Archived Posts from this Category

The Morning Brew #479

Posted by on 18 Nov 2009 | Tagged as: .NET, C#, Development, Morning Brew


  • ASP.NET MVC 2 Beta Released – Phil Haack shares the news of the ASP.NET MVC 2 Beta release, announced as part of the PDC keynote. This beta release includes support for Visual Studio 2008 SP1, but not for VS2010 beta 2 due to that being on a different schedule
  • Windows Identity Foundation RTM! – ‘vibro’ highlights the PDC announcement of the GA / RTM release of Windows Identity Framework, Microsoft’s latest incarnation of identity products formerly know as Geneva.
  • Announcing the Identity Developer Training Course on Channel9 – Vibro also highlights the Identity Developer Training Course, a self learning set of content available on the Channel 9 site covering the use of identity in a number of scenarios such as Web, Web services, Azure
  • Microsoft Codename Dallas : Introducing "Dallas" – Moe Khosravy shares the announcement of the new Microsoft project codenamed ‘Dalas’ which brings hih quality information conent services to the Azure offering via a clean API. Moe also shares A Quick Overview of Dallas for Developers.
  • Developing and Managing Services with Windows Server AppFabric – Cliff Simpkins talks about the Windows Server AppFabric Beta 1 release which is designed to make it easier to build and scale out applications built on IIS. Key components of this technology are the Velocity Cache, Windows Communication Foundation, Windows Workflow Foundation, ADO.NET Data Services all of which enable SOA style applications to be built on the framework
  • Announcing Microsoft Sync Framework Power Pack For SQL Azure CTP – Maheshwar Jayaraman highlights the release of the Microsoft Sync Framework Power Pack For SQL Azure CTP which contains the Azure Data Sync tool which lets you synchronise data between your own SQL instances and Azure, the SqlAzureSyncProvider which eables synchronisation of existing data providers and adds in a number of SQL Azure metadata APIs, and a SQL Azure Offline Visual Studio plugin which enables you to build offline synchronisation routines with Azure
  • Azure – from July CTP to November 2009 PDC Release – Mike Kelly takes a look at the changes from the July CTP release of the Azure SDK through to the release for PDC 2009, highlighting the large key changes
  • Windows Azure case studies launched at PDC 2009 – Hanu Kommalapati highlights a number of Azure case studies showing the use of various Azure features in real world situations. Hanu also shares some of the details of the pricing of Windows Azure supported OS image types
  • Breaking Down ‘Data Silos’ – The Open Data Protocol (OData) – Mike Flasko of the ADO.NET Data Services Team talks about the new OData protocol for data sharing which aims to make interoperability between data sources much eaier
  • Introducing the Microsoft Open Data Protocol Visualizer – Noam Ben-Ami & Fabian Winternitz of teh ADO.NET Data Services Team share the release and show the Microsoft Open Data Protocol Visualizer a tool to help work with Open Data Protocol data from inside Visual Studio
  • PDC09 Demo App: Tailspin Travel (Visual Studio 2010) – Dr. "Z" highlights the availability of the full source of the TailSpin sample application being shown at PDC on CodePlex. This app, build in VS2010 Ultimate and requiring the new Azure AppFabric installed shows off a number of the new features being discussed this PDC
  • PDC 2009 Day 1: Future Directions for C# and Visual Basic – Sasha Goldshtein talks about some of the interesting stuff revealed at PDC about the two main .NET languages and also some interesting news about the respective compilers for each language


  • Vim Emulator Editor For Beta2 Released – Jared Parsons updates his VIM emulator for Visual Studio 2010 Beta 2, bringing some traditional VIM Editor goodness to the Visual Studio IDE
  • SharePoint 2010 Beta 2 is finally here! – Eric Kraus highlights the release of SharePoint 2010 Beta 2 which will expire on 31 October 2010 and is available now to MSDN subscribers. Eric also links to a number of resources with help for getting installed and running
  • Announcing: IIS SEO Toolkit v1.0 release – CarlosAg highlights the release of the IIS Search Engine Optimisation Toolkit 1.0 RTM release. This release builds on the sucess of the Beta 1 and Beta 2 releases adding a number of bug fixes and new features while retaining backward compatibility with the betas
  • Deep Tracing of Internet Explorer – John Resig highlights a useful tool for anyone battling performance issues in JavaScript in Internet Explorer versions 6-8. dynaTrace Ajax looks like a really useful tool at a good price (free)
  • Reactive Extensions for .NET (Rx) released on DevLabs – Matthew Podwysocki highlights the release of the Reactive Extensions for .Net which was release on DevLabs today. This release covers .NET 4 beta 2, .NET 3.5 SP1 and Silverlight 3 giving lots of opportunities to play with this stuff.


