Send me one paragraph detailing your community contributions. On February 1st I'll pick the best submission and send that person a fully licensed copy of Visual Studio 2008 Team System 2008 Team Suite. That's it! vapordan@hotmail.com subject line sweepstakes.
Link: http://msdn.microsoft.com/en-us/library/b5ysx397.aspx
This link tells you what are the various items that can be put inside the configuration file. Keep it handy or refer back here.
ASP.NET contains some annoying breaking changes. Plan for those changes, so that you can be prepared for RTM.
http://www.asp.net/(S(ywiyuluxr3qb2dfva1z5lgeg))/learn/whitepapers/aspnet4/breaking-changes/
Short post on VB6 - still 14 Billion ('B' as in biyyon) lines of VB6 code running in production.
The good news: VB6 works on x64.
The bad news: Microsoft does not support it.
In between news? Microsoft is committed to making sure Vb6 runs on WoW (virtualized stuff).
There are a couple of issues to look out for.
1. You'll need admin privilege.
2. You cannot run mixed mode (.NET 2.0 assemblies loading .NET 1.1 assemblies that call vb6 components). This is because 2.0 apps compiles to Any CPU by default. When these are deployed on 64bit, they run in 64bit mode. 1.1 and vb6 assemblies only run in 32bit mode. If you reference these assemblies or these projects? Kaboom!!!
3. If you connect to data sources using JET OLE DB, there is no 64 bit provider available, and no plans to produce on either.
VB6 will run for the forseeable future. 2020???
When you install a Silverlight application Out-Of-Browser, debugging will not work. You can manually configure debugging by right-clicking on the Silverlight project and selecting properties. Make the following changes as shown in figure 21-0. Then, right-click the project again and set it as the startup project. From that point, the debugger will work as normal.
Figure 21-0, Enabling debugging in Silverlight 4 OOB project.
Summary
Silverlight 4 is certain to leave a huge crater on the playing field, to the point where the enterprise will sit up and take notice. Microsoft is more committed to the Silverlight product especially as WPF has exhibited anemic growth in the industry, see Forester's September 2009 industry survey that I discussed earlier in the chapter. If you are already part of the Silverlight wave, you should stay the course. If you have been on the fence, it’s time to jump in.
Silverlight offers the following real world advantages:
- Consistent user experience across multiple, supported browsers.
- Visually compelling user interface (UI).
- Allows Web applications to interact with the desktop in controlled, secure way.
- Offers superior vector rendering.
- Supports potent media capabilities such as deep zoom.
- Seamless integration with Microsoft Visual Studio.
- Supports Digital Rights Management.
- Better support for Accessibility.
- Better security model.
- Out of Browser experience.
Other advantages are purely academic and do not translate into an enterprise benefit. On the other side of this coin, the main disadvantages to Silverlight are:
1. It is immature.
2. The learning curve is steep.
3. Enterprise features are missing or not yet implemented.
Item number 3 in the disadvantage list above is fading fast. Time will erase item number 1 completely. Item number 2 is harder to pin down. I’m not a huge fan of the Windows Presentation Model. Mastering such a model is expensive for the enterprise in terms of developer training and tooling. Microsoft needs to invest more resources in simplifying the model so that it can approach ease of use of Visual Basic (legacy). Only geeks love complexity. Microsoft must focus on reducing complexity because complexity does not sell! Period!
Asp.Net by Example will be available very very shortly.
The book will be available at this link in January: http://www.lulu.com/content/7738132
Well, a lot has changed with security in this SL platform. I think its for the best but you'll have to be patient as the Silverlight platform matures. So, you may miss some functionality. Here's a quick overview from what you used to have, to what you will have and what you need to get accustomed to having.
Previously, if you wanted container based Web applications, you'd create a user control and stick it into a web page. I blogged about this several times in the past, here is one example. When you embed the object tag, your favorate browser will determine that the object needs the CLR (by parsing the path) and load the appropriate CLR (depending on configuration settings) in order to execute the binary. The binary will be downloaded into a special place in the GAC where code policy and zoning rules come into play. That creates the sandbox (well, it enforces the sandbox - the sandbox is already created. Moving on...).
What do we have today with Silverlight? Perhaps most of it is the same from a theoretical perspective. The object is now replaced with the Silverlight pluggin. You'll see something like this in VS2010:
<div id ="silverlightPlugInHost"> ...
The purpose of this tag is to embed the SL object into the Web page. From there, you can script the object or program to its interface. However, that's about where the similarity ends. Underneath the hood, the managed user control that I talked about earlier is sandboxed with policy and zoning. This is how security is enforced. It's a good concept, but it was tedious to implement and tricky to get it right. So, it never really took off. Microsoft has tried to simplify this model to gain some more traction in the container war with Adobe.
In the past, with the correct policy, you could elevate out of the sandbox. A web page could automate Windows media player or read the registry for instance. Today, with the simplified approach, the sandbox is fully enforced. That is there is no concept of elevation out of the sandbox. Elevation significantly complicates security implementation. What you have is now 3 layers of code, see figure 1-0.
Figure 1-0, Silverlight Security Stack courtesy ASP.NET by Example (coming in February).
Your Web application with Silverlight (click me button) is built in managed code. That is the transparent layer. It's transparent because it can be reviewed, disssected, and adjusted. So, notice the security stack, it can't by-pass or elevate around the safe critical code layer. It must call into that layer to get into the pot of gold behind it (Critical, OS layer). That type of behavior is simply not defined. What that means to you is that you won't be able to write to the registry or access the printer port for instance. You could do this with a managed user control and the right security settings. So you've lost that. What have you gained?
You've gained a simpler security implementation stack. You call through safe-critical code. If safe critical does not allow it, it can't be done. It's that simple. With simplicity comes less bugs, less compromises and cleaner code. Now, all that remains is for safe critical (I'll use it as a noun from now on) to implement the features that we as developers need. Printing for instance is a major request. So Silverlight 4 implements this. Socket access is another and that is also available in SL4. So now you see, Microsoft essential controls the back-end right? Right! You never thought of it like that. Cheeky.
There's one more complication to the picture. The entire security stack can be by-passed. I know I said this wasn't defined, but I mislead you only to simplify the explanation. If you run the SL application as an OOB (Out of Browser) application, the SL application runs as if it were installed from an install media; That is, it is completed trusted. Completely. So the security stack gets by-passed.
So why would you run OOB instead of building a Windows client application? Did you really ask that question? Thought so. I ask the question on your behalf. Answer: Money. It costs a ton to deploy applications. If it is a browser, you don't have to test the deployment leg. Microsoft already did that for you when they packaged it. Ch-ching!
I found out the hard way that JSON Data contract serialization is not supported in the DSF (VS2010). Here's what I was trying to do. I wanted to pull down and parse data from a DSF application. I do have code to parse and dump the data to the console for instance, but I really wanted to work with a strongly typed class so that I could work with the domain objects directly. So I build my datacontract, point it at the DSF supported site and let it rip. SerializationException. So I spend valuable time tracking this down - couple of days actually. Eventually, what I find is a statement by one of the program managers at MS that goes something like this - I am paraphrasing because I forgot the link:
JSON Data Contract serialization is not supported because there is no way to specify reference types in JSON. Since the entity frameworks (on which DSF relies) projects via reference types and only supports one projection, it isn't possible to project a second time to a value type for instance. Hence, it is a feature hole that won't be plugged for the forseable future.
Oh well, I guess I need to go parse strings then...
Folks:
I've finished writing this block buster. I'd like to invite some of you to peer review the bookSend email by using the blog link contact with subject line Peer Review ASP.NET 4 by Example. You'll get a pdf file of a chapter that you can read and comment on. You won't get paid for your services. However, I'll mention you as a peer reviewer in the book credits at the front of the book. If you are contemplating a writing career, it's a great way to start.
The book will go on sale in February time frame with a price point of $19.99. Can't go wrong for $20 right? There'll be VB and C# as usual and I'll cover everything new in ASP.NET with a focus on explanation using example code.
If you look at the new technology wrapped in VS2010 (technology is a grand term, yes I know), I think you will agree that the stage is being set for all sorts of goodies down the line, things like Azure, Increased productivity, more secure, scalable applications, Accessible products, Richer UI. It's coming, better get on board and start digging in...
That's the title of my new book. Woohoo! Should be out in February 2010. 7 Chapters, heavy on the code, light on the fluff. It will sticker for $20, printed and eBook versions along with code download. I'm targetting about 300 pages, give or take a few.
I'm ashamed for not posting any sooner than this. I forgot my password for the longest while...Have you noticed how many passwords people now have. There's work, there's home, there's social sites, there's chat clients, there's taxes, banking...On and On. And they are all different right? Because, oh no, you don't want to share the same password across all these sites. What if the booboo man gets a hold of it? I think we've pinned ourselves into a corner here...
I walked into a booby-trap with .NET 3.5 SP1. Here are the details. You receive a 401 authentication error when you upgrade your server running WCF service to .NET 3.5 SP1. The WCF run-time now requires an identity to be passed in on the call. The identity or SPN is not verified for authenticity, it just needs to be present. You can fix the issue from code or by inserting the identity tag into the url.
The authentication failure is triggered if all of the conditions are met
-
The scenario uses ClientCredentialType.Windows, which specifies the Negotiate authentication scheme.
