Last weekend, Microsoft unleashed the Windows 7 beta (take our in-depth tour) and the Windows Server 2008 R2 beta to the web. Due to the chaos and craze over downloading a beta operating system, many missed the news that Microsoft had also made the Windows 7 beta SDK available. If you're a developer, or you're just slightly interested, you can grab it from the Microsoft Download Center (1304.8MB). Here's what's on the .iso file:
The Windows SDK for Windows 7 and .NET Framework 3.5 SP1: BETA provides the documentation, samples, header files, libraries, and tools (including C++ compilers) that you need to develop applications to run on Windows 7 BETA and the .NET Framework 3.5 SP1. To build and run .NET Framework applications, you must have the corresponding version of the .NET Framework installed. This SDK is compatible with Visual Studio® 2008, including Visual Studio Express Editions, which are available free of charge.
If that got you interested, be sure to check out the Release Notes as well. The most important thing to note about this release is that the SDK will definitely change by the time Windows 7 is released, and developers should keep this in mind when they're using it. I would still recommend downloading it and getting a feel for what you'll want to update in your application to take advantage of the improvements of Vista's successor.
Read More...
Showing posts with label C# Programming. Show all posts
Showing posts with label C# Programming. Show all posts
Wednesday, January 21, 2009
Sunday, January 18, 2009
Authentication, Authorization in ASP.Net 2.0
Authentication and authorization is essential for the purpose of security in any software. Web projects require the technology of authentication and authorization to prevent the systems from the outside attacks. You can never keep your documents safe unless there is technology for protecting your documents from the hackers and malicious programs. Authentication is required for checking the identity of the person who wants to get the access inside your network and authorization is needed to give the permission for accessing particular resource.
Let us discuss the topic in detail:
1. Whenever user logs on to the computer system using the password there is need of authentication and authorization for allowing the user to use the system of the workplace. ASP.net provides the facility to authenticate the user and then provide the authorization for accessing the resources. There are three types of authentication which are used in Asp.net. Form authentication, window authentication and passport authentication.
2. Authorization is performed by the IIS which is used in ASP.net. If the user is not authenticated then IIS configuration setting does not allow the entrance of user to access the resources. Authentication is done using the tickets. Cookies are stored and used by the authentication system for checking the user authentication and providing permission for accessing the resources.
3. You can use the built in ASP.net facility for authentication and authorization. You can customize the Asp.net facilities for making it suitable according to your usage. Password and login id can be changed for making easy processing. Password of the user can be checked and new password can be issued for new user. You can add the new user in the existing system. There are many new features in the updated version.
Authentication is performed using the IIS feature in ASP.net with the help of the tracking of the cookie. Cookies play an important role in authenticating the user.
4. Authorization is performed perfectly by the ASP.net improved functionality. You can add many users and database tables must be updated. Authentication in ASP.net uses the database tables for authentication and users are checked for the existence.
5. Cookies are used for the authentication but some browsers do not support the functionality. So tickets are attached for authenticating the users. Secure socket layer is also applicable and provides security to the online users. Time out is also used for detaching the user from the server and again the password and login id comes in to play.
Read More...
Let us discuss the topic in detail:
1. Whenever user logs on to the computer system using the password there is need of authentication and authorization for allowing the user to use the system of the workplace. ASP.net provides the facility to authenticate the user and then provide the authorization for accessing the resources. There are three types of authentication which are used in Asp.net. Form authentication, window authentication and passport authentication.
2. Authorization is performed by the IIS which is used in ASP.net. If the user is not authenticated then IIS configuration setting does not allow the entrance of user to access the resources. Authentication is done using the tickets. Cookies are stored and used by the authentication system for checking the user authentication and providing permission for accessing the resources.
3. You can use the built in ASP.net facility for authentication and authorization. You can customize the Asp.net facilities for making it suitable according to your usage. Password and login id can be changed for making easy processing. Password of the user can be checked and new password can be issued for new user. You can add the new user in the existing system. There are many new features in the updated version.
Authentication is performed using the IIS feature in ASP.net with the help of the tracking of the cookie. Cookies play an important role in authenticating the user.
4. Authorization is performed perfectly by the ASP.net improved functionality. You can add many users and database tables must be updated. Authentication in ASP.net uses the database tables for authentication and users are checked for the existence.
5. Cookies are used for the authentication but some browsers do not support the functionality. So tickets are attached for authenticating the users. Secure socket layer is also applicable and provides security to the online users. Time out is also used for detaching the user from the server and again the password and login id comes in to play.
Read More...
Friday, January 16, 2009
Important Features of DOT NET
1. Interoperability support
You can easily migrate from any programming language to the.net with an ease. You will find it really easy to migrate if you are from COM or java. In fact the Microsoft has the migration utility to automatically migrate existing java code into that of C#.
2. Common Language Runtime (CLR)
Microsoft has come up with this engine which is shared by all the programming language like C Sharp, VB, Visual C++, JavaScript, VB Script etc and the language supported by .net. With the help of CLR you can make base classes in C#, child class vb.net and aggregate in visual C++. This is really the idea which not only you but all of us have experienced to be very handy. This is really the most important achievement as far as the Microsoft is concerned.
3. Base Class Library
Can you guess why java appears to be so versatile and cross platform independent? Yes if you have guessed the class library then you are absolutely right. However you will find it really great how it is implemented in the .net technology. It has moved a step further by making them available for all the languages. With them you are now capable of using features like string manipulation, exception handling, remoting, collection management construct in the same way for all the languages that are supported by the CLI.
4. Common type system( CTS)
You will really be amazed when you will come to know that the data types remain the same as far as all the languages supported by the ClI is concerned.
5. Easy deployment technique
The applications can now be deployed easily with just the help of XCOPY of the assemblies, asp.net files and configuration file. There is no more the need of the DLL.
6. Improved web services
With the implementation of Web technologies like ASP.NET you will definitely find that you can now develop more advance and powerful web application.
Read More...
You can easily migrate from any programming language to the.net with an ease. You will find it really easy to migrate if you are from COM or java. In fact the Microsoft has the migration utility to automatically migrate existing java code into that of C#.
2. Common Language Runtime (CLR)
Microsoft has come up with this engine which is shared by all the programming language like C Sharp, VB, Visual C++, JavaScript, VB Script etc and the language supported by .net. With the help of CLR you can make base classes in C#, child class vb.net and aggregate in visual C++. This is really the idea which not only you but all of us have experienced to be very handy. This is really the most important achievement as far as the Microsoft is concerned.
3. Base Class Library
Can you guess why java appears to be so versatile and cross platform independent? Yes if you have guessed the class library then you are absolutely right. However you will find it really great how it is implemented in the .net technology. It has moved a step further by making them available for all the languages. With them you are now capable of using features like string manipulation, exception handling, remoting, collection management construct in the same way for all the languages that are supported by the CLI.
4. Common type system( CTS)
You will really be amazed when you will come to know that the data types remain the same as far as all the languages supported by the ClI is concerned.
5. Easy deployment technique
The applications can now be deployed easily with just the help of XCOPY of the assemblies, asp.net files and configuration file. There is no more the need of the DLL.
6. Improved web services
With the implementation of Web technologies like ASP.NET you will definitely find that you can now develop more advance and powerful web application.
Read More...
Thursday, January 15, 2009
Microsoft launched Robotics Studio 2008
Microsoft launched Robotics Studio 2008 in mid-November. New version of Robotics Studio is a whole set of tools designed to help developers write code that controls robots. The Microsoft Robotics Studio is a Windows-based environment for robot control and simulation. It is aimed at academic, hobbyist, and commercial developers and handles a wide variety of robot hardware. Robotics Studio 2008 offers a suite of tools that makes it easy to write code that controls robots, from simple robots to advanced robots. Application developers can choose from the Visual Programming Language within the Microsoft suite or C# to create code.
Read More...
Read More...
Monday, January 12, 2009
Things you should adopt or avoid while web development
“WEBSITE” is the best platform that brings you in contact with your customers. It must be impressive and lucrative in terms of traffic generation and improving market value. Your website should be excellent in terms of creativity, indigenous approach, web 2.0 implementation, table/table less and capable of talking good to your clients. This means that your website should be able to create an impression upon your clients and convince them on dealing with you. To get more and more traffic your web development has to be placed properly.
Here are few tips, which will tell you what is good for you website development. What should be your website tools that would render your web development process in real time?
* Your website is informative and helpful to your visitor.
* Content must be an imperative criterion in web development.
* Content you are using is unique and genuine.
* Common features like content, image, less usage of java scripts, to the point write-ups and smooth navigation aptitude should be present in you website.
* Website is able to bring other aspects of web development like less loading time and usage of graphic images.
* Do not exaggerate on ideas and concepts to such a degree that people discontinue believing in your website.
* The additional number of graphic images and heavy scripting codes, and presentation will slower your website to download. So be sure about it!
* “Trust” indeed is a prerequisite, which makes a website triumphant and popular amongst visitors.
Read More...
Here are few tips, which will tell you what is good for you website development. What should be your website tools that would render your web development process in real time?
* Your website is informative and helpful to your visitor.
* Content must be an imperative criterion in web development.
* Content you are using is unique and genuine.
* Common features like content, image, less usage of java scripts, to the point write-ups and smooth navigation aptitude should be present in you website.
* Website is able to bring other aspects of web development like less loading time and usage of graphic images.
* Do not exaggerate on ideas and concepts to such a degree that people discontinue believing in your website.
* The additional number of graphic images and heavy scripting codes, and presentation will slower your website to download. So be sure about it!
* “Trust” indeed is a prerequisite, which makes a website triumphant and popular amongst visitors.
Read More...
Friday, January 9, 2009
Mount Remote FTP And Webdav Servers
NetDrive is a software to mount remote ftp and webdav servers that somehow has never been mentioned at Ghacks before. That’s a rare occurrence especially if the software is well designed and free. A large portion of webmasters have to connect to remote ftp servers regularly to update files on the website. There are obviously other ways to update files like an admin interface that allows the direct manipulation of files on the server.
An alternative to connecting to remote ftp servers with ftp programs is to mount the ftp server as a local drive on the computer system. NetDrive provides the means to do that.
The software comes with a clean interface that has several popular ftp servers preinstalled. New servers can be added by providing the IP, port, username, password and drive letter for that connection. There is also a setting to define when the ftp server or webdav server should be added as a drive letter. The options are to do that when the system starts or when NetDrive starts.
Read More..
An alternative to connecting to remote ftp servers with ftp programs is to mount the ftp server as a local drive on the computer system. NetDrive provides the means to do that.
The software comes with a clean interface that has several popular ftp servers preinstalled. New servers can be added by providing the IP, port, username, password and drive letter for that connection. There is also a setting to define when the ftp server or webdav server should be added as a drive letter. The options are to do that when the system starts or when NetDrive starts.
Read More..
Wednesday, January 7, 2009
The Importance of J2EE Server in the software scenario ?
Businesses all over the globe have realized that they can gain a sustainable advantage over their peers by developing custom applications for their unique business needs.
Quick development and deployment are required whether in-house applications for raising employee efficiency are being created or rich Internet applications to cater to the specialized needs of the clients are being developed.
Another issue, which is of concern to enterprises, is the portability and scalability of their enterprise applications. An enterprise application is viable only when it is easily portable across platforms and devices. Scalability is also another parameter, which decides the long-term feasibility of an application. Enterprise applications must be scalable so that they can be scaled up to accommodate thousands of users simultaneously. J2EE based enterprise applications can be executed across platforms and are functional across devices.
J2EE Development services for established as well as emerging companies across the world.
1. Multi-platform support language and support for web-services also
2. Develop dynamic web applications for e commerce, e learning, polls, HTML forms processing, and more.
3. Combine Java technology-based applications or services to create highly customized applications or services.
The J2EE platform provides a multi-tiered distributed application model, the ability to reuse components, a unified security model, and flexible transaction control. Not only can you deliver innovative customer solutions to market faster than ever, but your platform independent J2EE component based solutions are not tied to the products and APIs of any one vendor. .
The J2EE specification defines the following kinds of components:
Servlet and Java Server Pages (JSP) components (also called Web components): These typically execute in a web server and respond to HTTP requests from web clients. Servlet and JSP pages may be used to generate HTML (or even XML) pages that are an application’s user interface.
Enterprise Java Beans (EJB) components: These execute in a managed environment that supports transactions. Enterprise beans typically contain the business logic for a J2EE application
It is always advisable for outsourcing Java to a company which houses experienced and technically qualified Java professionals which ensures best services and that too in perfect quality.
J2EE or the Java to Enterprise Edition platform developed by Sun Microsystems stipulates the criterion for developing multi-tier enterprise applications. The J2EE platform leverages the robustness of the Java programming language that allows developers to write the code only once and execute the application on any platform. Presently more than two-thirds of development managers use the J2EE platform to develop and deploy their applications.
The user level web application are generally created in the simple HTML, DHTML, sometimes the complex COM and Java script applets. Most of the softwares that were developed earlier were based on the client server architecture, which needed it to be installed separately in each of the user’s computer. Upgrading such web application became extremely difficult as it involved upgrading each and every machine in which it was earlier installed. Another hassle that the client server custom application development required was to license it every time you installed a web application in your computer.
Most database driven applications that are developed using open source technologies have a three-tier structure. The web application itself runs in the browser of a desktop or a laptop. Users can only access the front end of the application to input data or search strings. Java being platform independent allows applications to be accessed on any device like a pda or cellphone or any telnet device.
Enterprise Java bean application development occurs by employing a three-tier architecture consisting of a front end known as the web container, an EJB container, the third tier being the database. This three-tier structure has proved to be immensely useful for enterprise application development.
Read More...
Quick development and deployment are required whether in-house applications for raising employee efficiency are being created or rich Internet applications to cater to the specialized needs of the clients are being developed.
Another issue, which is of concern to enterprises, is the portability and scalability of their enterprise applications. An enterprise application is viable only when it is easily portable across platforms and devices. Scalability is also another parameter, which decides the long-term feasibility of an application. Enterprise applications must be scalable so that they can be scaled up to accommodate thousands of users simultaneously. J2EE based enterprise applications can be executed across platforms and are functional across devices.
J2EE Development services for established as well as emerging companies across the world.
1. Multi-platform support language and support for web-services also
2. Develop dynamic web applications for e commerce, e learning, polls, HTML forms processing, and more.
3. Combine Java technology-based applications or services to create highly customized applications or services.
The J2EE platform provides a multi-tiered distributed application model, the ability to reuse components, a unified security model, and flexible transaction control. Not only can you deliver innovative customer solutions to market faster than ever, but your platform independent J2EE component based solutions are not tied to the products and APIs of any one vendor. .
The J2EE specification defines the following kinds of components:
Servlet and Java Server Pages (JSP) components (also called Web components): These typically execute in a web server and respond to HTTP requests from web clients. Servlet and JSP pages may be used to generate HTML (or even XML) pages that are an application’s user interface.
Enterprise Java Beans (EJB) components: These execute in a managed environment that supports transactions. Enterprise beans typically contain the business logic for a J2EE application
It is always advisable for outsourcing Java to a company which houses experienced and technically qualified Java professionals which ensures best services and that too in perfect quality.
J2EE or the Java to Enterprise Edition platform developed by Sun Microsystems stipulates the criterion for developing multi-tier enterprise applications. The J2EE platform leverages the robustness of the Java programming language that allows developers to write the code only once and execute the application on any platform. Presently more than two-thirds of development managers use the J2EE platform to develop and deploy their applications.
The user level web application are generally created in the simple HTML, DHTML, sometimes the complex COM and Java script applets. Most of the softwares that were developed earlier were based on the client server architecture, which needed it to be installed separately in each of the user’s computer. Upgrading such web application became extremely difficult as it involved upgrading each and every machine in which it was earlier installed. Another hassle that the client server custom application development required was to license it every time you installed a web application in your computer.
Most database driven applications that are developed using open source technologies have a three-tier structure. The web application itself runs in the browser of a desktop or a laptop. Users can only access the front end of the application to input data or search strings. Java being platform independent allows applications to be accessed on any device like a pda or cellphone or any telnet device.
Enterprise Java bean application development occurs by employing a three-tier architecture consisting of a front end known as the web container, an EJB container, the third tier being the database. This three-tier structure has proved to be immensely useful for enterprise application development.
Read More...
Tuesday, January 6, 2009
Hidden Features in C#
1) Using @ for variable that are keyword.
var @object = new object();
var @string = "";
var @if = IpsoFacto();
2) Aliased Generics.
using ASimpleName = Dictionary>>;
Allows you to ASimpleName,instead of
Dictionary>>;
Use it when you would use the same generic big long complex thing in a lot of places.
Read MOre..
var @object = new object();
var @string = "";
var @if = IpsoFacto();
2) Aliased Generics.
using ASimpleName = Dictionary
Allows you to ASimpleName,instead of
Dictionary
Use it when you would use the same generic big long complex thing in a lot of places.
Read MOre..
Cloud Computing with Microsoft , Google and Amazon
Cloud computing is Internet-based (“cloud”) development and use of computer technology (”computing“). The cloud is a metaphor for the Internet (based on how it is depicted in computer network diagrams) and is an abstraction for the complex infrastructure it conceals.[1] It is a style of computing in which IT-related capabilities are provided “as a service”,[2] allowing users to access technology-enabled services from the Internet (”in the cloud”)[3] without knowledge of, expertise with, or control over the technology infrastructure that supports them. According to a 2008 paper published by IEEE Internet Computing “Cloud Computing is a paradigm in which information is permanently stored in servers on the Internet and cached temporarily on clients that include desktops, entertainment centers, table computers, notebooks, wall computers, handhelds, sensors, monitors, etc.”
Cloud computing is a general concept that incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the users.
Microsoft , Google and Amazon has already launch their platform which worked base on the Cloud Computing Architecture. Microsoft Azure Platform , Google Apps Engine and Amazon Web Service are most reasonable example of Cloud Computing .
There are similarities. However, Azure supports any .NET 3.5 language (C#, VB.NET, F# and a number of others), whereas App Engine only supports Python. In addition Microsoft has already announced that eventually you will be able to run native code on Azure opening the door to almost any Language/Framework that runs in Windows (e.g. Java, PERL, PHP).
Google App Engine doesn’t provide local storage. Azure does (although it’s not shared across instances, you have to use the Azure Storage Service for that). I’m not sure what ancillary offerings Google has beside app engine, but Azure provides a number of services above and beyond the hosting service including
* SQL Data (and soon to be Reporting and Analysis) services,
* .NET Services (WF, WCF and Identity services in the cloud),
* Live Framework (too much there for words)
I’m pretty sure I’m missing something there, but it’s 2 in the morning. Basically the big deal here is that Azure has a lot to offer that GAE is lacking currently, and will have more to offer in the upcoming months. So yes it is equal to GAE…and then some.
Read More..
Cloud computing is a general concept that incorporates software as a service (SaaS), Web 2.0 and other recent, well-known technology trends, in which the common theme is reliance on the Internet for satisfying the computing needs of the users.
Microsoft , Google and Amazon has already launch their platform which worked base on the Cloud Computing Architecture. Microsoft Azure Platform , Google Apps Engine and Amazon Web Service are most reasonable example of Cloud Computing .
There are similarities. However, Azure supports any .NET 3.5 language (C#, VB.NET, F# and a number of others), whereas App Engine only supports Python. In addition Microsoft has already announced that eventually you will be able to run native code on Azure opening the door to almost any Language/Framework that runs in Windows (e.g. Java, PERL, PHP).
Google App Engine doesn’t provide local storage. Azure does (although it’s not shared across instances, you have to use the Azure Storage Service for that). I’m not sure what ancillary offerings Google has beside app engine, but Azure provides a number of services above and beyond the hosting service including
* SQL Data (and soon to be Reporting and Analysis) services,
* .NET Services (WF, WCF and Identity services in the cloud),
* Live Framework (too much there for words)
I’m pretty sure I’m missing something there, but it’s 2 in the morning. Basically the big deal here is that Azure has a lot to offer that GAE is lacking currently, and will have more to offer in the upcoming months. So yes it is equal to GAE…and then some.
Read More..
Monday, January 5, 2009
The perfect time to release source code?
