sites:

Extending ASP.NET MVC with jQuery/Ajax and jSON

I thought about attending the How to Be a C# Ninja in 10 Easy Steps, but I thought maybe I should have a little more exposure to MVC and jQuery. I think I was in over my head in this one since I have had no experience in this area. Also, I think I was in information overload by the time I got to this session. But here are my notes for what it’s worth…

jQuery is a JavaScript library that is actually a family of projects: jQuery Core, UI, and Mobile, and QUnit. CSS always in play behind the scenes of jQuery

Ajax – Asynchronous JavaScript and XML: A technique to create asynchronous web requests from the client. Ajax communicates with the server and does a postback, and is conservative with bandwidth. The main objective is to improve performance. Multiple components and technologies are involved: HTML, CSS, XMLHttpRequest, and JavaScript. jQuery is a popular JS/Ajax framework.

JSON – JavaScript Object Notation: made up of key/value pairs and groups of key/value pairs make up a document. MongoDB and Couch are DBs that use JSON/BSON (binary JSON).

JavaScript is the glue that ties these 3 together and CSS makes it all come alive.

The update panel in ASP.NET is a div that gets updated via Ajax. Telerik has extensions for MVC and there are other MVC/jQuery based frameworks out there.

Related Sites:

Read Full Post »

HTML5, IE9/10, MVC, Mobile Apps, Tips & Tricks, and Entity Framework

So it’s always a bit crazy when a new version of a development tool gets released…even in beta form. It seemed like every session I attended on Day 2 involved VS 11 Beta. I was extremely disappointed and discouraged that I wouldn’t be able to learn what I came to learn if the rest of the week turned out the same.

Don’t get me wrong…very cool to see the new stuff coming out, but I came to VS Live to learn about VS 2010. I know 2010 has been out a while, but I only just recently obtained a copy and have started working in it. I never had a chance to use 2008. So I was very excited to get the chance to come to a conference about VS 2010 and learn some of the cool things I could now do.

I missed the Keynote at 8am which was on VS11…which was partly the reason for the frenzy on VS11 this day.

Sessions Attended:

  • HTML5 and Internet Explorer: A Developer Overview (Ben Hoelting)
  • Advanced ASP.NET MVC, HTML5, and the .NET Stack (Ben Hoelting)
  • Chalk Talk: Visual Studio for Mobile Apps on iOS, Android and WP7 (Miguel de Icaza)
  • Visual Studio 2010 and 11 Tips & Tricks (Amy Hartwig)
  • Entity Framework Code First – Beyond the Basics (Sergey Barskiy)

HTML5 and Internet Explorer: A Developer Overview

In this session, Ben did a great job explaining the power of IE9/10 and HTML5, the features of today, and what the future will bring. He showed us some of the benchmarks for IE and took us on a test drive. Best session of the day!

We can use meta elements to pin sites to the task bar and provide users with notifications. With Windows 7 integration, we can add jump lists that will allow us to go directly to areas of our website. HTML5 gives us new tags, rich media & graphics support, CSS3, and better performance. Use modernizers to make HTML5 work on non-HTML5 compliant browsers.

The website http://caniuse.com/ has compatibility tables for support of HTML5, CSS3, SVG and more in desktop and mobile browsers.

A few of the cool features we now have available to us:

  • Semantic elements like section, nav, article, aside, and hgroup
  • Canvas – block element to draw 2d graphics in JS
  • SVG (Scalar Vector Graphics) – 2d vector graphics in XML
  • Video tag – this is not streaming video…user has to download entire video to play
  • Audio tag – able to turn off play buttons
  • Rounded corners – can achieve rounded corners by using the border-radius property
  • 2d & 3d transforms (3d in IE10) -ms-transform: scale(2,2) rotate(30deg) [Chrome ignores –ms]

Windows 8 brings us the touch language. Today’s web was not designed with the finger in mind…but it’s coming soon. With touch, we will no longer have hover. We will need to ensure ample room around elements for fingers (average 11mm).

Related Sites:

Advanced ASP.NET MVC, HTML5, and the .NET Stack

I stayed with Ben for his next session because I really wanted to see more on HTML5 and the description of the class sounded interesting. However, the session didn’t really match the description but was still a good session. I was hoping to see some coding, but his discussion was more high level and the use of add-ons, templates, and the Kendo UI framework.

