Web Development « Programming « Categories « Rob Sanders: Sanders Technology

New post under consideration

Oct 122011

Hi All.

I’m debating a new article.

I’m currently debating whether to spend some time documenting an interesting solution to a fairly esoteric scenario. I’m not sure if it is worth the investment (in my time), so I’m going to throw it open to the community.

Give me feedback – if you have an interest in seeing this solution, please leave a comment. The only reason I mention this is because the solution is really quite interesting, and a good lesson in the rarer binding types (and message & transport security) in Windows Communication Foundation (WCF).

Here’s the premise:

We have a .NET 2.0 client (which can not be upgraded to 3.5 or 4.0) which must consume a web service by providing a Web Service Extension (WSE) 3 policy file – which stipulates a separate set of credentials (username/password/domain) for authentication in a downstream legacy system.

Presently, this client calls a series of legacy ASMX services (also .NET 2.0). However, there is a desire to upgrade these services to WCF (for more widespread use) and so we can take advantages of .NET 4.0 in the service implementation and beyond. The challenge is to provide the same functionality (policy file attached to the transport) for later authentication.

The information would be transmitted by HTTPs or via HTTP under a VPN (so, ultimately, encrypted). This is obviously a fairly intriguing paradigm, made more interesting by the prospect of actually not using the WSE3 policy information for handshake authentication.

The original design, from my understanding, was to make the passing of credentials transparent to the service calls themselves (hence, not passing username, password and domain per service call explicitly). I could be wrong about that, but in any case this is the scenario we have today.

Here’s where you fit in:

So, I repeat – who’d be interested in seeing the solution? Please leave a comment to indicate an interest. Depending on how much interest there is, I’ll put together both a long article and a sample, demonstrative, solution.

Cheers, R

GDR Update released for the .Net Framework 4

Infrastructure, News, Web Development No Responses »

Aug 102011

We love it when a good patch comes around – so here is a cumulative patch for the .NET Framework 4.0.

There is a fairly long and extensive list of changes included in the GDR, here is a list of fixes and new features which have been added (from the Microsoft Knowledge Base Article):

Issues that this update rollup package resolves are as follows.
Issue 1
Consider the following scenario:
You create a Visual Studio 2010-based add-in application. The add-in application enumerates several projects by using a background thread.
You run an instance of Microsoft Visual Studio 2010 and the add-in application.
Garbage collection runs.
In this scenario, the instance of Visual Studio 2010 may crash.
Issue 2
Consider the following scenario:
You develop a .NET Framework 4-based add-in application for Microsoft Office Excel.
You run the add-in application, and then the Application.WorkbookBeforeSave event occurs.
In this scenario, the SaveAsUI parameter in this event is always set to the TRUE value.
Issue 3
If the focus is set to a window of a Visual Studio 2010-based application when the computer enters sleep mode, a memory leak occurs when the computer resumes from sleep mode.
Issue 4
When a .NET Framework 4-based Windows Presentation Foundation (WPF) application tries to load some text from a .ttf file, the text is displayed incorrectly. Additionally, an access violation occurs, and then the application crashes.
Note The stack trace resembles the following:
06bdeafc 71086dd5 dwrite!TrueTypeRasterizer::Implementation::ReleaseSfntFragment()+0x1f
06bdeb5c 7108d327 dwrite!sfac_GetSbitBitmap()+0×428
06bdec10 7108d4d8 dwrite!GetSbitComponent()+0xb5
Issue 5
When you perform a touch manipulation in a .NET Framework 4-based WPF application on a multitouch screen, the application crashes, or the *.vshost.exe process crashes. For example, the application crashes when you try to scroll up or to scroll down.
Issue 6
When you try to select multiple items in the Pending Changes window in Visual Studio 2010, the Visual Studio IDE disappears, and a Dr. Watson error is not generated.
Issue 7
Consider the following scenario:
You run Visual Studio 2010 on a 64-bit operating system.
You debug an application.
You enable the managed debugging assistants (MDA).
You try to close the application in the IDE.
In this scenario, the raceOnRCWCleanup MDA incorrectly runs.
Issue 8
When you scroll in a .NET Framework 4-based WPF application while the text in a tab control is being formatted, the application runs slowly.
Issue 9
When you try to host a webpage that has the targetFramework property set as the .NET Framework on a Server Core, you receive the following error message:
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: The ‘targetFramework’ attribute in the <compilation> element of the Web.config file is used only to target version 4.0 and later of the .NET Framework (for example, ‘<compilation targetFramework="4.0">’). The ‘targetFramework’ attribute currently references a version that is later than the installed version of the .NET Framework. Specify a valid target version of the .NET Framework, or install the required version of the .NET Framework.
Source Error:
Line 2: <configuration>
Line 3: <system.web>
Line 4: <compilation debug="false" targetFramework=".NETFramework, version=v4.0" />
Line 5: </system.web>Line 6: </configuration>
Issue 10
Symptom

