LA.NET [EN] : ASP.NET, C#

RouteValueDictionary: abuse or elegance?

luisabreu — Sat, 04 Oct 2008 22:02:17 GMT

Today I was reading an old post by Mike Tauty about the RouteValueDictionary and I remembered some old discussions on the RouteValueDictionary class. As many others, Mike sees the RouteValueDictionary as an abuse of the new anonymous type feature introduced by C# 3.0.

Me: well, I’m not so quick in saying that it’s an abuse. I mean, would you prefer to drop the anonymous type sugar syntax and use the object initializer syntax for passing values to that dictionary? I wouldn’t, but I’m interesting in knowing what others think about this…

Repositories, web apps and optimistic concurrency

luisabreu — Fri, 05 Sep 2008 13:28:02 GMT

Yesterday, I was looking at some code and I found something like this on a method that handles the confirm click of a web page which triggers an update on a specific domain object:

var aux = Request.Form[“Id”] == null ?
new MyObject() :
rep.GetById(Request.Form[“Id”]);
//update aux’s properties with the values from the other form fields

Ok, can you see anything wrong? I can. What about now? Anything wrong with it? Here’s a scenario that shows how you can get into problems with this:

User A loads object with ID 1 for updating info;
User B also loads the same object for changing some info;
User A submits the form, saving the data to the db;
User B submits the form and ends up overriding the changes made by user A.

By now, I think I can hear some of you saying: “man, why don’t you use some sort of version property? That will save your day!” And I say: “yes, that is a good idea and MyObject class already has that property”. Now, if you’ re on the group that says “then it should work…”, I’ll have to tell you to look again at the code. Do you see the problem now?

By now, you’ve surelly noticed that the problem lies in the fact that you’re loading the object by ID. If you look at the previous list, you can easily see that in step 4 aux will have an object with info submitted by User A instead of having the initial data that was loaded for both User A and User B. This happens because you’re recovering the object from the repository and you’re doing it only by ID. A possible solution for this bug would be adding a method to your repository so that it loads an object by ID and version:

var aux = Request.Form[“Id”] == null ?
new MyObject() :
rep.GetByIdAndVersion(Request.Form[“Id”], Request.Form[“Version”]);

Ok, this should work, but I don’t like it. In past ASP.NET projects, I’ve been building serializable objects and I persist them to the ViewState (or Control State, if ViewState is disabled as it should!) of the page and recover them during postbacks. With this second approach, you’ll end up sending more data to the client but you won’t need to perform a database call to get your object.

And yes, this was a bug in a real web app…

S#arp Architecture: first impressions

luisabreu — Tue, 20 May 2008 22:16:45 GMT

Today I've finally got some time to take a look at Billy McCafferty's S#arp Architecture. Comparing with the old NHibernate best practices project, I think it's fair to say that there are several important improvements. For instance, there's no longer a Load method that takes an instance and a property list which was used to pass an instance that would be used in filtering the entities loaded from the database. On the other hand, I'd still prefer to use Get instead of Load because I think that getting null when you try to load a non-existing entity is ok.

The base persistence classes have been modified, improving the integration with NHibernate. I'm still not sure on the GetDomainObjectSignature method (used to let you provide the business key), but I do think that the Equals method implementation is better than it used to be (again, it's really complicated to implement Equals when you're thinking in NHibernate, but it's fair to say that Billy's implementation looks good).

So, my first impressions are really positive and I'm officially recommending it to anyone working with NHibernate and ASP.NET (MVC).

.NET 3.5 and VS SP beta1 goodies

luisabreu — Mon, 12 May 2008 19:58:24 GMT

You can get them from here (VS) and here (.NET). I'm reading what's new on Brad Abrams post and I'm really digging the new features:) For instance, having the format option working with JS code is simply cool! Another cool thing: the ScriptManager is able to combine scripts so there's really no need for using the ToolkitScriptManager for that:)

Btw, i'm still going through the complete list but it really looks like we're gonna gave lots of new stuff :)

Application services IV: authenticating the user in an offline scenario

luisabreu — Thu, 07 Feb 2008 14:43:50 GMT

In my previous posts I've been talking about the basic features introduced by the new Applications Services which were added during the latest release of the .NET platform. Today we'll see how easy it is to configure our windows form app so that it is able to authenticate a user in an offline scenario.