He talked about the HTML5 Boiler Plate with MVC4…a template for HTML/JS/CSS and showed us some of the code which is in minified jQuery where all the whitespace is removed for good performance.

Not much discussion on MVC except to say that there are a lot of tutorials on the web – just look for them.

He touched briefly on Razor, Web Optimization Bundler, and Authorization Service. The Web Optimization Bundler will bundle all the content, CSS, and JS calls at once but only optimizes jQuery JS files.

Kendo UI and Knockout.js is what he came to talk about. Knockout.js is a JS library for using the MVVM pattern and can be a replacement for ASP.NET MVC. Some key features are databinding (including automatic UI updating), templating, and dependency tracking. The Kendo UI is a new set of HTML/JS based UI controls that provides templating and databinding, and has advantages over jQuery UI.

Expression Blend Super Preview allows us to view our sites in two browsers at once, and supports IE6-9 and Firefox. VS11 has an option to run in multiple browsers.

Related Sites:

Chalk Talk: Visual Studio for Mobile Apps on iOS, Android and WP7

Sales pitch for Xamarin products…but I expected a sales pitch from a chalk talk session even though the description sounded otherwise.

Mono is an open source implementation of the .NET platform, and was created to bring Windows applications to Linux.

iOS – Apple disallows JIT compile. Mono has batch compile that Apple requires. To develop on iOS…must have MAC.

Android – Mono available for Windows and Mac (MonoDevelop) and uses JIT. Can open code and code in VS, but cannot run the app in VS…have to go back to MonoDevelop to run the app and test.

Related Sites:

Visual Studio 2010 and 11 Tips & Tricks

Unfortunately, I didn’t stick around long in this session. This was pretty much all about VS11 and the changes in shortcuts between 2010 and 11. If anyone reading this did sit through this session, please leave a comment on any tips & tricks for VS2010 that she did speak about. She did hand out a flyer with VS11 shortcut keys…I plan on trying them in 2010 just see what happens!

Best tip I have…Resharper.

Entity Framework Code First – Beyond the Basics

All I can say for this session is that I was in over my head…no clue what he was talking about. I think I needed a basics class first since I have never used the Entity Framework. But here are my notes for those it may help.

Sorry I don’t have much context around my notes. I just jotted stuff down that sounded interesting so that when I do get into using Entity Framework I have some points to look up.

  • Data cached in app domain after first use. Host in IIS – setting custom recycle schedule. Also, we can write a service to pose as first user.
  • ctx.Entry(person).State = EntityStatus.Modified
    • Don’t use the update function using Person.find(id) because it’s slower.
  • Disable tracking People.AsNoTracking()
  • Properties – no work to be done
  • Methods – work will be done
  • DBEntityEntry
  • Complex type – wrapper for group of properties and not mapped to a table
  • Explicit mapping – has column name
  • One to one relationships must be explicitly configured
  • WithRequired – property is required
  • HasOptional – allows NULL
  • Cascade delete bypasses SQL structures for logging the deletes
  • DB Parameter / SQL Parameter
  • Type Inference
  • Generic Repository
  • If write 0 records, get concurrency exception IsConcurrencyToken
  • Migrations – enable using powershell

Related Sites:

Looking back…this day taught me to look at provided documentation for sessions prior to deciding which sessions to attend.

Day 3 was a great day – will post notes soon…

Read Full Post »

Welcome to Las Vegas SignThe 5 days of sessions and workshops at Visual Studio Live were full of valuable information and great tips to improve efficiency and productivity. I will be sharing some of this in future posts, but here is a little of what I learned and the sessions that I attended…

The future technologies coming down the pipe include natural user interfaces with better multi-touch capabilities as well as voice and neural capabilities. Microsoft has recently released Kinect for the PC that will allow users to do various things using just their voice and/or body motions. Here is a link if you are interested in seeing some of the projects already in place with natural user interfaces (all built with Visual Studio 2010).

