Scott Hanselman

Using Code Signing Certificates to sign downloaded MSIs and build reputation with IE9 SmartScreen

June 27, '11 Comments [17] Posted in ASP.NET | Learning .NET | Musings
Sponsored By

First, let me start that if you want a lot of people to download something, make sure that the words "HTML5," "Support" and "Update" appear in the title. I'm sure if the folks that are making Diablo 3 called it "Diablo 3 HTML5 Support Update" that a metric buttload more people would download it.

That said, a bunch of folks in the Web Platform and Tools team created the Web Standards Update package with HTML5 Support for the Visual Studio 2010 Editor.

This Web Standards Update is something that anyone in the community could have released, just extending Visual Studio in a standard way. Like many other (most) extensions in Visual Studio Extension Gallery, it was not "signed." It was not a formal project done by Microsoft. Ratherthis was something that a bunch of us did for the community in our after work hours.  The only reason why this got in spotlight was because press caught the wind of it having HTML5 and CSS3 support. 

Certainly a lot of people wanted it because in 4 days it's now the #1 most popular thing in the Visual Studio Gallery. Take that NuGet! ;)

Here's where the trouble starts. Then, it was written about in the press as if it were a "gaffe." I admit that we (mostly I) did a lousy mediocre job of making it clear that this update was a "community update from the inside," as it were. It's not official, but we're hoping support like this will make its way into the next version of Visual Studio.

When you downloaded the MSI installer with IE9, as with all MSIs that aren't signed, you get a message like this:

Do you want to Run or Save this MSI?

And that's normal and quite lovely. Then we see this scary red bar (this is a shot from another gallery item):

SmartScreen Red (BAD) Bar

This is the IE9 SmartScreen system warning us, rightfully so, that this is not something downloaded all the time. In fact, this is a really useful feature of IE9 and is fairly unique amongst the browsers so far. It's using some special sauce (some hash, some math, some metrics) to make a non-biased judgment about this download. Even though it's coming from a Microsoft.com website it doesn't matter. SmartScreen is unbiased. It's never seen this before, and it's not trusted.

UPDATE: Looks like as of my test just now that SmartScreen now recognizes our download as safe!

At this point, if I click Actions, I see this. (Yes, I realize these screenshots aren't all up to snuff).

  (38)

In fact, for most people, they can't even click "Run Anyway" yet. They'll have to click More Options to see the Run Anyway button. (If I am a developer-type and click More Options all the time, presumably I either know what I'm doing, or I like to live dangerously and the More Options choice will stick open after several downloads. It'll save me a click, but all the other warnings remain.)

As the publisher, we have a few choices. We could sign the binary file (the MSI) with the Microsoft code certificate. However, that requires a big manager to sign off and says explicitly that Microsoft is releasing this code officially. It's a big deal. This wasn’t an official release and as such, we can't sign it as Microsoft. A code signing certificate guarantees that a file hasn't been tampered with and that a known and verified organization or individual stands behind it.

Eventually SmartScreen would figure out that our MSI was OK, but we have no way of telling how long that would take. Could be weeks, months, it all depends. Regardless, the right thing to do is to sign your code, even if you are an individual or small company. For example, if I download Eric Lawrence's Fidder or Rick Brewster's Paint.NET, they are both signed and I can see their names in the User Account Control (UAC) dialog. I can click and view their certificates and know I'm downloading a file that has someone vouching for it.

Be sure to check out Eric Lawrence's excellent post on Authenticode Code Signing. It's extremely detailed and worth your time.

Getting a Code Signing Certificate

I got a Code Signing Certificate from InstantSSL.com. There's many options, they are one. It's spendy, $180 a year, or $166 a year if you got for 3 years, but I can use it for other stuff.

There's a few gotchas in the process, no matter who you pick.

  • Use the same computer, same OS, and same browser (preferably IE, for this, no joke) when you sign up for the certificate. That's because half the certificate (a cert request cert) comes down when you request a certificate and they match them up when you actually get the certificate.
  • Have P.O. Box, corporate address or ask them via tech support to remove your address. Otherwise your full details may get embedded in the cert.
  • You'll need to prove who you are. More on that now.