  • Getting Started with Entity Framework 4 – Simple Model First Example – Eric Nelson follows up from his TechEd presentation with a series of blog posts looking at the content he delivered there. This first part looks at implementing the Entity Framework from the model, using a empty model, building entities and pushing them back to the database
  • Security Tools : How to Configure WPL v1.0 SRE – RV takes a look at the Web Protection Library released last week showing how you go about setting it up and configuring it to protect your sites from a variety of attacks
  • TempData Improvements – Jacques Eloff talks about the improvements made to TempData in the ASP.NET MVC 2 Beta release
  • Pass Number 1: ActiveRecordEngine for ASP.NET – Rob Conery continues the discussion about a standard interface implementation for Active record allowing active record implementations from your ORM of choice to be plugged in.
  • ASP.NET MVC from Basics to Tips and Tricks – Michael Johnson shares his notes from his presentation to the Fort Smith .NET User Group on ASP.NET MVC basics and tricks and tips, bringing together a lot of the standard advice with simple small code samples to illustrate
  • How We Do Things – The Team Room – Scott C Reynolds continues his series looking at how his team do development with this post looking at how they organise their team room discussing layout, white boards, hardware, etc


  • NotAtPDC – For those of us not at PDC this year, the .NET community has created the NotAtPDC events, a string of virtual events from well known speakers who are not at PDC either. There is a health list of sessions scheduled over the next few days, so check it out

Untrusted Network shares

Posted by on 30 Oct 2007 | Tagged as: .NET, C#, Design, Development, Software, SysAdmin

One of my longest standing pet hates with desktop software developed in .NET relates to the almost inevitable security exception that will occur if you attempt to run it from a network share. Its always one of the first things I notice about software, as I often download and unzip software onto my desktop (which on my work machine is located on a network share) and then attempt to run it in place. Many large and quite impressive pieces of software that get distributed as .ZIP files rather than installers suffer this plight, and a lot of them don’t handle the exception well (One that springs to mind was the much heralded release of NDepend 2.0).

The good news is that this anguish may well be about to come to an end, as Brad Abrams requests feedback about the .NET teams possible plan to make network shares trusted. As he mentions, there really is no good reason not to trust a network share for running managed .NET code – there is no such protection for unmanaged code, and there is little or no way a normal user would be aware of which is .a NET EXE and which is unmanaged EXE.

To answer Brad’s Questions:

A) Have you ever run into this limitation (a security exception when running a .NET application from a network file share)?

I frequently experience these issues – I tend to use this problem (and if its been worked round in the application) as a yard stick as to how well written the application is.

B) How often do you use network file shares for deploying applications (managed or otherwise)?

Most of my development is web based, however for utilities written for in house use we tend to distribute them on a network share – being able to run these in place would be a great help, as updating them would be easier.

C) If you think we should make this change, when would be a good time? Is it something we should do sooner in a service pack of the .NET Framework or later in a full release of the framework. Note, we are DONE with .NET Framework 3.5, so there is zero chance it is getting in that release.

From my point of view a patch as soon as possible, and have it included in the next release of the framework – Since this is a relaxation of the current restriction, I can’t see that it would cause any more problems in terms of support of existing application, as a reduction of the support incidents caused by this issue would reduce.

D) Can you ask your local network admin what they think of this issue? Would they be in favor of this sort of change? If so, when?

This change should simplify deployment – allowing Managed EXE to run from shares should mean that local disks can be more locked down as there would be no need to copy programs locally to run them.

All in all, I’m very much in favour of this change – It will level the playing field, give a more consistent user experience, and reduce the problems people have with winforms applications.

Invalid XML from a .NET web service

Posted by on 01 Oct 2007 | Tagged as: .NET, ASP.NET, C#, Development, Web Services, XML

Image Credit: kevinzim on Flickr

One of my basic assumptions about the .NET framework was proved incorrect last week. Up until then, I had believed that when you are using the built in framework classes for exposing web services you were always safe when it came to the output being valid XML. Sadly that turns out to be untrue, and to make matters worse, .NET will happily output XML over a web service even its own .NET web service clients can’t read.

There are certain characters that are forbidden from being in XML as per the official specification. These characters are the low ascii characters such as NULL, EOF etc. Its important to note that this is not a case of unescaped/unencoded versions of this character being disallowed, the encoded characters are also disallowed.

The problem with this isn’t that the .NET framework doesn’t understand these rules – it manages just fine when it comes to acting as a client to a web service serving these characters in content, throwing nice exceptions explaining that these characters are invalid. Additionally, the XML Text Reader has a property ‘Normalization’ which causes the XML reader to be more liberal and ignore invalid characters – but this option is not used within the automatically generated Web Service Client.

This problem isn’t limited to just the web services, standard XML serialisation also experiences the same problems. Here are bits of code that illustrate the problem:

public string InvalidCharacter()
   return "" + (char)4;

public class MyClass
   public string Test = "" + (char)0;
   public static void Main()
     MyClass c = new MyClass();
     System.Xml.Serialization.XmlSerializer xs = new System.Xml.Serialization.XmlSerializer(typeof(MyClass));
     System.Text.StringBuilder sb = new System.Text.StringBuilder();
     System.IO.StringWriter sw = new System.IO.StringWriter(sb);
     xs.Serialize(sw, c);
     System.IO.StringReader sr = new System.IO.StringReader(sb.ToString());
         c = (MyClass)xs.Deserialize(sr);
     catch (System.Exception ex)

The little console application gives output like this:


System.InvalidOperationException: There is an error in XML document (3, 12).
System.Xml.XmlException: '.', hexadecimal value 0x00, is an invalid character.
Line 3, position 12.

Unfortunately I haven’t yet found a fix for this – my only solution is to work around the problem by ensuring that these invalid characters can’t get into the system in the first place or clean the text on the get of each property of the serialized objects.

Things like this really worry me – our frameworks shouldn’t be outputting things that they can’t read – let alone outputting things that completely contravene the specifications. As always, any suggestions on an alternative solution to this problem are welcome.

« Previous PageNext Page »