Creating User Experiences Workshop

The Creating User Experiences workshop that I attended provided much more useful information than what I can summarize here. If you are interested in hearing more on this, I will be writing up a more in-depth post soon.

Creating a successful user experience is not just about making something possible that wasn’t possible before. To make the user experience a success, it is about making it easy…which is what we keep saying that we need to do with our applications.

One key point made during the workshop was that we should not strive to use every bit of screen real estate. The eye naturally will focus on the area of the screen from the top left corner down to the bottom right corner. Users look at crowded screens as being poor quality and bad design which can lead to lost revenue and a decrease in productivity.

Users resist change and it can be difficult for users to accept changes to existing systems that have poor design because they feel the changes will make their job harder. In order to get users to accept change, it is recommended to create new applications that are completely different from existing applications than to merely make enhancements to the existing applications.

Good software design will increase productivity, reduce the amount of training needed, lower the number of errors, and ultimately increase sales.

 

List of Workshops/Sessions Attended

Workshops (Full Day):

  • Creating Today’s User Experiences – An Entry Point for Developers (Billy Hollis)
    • Explanation of design concepts and the user psychology and brain wiring that make the concepts work.
  • Programming with WCF in One Day (Miguel Castro)
    • All WCF fundamentals, advanced features, and lots of tips and tricks for design, hosting, and WCF consuming.

Sessions:

  • HTML5 and Internet Explorer: A Developer Overview (Ben Hoelting)
    • The power of HTML5 in IE9 and IE10, and the features available now and in the future.
  • Advanced ASP.NET MVC, HTML5 and the .NET Stack (Ben Hoelting)
    • The awesomeness of MVC, and discussion on key concepts and features.
  • Visual Studio for Mobile Apps on iOS, Android and WP7 (Miguel de Icaza)
    • This felt more like a sales pitch for Xamarin applications (MonoDevelop), but did learn some information on using VS for developing mobile apps.
  • Visual Studio 2010 and 11 Tips & Tricks (Amy Hartwig)
    • Various tips and tricks on using the shortcut keys and other built in functions.
  • Entity Framework Code First – Beyond the Basics (Sergey Barskiy)
    • Performance analysis tips, database scheme techniques, and models
  • The Future of User Experience: The Natural User Interface (Tim Huckaby)
    • Look at past technologies and how technology has developed over the years, a look at the impressive software being built today with .NET technologies, and the future of NUI.
  • Windows Presentation Foundation for Developers (Philip Japikse)
    • Strengths of WPF, various layouts, and maximizing databinding.
  • Building Your First Azure Application (Michael Stiefel)
    • Key technologies and techniques, and basics of building Azure applications
  • Parallel Programming 101 (Tiberiu Covaci)
    • Using threads and thread pools
  • Silverlight, WCF RIA Services and Your Business Objects (Deborah Kurata)
    • Discussion on using RIA to develop Silverlight/WCF services.
  • Top 7 Lessons Learned On My First Big Silverlight Project (Ben Day)
    • Real world tips for architecting Silverlight applications, testing, and pain points.
  • WPF Validation – Techniques & Styles (Miguel Castro)
    • Various validation offerings including MVVM-based, and custom styling.
  • Hack Proofing Your ASP.NET Web Forms and MVC Applications (Adam Tuliper)
    • Why most existing applications can be hacked, details of common attacks, and techniques for protecting against hack attacks.
  • Introduction to jQuery QUnit (John Peterson)
    • Basics of using QUnit for testing jQuery.
  • Static Analysis in .NET (Jason Bock)
    • Benefits, how to improve code, and custom rules
  • Extending ASP.NET MVC with jQuery/Ajax and jSON (John Peterson)
    • Some information on Ajax and jSON, but mostly discussion on using jQuery.

As you can see, I attended a mixture of sessions on various technologies.

What’s Next?

Over the next week or so, I will be documenting all that I learned and sharing the wealth of information in future blog posts.

Plus, I was the “tweet to win” winner for a free 5 day pass to attend another VS Live event later in the year…I chose Orlando, FL in December. This event in Orlando is actually 4 events in 1 (Visual Studio, SQL Server, SharePoint, and Cloud & Virtualization). I am really looking forward to this one!

Read Full Post »

%d bloggers like this: