PeterKellner.net

Let’s say you have a user input field that you want the user to type data into which will be later displayed back to the user.  You don’t want the user putting in their own html or other things (like javascript tags) because that could cause bad things to happen on your page. 

The easiest thing to do is to set the page attribute to not do request validation

<%@ Page Title="" Language="C#" MasterPageFile="~/DefaultNoColumns.master" AutoEventWireup="true" ValidateRequest="false"
    CodeFile="SponsorInformationEdit.aspx.cs" Inherits="SponsorInformationEdit" %>

Then, store whatever the user types in the textbox including the nasty things like <script …

When you get around to displaying the data back, simply encode it like this:

LabelShortDescription.Text = HttpUtility.HtmlEncode(rec.CompanyDescriptionShort);

Then, if the user put a bold tag in the html, they will get this displayed back:

and no harm will occur.

Introduction

If you’ve started using SqlAzure for your SqlServer with your Azure application, you’ve probably discovered that you get a reasonable number of connection failures.  The advice from the Azure team is add retry logic to all your connections to SqlAzure. There is a long discussion posted by the Azure team here.

The key paragraph states the problem as follows:

The Problem
One of the things that SQL Azure does to deliver high availability is it sometimes closes connections. SQL Azure does some pretty cool stuff under the covers to minimize the impact, but this is a key difference in SQL Azure development vs. SQL Server development.

Basically, what this means is that you must be able to deal with connections failing when you call SqlAzure.  Something that all of probably should have been doing forever, but because most of the time SqlServer is running on your local LAN and the likelihood if a connection failing was next to zero unless something else was going terribly wrong.  Certainly not something we had to do on regular basis.  To emphasize that even more, most of the controls built into asp.net that open connections to sqlserver don’t even do this and that’s from Microsoft itself.

The solution proposed in the thread mentioned above basically has you add tons of code to everyplace you access a connection object.  Personally, I don’t like that because I have hundreds if not thousands of places I open connections and inserting tens of thousands of lines of extra new untested code is a little scary.

So, what to do?

Fortunately, another team at Microsoft, known as the Windows Server AppFabric Customer Advisory Team published a general purpose solution using Extension Methods and some darn clever coding wrote a great article and published code including azure examples that solves this problem very elegantly without requiring a lot of changes to your existing code base.

In this article I plan on giving an example and publishing a sample project that uses this code with SqlAzure to solve the connection retry problem.  My goal here is not to simply restate what they published but to simply have a very simple concrete example of using their library.

In my last post, I found a use for inverting if statements.  That is, I postulated that it is better to have an explicit else when it’s impossible for that code to be executed.  The argument for just falling through the loop with no else is that why have unnecessary code.

My argument is intent.  I personally like to make the intent of my code as clear as possible and having the extra else provides that for me.

Now, for the braces discussion.  That is, is it OK to do this:

if (myObject1==null) err = "bad1";
if (myObject2==null) err = "bad2";
if (myObject3==null) err = "bad3";
if (myObject4==null) err = "bad4";
if (myObject5==null) err = "bad5";

or should you be required by coding standards to do this:

Background

At my company, we have been running a workflow process that is taking 6 hours to complete.  This is a new project so we’ve had the good fortune to be able to use the latest Microsoft technologies.  We are a Microsoft shop, so that means Sql Server 2008, C#, ASP.NET, ExtJS, LINQ to SQL (hoping to move to Entity Framework someday) and others.  After spending all day running performance analysis tools and basically performing a full audit of the 6 hour process, we sadly concluded that our time was being eaten up by LINQ to SQL processing.  My experience has always been that anything you do on the compiled code side is usually overwhelmed by database access times, usually at least ten to one.  Well, I learned a lot yesterday.

I’m sure many of you know Lynn Langit.  Her role at Microsoft has been a Developer Evangelist of many of the business software offerings from Microsoft including Sharepoint and SqlServer and it’s many offerings.  She’s always been a wealth of great information about those products and it’s great to see she’s got a book out about one of her favorite topics, Business Intelligence.

So far, I’ve read the first four chapters and have skimmed the rest.  I am so far very impressed with both how well it’s written and the depth of topics the book covers.  As I read more, I’ll come back and update this post.  I have no doubts I will get a lot out of this book, as I’m sure practically anyone else who buys it will also.

As a developer who has spent much of my life doing DBA type work, I really appreciate the simplicity and elegance of what Microsoft Visual Studio Team has put together with the Database Edition and can be seen for sale here as the Microsoft Visual Studio 2010 Premium with MSDN Download – Download Direct from Microsoft I’ll first try and explain in a nutshell what it is.  Then I’ll go through an example of creating a Visual Studio Database Project out of a site I’ve been working on to show the steps.  Finally, I’ll give a short summary reliving the experience and giving you some other pointers that may help you get through the experience.

What is VS2008 Database Edition?

