1 minute read

Free Code Sample Request Service from Microsoft

Just came across this on the Decrypt my World blog.  It seems a lot of Microsoft developers are asked for code samples and for lots of valid reasons they can’t provide them.  So Microsoft is fixing that by opening up a service where you can request code samples for any Microsoft technologies. Here is the official word on what it is: Developers are encouraged to submit code sample requests dealing with any Microsoft development technologies to our site. At the same time, developers can now vote for newly submitted or existing code sample topics. Here’s the exciting part! Microsoft engineers…

2 minutes read

Presenting a TechDays Local Flavours Track Session!

Earlier this morning I got an email from John Bristowe congratulating me on being selected to present a session for the local flavours track at TechDays in Toronto!  This bumps up my count to 2.  Needless to say I am REALLY excited. I was a little disappointed to find out there weren’t any sessions on the Windows Identity Foundation, so that just meant I had to submit my own to the local flavours track…and they accepted it!  Here are the details: October 27, 3:40 PM to 4:45 PM Breakout | LFT330: Windows Identity Foundation Simplified: All the Scary Things Made…

12 minutes read

Making an ASP.NET Website Claims Aware with the Windows Identity Foundation

Straight from Microsoft this is what the Windows Identity Foundation is: Windows Identity Foundation helps .NET developers build claims-aware applications that externalize user authentication from the application, improving developer productivity, enhancing application security, and enabling interoperability. Developers can enjoy greater productivity, using a single simplified identity model based on claims. They can create more secure applications with a single user access model, reducing custom implementations and enabling end users to securely access applications via on-premises software as well as cloud services. Finally, they can enjoy greater flexibility in application development through built-in interoperability that allows users, applications, systems and other…

8 minutes read

Data as a Service and the Applications that consume it

Over the past few months I have seen quite a few really cool technologies released or announced, and I believe they have a very real potential in many markets.  A lot of companies that exist outside the realm of Software Development, rarely have the opportunity to use such technologies. Take for instance the company I work for: Woodbine Entertainment Group.  We have a few different businesses, but as a whole our market is Horse Racing.  Our business is not software development.  We don’t always get the chance to play with or use some of the new technologies released to the…

2 minutes read

C# Dynamic Type Conversions

I’ve been looking at ways of parsing types and values from text without having to do switch/case statements or explicit casting.  So far, based on my understanding of statically typed languages, is that this is impossible with a statically typed language. <Question> Is this really true?</Question> Given my current knowledge, my way of bypassing this is to use the new dynamic type in .NET 4.  It allows me to implicitly assign an object without having to cast it.  It works by bypassing the type checking at compile time. Here’s a fairly straightforward example: static void Main(string[] args) { Type boolType…

4 minutes read

AntiXss vs HttpUtility – So What?

Earlier today, Cory Fowler suggested I write up a post discussing the differences between the AntiXss library and the methods found in HttpUtility and how it helps defend from cross site scripting (xss).  As I was thinking about what to write, it occurred to me that I really had no idea how it did what it did, and why it differed from HttpUtility.  <side-track>I’m kinda wondering how many other people out there run in to the same thing?  We are told to use some technology because it does xyz better than abc, but when it comes right down to it,…

1 minute read

Visual Studio 2010 RTM!

Earlier this morning, Microsoft launched Visual Studio 2010.  Woohoo!  here’s the jist: Watch the Keynote and Channel 9 Live here: http://www.microsoft.com/visualstudio/en-us/watch-it-live Get the real bits here (if you have an MSDN license): http://msdn.microsoft.com/en-ca/subscriptions/default.aspx Get the trial bits here: Microsoft Visual Studio 2010 Professional Web Install ISO (DVD-9) Microsoft Visual Studio 2010 Ultimate Web Install ISO (DVD-9) Microsoft Visual Studio Team Foundation Server ISO (DVD-9) Get the Express versions here: http://www.microsoft.com/express/ All the important stuff you want/need to know about Visual Studio 2010 development: http://msdn.microsoft.com/en-ca/ff625297.aspx Enjoy!

3 minutes read

A Launch Event For Visual Studio

About 10 minutes ago I was told to sit down and open my laptop.  The event is about start, and the place is extremely crowded.  Barnaby Jeans is on stage doing the usual intro.  Twitter, blog, twit tweet tweet tweet #vs2010. Sean Graglia hits the stage.  Today VS2010 and .NET 4.0 were released.  It makes you a little nostalgic about the old days of development.  The way things were done, the way teams worked, the way we tested.  It’s changed quite a bit since a quarter century ago.  We used to be proud of a user interface that worked on…

4 minutes read

ViewStateUserKey, ValidateAntiForgeryToken, and the Security Development Lifecycle

Last week Microsoft published the 5th revision to the SDL.  You can get it here: http://www.microsoft.com/security/sdl/default.aspx. Of note, there are additions for .NET — specifically ASP.NET and the MVC Framework.  Two key things I noticed initially were the addition of System.Web.UI.Page.ViewStateUserKey, and ValidateAntiForgeryToken Attribute in MVC. Both have existed for a while, but they are now added to requirements for final testing. ViewStateUserKey is page-specific identifier for a user.  Sort of a viewstate session.  It’s used to prevent forging of Form data from other pages, or in fancy terms it prevents Cross-site Request Forgery attacks. Imagine a web form that…

1 minute read

A Stab at a New Resume

While I am definitely not looking for a new job, I was bored and thought I would take a stab at a stylized resume to see if I could hone some of my (lack of) graphics skills.  It didn’t turn out too badly, but I am certainly no graphics designer. What do you think?