Feeds:
Posts
Comments

Posts Tagged ‘software’

I’ve recently been asked to develop a solution for sending bulk and transactional emails using either SendGrid or ConstantContact APIs. AND I have to get it implemented by August 1, 2012!!!

Since I have not actually developed any real-world solutions in VS2010 yet and I don’t really have anyone to talk to (I’m the only developer here), I thought I should try to find something online that will help me out. (At this time, I really wished I had finished those books I started earlier!)

My first thoughts…

Do I write a Desktop App? Do I write a Web App? How do I get started?

The business doesn’t really know what they want. Requirements state “front-end application that allows business users the ability to create new campaigns”. If I write a Desktop App, they will only be able to access if they have the app installed on their PC or can access a PC with the app installed. We have a lot of users who work offsite, and some even use personal PCs. So at this time, I’m thinking…Web App.

Now to find some help on creating Web App to send emails, I do a few searches and come across random blog posts about SendGrid and ConstantContact. At some point in the search I find a blog posting where someone references a tutorial on MVC3.

MVC…hmm…it’s very similar to something I used in the past called Castle Monorail (VS2005 and .net 2.0).

So I decide to get started on this tutorial I found on MVC3.

http://www.asp.net/mvc/tutorials/getting-started-with-aspnet-mvc3

I’ve just finished the first chapter and I have to say this is a great tutorial so far. I highly recommend anyone who wants to learn MVC3 who has never used MVC in the past should try out this tutorial.

I hope I can get through the rest of the chapters quickly and be able to start on this application.

If anyone out there has any suggestions on using SendGrid or ConstantContact, please shoot me a message…I think I’ll be using SendGrid but may have to use ConstantContact for a lower cost solution.

Advertisements

Read Full Post »

WPF, Hackers, jQuery QUnit, Static Analysis, and MVC

Another day full of great sessions…although as the days go by and I procrastinate on writing up my notes, my mind is getting a bit foggy. Hopefully, you can get something from my notes…

Sessions Attended:

  • WPF Validation – Techniques & Styles (Miguel Castro)
  • Hack Proofing Your ASP.NET Web Forms and MVC Applications (Adam Tuliper)
  • Introduction to jQuery QUnit (John Petersen)
  • Static Analysis in .NET (Jason Bock)
  • Extending ASP.NET MVC with jQuery/Ajax and jSON (John Petersen)

WPF Validation – Techniques & Styles

The validation that comes out of the box in VS2010 is not that great. MVVM is better. Data annotation is good for quick validation on the code side.

There is a difference between validation and business rules. Business rules act on an object and validation does not. Validation is usually a check field – yes/no questions. With business rules, it is more like if this field has this then do this or some other stuff.

We should reject user input as early as we can and do NOT touch valid input. How many times have we run across a website where we enter an invalid value and the site comes back with an error and all the fields are wiped out? Or even worse…no error message at all and we are left to guess at what we did wrong.

We should have one place to go to check for validation of an object (one routine to check). Validation should not be done in multiple places unless we just can’t help it. Validation should be done as early as possible, and rules code should be reusable.

The out of the box validation is view based validation (ValidationRule class) and requires view-based code to perform validation. The validation is done at the XAML level and it cannot be tested. We don’t get information back on what field is invalid, and the error message is put in a hover message.

  • Style Trigger
  • Validation.HasError
  • Set ToolTip property

In MVVM, validation is totally decoupled from the view and we can test it. IDataErrorInfo can be implemented in ViewModel or Model. The indexer method gets the name of the property that changed. The view model is bound to the view and drives state. Anytime a field changes the OnPropertyChanged is called. We drive our buttons with commands not click events. Every command (DelegateCommand) has a method that drives the command and a method that determines if the command can happen.

Error message can include field info. Attributes set on the binding in XAML. Set ValidatesOnDataErrors to true to use validation. IDataErrorInfo can be extended to incorporate rules engine and interface can be implemented by the base class.

With Data Annotations (System.ComponentModel.DataAnnotations), we have to do the checking. An attribute is only as good as its use. Attributes are used by decorating the property, and the attribute values have to be a constant.

Code will use reflection to get the property value and runs the property through validation by using the Validator static class. We can write custom data annotations by overriding IsValid, and we can do multiple validations.

  • this.GetType().GetProperty(PropertyName).GetValue(this, null)
  • Check data validation (Validator.TryValidateProperty)
  • AdornedElementPlaceholder

Recommended Reading:

  • WPF 4 Unleashed (Adam Nathan)
  • WPF Programmer’s Reference: Windows Presentation Foundation with C# 2010 and .NET 4 (Rod Stephens)

Related Sites:

Hack Proofing Your ASP.NET Web Forms and MVC Applications

One big issue we have with web applications is SQL Injection. But we also have to deal with cross site scripting, cross site request forgery, parameter tampering, information leakage, and encryption.

SQL injection is when code gets injected into the data channel and values are altered to create SQL commands when data is expected.

  • URI tampering
  • Parameter tampering
  • Cookie tampering

We should not be using inline SQL, but instead use parameritized queries. Don’t use dynamic strings. Do use ORMs, escape/whitelist input, and audit table permissions. We can use Rank() Order by and pass a number to sort by different things. We can pass parameters in dynamic SQL and use sp_ExecuteSQL.

Cross site scripting (XSS) is when script gets injected into the page, the database, or the cookies. The main types are reflected, persistent, and DOM based. We can also have scriptless attacks.

To prevent XSS, we use HTMLEncode or AttributeEncode for all output (@, <%:, HtmlEncode(), HtmlAttributeEncode()). Do not use the WebForm’s ValidateRequest=false. In ASP.NET 4.5 the HtmlEncode will be embedded in the databind.

He ran out of time to finish his slides, but did leave us with one last tidbit of info. To prevent Information Leakage, Use Retail Mode!! Setting RetailMode = TRUE turns off debugging and tracking which is the main source for Information Leakage.

Related Sites:

Introduction to jQuery QUnit

Why should we test? We can get immediate feedback of our code with unit testing. Testable code is better code. Unit testing makes automated builds worth something.

JavaScript has been challenging to test. JS is not C# or VB, usually embedded in HTML docs and often disorganized.

jQuery QUnit addresses the challenges of testing our JS. It’s a testing framework that is easy to use and integrates with other coding tools like Telerik’s JustCode (a test runner).

Static Analysis in .NET

This was a fascinating session. I found out that maybe I should have gone with Premium or Ultimate instead of getting the Professional edition of VS2010. Code analysis is only available for Premium and Ultimate. However, Jason believes someone on Codeplex has written an add-in to Professional.

We can also use FX Cop…it’s a free tool that offers command line tools for performing static code analysis of .NET code.

In source, an attribute is added to the code to suppress. In project file, we can suppress the instance but it does not get updated if we refactor it. Custom rules are not officially supported.

Other tools: Nitriq CodeAnalysis, NDepend, CodeIt..Right, and Klocwork

Related Sites:

Extending ASP.NET MVC with jQuery/Ajax and jSON

I thought about attending the How to Be a C# Ninja in 10 Easy Steps, but I thought maybe I should have a little more exposure to MVC and jQuery. I think I was in over my head in this one since I have had no experience in this area. Also, I think I was in information overload by the time I got to this session. But here are my notes for what it’s worth…

jQuery is a JavaScript library that is actually a family of projects: jQuery Core, UI, and Mobile, and QUnit. CSS always in play behind the scenes of jQuery

Ajax – Asynchronous JavaScript and XML: A technique to create asynchronous web requests from the client. Ajax communicates with the server and does a postback, and is conservative with bandwidth. The main objective is to improve performance. Multiple components and technologies are involved: HTML, CSS, XMLHttpRequest, and JavaScript. jQuery is a popular JS/Ajax framework.

JSON – JavaScript Object Notation: made up of key/value pairs and groups of key/value pairs make up a document. MongoDB and Couch are DBs that use JSON/BSON (binary JSON).

JavaScript is the glue that ties these 3 together and CSS makes it all come alive.

The update panel in ASP.NET is a div that gets updated via Ajax. Telerik has extensions for MVC and there are other MVC/jQuery based frameworks out there.

Related Sites:

Read Full Post »

%d bloggers like this: