MarkItUp

Rocky has written a great, common-sense style article about security with respect to securing inputs and outputs.   I had just finished reading it and started working through some ATLAS hands-on-labs.  The first sample that I ran through was showing how to accept some text input from a user and pass it to a WebMethod from the client machine.  Here is step 3 of that excercise:

·         Change the method to accept a single string parameter.

·         Encode the string passed to the service to protect against scripting attacks.

·         Format the input string as a message. For example, format the string to return Hello, you queried for {0}.

·         Append the current date and time to the string.

·         Return the string.

Way to go Rock and the ASP.NET Team!

SmartPart allows you (apparently, haven't tried it yet) to host any User Control as a SmartPart within Sharepoint.  This would absolutely rock! 

Between continuing with my document writing, downloading and playing with ATLAS and downloading and trying this, I can see many sleepless nights ahead.

Note to Wally... stop IM'ing me and telling me to go to bed :P

This is the big news of the day, ATLAS is now live :-)

I can't wait to get into this stuff and have even set aside a section in a document that I'm writing to discuss it.

UPDATE: I just had some feedback from someone who is actually at the PDC, apparently, regarding ATLAS... "The buzz is good" :-)

I've been working on an application that is essentially a data processing pipeline.  Due to the nature of this service we essentially started from a contract-first design principle.  This was interesting as it forced me to look at many of the application development processes from a diffrent viewpoint and, in the process I discovered some really cool tools and articles that can help you design from a schema-first standpoint and wanted to blog about them so that I don't lose some links.

SchemaImporterExtension

After the schema contracts were defined the next task was to get the code generation tools in place to assist with the generation of business classes and some of the business and data component layers.  Here are some articles that describe how to use the SchemaImporterExtension class to meet any shortfalls from the out-of-the-box XSD.exe code.

    John Bristowe's tutorial on implementing SchemaImporterExtension
    Walking XMLSchema objects

ASMX2

    Christian Weyer talking about WebService enhancements in ASMX2

Schematron

We decided to use Schematron to assist with some of the data validation for business rule data constraints.  This is really nice an allows you to easily create standalone rulesets that can be applied against incoming XML documents to validate data constraints:

    http://www.schematron.com/spec.html

There's a session at TechEd this year which sits waaay down at the bottom.  Last session.  Last day.  Friday, 3:45pm-5:00pm.

Officially this session is titled: ".NET Framework: What's New in the Framework for V2.0 Paul Glavich and Dave Glover".  The unofficial name for this session is: "The Hour of Power!".

This is a session where a bunch of people get to stand up for 10 minutes and show-off their absolute favourite part of .NET V2.  For me this is an absolute no-brainer - The ASP.NET Portal Framework.  During my "10 minutes of fame", I'll show how you can extend the CatalogZone web control to convert it into a fully-functional, Sharepoint-like Catalog.

Take a look at these 2 images to compare the differences between a standard Sharepoint Catalog and a standard Web Portal Catalog:

The Sharepoint gallery has a much nicer UI with all of those icons and super-styled hover buttons for the categories and parts.  It also supports rich Galleries such as the Online Gallery and also the Virtual Server Gallery.  I'll show how to add both of these features into your Catalog.

By the end of my 10 minutes session you will - hopefully - see how to extend the base CatalogZone class to override its rendering.  You'll also see how to implement these specialized galleries so that you can, for example, have galleries which store their parts in the database and are accessed via web services by multiple applications.

So, don't miss this session... there will be plenty of time for Margharitas when we are done ;-)

Dave Glover, has added a nice little MapPoint demo online.  The demo is written in VS2005 and you can grab it from here:

    http://projectdistributor.net/Projects/Project.aspx?projectId=143

2 things that I'd like to say about this demo:

1. If you are planning to use it go and grab it now.  Reason is that you'll need to apply for a MapPoint account - which I'm told can take 1-2 days for approval, so get started now.
2. This is a "Codezone" release so if you are using VS2005, go and download the release to experience the new vsi install process.

Found this link today which has some great XHTML templates:

    http://particletree.com/features/quick-start-your-design-with-xhtml-templates

That page also has nice AJAX-style context menu's on the context sensitive words. 

On my searches I found these other neat web techniques and tricks:

Sidenotes/Footnotes
http://www.brandspankingnew.net/specials/footnote_3.html

Link Preview
http://particletree.com/features/preview-your-links

Component Art Web Components
http://webui30.componentart.com/

Yesterday whilst working on enabling trackbacks in my blogging app. I wrote a little harness which could simulate an application by driving trackback data into this web server.  Basically, I created a WebRequest instance, grabbed the request stream from it and then wrote some bytes - my trackback data - straight back to the server.

What I noticed is that I could successfully simulate 1 trackback but that for each subsequent test that I ran, nothing would show up in the trackbacks for the post that I was pinging.  Then I noticed that if I ftp'd into the server and reset my application that I could again send 1 more trackback request before more nothing.

I spoke to Mitch who said that it probably has something to do with the web using keep-alive's and that I should try setting the KeepAlive property to false or that I should explicitly pass in a different ConnectionGroupName for each request to get pulled anew from the pool.

First I wrapped my WebRequest code in a try...catch to see what the exact error was and it turned out that it was: "The underlying connection was closed: A connection that was expected to be kept alive was closed by the server.".  So Mitch's suspicions were correct.

First I tried fiddling with the KeepAlive setting on the underlying HttpWebRequest by explicitly setting it to false before requesting the stream.  This didn't work and I still got the same error.

Next I set the ConnectionGroupName property on the request to a random value before requesting the stream.  Success!   I must admit that I've never used that property before so it was nice to learn something about it.  Now I'll have to try and understand what goes on between IIS and ASP.NET on the server when KeepAlive's are switched on and how setting the ConnectionGroupName circumvents it.

Just wanted to discuss a component that I've uploaded to ProjectDistributor:

    Personalization

This is one of the first web controls that I created for myself back when I started getting into ASP.NET and is designed to abstract away the complexity of working with cookies which have many keys and sub-keys.  The component itself is designed to work around the notion of a "store" - which is the abstraction of a key.  When you work with Personalization you must mention which store you are working with up front, ie:

Personalization p = new Personalization("CommentForm_ascx") ;

if( p.Items["chkRememberMe"] != null ) {
    this.chkRememberMe.Checked = bool.Parse(p.Items["chkRememberMe"].ToString()) ;
    if( this.chkRememberMe.Checked ) {
        this.txtName.Text = p.Items["txtName"].ToString() ;
        this.txtUrl.Text = p.Items["txtUrl"].ToString() ;
    }
}

The above snippet opens a store named "CommentForm_ascx" and reads keys (which map to sub-keys) from it.  Notice how the component lends itself to logically creating stores around specific page functions.  This snippet would normally appear in your page load code to set the initial state of a page based on some persisted personalization settings.

Conversely, in your page unload (or pre render) logic, you should persist settings back into the personalization store like so:

protected override void OnPreRender(EventArgs e) {
    base.OnPreRender (e);
    Personalization p = new Personalization("CommentForm_ascx") ;

    if( this.chkRememberMe.Checked ) {
        p.SetValue("chkRememberMe", "true");
        p.SetValue("txtName", this.txtName.Text);
        p.SetValue("txtUrl", this.txtUrl.Text);
    }else{
        p.Remove("chkRememberMe") ;
        p.Remove("txtName") ;
        p.Remove("txtUrl") ;
    }
}

Unless you've been living on some faraway place you will already know that a little while back, somebody coined the term AJAX (Asynchronous Javascript and Xml) for applications which load data via asynchronous XmlHttp requests.  It sounds sexy for sure.  In fact, when I told a friend about this new blogging engine that I've built, his first question was: "Are you using AJAX?".

The more I thought about that question, the less I understood it.  I mean this site is certainly not slow (http://www.websiteoptimization.com/services/analyze) so I didn't need it for that.  There's not that many options on each page, so I don't need it for real estate. 

Then I decided to look around the web to see how all of these other people were using it.  I found this page which gives some examples of the usage of AJAX:

    http://www.indiankey.com/cfajax/examples.asp

So, you use AJAX if you have large amounts of data which are conditionally visible at runtime - such as Help Text, List Items, Maps :-)  - and AJAX will help you to deliver this data in a "Just in Time" manner to help reduce the initial time to load for the page.  This could be a winner for things such as interactive help and certain complex validation logic scenarios.

Another consideration that you should take into account when supplying AJAX interfaces is whether or not the loss of the back button is a good or bad thing.  In some cases I find it extremely useful to be able to "back" navigate through my previous page selections whereas in others (such as complex management screens) I would not miss it at all.

Ever used AJAX in your own applications?  I'd love to hear the thinking behind what went into the decision.