Microsoft released last week a ASP.NET MVC demo project called "Oxite" and many Newssites wrote things like "MS launched open source blogging plattform". It´s great that Microsoft released the source code, but on the other handside, there are many criticisms from the alpha geeks. The question is: Should source code only released if it is "perfect"?
As a software developer I think open source is great and I´m very happy that open source is becoming more and more popular. Even development teams at Microsoft release more and more open source code (e.g. MEF, .NET Framework…). "Oxite" was developed by the MIX Online team.
What is Oxite?
"Oxite" is a blogging plattform. It use the new ASP.NET MVC framework (which is itself beta). The Microsoft ASP.NET MVC team don´t even know, that the MIX guys use their stuff. Unfortunately the source code isn´t a great resource for a beautiful architecture (currently - refactoring is going on!).
The problem with Oxite
Every developer know: You don´t have endless time or endless money and your customer wants to see something. Often the right guys with the know how are unrechable and that´s why you are now the developer who implements it - the first time of course!
Read More..
As a software developer I think open source is great and I´m very happy that open source is becoming more and more popular. Even development teams at Microsoft release more and more open source code (e.g. MEF, .NET Framework…). "Oxite" was developed by the MIX Online team.
What is Oxite?
"Oxite" is a blogging plattform. It use the new ASP.NET MVC framework (which is itself beta). The Microsoft ASP.NET MVC team don´t even know, that the MIX guys use their stuff. Unfortunately the source code isn´t a great resource for a beautiful architecture (currently - refactoring is going on!).
The problem with Oxite
Every developer know: You don´t have endless time or endless money and your customer wants to see something. Often the right guys with the know how are unrechable and that´s why you are now the developer who implements it - the first time of course!
Read More..
Sunday, January 4, 2009
Ajax application Security
Ajax is not issue about application security but application programming model dose make application vulnerability more porous as per software engineering.JavaScript-powered client-server interactions do enlarge the attack surface.
Ajax application security issue can be address by take care in desiging of application architechture.Here I will going to introduce that thing which can resolve the Ajax application security problem.
SQL Injection : In these attacks, hackers first research common SQL error messages to find vulnerable pages and then modify Select statements to, for example, use a simple TextBox to gain access to a database. Ajax complicates matters because it makes it possible to write SQL expressions on the client side.
Tips to prevent this kind of attacke are:
1. Use CustomErrors pages in the WebConfig file to prevent attackers from identifying an application's particular vulnerability.
2. Use Stored procedures or parameterized SQL queries instead of dynamically created SQL queries.
3. Perform input validation on the server side, not through JavaScript.
4. Use the Least Privileges account for your database and do not allow access to system data. This builds on the notion that security should be implemented in single layers, Software Engineering stated: "You don't want them to be able to thwart one and then get to the data."
Information Leakage : If the JavaScript APIs that power an Ajax application are not properly secured, hackers can use application workflow data exposed on the client side to piece together server-side services. The best way to protect against this, not surprisingly, is to keep security validation on the server side. The only validation that should occur on the client side is that which defines the user experience
Cross site Scripting : In these attacks, hackers foist malicious JavaScript onto unsuspecting users. This tends to happen on Web sites featuring a simple TextBox and a button click that encapsulates text. Instead of, say, posting a comment in a forum, hackers will use this TextBox to put in a script tag to transfer large sums of money from your bank account to theirs. Ajax, as you might expect, leaves more APIs open than does a traditional Web application.
To Protect against Cross-site-scripting I would urge you to do your own validation to make sure you're not allowing this type of input." To best accomplish this, he recommended the use of a white list, which specifically states only the characters that a user is allowed to type in the TextBox. Make sure this list does not include script tags or HTML code.
Cross-Site Request Forging: These attacks use malicious image tags in emails and leverage browser cookies. The image acts as a placeholder for what is really a query string to make that aforementioned money transfer. Once that page loads, the image request triggers an HTTP GET action, and cookies are passed along with it. "The variables coming in from the query string look exactly the same as a post. It's using that cookie that's stored on your computer, and your information, to make that query work,"
Protecting against cross-site request forging involves three best practices, he continued. The first is to use HTTP POST data as opposed to HTTP GET data; the latter can be used for retrieving data, but it should not be used for performing any sort of action using that data. The second is to use one-time, per-token requests. The third is to stand up to nagging end users and stop using persistent cookies for authentication -- especially if sensitive data sits behind a log-in screen.
JavaScript Hijacking: This variation of cross-site request forging, which thanks to ASP.NET and IIS authentication does not occur in Internet Explorer, sets script tags to a particular URL that, when HTTP GET is passed, will return a JSON-formatted string. From there, the hacker modifies the object prototype to peer into JSON values when they are created. In addition to using the HTTP POST protocol, Lombardo said the best way to protect against JavaScript hijacking is to encode JSON strings on the server side, not the client side.
Lombardo offered two tidbits of advice that were not covered in his discussions of the five common Ajax security vulnerabilities.
First, he recommended removing the WSDL from Web services, as this only gives hackers information about an application that they otherwise would not be able to determine.
Read More..
Ajax application security issue can be address by take care in desiging of application architechture.Here I will going to introduce that thing which can resolve the Ajax application security problem.
SQL Injection : In these attacks, hackers first research common SQL error messages to find vulnerable pages and then modify Select statements to, for example, use a simple TextBox to gain access to a database. Ajax complicates matters because it makes it possible to write SQL expressions on the client side.
Tips to prevent this kind of attacke are:
1. Use CustomErrors pages in the WebConfig file to prevent attackers from identifying an application's particular vulnerability.
2. Use Stored procedures or parameterized SQL queries instead of dynamically created SQL queries.
3. Perform input validation on the server side, not through JavaScript.
4. Use the Least Privileges account for your database and do not allow access to system data. This builds on the notion that security should be implemented in single layers, Software Engineering stated: "You don't want them to be able to thwart one and then get to the data."
Information Leakage : If the JavaScript APIs that power an Ajax application are not properly secured, hackers can use application workflow data exposed on the client side to piece together server-side services. The best way to protect against this, not surprisingly, is to keep security validation on the server side. The only validation that should occur on the client side is that which defines the user experience
Cross site Scripting : In these attacks, hackers foist malicious JavaScript onto unsuspecting users. This tends to happen on Web sites featuring a simple TextBox and a button click that encapsulates text. Instead of, say, posting a comment in a forum, hackers will use this TextBox to put in a script tag to transfer large sums of money from your bank account to theirs. Ajax, as you might expect, leaves more APIs open than does a traditional Web application.
To Protect against Cross-site-scripting I would urge you to do your own validation to make sure you're not allowing this type of input." To best accomplish this, he recommended the use of a white list, which specifically states only the characters that a user is allowed to type in the TextBox. Make sure this list does not include script tags or HTML code.
Cross-Site Request Forging: These attacks use malicious image tags in emails and leverage browser cookies. The image acts as a placeholder for what is really a query string to make that aforementioned money transfer. Once that page loads, the image request triggers an HTTP GET action, and cookies are passed along with it. "The variables coming in from the query string look exactly the same as a post. It's using that cookie that's stored on your computer, and your information, to make that query work,"
Protecting against cross-site request forging involves three best practices, he continued. The first is to use HTTP POST data as opposed to HTTP GET data; the latter can be used for retrieving data, but it should not be used for performing any sort of action using that data. The second is to use one-time, per-token requests. The third is to stand up to nagging end users and stop using persistent cookies for authentication -- especially if sensitive data sits behind a log-in screen.
JavaScript Hijacking: This variation of cross-site request forging, which thanks to ASP.NET and IIS authentication does not occur in Internet Explorer, sets script tags to a particular URL that, when HTTP GET is passed, will return a JSON-formatted string. From there, the hacker modifies the object prototype to peer into JSON values when they are created. In addition to using the HTTP POST protocol, Lombardo said the best way to protect against JavaScript hijacking is to encode JSON strings on the server side, not the client side.
Lombardo offered two tidbits of advice that were not covered in his discussions of the five common Ajax security vulnerabilities.
First, he recommended removing the WSDL from Web services, as this only gives hackers information about an application that they otherwise would not be able to determine.
Read More..
Friday, December 26, 2008
How to Use .NET 3.5 Features and C# 3.0 Syntax in .NET 2.0?
It is possible to benefit from some of the .NET 3.5 features and new syntactic sugar in C# 3.0, while still targeting customers that have only .NET 2.0 Framework. That's because these two versions share the same .NET CLR and mainly differ in the set of libraries available and compiler being used.
Features that you can leverage, while targeting .NET 2.0 Framework:
local variable inference;
anonymous types;
object initializers;
extension methods;
query expressions (LINQ syntax);
lambda expressions;
LINQ for objects;
new C# compiler that produces better code.
I've done this for production scenarios with ASP.NET Forms and Windows.Forms and everything has been working fine. It is possible that things like WCF or Linq2DB might also be supported, but I've never given it a try.
Below you will find different options for doing this in your solutions.
Note, that in any scenario you still need Visual Studio 2008 to develop these solutions.
Referencing LinqBridge
1. Create new project targeting .NET 2.0 Framework in Visual Studio 2008. This will already give you new syntax capabilities of C# 3.0
2. Download LinqBridge
3. Reference it in the project to get support for the extension methods and LINQ extensions.
Read More...
Features that you can leverage, while targeting .NET 2.0 Framework:
local variable inference;
anonymous types;
object initializers;
extension methods;
query expressions (LINQ syntax);
lambda expressions;
LINQ for objects;
new C# compiler that produces better code.
I've done this for production scenarios with ASP.NET Forms and Windows.Forms and everything has been working fine. It is possible that things like WCF or Linq2DB might also be supported, but I've never given it a try.
Below you will find different options for doing this in your solutions.
Note, that in any scenario you still need Visual Studio 2008 to develop these solutions.
Referencing LinqBridge
1. Create new project targeting .NET 2.0 Framework in Visual Studio 2008. This will already give you new syntax capabilities of C# 3.0
2. Download LinqBridge
3. Reference it in the project to get support for the extension methods and LINQ extensions.
Read More...
Monday, December 22, 2008
Google Introduces Advertisement in its Suggest Feature
In order to improve online advertising revenue Google Suggest, the search engine's tool that is able to list the most likely user searches through a drop-down menu only given the first characters of a query, is now featuring sponsored links among its suggestions.
The ads are currently visible to a fraction of the search engine users but, when present, are displayed at the top of the suggestion list; with a blue link at the top, green URL and an additional description, their layout closely resembles that of Google AdSense. The part of the user query that matches a sponsored link title is instantaneously rendered in bold, much link in normal search results.
As many have noted, though, the ad positioning may be less than ideal for advertisers, since there is a good chance that users could inadvertly click on the sponsored link and therefore generate many false positives — a gain for Google, but a clear loss for the advertiser, which already have to cope with a percentage of false positives that Google itself estimates at around 11 percent.
In its AdSense policy, the Google team is very clear in setting up strict guidelines for webmasters so that their sites can generate qualified visitors for the growing base of advertisers using their platform. Among other things, limits are set on the number of banners to be featured in each webpage as well as on the site content.
Read More..
The ads are currently visible to a fraction of the search engine users but, when present, are displayed at the top of the suggestion list; with a blue link at the top, green URL and an additional description, their layout closely resembles that of Google AdSense. The part of the user query that matches a sponsored link title is instantaneously rendered in bold, much link in normal search results.
As many have noted, though, the ad positioning may be less than ideal for advertisers, since there is a good chance that users could inadvertly click on the sponsored link and therefore generate many false positives — a gain for Google, but a clear loss for the advertiser, which already have to cope with a percentage of false positives that Google itself estimates at around 11 percent.
In its AdSense policy, the Google team is very clear in setting up strict guidelines for webmasters so that their sites can generate qualified visitors for the growing base of advertisers using their platform. Among other things, limits are set on the number of banners to be featured in each webpage as well as on the site content.
Read More..
Ruby on Rails 10 Tips
1. Use ActiveResource and avoid ActiveWebService. With ActiveResource and multiview support in Rails 2.x you can easily expose RESTful models as well as Atom/RSS feeds on these models as well as JSON and any other view format you can wish for.
2. Consuming ActiveResource is easy by using self.site = "URL" in the client side. However, that does not add data to the DB and every query will result in a REST call. Caching data is key.
3. Use Rake to automate any other tasks you do. Custom Rake tasks are easily added in lib/tasks. Use $rake -T to see current tasks available, including yours.
4. Use database migrations to update models once your design is solid and you have a first release and cannot avoid data losses. That is, to be clear, use one migration per model early on and then once app is released for beta, every change to the models should be via new migration (not an update to the old migration). This will save lots of headaches in future and allow you to easily move application from one version to next one.
5. Use Solr vs. Ferret for models searchability and associated acts_as_xyz plugins. This is due to the fact that Ferret indexes tend to get corrupted. This, in some sense, is a shame since Ferret is a nice and easy plugin.
6. Make sure to use Rails validations in your models. I would avoid special DB statements in migration code. This makes it easier to move to different DB, e.g., MySQL to DB2.
7. Use view partials to keep your views DRY. Essentially, partials should be any view code that is repeated, similar to a subroutine call (PullUp or PushDown method refactoring). Use a app/views/shared directory for partials that are across controllers. Also, always use the controller (or shared) name when calling the partial.
Read More..
2. Consuming ActiveResource is easy by using self.site = "URL" in the client side. However, that does not add data to the DB and every query will result in a REST call. Caching data is key.
3. Use Rake to automate any other tasks you do. Custom Rake tasks are easily added in lib/tasks. Use $rake -T to see current tasks available, including yours.
4. Use database migrations to update models once your design is solid and you have a first release and cannot avoid data losses. That is, to be clear, use one migration per model early on and then once app is released for beta, every change to the models should be via new migration (not an update to the old migration). This will save lots of headaches in future and allow you to easily move application from one version to next one.
5. Use Solr vs. Ferret for models searchability and associated acts_as_xyz plugins. This is due to the fact that Ferret indexes tend to get corrupted. This, in some sense, is a shame since Ferret is a nice and easy plugin.
6. Make sure to use Rails validations in your models. I would avoid special DB statements in migration code. This makes it easier to move to different DB, e.g., MySQL to DB2.
7. Use view partials to keep your views DRY. Essentially, partials should be any view code that is repeated, similar to a subroutine call (PullUp or PushDown method refactoring). Use a app/views/shared directory for partials that are across controllers. Also, always use the controller (or shared) name when calling the partial.
Read More..
Gradual Value Addition in Website Development
Advance versions of programming languages & frameworks are adding value to website development! Website development is gaining because of regular updates in technologies due to increasing demands of online business for most unique presentations and easy functionality.
Website development using ASP.NET framework is well known in the web development and its introduction after ASP has shown regular development phases. All over the world developers are enjoying its latest versions at regular intervals of time. ASP.NET is popular web application framework of Microsoft, since its inception in year 2002 with version 1.0; developers are using this exclusive technology to develop web applications as well as websites and various web services.
Every new feature in update version produces effective changes in website look as well functionality that helps ultimate user for better presentation of product and services online. Ultimately progressions in technologies also help in online business development such as professional developers use to get new avenues for earning more by providing fresh & easy to use websites to their clients.
So far ASP.NET has introduced its five updated versions with new added features in each version.
* It was first commenced to web world with version 1.0 in 2002 with Visual Studio .NET,
* In 2003 version 1.1 with Windows Server 2003 and Visual Studio .NET 2003,
* In 2005 version 2.0 with Visual Studio 2005, Visual Web Developer Express and SQL Server 2005,
* In 2007 version 3.5 released with Windows Server 2008 and Visual Studio 2008,
* In 2008 version 3.5 service pack released with Visual Studio 2008 Service Pack 1
ASP.NET allows developers for web application development to use fully featured languages like VB.NET and C# (C-Sharp). Feature of “web services” is unique by ASP.NET, class library, XML support and complete compatibility with other programming languages.
Read More..
Website development using ASP.NET framework is well known in the web development and its introduction after ASP has shown regular development phases. All over the world developers are enjoying its latest versions at regular intervals of time. ASP.NET is popular web application framework of Microsoft, since its inception in year 2002 with version 1.0; developers are using this exclusive technology to develop web applications as well as websites and various web services.
Every new feature in update version produces effective changes in website look as well functionality that helps ultimate user for better presentation of product and services online. Ultimately progressions in technologies also help in online business development such as professional developers use to get new avenues for earning more by providing fresh & easy to use websites to their clients.
So far ASP.NET has introduced its five updated versions with new added features in each version.
* It was first commenced to web world with version 1.0 in 2002 with Visual Studio .NET,
* In 2003 version 1.1 with Windows Server 2003 and Visual Studio .NET 2003,
* In 2005 version 2.0 with Visual Studio 2005, Visual Web Developer Express and SQL Server 2005,
* In 2007 version 3.5 released with Windows Server 2008 and Visual Studio 2008,
* In 2008 version 3.5 service pack released with Visual Studio 2008 Service Pack 1
ASP.NET allows developers for web application development to use fully featured languages like VB.NET and C# (C-Sharp). Feature of “web services” is unique by ASP.NET, class library, XML support and complete compatibility with other programming languages.
Read More..
Top 10 .NET News Stories of 2008
It’s that time of the year to reflect, analyze and compile our lives into a series of Top 10 lists. As with every other Top 10 list, the items on this list and their order are highly subjective. For example, some companies may not care about future versions of .NET — version 2.0 works just fine, thank you. Other companies may need to develop a web application, so Silverlight 2.0 is their top story of the year. So please comment below with your Top 10 List.
Following are the Top 10 stories in 2008 about software development with the Microsoft .NET Framework:
1. Visual Studio 2010 and .NET Framework 4.0 Announced
The biggest .NET buzz of 2008 came from the announcement of the next generation of the .NET Framework, C#, Visual Basic and Visual Studio, all to be released in 2009. New features include modeling tools integrated into the Visual Studio IDE, support for UML and Domain Specific Languages, improved testing tools, substantial improvements in collaboration capabilities, ability to link work items with code and models, and workflow-based builds. There are also significant improvements in C# 4.0 including co-variance and contra-variance, named and optional parameters, dynamic variables and programming features, and improved COM Interoperability.
2. Global Economic Recession
This news story will likely appear in most Top 10 News lists for 2008. The global economic recession touches just about everything in our lives. For software developers and most workers, this deep and lengthy recession may result in company closings, layoffs, stagnant or reduced salaries, reduced company spending on equipment and developer training, and a significant drop in venture capital. This means more stress on developers and software entrepreneurs. And perhaps more opportunity for innovation.
3. .NET Framework Source Code Available
Microsoft released the source code for the .NET Framework under its Reference License. This makes it much easier to debug .NET framework issues since you can dive down into the .NET code. The “read-only” license enables developers to inspect the source code for reference and debugging, but not modify or distribute the code.
4. Visual Studio 2008 and .NET 3.5 Service Pack 1 Released
Microsoft released Service Pack 1 for Visual Studio 2008 and .NET 3.5. This update patched numerous bugs, improved performance, and even added a few new features. One of the best new features was a new .NET Framework installation optimized for client applications. The optimized download is less than 28 MB, compared to the original 200 MB download.
5. ASP.NET MVC Framework Introduced
MVC is a design methodology that divides an application’s implementation into three component roles: models, views, and controllers. ASP.NET MVC enables developers to build Model View Controller (MVC) applications with the ASP.NET framework and is an alternative, not a replacement, for ASP.NET Web Forms. ASP.NET MVC offers the following benefits: clear separation of concerns, support for Test-Driven Development (TDD), fine-grained control over HTML and JavaScript, and intuitive URLs. ASP.NET MVC is in the public preview stage and will be released to production next year.
Read More..
Following are the Top 10 stories in 2008 about software development with the Microsoft .NET Framework:
1. Visual Studio 2010 and .NET Framework 4.0 Announced
The biggest .NET buzz of 2008 came from the announcement of the next generation of the .NET Framework, C#, Visual Basic and Visual Studio, all to be released in 2009. New features include modeling tools integrated into the Visual Studio IDE, support for UML and Domain Specific Languages, improved testing tools, substantial improvements in collaboration capabilities, ability to link work items with code and models, and workflow-based builds. There are also significant improvements in C# 4.0 including co-variance and contra-variance, named and optional parameters, dynamic variables and programming features, and improved COM Interoperability.
2. Global Economic Recession
This news story will likely appear in most Top 10 News lists for 2008. The global economic recession touches just about everything in our lives. For software developers and most workers, this deep and lengthy recession may result in company closings, layoffs, stagnant or reduced salaries, reduced company spending on equipment and developer training, and a significant drop in venture capital. This means more stress on developers and software entrepreneurs. And perhaps more opportunity for innovation.
3. .NET Framework Source Code Available
Microsoft released the source code for the .NET Framework under its Reference License. This makes it much easier to debug .NET framework issues since you can dive down into the .NET code. The “read-only” license enables developers to inspect the source code for reference and debugging, but not modify or distribute the code.
4. Visual Studio 2008 and .NET 3.5 Service Pack 1 Released
Microsoft released Service Pack 1 for Visual Studio 2008 and .NET 3.5. This update patched numerous bugs, improved performance, and even added a few new features. One of the best new features was a new .NET Framework installation optimized for client applications. The optimized download is less than 28 MB, compared to the original 200 MB download.
5. ASP.NET MVC Framework Introduced
MVC is a design methodology that divides an application’s implementation into three component roles: models, views, and controllers. ASP.NET MVC enables developers to build Model View Controller (MVC) applications with the ASP.NET framework and is an alternative, not a replacement, for ASP.NET Web Forms. ASP.NET MVC offers the following benefits: clear separation of concerns, support for Test-Driven Development (TDD), fine-grained control over HTML and JavaScript, and intuitive URLs. ASP.NET MVC is in the public preview stage and will be released to production next year.
Read More..
Thursday, December 18, 2008
Beep in C# Console Application
How to Alert the user in C# console application
You can use “\a” to alert the user with the system beep sound. The following example alerts the user for input
private static void KeywordExample()
{
Console.Write("\a Your name please" );
string @MyString = Console.ReadLine();
Console.Write(@MyString);
}
Read more..
You can use “\a” to alert the user with the system beep sound. The following example alerts the user for input
private static void KeywordExample()
{
Console.Write("\a Your name please" );
string @MyString = Console.ReadLine();
Console.Write(@MyString);
}
Read more..
Wednesday, December 3, 2008
Microsoft's C# to converse with dynamic languages
The next version of Microsoft's C# will see interoperability between languages for the enterprise and web, and with Microsoft's legacy COM architecture.
C# 4.0, expected with the next version of Visual Studio, will support something called dynamic look up in order to call dynamic languages like JavaScript, Python and IronPython from inside C#. Visual Basic .NET already works with dynamic look up.
Improved interoperability with Microsoft's Component Object Mode (COM), which gave way to .NET eight years ago, is also planned.
The idea is you'll be able to write C# code that looks like Office for Visual Basic as the dynamic look up will let you use C# to invoke any COM IDispatch object.
The statically typed C# was introduced with .NET in 2000 and has found huge success in the enterprise during the intervening eight years.
Microsoft, though, wants to make it easier for developers to call classes in dynamic-typed languages, particularly its versions of Python and Ruby - IronPython and IronRuby.
Anders Hejlsberg, the renowned software engineer working at Microsoft and lead C# architect, recently demonstrated C# 4.0 talking to JavaScript and IronPython.
Hejlsberg, speaking at Microsoft's Professional Developers' Conference (PDC), said he wanted to bring down the barriers not make things harder for those building in C# and using declarative and dynamic programming languages and methods.
"People say: 'Anders have you gone stark raving mad, haven't you taught us for 10 years static is the right and only way?," he told PDC.
"I'm not saying re-write all your code to be dynamic... However there are an increasing number of things that are important to talk to in your applications that are not dynamically typed and we should ask: should we make it harder to talk to, or easier?'"
Read More..
C# 4.0, expected with the next version of Visual Studio, will support something called dynamic look up in order to call dynamic languages like JavaScript, Python and IronPython from inside C#. Visual Basic .NET already works with dynamic look up.
Improved interoperability with Microsoft's Component Object Mode (COM), which gave way to .NET eight years ago, is also planned.
The idea is you'll be able to write C# code that looks like Office for Visual Basic as the dynamic look up will let you use C# to invoke any COM IDispatch object.
The statically typed C# was introduced with .NET in 2000 and has found huge success in the enterprise during the intervening eight years.
Microsoft, though, wants to make it easier for developers to call classes in dynamic-typed languages, particularly its versions of Python and Ruby - IronPython and IronRuby.
Anders Hejlsberg, the renowned software engineer working at Microsoft and lead C# architect, recently demonstrated C# 4.0 talking to JavaScript and IronPython.
Hejlsberg, speaking at Microsoft's Professional Developers' Conference (PDC), said he wanted to bring down the barriers not make things harder for those building in C# and using declarative and dynamic programming languages and methods.
"People say: 'Anders have you gone stark raving mad, haven't you taught us for 10 years static is the right and only way?," he told PDC.
"I'm not saying re-write all your code to be dynamic... However there are an increasing number of things that are important to talk to in your applications that are not dynamically typed and we should ask: should we make it harder to talk to, or easier?'"
Read More..
Tuesday, December 2, 2008
Add-in Express 2009 Roadmap
Many of you have already enquired about our roadmap for the year 2009. Its rough outline is ready, but as you understand, we reserve the right to make some changes. Well, now in more detail…
When will the first Add-in Express 2009 release be published?
We are planning to publish the first release of generation 2009 in February.
What products will the Add-in Express 2009 product line contain?
We will update all products to generation 2009, namely:
1. Add-in Express 2009 for Office and .net
2. Add-in Express 2009 for Office and VSTO
3. Add-in Express 2009 for Office and VCL
4. Add-in Express 2009 for Outlook Express and .net
5. Add-in Express 2009 for Outlook Express and VCL
6. Add-in Express 2009 for Internet Explorer and .net
7. Security Manager 2009 for Outlook
Add-in Express 2009 for Microsoft Office
None of three editions of Add-in Express for Office (.net, VCL and VSTO) will undergo any substantial alterations in the core code and public API. All improvements will be concentrated around:
1. New versions of advanced Outlook view and form regions and advanced Excel task panes
2. Customization for Word and PowerPoint with advanced task panes
3. Visual designer enhancements
4. Deployment and redeployment
5. Complete compatibility with previous generations and other editions
New versions of advanced Outlook regions and Excel task panes
The new versions of the advanced Outlook view and form regions and advanced Excel task panes, which have gained so much popularity, improve their visual design. Now a region or a task pane can be minimized like the To-Do bar in Outlook. Developers can highlight some elements of such minimized regions or task panes. Of course, our Outlook regions and Excel task panes will work for Outlook 2000 - 2007 and Excel 2000 - 2007.