You'll need to prove you are really you. I needed to give their verification people a copy of the first page of my passport, driver's license, two utility bills, including phone whose address matched my credit card's address, AND they called the phone number on my utility bill to confirm it was really me. It's non-trivial, it takes a while, and they aren't screwing around. Good for you, the consumer, hassle for me, the producer. Still, good stuff.

Certificate Manager with my new Cert

When my cert shows up, I need to Export it and save it in a safe place with all its details and a strong password. It's unique and should be protected.

Signing Code

The actual signing, once the cert shows up is not too hard. Here's a command line used with the signtool.exe that came with Visual Studio. You can also download it separately.

C:\DEV> signtool sign /t http://timestamp.comodoca.com/authenticode /f "C:\DEV\HanselmanCODESIGNINGCERT.pfx" /p SecretPassword '.\MySpecial.msi'
Done Adding Additional Store
Successfully signed and timestamped: .\MySpecial.msi

When someone tries to download the new signed MSI, they see this slightly less scary yellow bar. What? I don't get a free pass for signing my code?

SmartScreen Yellow Bar

Well, just like getting an SSL certificate doesn't make me a bank, getting a Code Signing Certificate doesn't make me more trustworthy.

  • SSL Certificates for HTTPS guarantee privacy, not trust.
  • Code Signing Certificates guarantee identity, not trust.
    • It guarantees it's me, but you have to decide if you trust me.

If you click Actions now, you'll see my name as the Publisher, and you can validate the certificate and decide if you trust me. But SmartScreen doesn't trust me yet. Why?

 My code signing certificate in the Run Dialog

That's because my Certificate, unlike the Microsoft one, hasn't built up a reputation*. The "Scott Hanselman" code signing cert will have to earn trust, just as Rick Brewster and Eric Lawrence and every other signed shareware or freeware author has built trust. But, having this MSI signed means you now that I (and Mads, and Vishal, and the folks working on this MSI) stand behind it. Hopefully soon (some # days or weeks vs. downloads?) SmartScreen will trust us also, and this will make future projects I sign be trusted faster. At that point, my signed code will be trusted and SmartScreen won't frighten you with this download.

Remember also that code signing certificates and the Windows experience and UI for running signed MSI and EXEs is a separate from SmartScreen. They work together and compliment each other though. Learn more about SmartScreen on their team blog or their FAQ.

Hope this helps! Surf smart, and think about what you download and who you trust.

* Now it appears that SmartScreen trusts me!

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Hanselminutes Podcast 271 - Inside IronJS - A complete JavaScript/ECMAScript open source implementation on the .NET DLR

June 21, '11 Comments [8] Posted in DLR | Javascript | Open Source | Podcast
Sponsored By

p_IronJS[1] Scott talks to open source developer Fredrik Holmström about IronJS. It's a very complete implementation of JavaScript written in F# on top of the DLR. It's even faster than IE8 now and getting faster every day. How does something like this get built? What can you use it for? What are the Iron* languages used for and how can you get involved?

Links from the Show

Download: MP3 Full Show

NOTE: If you want to download our complete archives as a feed - that's all 271 shows, please subscribe to the Complete MP3 Feed here.

Also, please do take a moment and review the show on iTunes.

Subscribe: Subscribe to Hanselminutes or Subscribe to my Podcast in iTunes or Zune

Do also remember the complete archives are always up and they have PDF Transcripts, a little known feature that show up a few weeks after each show.

StackOverflow Careers InviteWe want to welcome StackOverflow Careers as a sponsor for this episode. They are offering a free Invite to Hanselminutes Listeners to check out the invitation-only StackOverflow Careers 2.0 site. I've setup my profile and you should too! Click here for your invite code to StackOverflow Careers 2.0.

The team at Stack Overflow created the Careers 2.0 service to provide you with access to great jobs and also introduce you to a bunch of great companies you might consider working for, even if you are not currently looking for a job. Think of Careers 2.0 as a programmer profile that gives you a platform to show you're awesome by featuring your proudest contributions to Stack Overflow, GitHub, SourceForce, Bitbucket, CodePlex…anything programming related.  Profiles on Careers 2.0 are invite only – they did this to keep out the spam and create a high quality environment. 

Telerik is also our sponsor for this show.

Building quality software is never easy. It requires skills and imagination. We cannot promise to improve your skills, but when it comes to User Interface and developer tools, we can provide the building blocks to take your application a step closer to your imagination. Explore the leading UI suites for ASP.NET AJAX,MVC,Silverlight, Windows Forms and WPF. Enjoy developer tools like .NET Reporting, ORM, Automated Testing Tools, Agile Project Management Tools, and Content Management Solution. And now you can increase your productivity with JustCode, Telerik’s new productivity tool for code analysis and refactoring. Visit www.telerik.com.

As I've said before this show comes to you with the audio expertise and stewardship of Carl Franklin. The name comes from Travis Illig, but the goal of the show is simple. Avoid wasting the listener's time. (and make the commute less boring)

Enjoy. Who knows what'll happen in the next show?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Review and Installation: Filtrete Touchscreen WiFi-Enabled Programmable Thermostat

June 17, '11 Comments [27] Posted in Reviews
Sponsored By

Ipod:  Filtrete Touchscreen WiFi-Enabled Programmable Thermostat It's amazing what you can automate around the house when you've got a nice, solid Wi-Fi network and a little ingenuity. And $100. That seems to be the gadget freak price point. If it's $100, we can buy it without the spouse totally freaking out. I've setup Alarm.com and automate our home security system from my smart phone. I've setup wifi cameras around the house and plugged them (wirelessly) into the Synology DiskStation as a composite image and 24 hour DVR. All this done with commodity parts and a VERY small amount of know-how. Stuff that only millionaires and folks on MTV Cribs (or Geek Developer Cribs) could have in the past, now we can have just by stopping by Home Depot.

This is how I came upon the Filtrete Touchscreen WiFi-Enabled Programmable Thermostat. My buddy John Batdorf walked by one of these at Home Depot and bought it on a whim. Later that evening he was like "dude!!!" and I did some research. What a clever idea! Not just a programmable thermostat, but one I can control from any connected device, the web or any phone (iPhone, Android, etc).

This opens up a lot of interesting scenarios where you can get the house ready before you get home, where you can keep it colder and save money if you forgot to turn off the heat before you left.

It was $99 at Home Depot and took about 20 minutes to install and we all know I'm not handy. There's only one catch, you really need to have a "C" wire. This is a standard wire that most furnaces have at least run between the furnace and the main thermostat.

However, it is possible you don't have it. In my case, I had the wire but it wasn't hooked up at the furnace. This meant I needed to turn off the power to the furnace at the main electrical switchbox temporarily, then connect the loose wire to the power of the furnace, and turn it back on. I tested it with a simple cheap multi-meter from Radio Shack (or Home Depot, of course). If you like, you can also run a new wire between the thermostat and the furnace. Finally, if none of that works, you can use a standard wall-transformer and plug it into the wall. It just won't be as sanitary.

The installation process was a little nerve wracking initially just because I'm not a wires guy but the installation PDF was pretty clear and the wires were clearly labeled.

Installing the Filtrete Thermostat, wires exposed Installing the Filtrete Thermostat, wires exposed and hooking them up

Once the wires were hooked up and I confirmed I had power and plugged in some backup AA batteries, it was just a matter of registering the thermostat with the Wi-Fi network. I was impressed that it supported WPA security as I've standardized on it. I wouldn't have used the thermostat if it only supported WEP. Nice to know that WPA and WPA2 have finally arrived in cheap consumer devices.

Installing the Filtrete Thermostat, complete Installing the Filtrete Thermostat, in the box

Of course there's a website to manage the thermostat (or any number if you have multiple) but there's also multiple phone applications. I usually access this from my phone. There's of course the ridiculous first world problem of changing the temperature of the house from bed (which is awesome, by the way.) The think I use it the most for is setting the house to "away" mode. I haven't yet measured if this has saved us money (as we in the past have left the house on 74 for YEARS at time without changing it) but I can only assume it has as there's no reason to heat an empty house.

All in all, a great and useful gadget if you're into Home Automation. It is inexpensive without being cheap. Recommended.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Introducing System.Web.Providers - ASP.NET Universal Providers for Session, Membership, Roles and User Profile on SQL Compact and SQL Azure

June 16, '11 Comments [65] Posted in ASP.NET | ASP.NET MVC | NuGetPOW
Sponsored By

UPDATE #2: Note that the NuGet package has changed its name from System.Web.Providers to Microsoft.AspNet.Providers.

UPDATE: Note that in MVC 4 and ASP.NET 4 and 4.5 the default hash is now HMACSHA256

Crazy random logo of evocative clipart combining the .NET Logo and some universal powerplugs into an unofficial logoI always like to remind folks of the equation ASP.NET > (ASP.NET MVC + ASP.NET WebForms). The whole "base of the pyramid" of ASP.NET has lots of things you can use in you applications. Some of these useful bits are Session State, Membership (Users), Roles, Profile data and the provider model that underlies it. Using these isn't for everyone but they are very useful for most applications, even ones as large as the ASP.NET site itself.

Today the Web Platform and Tools team (WPT) is  releasing an Alpha of the ASP.NET Universal Providers that will extend Session, Membership, Roles and Profile support to SQL Compact Edition and SQL Azure. Other than supporting additional storage options, the providers work like the existing SQL-based providers.

Today these are being released via a NuGet Package, but it's very likely that these Universal Providers will be the default in the next version of ASP.NET.

To enable the providers, the NuGet package adds configuration entries in the web.config file. The configuration for these providers is the same as the existing SqlMembershipProvider class, but the type parameter is set to the type of the new providers, as shown in the following table:

SQL Provider Types Equivalent Type for Universal Providers
System.Web.Security.SqlMembershipProvider System.Web.Providers.DefaultMembershipProvider
System.Web.Profile.SqlProfileProvider System.Web.Providers.DefaultProfileProvider
System.Web.Security.SqlRoleProvider System.Web.Providers.DefaultRoleProvider
(Built in provider) System.Web.Providers.DefaultSessionStateProvider

If you install these, the NuGet package will swap your defaultProviders in your web.config. You can certainly pick and choose the settings for each as well. Here we're changing Profile, Membership, RoleManager and SessionState. The latter is nice as it better allows your session-state-using Azure apps to scale with SQL Azure as the backend storage.

Install-Package Microsoft.AspNet.Providers

Using these Universal "Default Profile Providers" means all you have to do is set the right connection string and your  applications that use these services will work with SQL Server (plus Express), SQL Server Compact and SQL Azure with no code changes from you.













enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
applicationName="/" />













Selecting a Data Store

By default, the NuGet package sets the connection string to use a SQL Server Express database (wrapped here for readability):

"Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\aspnetdb.mdf;
Initial Catalog=aspnet;Integrated Security=True;
User Instance=True;MultipleActiveResultSets=True" providerName="System.Data.SqlClient"

If you want to use SQL Server Compact, change the connection string as shown in the following example:




If you want to use SQL Azure, change the connection string like this example (wrapped for readability):


providerName="System.Data.SqlClient"/>

Even though this release is primarily about extending support to all versions of SQL Server, I realize that y'all might not even know about what these things do, so I thought I'd spend a little time explaining. I notice also that there's some confusion on StackOverflow and other sites on how to use Membership and Profile and the like on ASP.NET MVC, so I'll use that for the examples.

Example of Membership, Roles and Profile in ASP.NET MVC (with the Universal Providers)

I'll fire up VS and File | New Project on a new ASP.NET MVC 3 Project. Then I'll right click on References and select Add | Library Reference. The NuGet package id is "Microsoft.AspNet.Providers." After this package is installed, I can also install SQL Compact Edition via NuGet if I like and set the connection string to SQL Compact as shown above.

Remember, this is a very functional Alpha, but there may be bugs (report them!) so it might be updated a few times before the next version of ASP.NET is released.

First, I'll run my app and click Register and make a new user named "Scott."

Making a new user

Adding Roles to a User

Next, from Visual Studio Project menu, I visit ASP.NET Configuration. (I could also write my own admin section and do this programmatically, if I liked).

Selecting ASP.NET Configuration site from the Project Menu

Then from the Security tab, under Roles, I'll create a new Role:

image

Then I'll find the Scott User and add him to the Administrator Role:

Giving the Scott User Administrator Role

I want to show something if a user is an Administrator. I'll add a little chunk of code to the default website's _LogOnPartial. cshtml so we'll see [Administrator] next to their name of they are one.

