Scott Hanselman

Free ASP.NET Security presentation at OGI tonight...

October 2, '03 Comments [0] Posted in ASP.NET
Sponsored By

Ben Hickman is presenting on ASP.NET Security at Oregon Graduate Institute tonight at 7pm.  Networking starts at 6:15pm.  Ben's a very knowledgeable guy, do check it out!

The seminar will be in the main dining room of the Wilson Clark Center on the OGI School of Science & Engineering campus (building 3 on the campus map). For further details please click here.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Updates to two great tools

October 1, '03 Comments [0] Posted in Bugs
Sponsored By

Kim Gräsman let me know that he and Jonas Blunck have updated Developer Playground.  You can get Developer Playground 1.1 at either Kim's or Jonas' site (identical files).

Then a few days later, Jonas released ieHTTPHeaders 1.5, with support for color customization and sniffing the request body.  ieHTTPHeaders has helped me debug many an evil cookie problem, and is a must-have for anyone aching to see what's really going on behind the scenes.  There are lots of HTTP Sniffers out there, some more complex, but Jonas' is simple, elegant, functional, and most of all, it seemlessly integrates with IE as an Explorer Bar.  Cool.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Am I running in DesignMode?

October 1, '03 Comments [5] Posted in ASP.NET
Sponsored By

Well, crap.  It's 10:10pm.  I'm at work.  I missed the Portland [.NET] Bloggers Dinner.  It was one of those coding things...just one more class...then I'll get validation working...then I'll add configurability...you know.  Poop.

But, I did learn something interesting that wasn't obvious to yours truly.  I have a class heirarchy for my ASP.NET pages so the developers that use my infrastructure to build bankings sites have a few things always available to them.  The pages derive from blah.blah.blah.SharedBasePage (ya, I know it's a lame name) which derives from LocalizedPage.  It happens to be a heritage that spans 3 related assemblies.  They all used to be in the same Web Project, but I started pushing them up in my recent mad refactoring. 

Now, at SOME point along the line, I lost Forms Design Time support in VS.NET.  I started getting this doozy: "The designer could not be shown for this file because none of the classes within it can be designed."

This perplexed me, but really, I don't care since I'm all about HTML and asp:this and asp:that.  But, my users/developers will care, so it was eating at me.  The problem was, I couldn't remember when I broke it.

Yada yada yada, it turns out I had a line like this in a constructor up the chain:

resmgr = ((System.Resources.ResourceManager)HttpContext.Current.Application[Constants.RESOURCESTRINGS]);

And when VS.NET switches into Design Mode, it actually INSTANTIATES the page class.  (Read that again if you didn't get it, I didn't.) 

So, of course at Design Time, the HttpContext.Current is null.  So, that line now looks like this:

if (HttpContext.Current != null)
   
resmgr = ((System.Resources.ResourceManager)HttpContext.Current.Application[Constants.RESOURCESTRINGS]);
else
      System.Diagnostics.Trace.WriteLine("Note: We are NOT running with valid HttpContext. We are probably in the IDE.  Or, something is wrong with the flux capacitor.");

So, magically, all my Design Time support is back, and I'm actually using it.  Maybe I wasn't such an HTML bad-ass after all.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Two good things this weekend...movies and spam

September 28, '03 Comments [1] Posted in Movies | Web Services
Sponsored By

Two cool things this weekend....

One, saw The Rundown which is probably the most all around fun I've had at a movie in years.  Probably since the Matrix (the first one).  I'm a bit of a gourmand when it comes to cinema, and certainly there have been lots of great movies in the last few years, but name one that you walked out of saying "That was so fun!"  I recommend it highly.

Two, I hooked up all my emails (and my family's) with the SpamSoap service and I'm LOVING it.  It's and interesting hack.  There appear to be a range of anti-spam solutions for the Home or Home-Office out there that fall into some basic categories, and those categories are organized by "tier". 

  • Client - catch it as it shows up with SpamBayes, SpamNet, OfficeMavin, etc.  Also, Outlook 2003 has quite good Junk Mail filtering built in, and allows you to whitelist at the client side.
  • Server - actively run a spam filter on your server (if you control your mail server) and while you still have to download the spam (so the spam actually uses YOUR bandwidth) it can be caught before you or your users download it.
  • Server with Human Interaction - I almost decided on a solution like SpamArrest.  Basically, if someone emails you, the get an immediate bounceback email that tells them that you hate spam, and if they are really a human, would they please enter in the words that appear in this obfuscated image to prove it.  If they are a human, their email gets delivered and they are added automatically to your whitelist. 
  • MX Record - Since I don't control my mail server (ORSCWeb does) and I don't want to, I wanted a server-side solution that was in the "chain" of email processing, but not email client-specific. So I modified the MX record to point to the SpamSoap service (they offer a 30 day trial).  My DNS's MX record usually points to my mail server.  Now it points to SpamSoap, who receives my email for me, scans it, and redirects spam to a special "spambox" while real email moves along unmolested.  Here's an interesting article about "Fighting Spam with DNS."

It actually worked so well in the first few hours that I thought my mail was broken.  I had never hit "Send/Receive" and NOT received SOMETHING.  Here I was hitting F5 wondering if I'd messed it up.  Then, a legitimate email showed up.  Boom.  Very nice.  Since I turned it on Weds, I've NOT downloaded over 1500 spams. 

It's a shame that a service like this is almost required (for your sanity) but it's also a joy when it works so smoothly.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

A great day/night of coding...best one in years

September 27, '03 Comments [6] Posted in ASP.NET | Internationalization | XML
Sponsored By

It's 12:18am and I'm hopped up on at least 96 ounces of Diet Pepsi and vibrating with the excitement that you only get after a 15-hour-marathon-coding-just-one-more-method session.  Having a blast, or hooked on crack?  You decide.

Here's what I'm hip deep in and did today:

  • Cookieless Forms Authentication - You may have noticed that FormsAuthentication still makes Cookies even when SessionState is set to Cookieless=true.  No longer, for me at least.
  • ASP.NET Internationalization - I completely refactored LocalizedPage with input from Chris Kinsman, Chris Brooks, Bradley McLain and Alex Ginos.  Thanks guys! 
  • With inspiration from Clemens, I'm all over SOA and trying to reconcile those things about OOP that don't jive in a SOA world. 
  • XmlSerialization - I am consistantly imressed with how slick XmlSerialization is in .NET for a "1.0" attempt. 
  • Log4net - Very sweet.  I'm glad I took the time to set it up.  I encapsulated it and will be writing some Corillian-specific Appenders, but it got me 90% of the way there.  It's the cat's pajamas.
  • ObjectBinding - Binding objects to ASP.NET DataGrids is a hassle, but if you put the effort into it by making Strongly Typed Collections (Thanks QuickCode.NET!) and including public properties for those things you wish to bind, it DOES make life easier for the UI Programmers.  Also, I've decided I really prefer dealing with strongly typed objects instead of DataSets (strongly typed or otherwise).
  • XSD.exe - is nice, but just not smart enough.  For a fairly complex Xml InfoSet I still have to put about 15-30 minutes of just typing to get the autogenerated .CS files to include property getters for DataBinding, better XmlElement andn Variable naming choices and the whole [XmlIgnore] strongly-typed-collection-with-parallel-array trick.  It's time to move this crap to a code generator.  I'd like to either:
    • Find a smarter XSD.exe
    • Write an uber-xslt that takes XSDs and gen the code
    • Perhaps CodeSmith?
    • Geez, I can't wait until Templates.  Oy.

What current code generator is the best for taking XML input and making code? Comments please...

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.