-
The scenario uses http, https, or net.tcp.
-
The service runs under a don-domain account
More specifics
|
|
3.5 SP1
|
3.5 RTM
|
|
Default – specify NO identity
|
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate oYG… snip…. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. ---> System.ComponentModel.Win32Exception: The target principal name is incorrect
|
Accepted (no identity required)
|
|
Default – specify bad identity
|
Accepted (identity not checked)
|
Accepted (identity not checked)
|
|
allowNTLM=false – specify NO identity
|
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate oYG… snip…. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized. ---> System.ComponentModel.Win32Exception: The target principal name is incorrect
|
Accepted (no identity required)
|
|
allowNTLM=false – specify bad identity
|
Caught System.ServiceModel.CommunicationException: An error (The request was canceled) occurred while transmitting data over the HTTP channel. ---> System.Net.WebException: The request was canceled ---> System.Net.ProtocolViolationException: The requirement for mutual authentication was not met by the remote server.
|
Caught System.ServiceModel.CommunicationException: An error (The request was canceled) occurred while transmitting data over the HTTP channel. ---> System.Net.WebException: The request was canceled ---> System.Net.ProtocolViolationException: The requirement for mutual authentication was not met by the remote server.
|
Here is the fix, placed in the client configuration file inside the endpoint tags (<endpoint>fix goes here </endpoint>:
<identity>
<servicePrincipalName value="spn" />
</identity>
Community:
I have a one licensed, legal
VSTS 2008 with MSDN premium subscriptions to give away to the community. If you care to take part, please send me an email with 1 paragraph explaining why you think you should be considered. That's it, no gimmicks, strings or anything funny.
I'll take the best 1 on October 31st and provide the subscriptions to the lucky person. Your contact information and email will not be published or distributed.
To participate: Send email to vstsgiveaway@live.com. Subject line - VSTS Giveaway is Back. I will pay shipping and handling charges.
Community:
I have a couple of licensed, legal
VSTS 2008 with MSDN premium subscriptions to give away to the community. If you care to take part, please send me an email with 2 paragraphs explaining why you think you should be considered. That's it, no gimmicks, strings or anything funny.
I'll take the best 3 on July 31st and provide the subscriptions to the lucky ones. Your contact information and email will not be published or distributed.
To participate: Send email to vstsgiveaway@live.com. Subject line - VSTS Giveaway. I will pay shipping and handling charges.
Aint it great that the latest from MS falls short of the accessibility mark? Gotsta luv it. Here are the details.
Microsoft is aware of the issue and working on it.
DeskTop Heap Exhaustion
Ran into another mine field the other day - blew my foot right off before I could even realize what was happening.
The client received this error:
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\nt\com\complus\src\comsvcs\threads\stathread.cpp(284), hr = 80070000: CSTAThread: CoGetApartmentID failed
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\nt\com\complus\src\comsvcs\threads\stathread.cpp(271), hr = 80070057: CSTAThread: CoInitializeEx failed
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\nt\com\complus\src\comsvcs\threads\stathreadpool.cpp(1230), hr = 8000ffff: CSTAThreadPool: Unable to get bind thread.
The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Couldn't get ApartmentID from STAPool
The COM+ component was configured to use a large number of threads on startup but this was working fine for several years in production. The workaround was to reduce the number of pre-allocated threads, but why was this issue surfacing?
As it turns out, the desktop heap size was the root cause. Each process running on the desktop is treated differently for "Interactive User" vs "Non-interactive User". Windows reads a registry key to determine how to treat these groups of users:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\Windows --> SharedSection = 1024,3072,512
You can read up more on this here http://blogs.msdn.com/ntdebugging/archive/2007/01/04/desktop-heap-overview.aspx.
In the settings above, you can see that the heap is set to 3072 KB for Interactive user and just 512 KB for non-interactive users. This heap is used for system resource (e.g. thread handles). The small size prevents dllhost.exe from creating more threads.
By increasing the heap allocated for non-interactive users (from 512 -->1024) the problem was solved.
Several readers found it necessary to email me with their comments and answers to the post http://msmvps.com/blogs/alvin/archive/2008/01/07/how-old-is-the-earth.aspx. Unfortunately, there isn't a correct answer though there may be several plausible answers.
The story tries to describe the starlight problem. Starlight from distant stars travel several million years to reach the earth - we all agree on that, meaning that when we look up into the night sky, what we see is the past. Based on the time we think it takes the light to travel (represented by the boat), we say the earth is a few million years old (represented by the man on the beach). The two points of view juxtapose christianity with science. Unfortunately, since we were there when the earth was formed, there isn't an definitive answer to the problem - the man doesn't answer.
More Posts
Next page »