Consider the following scenario:
You create a Visual Studio 2010 application that contains a Dataset database.
You drop some tables from Dataset Designer.
You check the order of the tables in Dataset Designer.
In this scenario, the tables are sorted incorrectly.
Cause
This issue occurs because of an error in the TableAdapterManager class in Visual Studio 2010.
Issue 11
When a client requests the RESTful web service in an .asmx or a .svc file by using the ASP.NET pipeline and by using the extension-less URL handling, the state of the request might incorrectly change.
Issue 12
In the .NET Framework 4, the Application_Start and PreAppStart methods do not have access to the HttpUtility.HtmlEncode method and to the related APIs.
Issue 13
When you try to run a Microsoft Visual C# or Microsoft Visual Basic application, the application does not run if an Entity Data Model (EDM) references a database project. Additionally, the debugging features of the application do not work.
Issue 14
When you use SQL providers, the following issues occur:
An exception is thrown on the garbage collection thread.
A Dr. Watson error occurs, and you receive an error message that resembles the following:
Application: webdev.webserver20.exe
Blamed Symbol:
SYSTEM.DATA.NI.DLL!System.Data.ProviderBase.DbConnectionInternal.PrePush
Exception code: system.invalidoperationexception
Event Sub type: Clr20r3
The w3wp.exe process crashes.
Note The w3wp.exe process is a web-hosting process.
Issue 15
Symptom
The SqlDataSource class does not support a parameter that is used to access data in a Microsoft SQL Server Compact Edition database.
Cause
This issue occurs because Microsoft SQL Server Compact Edition cannot support a parameter in the SqlDataSource class.
Issue 16
Symptom
When you try to run an ASP.NET webpage, you receive the following error message:
HttpContext.User is supposed to be a MyWindowsPrincipal.
Cause