Basically, what VS2008 does is to first process your existing schema into hundreds (maybe thousands) of little files.  That is, each file is one database thing. That thing might be a table definition, a stored procedure, a trigger, a constraint, a foreign key, etc.  The beauty of this is that now, each thing can be tracked separately.  Say for example, you want to update just one table and someone else on your team wants to update another table in the same schema.  Since the files are now separate files, it’s no problem.  When you grab the latest changes from source control, you will get your friends changes and he will get yours.  Very very clean!

Also, it has a very powerful comparison engine.  Say you update your data outside of this project.  VS2008 Database Edition will compare your definitions in all these little files with either a sql script you generate, or it will connect to an external database and compare to that.  Me personally, I like to use a tool called SqlManager to manage my data.  I can continue to do that, then when I’ve made my changes, I can simply connect VS2008 Database Edition to my updated development database and it will automatically figure out the changes.

So, you may ask, what version do I need to run this of Visual Studio?  The answer is in this link:  http://msdn.microsoft.com/en-us/vs2008/products/cc149003.aspx

Here We Go, Let’s do an Example

So, first, I will open my existing solution which has a web project in it, a data access project as well as other projects.  Then, I create the new Database solution by saying File/Open/New Project/Database Project.

Then, we follow the wizard…

Taking defaults…

Now, I choose my schema.

Press Start…

Once you’ve done that, you’ll now have your schema spread out across your project in little files.  Below is what the "file based" view of your schema looks like.

Notice that the file we are looking at also includes comments for both the table and the columns using the standard extended property documentation format as follows:

GO
EXECUTE sp_addextendedproperty @name = N'MS_Description', 
@value = N'tracks all changes from each camp

title;link;guid;pubDate;category;description', @level0type = N'SCHEMA', 
@level0name = N'dbo', @level1type = N'TABLE', 
@level1name = N'CampFeed';


GO
EXECUTE sp_addextendedproperty @name = N'MS_Description', 
@value = N'if true, this is the main news feed from the site.  
there should only be one main news feed from any site.  this would 
not be feeds like twitter', @level0type = N'SCHEMA', 
@level0name = N'dbo', 
@level1type = N'TABLE', @level1name = N'CampFeed', 
@level2type = N'COLUMN', @level2name = N'PrimaryFeed';

Now, when you actually build the project as follows:

it will generate the full script combining all the files back into one again. Here is where it puts it:

So, that’s about it for now. I haven’t gone into any of the ways to compare and update your schema based on external changes, but we can leave that for another post.

To see a great video by Richard Hundhausen, President of Accentient, a Team Systems Consulting company, go to this link:  http://msdn.microsoft.com/en-us/vsts2008/cc659682.aspx

Also, if you are using Sql Server 2008, make sure you install visual studio 2008 sp1, then go to this link and install the download:  http://www.microsoft.com/downloads/details.aspx?FamilyID=bb3ad767-5f69-4db9-b1c9-8f55759846ed&displaylang=en

Conclusions

From what I can tell, this Visual Studio Database Edition will be a huge help in building database schema’s and database programs (sp’s, triggers,etc.) in a collaborative environment.   If you have the license to use this, I strongly recommend it.  It is definitely going to be part of my tool kit for now on.  Even if I’m the only author in the project.

I’ve just started (within the past 2 days) learning and building a prototype with Microsoft’s new MVC platform.  It’s really just another project type in Visual Studio 2008, but it changes the way you write asp.net applications.  So far I like it, but I’m still on the honeymoon.  I have not really tried to do anything complex yet, and because it’s new to me, the simple things are still hard.  Scott Guthrie’s posts posts have been helpful, as well as reading a pre-release of Manning’s upcoming book ASP.NET MVC In Action by Jeffrey Palermo, Ben Scheirman and Jimmy Bogard.

Recently, we’ve moved our hosting for the Silicon Valley Code Camp to MOSSO, which is a hosted web farm.  In order to run modules and handlers, it seems it’s necessary to run in IIS7’s integrated mode.  Once this is set, other small issues creep up like for example you can no longer run HttpHandler’s from the standard HttpHandler’s section in your web.config file (see below)

<httpHandlers>

            <remove verb="*" path="*.asmx"/>

            <add verb="*" path="*.asmx" validate="false" ...

            <add verb="*" path="*_AppService.axd" validate="false" ...

            <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler,..

            <add type="PeterKellner.Utils.CaptchaTypeHandler" verb="GET" path="CaptchaType.ashx"/>

</httpHandlers>

The Problem

Over the past several years I’ve found myself running into the same problem over and over so I thought I’d blog the solution so at least I don’t waste time figuring it out again.  So, when do you need this?  The answer for me is that I want to be able reference a web site without having to expose the underlying site structure.  For example, on the home page of my business, I want people to be able to type http://73rdstreet.com/Home and be taken to http://www.73rdstreet.com/HomeSite/Home.aspx.

