February 2008 - Posts

Five New Security Tutorials Now Available
28 February 08 02:06 PM | Scott Mitchell | with no comments

As I blogged about earlier, I've been working on some tutorials for the www.asp.net site on the topics of forms authentication, authorization, membership, and roles. The first set of tutorials covered security basics and examined forms authentication in detail. The second set of tutorials are now available online and focus on the Membership framework and the SqlMembershipProvider.

  • Creating the Membership Schema in SQL Server [VB | C#] - explores the Membership framework and its goals. Looks at configuring and setting up the SqlMembershipProvider, which stores user account information in a Microsoft SQL Server database.
  • Creating User Accounts [VB | C#] - examines creating user accounts using the CreateUserWizard control as well as using the Membership class's CreateUser method.
  • Validating User Credentials Against the Membership User Store [VB | C#] - shows how to validate a user's supplied credentials and log them on (and off) the site. Looks at using both the Login Web control and the Membership.ValidateUser method.
  • User-Based Authorization [VB | C#] - examines how to restrict access to pages or functionality within a page based on the logged in user.
  • Storing Additional User Information [VB | C#] - the Membership framework only stores a handful of user attributes, but oftentimes additional, application-specific user information needs to be tracked. This tutorial looks at how to accomplish this.

Like with the Working with Data tutorials, all tutorials are available in C# and VB versions, include a complete, working source code download, and are available to download as PDF. The next batch of tutorials will examine the Roles framework (and the SqlRoleProvider).

Enjoy! - http://asp.net/learn/security/

Filed under:
Upcoming Speaking Engagements and Training
18 February 08 12:28 PM | Scott Mitchell | with no comments

I have a few speaking engagements and training events coming up in the next few days and months here in beautiful San Diego.

Local User Group Talk: Storing Binary Data in an ASP.NET Web Application - Tuesday, February 19th, 2008
I'll be speaking at the ASP.NET SIG here in San Diego. The meeting, held at Microsoft's office in UTC on La Jolla Village Drive starts at 6:30 PM with announcements and free pizza and soft drinks!!! My talk begins at 7:00 PM. My talk looks at storing binary data in an ASP.NET web application, examining the pros and cons and comparing and contrasting the necessary steps of storing data in the web server's file system vs. storing it directly in the database.

Training: ASP.NET Programming II - Thursday, February 21st through March 27th
This 27 hour course spread over six weeks covers a gamut of ASP.NET programming topics, from working with data, to building an application architecture, to creating a custom site map provider, and examining the Membership and Roles features. This course is through the University of California - San Diego University Extension.

Training: ASP.NET In Depth: Forms Authentication, Authorization, Membership, and Roles - Saturday, April 12, 8:00 AM to 12:00 PM
This four hour class offers an in depth look at ASP.NET's forms authentication, authorization, membership, and roles systems. See how to accomplish common user account-related tasks, like building a login page, registering new user accounts, showing different data based on the currently logged in user, and populating grids and other data controls with users and user account information.

Training: ASP.NET In Depth: Networking Functions - Email, HTTP Requests, Screen Scrapes, and RSS - Saturday, April 12, 1:00 PM to 5:00 PM
Any network function you can perform from your desktop can be accomplished from an ASP.NET page. This includes sending and downloading email, making HTTP requests, screen scraping, and publishing and consuming RSS feeds. This four hour class looks at using classes in the .NET Framework as well as open source and affordable third-party components to: send email using SMTP; download email from a POP3 server; download, parse, and display the HTML from another website; consume and display remote RSS feeds; and generate RSS feeds for your website.

Training: ASP.NET In Depth: Building AJAX-Enabled Web Applications - Saturday, May 10, 8:00 AM to 12:00 PM
AJAX-enabled web applications offer a highly interactive user interface whose responsiveness rivals that of desktop applications. Popular web applications like the social networking news site Digg and GMail are prime examples of AJAX techniques in action. Microsoft’s ASP.NET AJAX Framework and AJAX Control Toolkit makes building AJAX-enabled ASP.NET web applications remarkably fast, easy, and fun. This four hour class examines key AJAX concepts and techniques and then explores the ASP.NET AJAX Framework and AJAX Control Toolkit, illustrating how to build highly responsive, real-world user interfaces.

Training: ASP.NET In Depth: Website Performance and Scalability - Saturday, May 10, 1:00 PM to 5:00 PM
As a website's use and popularity grows, performance and scalability become two key concerns. Performance issues in ASP.NET applications typically arise from excessive page markup and inefficient data access. This four hour class starts by looking at tools for measuring a site’s performance and identifying potential bottlenecks. It then looks at common performance and scalability pitfalls along with tips for achieving optimal performance.

Filed under:
Exploring the Code for the New .NET 3.5 Classes
14 February 08 11:08 AM | Scott Mitchell | with no comments

I often use the free and awesome decompiler Reflector to peer into the source code of Microsoft's .NET Framework. It's an indispensable tool. However, I had a little difficulty viewing the underlying source code for some of the new .NET 3.5 classes. In particular, for a recent article I was interested in looking at what was happening underneath the covers when the DataPager control was rendered. The DataPager is a new control in ASP.NET 3.5 used to render a paging interface for the ListView control (also new to 3.5).

By default, Reflector had the v2.0 assemblies loaded. “No problem,” I thought, “I'll just navigate to the 3.5 assemblies in the %WINDIR%\Microsoft.NET\Framework folder and open the System.Web assemby from there. While there is a 3.5 subfolder there, it only includes a sprinkling of assemblies, and none of the 3.5 assemblies I was interested in. The .NET 3.5-specific classes are installed in the GAC in the System.Web.Extensions.dll assembly. Reflector, it appears, can't locate this assembly and I couldn't reach it through Windows Explorer.

I was able to use Reflector to dig into this assembly, but I'm sure there's an easier way to do it. I'm going to share my approach, but I invite anyone who knows of a simpler technique to post instructions in the comments. One possible solution would be to update Visual Studio 2008 so that the .NET Framework code can be stepped into during debugging. I tried applying the hotfix a while back and got an error, and have not yet taken the time to investigate the error further. With the .NET Framework source code integration can you view the source code through VS 2008 like with Reflector, or is the code only accessible when debugging?

To open the System.Web.Extensions.dllfrom Reflector, perform the following steps:

  • Drop to the command line (Start / Run / cmd.exe)
  • Navigate to the appropriate GAC folder, %WINDIR%\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\
  • Copy the System.Web.Extensions.dll to another location on my hard drive (such as C:\MyAssemblies\).
  • Once the assembly is “freed” from the GAC, you can open it in Reflector as you would any assembly

Hope this helps!

UPDATE FROM JAMES NEWTON-KING: “You can access the 3.0 and 3.5 assemblies at C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5” (That sure simplifies things!)

Filed under:
User Group Talk: Storing Binary Data in an ASP.NET Web Application
10 February 08 12:02 PM | Scott Mitchell | with no comments

Next Tuesday, February 19th, I'll be speaking at the ASP.NET SIG here in San Diego. The meeting, held at Microsoft's office in UTC on La Jolla Village Drive starts at 6:30 PM with announcements and free pizza and soft drinks!!! My talk begins at 7:00 PM.

My talk looks at storing binary data in an ASP.NET web application, examining the pros and cons and comparing and contrasting the necessary steps of storing data in the web server's file system vs. storing it directly in the database.

If you can't make the talk, you can download the PowerPoint slides and code demos at http://datawebcontrols.com/classes/BinaryData.zip.

Hope to see you there!

Filed under:
Years of Experience Does Matter
08 February 08 11:41 AM | Scott Mitchell | with no comments

Jeff Atwood's most recent blog post is titled The Years of Experience Myth, and argues that too many companies place too much emphasis on how many years of experience a developer has in a certain technology. Jeff writes:

It's been shown time and time again that there is no correlation between years of experience and skill in programming. After about six to twelve months working in any particular technology stack, you either get it or you don't.

I agree that experience and skill in programming may not be directly correlated, and I concur that a skilled and motivated developer can pick up and be more proficient in a new technology in six months to a year than an unskilled, unmotivated developer who has spent years working with that same technology. But to say that years of experience doesn't matter one iota is lunacy.

The more experience you have with a technology or framework, the more intimate you become with its inner workings. You are privy to its warts - those underdocumented bugs that maybe only 1,000 people in the world have ever encountered and taken the time to understand its origin. You know little tricks and tips that you can only pick up from trial and error, from having spent an entire afternoon stumped on one bug that you finally worked around after trying so many different things. You get a sixth sense when it comes to troubleshooting problems because you've likely run into the same problem before. These are the benefits of experience.

I've been developing web applications with Microsoft technology since 1998, and I can say without doubt that I am a better ASP.NET developer today than I have ever been. My brain is not as sharp as it was in university, my computer science background not as keen as it was during grad school, my time not as disposable and my energy levels not as high as when I was younger, but I know ASP.NET better today than I did last year; last year I knew it better than the year before that, and so on.

Experience isn't everthing, but to discount it, to say that what one person has learned in 10 years can be mastered by another in six months to a year, is preposterous.

Filed under:
My First Three Website Security Tutorials Now Live
05 February 08 12:43 PM | Scott Mitchell | with no comments

Over the past few months I've been writing a series of ASP.NET security tutorials for the www.asp.net site, much like my Working with Data tutorial series. This tutorial series focuses specifically on forms authentication, authorization, Membership, and Roles (using the SQL Server providers).

Today, the first three tutorials have been published:

  • Security Basics and ASP.NET Support [VB | C#] - discusses important security concepts and what facilities are available in ASP.NET to assist in implementing forms authentication, authorization, user accounts, and roles.
  • An Overview of Forms Authentication [VB | C#] - provides an in-depth look at the forms authentication workflow.
  • Forms Authentication Configuration and Advanced Topics [VB | C#] - examines the various forms authentication settings and see how to modify them through the element.

There will be a total of 14 tutorials. The next batch will focus on the ins and outs of the Membership framework and the SqlMembershipProvider.

Like with the Working with Data tutorials, all tutorials are available in C# and VB versions, include a complete, working source code download, and are available to download as PDF.

Enjoy!

Filed under:
More Posts

Archives

My Books

  • Teach Yourself ASP.NET 4 in 24 Hours
  • Teach Yourself ASP.NET 3.5 in 24 Hours
  • Teach Yourself ASP.NET 2.0 in 24 Hours
  • ASP.NET Data Web Controls Kick Start
  • ASP.NET: Tips, Tutorials, and Code
  • Designing Active Server Pages
  • Teach Yourself Active Server Pages 3.0 in 21 Days

I am a Microsoft MVP for ASP.NET.

I am an ASPInsider.