As you might expect, you'll only be able to validate a user (on an offline scenario) if that user has already been validated previously in an online scenario. So, the 1st thing you need to do is to change your app.config file so that the hash of the password is stored in the machine. To achieve this, you need to set the savePasswordLocally attribute of the provider entry:

Even though this step is required in order to save a local copy of the hash of the password, it is not enough for making the platform authenticate the credentials against the local saved copy of a previously successful authentication. The offline authentication scheme will only be used when the ConnectivityStatus.IsOffline is set to true. So, you need to change your startup code to something like this for authenticating a user in an offline scenario:

ConnectivityStatus.IsOffline = true;
if(! Membership.ValidateUser("", "") )
{
return;
}
Application.Run(new Form1());

By now you must be wondering where the platform is saving the hash of the password. If you don't do anything, the hash will be saved in a file named User_username.clientdata in a folder named after your windows app (placed inside the user's app data folder). Just replace username with the username of the user that is trying to log on and you should find the file by performing a search on your disk. If you open that file, you should find something like this on it:

<?xml version="1.0" encoding="utf-8"?>
<ClientData>
   <LastLoggedInUserName></LastLoggedInUserName>
   <LastLoggedInDateUtc>1C73F36A9D78ED2</LastLoggedInDateUtc>
<PasswordHash>oSmbK+DdLg9KhsOKZHg5qKisALg=</PasswordHash>
   <PasswordSalt>EUQ3dz7qihlivjokvdkVBg==</PasswordSalt>
   <Roles>
      <item>Role2</item>
   </Roles>
   <RolesCachedDateUtc>1C85E0822CC597B</RolesCachedDateUtc>
   <SettingsNames></SettingsNames>
   <SettingsStoredAs></SettingsStoredAs>
   <SettingsValues></SettingsValues>
   <SettingsNeedReset>0</SettingsNeedReset>
   <SettingsCacheIsMoreFresh>0</SettingsCacheIsMoreFresh>
   <CookieNames>
      <item>9e7450b9c96a487eb57880ecfa4b96c9</item>
   </CookieNames>
   <CookieValues>
    <item>.ASPXAUTH=</item>
   </CookieValues>
</ClientData>

As you can see, there's a lot more info besides the password hash+salt used for authenticating the user in an offline scenario. For instance, roles can also be cached...

Currently, you can also save the user info in an SQL Compact database. To do that, you'll need to specify a SQL Compact connection string or you can simply use the special connection string "Data Source=|SQL/CE|". Here's what you need in order to achieve this:

<add name="ClientAuthenticationMembershipProvider"
            savePasswordHashLocally="true"
connectionStringName="Data Source=|SQL/CE|"
            type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
            serviceUri="http://saturn/login/Authentication_JSON_AppService.axd"
            credentialsProvider="login.Login, login"

Do notice that this will only work in x86 builds (ie, SQL Compact will only run in WoW mode in x64 bits systems). So, if you also have a x64 version of an OS installed, don't forget to explicitly set the build to x86 on the configuration of your project. One more thing you might notice after looking at the previous config entry is that I'm passing the special connection string to an attribute which is called connectionStringName. Well, if you want, you can pass it the name of an existing entry on the connectionString section instead (internally, the provider will try to get an existing entry named with the value you pass to the connectionStringName attribute. If it can't find any, it will simply use the value you've passed to that atribute).

If you use reflector to check the code, you'll see that the helper classes do have code that would let you use Isolated Storage for saving these data. However, there's really no way to set it up (at least, I didn't find any - maybe I'm missing something!) so you'll have to choose between using the file system or a SQL compact database.

Before ending this post, there's still one more thing you should keep in mind: you should always set the ConnectivityStatus.IsOffline property. If you explicitely set the property, then that value will be respected. If you don't, then the value returned from the property will depend on the checking of a special file called AppIsOffline. This file is used as a marker and is created when you set the the ConnectivityStatus.IsOffline property to true (notice that it will be deleted when you set the property to false). What this means is that if you've previously set that property to false and then don't set it back to true, authentication will always be performed offline since that property will return true.

And that's all for today...more to come tomorrow :)

Open Source projects in .NET

luisabreu — Fri, 30 Mar 2007 12:36:41 GMT

An open letter from D. Starr to Scott G. resulted in a cool discussion about open source projects in the .NET platform. If you have the time, then go read it!

[I know this is old, but I'm on vacations:) ]