Welcome scott (Administrator)

I'll add a small line where I ask "User.IsInRole()" like this:

@if(Request.IsAuthenticated) {
Welcome @User.Identity.Name
@(User.IsInRole("Administrator") ? "(Administrator)" : String.Empty)
[ @Html.ActionLink("Log Off", "LogOff", "Account") ]

}
else {
@:[ @Html.ActionLink("Log On", "LogOn", "Account") ]
}



@if (ViewBag.Profile != null) {
Hey, your birthday is @ViewBag.Profile.Birthdate.ToString("d")! Congrats.
}

So now I have some Roles I can assign to users and check against. I can set whatever roles I want, like Bronze, Silver, Gold, etc.

Adding Profile Information to Users

Let's say I want Users to have a Birthday and I want that to be part of the User Profile. I can just use the Profile object and ask for things via string like this:

DateTime? birthday2 = HttpContext.Profile["Birthdate"] as DateTime?; //alternative syntax

However, perhaps I'd rather have a stronger typed syntax for my profile.

NOTE: I've already brought up the issue that User hangs off Controller in MVC 3 but Profile is simply missing. Perhaps that will be fixed in MVC 4. I believe it was a oversight. You shouldn't be digging around in HttpContext if you want your code testable

I'll make a small CustomProfile object like this that extends ProfileBase:

public class MyCustomProfile : ProfileBase
{
public DateTime? Birthdate {
get { return this["Birthdate"] as DateTime?; }
set { this["Birthdate"] = value; }
}
}

Alternatively, I could put the "getting" of the profile in the custom class in a static, or I could use Dependency Injection. It depends on how you want to get to it.

public static MyCustomProfile GetUserProfile(string username)
{
return Create(username) as MyCustomProfile;
}
public static MyCustomProfile GetUserProfile()
{
return Create(Membership.GetUser().UserName) as MyCustomProfile;
}

Then in web.config, I'll update the so the system know the derived Profile class I want used when I ask for one:


...

For older website projects, I can add properties in the web.config like this. There are attributes I can use like SettingsAllowAnonymous for custom derive classes in code.

..



Or I can even use IIS7's administration interface to edit the profile details in the web.config. You can have all kinds of profile properties, group them and it's all handled for you.

Using IIS Manager to edit User Profile schema

If I like, I can ask for the User's Profile (I've got it set for only authenticated users), and set a default as well. I save explicitly, but there is an auto-save option also.

if (User.Identity.IsAuthenticated)
{
var customProfile = HttpContext.Profile as MyCustomProfile;

DateTime? birthday = customProfile.Birthdate; //Because I made a strongly typed derived class

if (!birthday.HasValue) {
customProfile.Birthdate = new DateTime(1965, 1, 14); //cause that's everyone's birthday, right?
customProfile.Save(); //or set autosave if you like.
}

ViewBag.Profile = customProfile; //So the View can use it
}

At the very end I put the Profile in the ViewBag so it can be accessed from the View. I could also have added just the things I want to a larger ViewModel. Then I can use it later with some sanity checks:

@if (ViewBag.Profile != null) { 
@:Hey, your birthday is @ViewBag.Profile.Birthdate.ToString("d")! Congrats.
}

Expect to see more cloud-ready things like this in the coming months that'll better position your apps, new and old, to move up to Azure or even down to SQL Compact. Hope this helps. Enjoy.

Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Announcing the Web Standards Update - HTML5 Support for the Visual Studio 2010 Editor

June 15, '11 Comments [77] Posted in ASP.NET | ASP.NET MVC | HTML5
Sponsored By

vshtml5Folks have been asking "When will VS2010 support HTML5?" I've been saying, jokingly, that the answer is "yesterday" as there's nothing keeping you from creating HTML5 in Visual Studio or ASP.NET today. However, there's no intellisense and there's lots of squiggly lines that make people uncomfortable. Combine all that with the fact that HTML5 is a moving target, and it's unclear. We've said before that the next version of Visual Studio will have better support HTML5, but what about today?

Today, a rogue faction some folks on the Web Platform and Tools team, spearheaded by Mads Kristensen are all pleased to announce the Visual Studio Web Standards Update. This adds better support for HTML5, CSS3 and new JavaScript features to ALL versions of Visual Studio.

Note that this isn't an official Microsoft product release, rather improved support from passionate people done in their spare time.

Download the first Visual Studio Web Standards Update

HTML5 moves fast, and this update will aim to keep up with it. It adds support to Visual Studio and the editor for HTML5, CSS3 and new JavaScript features. The goal is perhaps an update every quarter or so as new features or elements emerge.  We want ASP.NET web developers to always be able to use the latest standards, as well as being able to choose from existing standards. Remember that you can use HTML5 today along with JavaScript libraries like Modernizr that allow you to create pages that work across nearly all browsers, including old crappy ones.

The Visual Studio Web Standards Update provides you with intellisense and validation for:

HTML 5 features

Browser APIs

  • Geo-Location - Location aware websites are a clear, growing trend and now you've got full intellisense and validation within Visual Studio.  For a nice sample, view source on the IE9 test drive demo.
  • Local Storage – IE has been supporting local storage from IE8, so now Visual Studio will provide you with full-fidelity intellisense to create sites which can save state within the browser.  For sample of this, do a view source on HTML5 Demo Site

CSS3

Additionally, if you are trying to make websites which work on a variety of platforms and browsers you will love the fact that Web Standards Update not only supports IE specific prefixes like –ms; but also other vendor prefixes like –webkit and –moz.

HTML5 in Visual Studio

When you start up Visual Studio 2010, you can select what version of HTML you want on a file-by-file basis, or set the defaults.

Side Note: See how IE6 is in there on its own? That's been there since before forever. Hopefully it'll be gone soon. Ignore it.

HTML5 in the HTML Toolbar dropdown

You can also set it as the default in Tools | Options | Text Editor | HTML | Validation. Note the options for errors.

Options (87)

All the new HTML5 semantic tags are there, like section, svg, video, etc. This is just the first release, and while it's REALLY comprehensive, I'm sure it has some bugs. But, it'll be updated regularly, so make sure you report anything you find and look for it to be fixed in the next release.

Adding an Audio Tag

There's even support for important (but under-utilized and under-respected) attributes like the WAI-ARIA (Web Accessibility Initiative - Accessible Rich Internet Applications)

Adding a main role to a nav tag

Also the aria-* attributes appear not only as intellisense enabled attributes, but also their enumerated values:

Adding aria-autocomplete to an IMG tag

Tags are fun, sure, but how about microdata? Bing, Google and Yahoo are all supporting Microdata and more specifically the schema.org vocabularies. This update will therefore add intellisense to the most popular vocabularies including schema.org and data-vocabulary.org.

Adding http://schema.org/ attributes to an article

Seriously, tell me that's NOT the hotness. Awesome for SEO.

CSS3 in Visual Studio

That's just the HTML5 stuff. There's also CSS3 support. Yes, that's 1 better than CSS2.

CSS3 in the dropdown

It includes all the cool new CSS3 stuff like column-full and of course border-radius as well as animations and transforms. There's also lots of details on vendor-specific prefixes like -webkit, -moz and -ms.

Note the informational tooltip in the dropdown here as we pick a -webkit-transform shorthand property.

Some -webkit attributes

JavaScript and HTML5 in Visual Studio

There's a huge number of additions to JavaScript intellisense in this update. Things like geolocation via navigator.geolocation and DOM storage via window.localStorage.

Geolocation in JavaScript in VS

Here's a slightly less trivial snippet of HTML5 and JavaScript using some new local storage features and showing the intellisense.

LocalStorage in the editor

Say what you like about intellisense as a concept or crutch, but I like to think of it as a just-in-time object browser that helps me explore new technologies as well as discover nooks and crannies that I might not see.

We don't know what all will come in the next version of Visual Studio, or the next version of HTML5, but for those of you who are interested, we hope this "living update" of Web Standards support for Visual Studio will help you out!

Enjoy, Dear Reader.

P.S. This is an update for ASP.NET and HTML5 editing people who want to use HTML5, new JavaScript features and CSS3. I didn't mention Silverlight because it has nothing to do with Silverlight. I said once "just because your favorite technology isn't mentioned in a keynote doesn't mean it's dead." Assume that the same rule applies to a Blog Post.

P.P.S. No, that logo to the right isn't official anything and yes, it's fun.

Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.