Advanced task panes for Word and PowerPoint
Yes, you can add your own task panes to your Word 2000+ and PowerPoint 2000+ extensions. All features of the advanced Excel task panes are on board.
Visual designers
Our visual designers will also gain certain enhancements. For instance, we will introduce the Ribbon UI and Office toolbars modules with their own visual designers. At last, will be able to do without modal designers for your toolbars and Ribbon tabs.
Deployment and redeployment
As I see, you use generation 2008 of Add-in Express as a stable and secure platform for your Office extensions. However, there is still some room for perfection in the deployment and redeployment fields. And we have something to offer here as well. I will give more details about innovations in deployment and redeployment for your Office extensions later. Stay tuned!
Compatibility
Probably not all of you have turned your attention to the fact that having bought the Add-in Express license, you also got the 100% compatibility assurance. Well then, I guarantee that Add-in Express 2009 will be fully compatible with your projects and extensions. Just install Add-in Express 2009 and recompile your projects. :-)
Read More..
When will the first Add-in Express 2009 release be published?
We are planning to publish the first release of generation 2009 in February.
What products will the Add-in Express 2009 product line contain?
We will update all products to generation 2009, namely:
1. Add-in Express 2009 for Office and .net
2. Add-in Express 2009 for Office and VSTO
3. Add-in Express 2009 for Office and VCL
4. Add-in Express 2009 for Outlook Express and .net
5. Add-in Express 2009 for Outlook Express and VCL
6. Add-in Express 2009 for Internet Explorer and .net
7. Security Manager 2009 for Outlook
Add-in Express 2009 for Microsoft Office
None of three editions of Add-in Express for Office (.net, VCL and VSTO) will undergo any substantial alterations in the core code and public API. All improvements will be concentrated around:
1. New versions of advanced Outlook view and form regions and advanced Excel task panes
2. Customization for Word and PowerPoint with advanced task panes
3. Visual designer enhancements
4. Deployment and redeployment
5. Complete compatibility with previous generations and other editions
New versions of advanced Outlook regions and Excel task panes
The new versions of the advanced Outlook view and form regions and advanced Excel task panes, which have gained so much popularity, improve their visual design. Now a region or a task pane can be minimized like the To-Do bar in Outlook. Developers can highlight some elements of such minimized regions or task panes. Of course, our Outlook regions and Excel task panes will work for Outlook 2000 - 2007 and Excel 2000 - 2007.
Advanced task panes for Word and PowerPoint
Yes, you can add your own task panes to your Word 2000+ and PowerPoint 2000+ extensions. All features of the advanced Excel task panes are on board.
Visual designers
Our visual designers will also gain certain enhancements. For instance, we will introduce the Ribbon UI and Office toolbars modules with their own visual designers. At last, will be able to do without modal designers for your toolbars and Ribbon tabs.
Deployment and redeployment
As I see, you use generation 2008 of Add-in Express as a stable and secure platform for your Office extensions. However, there is still some room for perfection in the deployment and redeployment fields. And we have something to offer here as well. I will give more details about innovations in deployment and redeployment for your Office extensions later. Stay tuned!
Compatibility
Probably not all of you have turned your attention to the fact that having bought the Add-in Express license, you also got the 100% compatibility assurance. Well then, I guarantee that Add-in Express 2009 will be fully compatible with your projects and extensions. Just install Add-in Express 2009 and recompile your projects. :-)
Read More..
Friday, November 28, 2008
How Microsoft blew its own RIA invention
Cast your mind back to the year 2000. Microsoft has just announced its .NET Framework, complete with a new language called C# - that was in July, at the Orlando Professional Developers Conference.
A couple of months later, Mark Anders and Scott Guthrie from Microsoft's ASP+ team turned up at the Wrox Web Developer Conference in Las Vegas. Remember ASP+? This was the pre-release name for what became ASP.NET, the web application framework built on .NET.
Anders and Guthrie presented their new technology in the Wrox keynote, following which I interviewed them. They were absolutely the key people. "We started the team about two-and-half years ago. At the beginning it was just the two of us, working on it," said Guthrie.
Was ASP+ based on .NET from the beginning? "No," said Anders. "There were a number of groups around Microsoft that were looking at how we could move the programming model forward. We were on the IIS team; we had just shipped IIS 4.0, and thought we could do a lot better for web development. The tools team thought that they needed to make things simpler. We came up with some stuff, showed it to the tools team. They were working with the runtime team, we liked what the runtime team was doing, and started doing it like that."
Anders later revealed that the first ASP+ experiments were done in Java.
We also discussed how.NET components hosted in the browser might become a more secure alternative to ActiveX. "That is there today," said Anders. "If you create controls using WinForms, those can be hosted in IE [Internet Explorer] and run within the security sandbox. It's not through ActiveX hosting.
"As your binding to code within one of those components that comes down in the browser, if it's not present on the machine it will be downloaded. We have a great incremental download and deployment story. We expect it to be very popular."
Good idea, but it never really happened. Microsoft got security cold feet, and ended up crippling the feature in the 1.0 Framework so that Windows Forms controls did not run at all in the default Internet Zone. This was fixed in 1.1, but web developers disliked the .NET dependency and the fact that it only worked with IE and Windows.
Read More..
A couple of months later, Mark Anders and Scott Guthrie from Microsoft's ASP+ team turned up at the Wrox Web Developer Conference in Las Vegas. Remember ASP+? This was the pre-release name for what became ASP.NET, the web application framework built on .NET.
Anders and Guthrie presented their new technology in the Wrox keynote, following which I interviewed them. They were absolutely the key people. "We started the team about two-and-half years ago. At the beginning it was just the two of us, working on it," said Guthrie.
Was ASP+ based on .NET from the beginning? "No," said Anders. "There were a number of groups around Microsoft that were looking at how we could move the programming model forward. We were on the IIS team; we had just shipped IIS 4.0, and thought we could do a lot better for web development. The tools team thought that they needed to make things simpler. We came up with some stuff, showed it to the tools team. They were working with the runtime team, we liked what the runtime team was doing, and started doing it like that."
Anders later revealed that the first ASP+ experiments were done in Java.
We also discussed how.NET components hosted in the browser might become a more secure alternative to ActiveX. "That is there today," said Anders. "If you create controls using WinForms, those can be hosted in IE [Internet Explorer] and run within the security sandbox. It's not through ActiveX hosting.
"As your binding to code within one of those components that comes down in the browser, if it's not present on the machine it will be downloaded. We have a great incremental download and deployment story. We expect it to be very popular."
Good idea, but it never really happened. Microsoft got security cold feet, and ended up crippling the feature in the 1.0 Framework so that Windows Forms controls did not run at all in the default Internet Zone. This was fixed in 1.1, but web developers disliked the .NET dependency and the fact that it only worked with IE and Windows.
Read More..
Subscribe to:
Posts (Atom)