The Symptom

You may see errors that say something like:

Server Error in Application … HTTP Error 404.0 – Not Found

One of the really nice features I enjoy using in Resharper 4.0 is the refactoring that converts inefficient (and unpleasant to read) syntax into nice efficient code.  In this post, I’ll show some refactorings that Resharper (from JetBrains) gives us.  There are lots more, but the ones listed below seem to come up the most in my own c# code.

Article Series

Introduction

This article shows how to create a modal windows (not a popup) that displays a login windows (asking for username and password) in the middle of whatever asp.net page you are viewing.  It uses the Telerik Modal Radwindow control.  At the end of a successful login, the login dialog redirects the web user to some page designated by the author.  It requires no Javascript programming by the programmer.  Just simple method calls in the asp.net page.

(more…)

Article Series

Introduction

Creating themes for ASP.NET 2.0 is very easy if you follow the standard guidelines Microsoft gives us.  Microsoft gives a pretty good discussion in the MSDN article
ASP.NET Themes and Skins Overview.  I’ve read it several times but since I don’t do this very often I keep forgetting the simple things.  Recently,
I posted a question on ASP.NET forums asking how to have an image automatically come from the correct theme directory.  As usual, Dave Sussman
gave me the perfect answer.

"You should store the images under the themes and set the ImageUrl in the skin file. Give the control a SkinID in both the skin file and in the page. When the theme changes the appropriate image will be used."

In this article, I’ll basically explain his answer with an example using the code camp web site.

(more…)

Article Series

(Source Code Available in Article 6 Below – (Added March 2009))

Introduction

The Typical Way

When you first create an asp.net project a file is usually created in your root web directory called web.config.  By default there are two (usually empty) sections in the file.  One for appSettings, and one for connectionStrings.  Below is a default project created with visual studio 2008 and a sample web.config file.

So, technically, String and string mean exactly the same thing in C#.  string, is an alias for String (aka a shorthand) for System.String.  So, when should use which?  It seems that the convention is to use string when you are referring to an object and String when you are referring specifically to the string class.

This is basically what is said at this URL:  http://en.csharp-online.net/CSharp_String_Theory%E2%80%94string_versus_String

Juval Lowy has some coding standards at http://www.idesign.net that says basically the same thing.  From the document on IDesign’s web site the following examples show what is best practices (which I completely agree with).

That’s it for now. 

Introduction

Searchlight was born from the desire to show the outstanding ability of Silverlight to create a compelling web application using existing infrastructure technology.  The products was developed working with Leverage Software, a
San Francisco company dedicated to delivering first class communities for it’s customer’s, Peter Kellner (the Silverlight technology guy), and Uday Gajendar, the design specialist.  Our efforts can be viewed by going to the LeverageSoftware Labs Link Here.  Simply follow the directions on that web page to run the web application. In this article, many of the Silverlight features in Searchlight are discussed.

Background

Searchlight was built to run with the first Alpha 1.1 version of Silverlight shipped from Microsoft.  Searchlight takes advantage of Leverage Software’s extensive web service api to provide real time data based on those web feeds.  Currently, Leverage Software’s  main access to the Dwell Community is an html application that can be found at
http://dwell.leveragesoftware.com/.  Using the Silverlight Alpha 1.1 combined with

I’m presenting a session on Silverlight 1.1 at Silicon Valley Code Camp October 27-28, 2007. this event will be held at Foothill College. If you can make it, please register here:

http://www.siliconvalley-codecamp.com/AttendeeRegistration.aspx

So, you might be wondering, what is a code camp, and what does it cost? Well, it’s completely free and completely staffed by volunteers. It’s a place you can share your passion for technology with others like yourself, it’s a place you can give a presentation on your favorite topic to a receptive audience, as well as go to sessions by others who want to share the knowledge. Typically, there are sessions on all kinds of technologies from Microsoft’s latest stuff to Java,
Ruby, Python, JavaScript, and even more obscure technologies. It’s basically formatted like a 1 day PDC/Teched/JavaOne style event where sessions are pre arranged and you just choose what interests you. Session sign up closes a week before the event so you know what you’ll be in for ahead of time and you can plan.

Recently, is seems that many web sites and blogs are starting to use a navigation technique where you have multiple hyperlinks grouped in a box, with size, color, or brightness giving some meaning.  I like this very much and have been on the lookout for a while for a control to do this in ASP.NET.  Turns out, DevExpress has one!  It’s called the CloudControl and you can read more about it at the following URL.

One of the tricks I’ve learned over time is to always set visual studio to stop on a thrown exception.  Normally, during running of a .net application, unhandled exceptions are simply processed and absorbed quietly.  For the most part, this is good because you do not want your users to see error messages all the time, and likely what is being thrown is not interesting anyhow.  It is however bad because throwing exceptions is very time consuming for the application as well as it may actually be something important.

To keep this from happening, my "best practice" is to go into the menu choice Debug/Exceptions as follows: