I’ve been lucky enough to get my hands on a Lenovo ThinkPad X240 test device for a review. Lenovo has been making a number of changes to their line of business notebooks recently, and I wanted to get in and get my hands on one to check it out, as a developer first and foremost and a ThinkPad zealot second. The changes made to the new line of devices are numerous – some changes awesome and innovative, while others leave you pondering the overall direction. Will I be buying one? Read on the find out.
Sometimes your ASP.Net sites crash or hang, and you have no idea why. No exceptions, no event logs. This leaves you a little light on places to start your debug investigation journey. Microsoft Developers who live a little closer to the metal (i.e. non web developers) will know of tools like WinDbg, but for web developers these tools can seem a little scary/low level. This post is aimed at allowing you to get a closer view on your ASP.Net website at the time of a failure, without any of complexity of learning WinDbg on your own.
In years past building Visual Studio Extensions have often been considered the realm of the big boys. Staff working at Jetbrains or the Microsoft employees of the world. Last year I saw a talk given by Mads Kristensen aimed at taking away some of this stigma and showing how easy the guys at Microsoft have tried to make it for developers like you and me to just up and write extensions. I’ve been wanting to build one ever since, but haven’t had a good enough excuse to jump right in – until now. Here follows the creation of “OnCheckin Web.config Transformer”.
When writing forms for your ASP.Net MVC websites the common approach to ensuring only real people use them site is to simply add an Html.AntiForgeryToken() to your form’s view mark-up and controller and be on your way. I've recently found out this approach while simple, can actually have pretty serious affects on both how your visitors use of your site as well as their view of it’s professionalism and stability – two things you really don’t want any trouble with.
In web and software development we all know what it’s like to finish a project and have it leave a bad taste with either your team or your stakeholders. Often left with thoughts of “if we’d just had time to slip that last feature in”, “I wish we’d understood that requirement earlier. or even worse “I wish we’d given that more testing time”. The problem is that as humans we’re incredibly good at this kind of thinking, but by using Agile processes to change this thinking both your development team and stakeholders alike will be a much happier bunch.
The past year has been a crazier year than most for me. I moved jobs to working in publishing where I've created a new thriving user group within the very company (post to come soon), launched the most awesome way for ASP.Net web developers to deploy their sites and generally loved being a developer for another 365 days. Our jobs are made so much easier by the online contributions of others, and moving into another year we get a chance to give something back.
Over the past two weeks I've begun moving a lot of my hosting infrastructure onto Microsoft Azure. This has consisted of all sorts of configuration – virtual networks, VPN's, backups, servers, databases and sites. One of my sites uses Code First Migrations at it's core, and during the migration simply nothing would work. After much pain and frustration I made the worst mental leap a developer can make: I came to the simple conclusion that is was everyone else's fault. Like most of these kinds of problems, I was to blame all along.
When configuring an Azure Virtual Network one of the most common things you'll want to do is setup a Point-to-Site VPN so that you can actually get to your servers to manage and maintain them. Azure Point-to-Site VPNs use client certificates to secure connections which can be quite complicated to configure so Microsoft has gone the extra mile to make it easy for you to configure and get setup – sadly at the cost of losing the ability to connect through the command line or through PowerShell – Let's change that.
Often you'll find yourself logged into a web or application server and need to simply test that you can get to the SQL server you've unsuccessfully been trying to point your app at. Luckily there is a nifty trick built into Windows that allows you to save the day without having to install anything on your box – and it works on both client and server operating systems just as well.
Web application security's had a lot of coverage in recent times with a lot of attention paid to approaches to dealing with user generated content or exposing form or query string data to users. Thanks to a number of big hacks over the years you commonly hear about the risks of not properly encoding user data and the risk it poses to your visitors. One thing you don't hear often is how user entered CSS can have just as much risk attached to it – thanks to accidental support for HTML Components (HTC's).