Microsoft Application Blocks

Posted on by Matthew Skelton (@matthewskelton)

Microsoft Application Blocks form a collection of ready-built ‘clumps’ of code which solve common problems such as security management, data access, logging, etc. They are the tangible result of the Microsoft Patterns and Practices advice: all of it sound and solid.

John Jakovich, one of the 4 Guys From Rolla, gives a useful An Introduction and Overview of the Microsoft Application Blocks. He summarises the utility of the Application Blocks thus:

…you don’t have to worry about the tedious details required to return a DataReader or write an exception to the System Log. This allows us to concentrate on the business logic in our applications.

I have written too many logging frameworks in the past: it’s boring above all else. I just want to log exceptions in a thread-safe manner, with a unique ID.which I can display to the user if necessary. If someone (i.e MS) has already written code to do (most of) this, then fine – I’ll use it.

The Security block is particularly useful for ASP.NET 1.1, where security and profile management is not as simple as in version 2.0. All that boring stuff about storing Role information in cookies? Solved! Better still, any security holes will be fixed by MS. Again, more time to concentraste on business logic.

Design Guidelines for Class Library Developers

The Application Blocks tie in nicely with a set of guidelines from MS on class library development. They include advice on:

  • array usage
  • exposure to COM
  • casting
  • threading

and several other subjects. This is basically just a gloop of Common Sense, but well worth a read.

MBR BootFX Application Framework

An alternative to the MS Application Blocks comes from Matt Baxter-Reynolds (he of DotNet247) in the form of BootFX:

The MBR BootFX Application Framework is a best-of-breed application
framework that we offer to all our clients who engage us to develop
software applications or software components for them. It’s designed
to give us a “leg up” on new projects by providing a tried and tested
code base for common software development activities.

There are lots of goodies there, including Object Relational Mapping (ORM), and support for SQL Server, Oracle, and MySQL databases. To top it all, it’s open source, via the Mozilla Public Licence 1.1. I met Matt 18 months or so back at a seminar run by Iridium; very personable guy.

Mail: Enabled

Posted on by Matthew Skelton (@matthewskelton)

At this point, I am inclined to decide that SMTP stands for “Stoopid Mother Truckin’ Program”, after some frankly bizarre shenanigens with SMTP on one particluar server. Thankfully, MailEnable came to the rescue. This is a well-engineered bit of software, and best of all, it’s free, even for commercial use (Enterprise users pay for high-end features).

The difficulties arose with a DotNetNuke installation, incombination with some stubbornly unconfigurable SMTP services. FOr example, the main SMTP server on the machine could not be configured to talk to web applications, and a second SMTP server program was available to do this, on another port (i.e. not port 25).

HOWEVER, it turns out that DNN does not allow you to specify an SMTP server on a port except port 25. In other words, a setting like this will not have the desired effect:

localhost:587

The port is ignored by the System.Web.Mail.SmtpMail class as used by DNN. I checked the source for DNN 3.2.2, and the port number is NOT parsed out from the servername string. This seems to me to be a serious limitation. A line or two of extra code would enable mail sending on alternative ports: parse out the port number, and if its there, set the port explicitly for the mail message before sending:

' line 152 or Mail.vb:

' external SMTP server
If SMTPServer  "" Then

' TODO: parse out port number here

    Web.Mail.SmtpMail.SmtpServer = SMTPServer
        Select Case SMTPAuthentication
            Case "", "0" ' anonymous
            Case "1" ' basic
                If SMTPUsername  "" And SMTPPassword  "" Then
                    objMail.Fields("http://schemas.microsoft.com/ cdo/configuration/smtpauthenticate") = 1
                    objMail.Fields("http://schemas.microsoft.com/ cdo/configuration/sendusername") = SMTPUsername
                    objMail.Fields("http://schemas.microsoft.com/ cdo/configuration/sendpassword") = SMTPPassword

' TODO: Insert port here...

                 End If
            Case "2" ' NTLM
                    objMail.Fields("http://schemas.microsoft.com/ cdo/configuration/smtpauthenticate") = 2
        End Select
End If

So I was left having to use a server on the default port 25, but with only a single machine it’s tricky to get SmartHost relaying working properly (in fact, it might be impossible – I haven’t checked the RFCs).

In the end, I disabled the two existing SMTP servers, and installed MailEnable from http://www.mailenable.com/standard_edition.asp – it is very easy to use and configure. Crucially, it can listen on two different ports, and had no limitation with respect to web applications.

I highly recommend it if you are having similar problems.

ACCU Conference 2006

Posted on by Matthew Skelton (@matthewskelton)

I went to the ACCU Spring Conference 2006 last week. There were some interesting sessions, as usual.

XSLT2 and XPath2

Version 1 of XSLT and XPath were fairly limited in their XML processing abilities in some respects: no possibility to reference local variables was the worst. Version 2.0 of these langauges fixes this and other shortcomings with a raft of new features and generalisations. In fact XSLT2 and XPath2 are very different from their predecessors.

XSLT2 allows operations on temporary/local variables and returned node sets. This can lead to greatly simplified XSLT documents. In addition, there are some nice new operator and keywords:

  • xsl:for-each – generalised operations over the universal new Sequence type (see below)
  • xsl:for-each-group – allows GROUP BY (pivot) of data
  • xsl:analyze-string – use RegEx to match text in nodes
  • xsl:function – define a custom function in XSL, and call it using XPath2 expressions
  • xsl:unparsed-text – handle non-XML text e.g. CSV

The most fundamental change in XPath2 is that all XPath2 expressions now operate upon the (typed) Sequence datatype instead of node sets. XPath2 also allows conditional expressions, whereas in XPath1 all expressions had to resolve at ‘compile’ time.

Comments are now allowed in XPath2 expressions, and nested loops are allowed (akin to JOIN in SQL). There is a new doc() function for pulling in nodes from a separate XML document, and RegEx support has been beefed up.

Java Server Faces 1.2 (JSF)

Java Server Faces is Sun’s answer to ASP.NET, and shares the smae basic approach of separating logic from presentation.

Sun seems to have taken the ‘any browser’ abstraction from ASP.NET and extended this to ‘any device’: we were shown a demonstration of the same JSF application serving pages to a web browser, a Telnet client, and a Jabber client, of all things!

It’s possible to define much of the application and component configuration via config files, and this process seemed simpler than the techinique for ASP.NET, even version 2.0 with the improved config file handlers.

The other nice thing about JSF 1.2 was the Page Flow model: a sequence of navigation actions by the user can be captured in the config file, allowing JSF to craft up appropriate links (e.g. for Edit, Save, Delete actions) automatically.

Due Diligence

I spend some valuable time talking to on of the keynote speakers about Due Diligence reviews for software.

Approximation: the source code doesn’t matter: it’s the environment and processes which determine how maintainable the software is.

Secunia

Posted on by Matthew Skelton (@matthewskelton)

Secunia is an excellent site, listing outstanding and historic vulns for all major (and many minor) software products. For exmaple, compare security flaws for DotNetNuke with the flaws for PHP-Nuke. There is clearly no competition there. Alarmingly, Firefox has 12% unpatched vulns since 2003, but of course stats can lie.

Issue Tracking Software

Posted on by Matthew Skelton (@matthewskelton)

A crucial component of a successful software project is feature tracking. Bugs, issues, defects, requirements, tasks: whatever they’re called, they need to be recorded, tracked, and dealt with.

At DevDoctor.com we started off with the free IssueTracker Starter Kit from the folks at Microsoft. This is a very simple, bare-bones application which gets the job done, but has some really useful features missing, at least in the version out-of-the-box. For example, you cannot view all tasks across all projects, only grouped by project. The Search feature is basic too, requiring SQL-like syntax (e.g. LIKE %crash%) to find matches.

Eventum is a well-featured system, running best on LAMP, but working on Win32 also. Particularly nice are the built-in time-tracking features, which allow a project manager to see at a glance where time is being spent on the project. It has email integration to allow issues to be created automatically, and for users to receive notification when they are assigned an issue. It also features integration with CVS, though Subversion support would bring it more up-to-date.

There are obviously free offerings like Bugzilla, but the interface sucks, and it’s very unfriendly. A well-featured system I have used at a previous company is FogBugz (from Fog Creek software, of Joel On Software). It’s therefore very usable: to bring up the page for Issue #51, for example, you simply type ’51’ in the search box, and hit Enter. It sports RSS feeds of issues, and has email, CVS, and Subversion (and even VSS) integration, allowing you to match up bugs fixed in code with the entries in the issue tracker. Sadly, it’s not free.

Another system which looks nice is OnTime from AxoSoft. The single-user version is free, though additional users are rather pricey. It has a WinForms client in addition to the Web interface, so provides for a much richer interaction. It also has Visual Studio integration, so bugs can be managed from the location where they will be fixed: inside the IDE. Its feature list is pretty impressive; clearly, the focus is on .Net development teams.

All in all, what I want from issue tracking depends on the context. The ASP.NET IssueTracker works well for my own needs for personal projects. When projects become more comples, and there is a need for time tracking too, then Eventum or OnTime look good options. For ease-of-use, FogBugz probably comes out top.