Aside from dealing with a splitting headache all day (and I wasn’t even drinking the night before - go figure), there was quite a few sessions that I wanted to attend today. Unfortunately, quite a few of them overlapped. This is why every conference should provide both slides and the recorded sessions online after the show. DevConnections does this except they charge an additional fee! Why is this not included with the price of admission??? From the audio problems they’ve been experiencing (wireless mic batteries failing, low sound levels, etc) I can’t see these being the quality expected for spending the extra $$$$. These should ALWAYS be included as part of your conference pass. Enough of that…on to the notes:

XQuery – Alex Homer

I’ve done quite of bit of XPath work but that was several years ago. Now there are names associated with items that I only now the abbreviations of. So now when I read the documentation I never can remember what a descendent is and some of the other axes descriptors. Alex gave us a nice break down:

child = /
descendent-or-self = //
. = self
.. = parent
@ = attribute
* = *

• Alex was doing some of his demos using a free tool called ‘IPSI XQuery Interpreter’
  
• Accessors and functions in XQuery:
  
  
  
  • Accessors: node-name, string, data
    
  • Sequence functions: index-of, zero-or-more, insert-before
    
  • Context functions: position, last, …
    
  • Node functions
    
  • String functions
    
  • Number functions
    
  • Date-time functions
  
  
• XQuery
  
  
  
  • Variables are identified w/the prefix ‘$’ (ie. $pathname)
    
  • Two of the more common accessors
    
    
    
    • fn:doc()
      
    • fn:collection()
      
    • ‘fn’ is the namespace and isn’t required
      
    • doc(“myfile.xml”/products[num=’Xg403’]/name
  
  
• in the myfile.xml document, get the name of the products with the num attribute equal to ‘Xg403’
  
  
  
  • can declare functions (ie. declare function …)
  
  
• From here, Alex showed a few demos by using XQuery to enhance your queries by searching through XML data types in SQL 2005; very cool stuff
  

Alex’s slides and demos can be found at http://www.daveandal.net

Please wait… this session will be along shortly – Dave Sussman

How to inform the user while the server is executing a process

• Displaying a wait page
  
• In .aspx, can use one page
  
  
  
  • Use panels
    
  • If Postback, Hide form, show please wait, set new URL (CustID), refresh to new URL
    
  • Refresh the page with http-equiv
    
  • Showed a demo with one querystring variable
    
  • Check the querystring variable when NOT postback; refresh isn’t a postback
  
  
• Progress bar image
  
  
  
  • Delay the refresh
    
    
    
    • metaRefresh.attributes.add(“content”, “3; url=” & refreshURL)
      
    • Artificial delay
    
    
  • IE stops image animation on refresh request (PROBLEM!)
  
  
• Fake Dialogs
  
  
  
  • Client sript to fake a progress dialog
    
  • Uses setTimeout to update progress bar
    
  • Uses onbeforeunload to warn of closed window
    
  • Defined in a
    
    tag
    
    
  • Difficult to get information to server
    
    
    
    • A refresh still stops the animation
  
  
• Staged loading
  
  
  
  • No push model, therefore client driven
    
    
    
    • XMLHttp for IE (MSXML 2.0 and later)
      
    • XMLHttpRequest for other browsers
      
      
      
      • Mozilla / Firefox
        
      • Opera (requires Java apart from latest version)
    
    
  • Browser script makes client calls
    
    
    
    • No postback occurs
      
    • Not resubmitting current page
    
    
  • Similar to how SmartNavigation (ASP.NET) works
    
  • 2 pages
    
    
    
    • UI facing page
      
    • Non-UI server-processing page
      
    • He used a stepped process to execute different actions on a dataset that was stored in a session variable
      
    • When the process was over, a button was displayed on the UI facing page that would then postback to the server to retrieve the contents of the dataset and display the results.
      
    • from non-UI page, Response.Status = “200 OK”

Asynchronous Windows Forms – Juval Lowy

• Every decent Windows Forms application should…
  
  
  
  • Avoid blocking while tasks execute in the background
    
  • Keep the application responsive
    
  • Update user on progress
    
  • Allow task cancellation
  
  
• Windows Forms uses the underlying Win32 message loop
  
• Only the thread which created the window can process its messages
  
  
  
  • WinForms 1.0 calls on wrong thread
    
    
    
    • May result in exception (had to be there to understand this but I was and it was still a little fuzzy to me)
    
    
  • WinForms 2.0 calls on the wrong thread
    
    
    
    • WILL result in exception in the debugger (after hitting F5)
      
    • May result in exception in release mode
      
      
      
      • This is so it won’t break the app when migrating from 1.x to 2.0, but if you modify your app in 2.0 the IDE will let you know (exception)
  
  
• Juval showed numerous demos of using delegates to process asynch threads
  
• Understand and use ISyncrhnoizeInvoke
  
  
  
  • The Control base class already implements this, you just need to use it
  
  
• In 2.0, we have the BackgroundWorker control
  
  
  
  • Significantly decreases the number of lines of code required in 1.x to handle asynch thread
  
  
• Showed demos on using System.Timers.Timer

Check out http://www.idesign.net for slides and demo code

Encryption 101 for .NET - Dan Appleman

• Don’t need to be a cryptographer to use encryption
  
• Hashes
  
  
  
  • Impossible to go from hash value to original value
    
  • Compare the hash value for exactness
    
  • Useful for checking changes in the data
  
  
• SHA1Managed and SHA256Managed
  
• All encryption is based on some form of XOR
  
• Symmetrical keys
  
  
  
  • Each party has the key
    
  • Each key has its own sequence of random numbers
    
  • Fast
    
  • Key can be provided by a security provider or generated on your own
  
  
• Use only managed providers
  
  
  
  • Dan recommends Rijndael (pronounced ‘Rain-dahl’)
  
  
• Asymmetrical (public key) encryption
  
  
  
  • Encrypt with public key, read with private key
    
  • Much slower than symmetrical
  
  
• Digital Signatures
  
  
  
  • Be sure the data came from who you expect
    
  • Verify the data is unchanged
  
  
• You can store base64 code in XML
  
• RSACryptoServiceProvider
  
  
  
  • ToXmlString, FromXmlString
  
  
• Use machine key in services and ASP.NET
  
• For RSA, need security access to:
  
  
  
  • Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys

Deployment and Versioning Best Practices - Michelle Leroux Bustamante

• In future versions of .NET, strong names will be required, start getting used to them
  
• Enterprise Services
  
  
  
  • GAC install required for Server Components
    
  • not required for Library Components
  
  
• Use delay signing indevelopment
  
  
  
  • Devleopers should not have access to the company key
    
  • Apply key in release builds
  
  
• Code Access Security (CAS)
  
  
  
  • Controls component access to resources and operations
    
  • Need to know:
    
    
    
    • what permissions your assembly needs
      
    • how can assemblies demand or assert permissions
    
    
  • Core
    
    
    
    • Permissions
      
    • Permission sets
      
    • Code groups
      
    • Security policy
  
  
• .NET Configuration Tool
  
  
  
  • Runtime secuirty policy (Machine | Code Groups)
  
  
• [assembly:SecurityPermission], [assembly:UIPermission], [assembly:FileIOPermission], [assembly:ReflectionPermission]
  
• Protect intellectual property
  
  
  
  • encrypt sensitive configuration data
    
    
    
    • credentials, keys, connection strings
    
    
  • use hash algorithms for one-way data
    
    
    
    • DB passowords, SSN, Credit Card info.
    
    
  • Otherwise, use encryption techniques
    
    
    
    • Cryptography API, Data Protected API (DAPI)
  
  
• StrongNamedIdentityPermission
  
  
  
  • you require callers to have a strong name
    
  • keeps from reflecting and executing