The issue occurs because the Extensionless URL handler passes the parent IHttpUser interface to the child requests. Therefore, the child requests skip the authentication process.
Issue 17
Consider the following scenario:
You have a Visual Studio 2010-based project that has an Entity Data Model (EDM). The EDM references a database that is of medium or large size. For example, the database contains 500 tables.
You try to reverse-engineer the tables.
In this scenario, reverse-engineering the tables requires a long time. For example, reverse-engineering 500 tables requires 14 minutes.
Issue 18
Consider the following scenario:
You install Visual Studio 2010 Service Pack 1 (SP1) Beta on a computer that is running Internet Information Services (IIS) 6.0.
You set the isolation mode to IIS 5.0.
You host a webpage in IIS 6.0.
In this scenario, you receive the following error message when you try to access the webpage:
503 – Service unavailable.
Issue 19
After you install a hotfix package that applies the .NET Framework 4, all services that are hosted on Windows Process Activation Services (also known as WAS) may be turned off. Additionally, the services cannot be restarted until you restart the computer. An example of a service is a WAS-hosted Windows Communication Foundation (WCF) service.
The following are the affected activation services:
Non-HTTP Activation
Message Queuing Activation
Named Pipes Activation
TCP Activation
TCP Port Sharing
Issue 20
Consider the following scenario:
You have an ASP.NET website that contains a WCF service. The website targets an earlier version of the .NET Framework 4.
You do not click to select the Allow this precompiled site to be updatable check box in the Publish Web Site wizard in Visual Studio 2010.
You publish the website.
A client tries to access the WCF service.
In this scenario, the WCF service does not respond to the client request. Additionally, the .svc.compile file incorrectly references the .NET Framework 4.
Note The .svc.compile file is generated by the publishing process.
Issue 21
Consider the following scenario:
You bind the Windows.AutoHide command to a keyboard shortcut.
You focus on a toggled tool window in Visual Studio 2010. For example, the focus is located on the Solution Explorer window.
You press the keyboard shortcut.
In this scenario, the window hides. However, when you press the key again, the window does not return as toggled.
Issue 22
When you use Visual Studio 2010 to debug an application, many verbose messages that resemble the following are shown in the Output window:
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
Issue 23
Assume that you build a web application on a computer and then publish the application on a different computer. When you use Visual Studio 2010 to attach the application, managed methods cannot be shown because of missing symbols for assemblies.
This problem occurs because the .pdb file that contains the information about symbols is not copied from the bin folder to the shadow copy folder.
Issue 24
You use the My namespace in a Visual Basic project. When you add an explicit reference to the Microsoft.VisualBasic.dll component to the project, the My namespace cannot work correctly. For example, you may receive the following error message:
‘Application’ is not a member of ‘My’.
Issue 25
When you install an ASP.NET 4.0 hotfix, the aspnet_regiis –iru command is triggered. Then, some ASP.NET registry keys are removed.
Issue 26
When you request an .xap file through the Cassini in Visual Studio 2010, the MIME type of the returned response is "application/octet-stream" instead of the expected "application/x-silverlight-app."
Issue 27
In the Visual Studio 2010 IDE, you attach the debugger to a sqlservr.exe process. You set a breakpoint at a managed SQL function or at a managed stored procedure. The symbol file is loaded correctly, and a solid red dot appears. However, Visual Studio does not break at the breakpoint.
Issue 28
You run a Visual Basic application that contains a Visual Basic Core assembly on an operating system that does not have the Visual Basic runtime. If the application contains a SyncLock statement on a variable of type Object, you may receive an error message that resembles the following:
error BC35000: Requested operation is not available because the runtime library function ‘Microsoft.VisualBasic.CompilerServices.ObjectFlowControl.CheckForSyncLockOnValueType’ is not defined.
Issue 29
If you run a Visual Basic application that contains a Visual Basic core, the code that uses constants in the Microsoft.VisualBasic.Constants class cannot run correctly. For example, you may receive the following error message when the code is executed:
error BC30059: Constant expression is required.
This problem occurs because the constants are embedded as normal fields instead of as constant fields.
Issue 30
You deploy a .NET Framework 4-based ASP.NET website in a legacy Code Access Security (CAS) mode. You configure the website with a partial trust. When you try to request this website, you may receive the following error message:
[SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=<Token ID>’ failed.]
Issue 31
You install the security update that is described in KB974417 when directories in the GAC folder, including the System.EnterpriseServices.dll assembly, are locked or the assembly is being used. In this scenario, the security update installation fails, and the computer becomes corrupted.
For more information about the issue, click the following article number to view the article in the Microsoft Knowledge Base:
2260913 FIX: Updating the .NET Framework may fail and some files in the GAC may be deleted
Issue 32
Some unrestricted asserts from ASP.NET types may bring a risk that a partial-trust user can be elevated as a full-trust user.
Issue 33
The simplified web application paradigm that is called Plan 9 MVC is released more frequently than ASP.NET. However, beginning with version 2, versions are not set as full trust. Therefore, many features that require full trust cannot work correctly.
This update sets the versions of Plan 9 later than version 2 to fully trust.
Issue 34
A constant in a device-level enumeration type in source code differs from that in the specification.
The update keeps the constant in a consistent way.
Issue 35
When you install the security update that is described in the following Knowledge Base article, a Windows Communication Foundation (WCF) service is forcibly closed by the remote host. This problem occurs when the trust level is set to High or to Medium in the Web.config file of the WCF service.
2449742 MS11-NNN: Description of the security update for the Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1 on Windows Vista SP2 and Windows Server 2008 SP2: February 8, 2011
Features that this update rollup package introduces
This update rollup package introduces the following features that are related to the .NET Framework 4.
Feature 1
This update rollup enables ASP.NET to support multiple IIS configuration systems in a design mode. Therefore, Visual Studio Web Designer supports IIS Express. Additionally, Visual Studio Web Designer lets different Visual Studio Solution projects target different versions of IIS.
Feature 2
When a shadow cache assembly that is turned into a symbolic link to the same file is validated, the size of the assembly is not checked. Therefore, ASP.NET uses Optimization for Shared Web Hosting.
Feature 3
New syntax lets you define a TextBox control that is HTML5 compatible. For example, the following code defines a TextBox control that is HTML5 compatible:
<asp:TextBox runat="server" type="some-HTML5-type" />
Feature 4
A new switch is added for the Visual Basic compiler that allows for server control output of HTML5-friendly elements. For example:
<asp:TextBox runat="server" type="some-HTML5-type" />
In earlier versions of the .NET Framework, all Visual Basic applications automatically had a runtime dependency added. The dependency was with the Visual Basic Runtime library file, Microsoft.VisualBasic.dll. With this update, a command-line option can be set to remove this dependency. Some functionality of the Visual Basic Runtime is embedded in the application, and other functionality is no longer available with the switch set.
Feature 5
Changes to the support portable libraries. These changes include API updates and binder modifications. This update enables the CLR to bind successfully to portable libraries so that a single DLL can run on the .NET Framework 4, on Silverlight, on Xbox, or on the Windows Phone. This update adds public Silverlight APIs to the .NET Framework 4 in the same location. The API signatures will remain consistent across the platform. All modifications are 100 percent compatible and will not break any existing code.
Feature 6
The update extends the support of the portability files to compile Silverlight 5 XAML files.

Support Links

http://support.microsoft.com/kb/2468871

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=3556

IIS 7.5 Express and Visual Studio 2010

Tips and Tricks, Web Development 6 Responses »

Jun 022011

In case you hadn’t already heard, Microsoft have released a comprehensive set of new web development features and tools designed to enhance rapid web application development in the form of Web Matrix.

Today’s article will focus on Internet Information Services (IIS) 7.5 Express, which is a “light” version of Microsoft’s heavyweight IIS web server. The express edition is aimed squarely at developers and provides a much richer set of functionality and support, which makes a great case from moving away from Visual Studio’s built-in web development server (aka Cassini).

Why would you use IIS 7.5 Express over Cassini?

Supports multiple users
Use the same web server your production code uses (IIS)
You may run an IIS 7+ compatible webserver on Windows XP (if required)
Avoid the need for local Administration rights (in most cases)

If you decide to use IIS Express 7.5, it integrates directly with Visual Studio 2010 (with Service Pack 1, which is required). I found it to be a little tricky to find at first, so here’s how I enabled it for a dummy web project. On your web project in Visual Studio’s Solution Explorer, right click to get the context menu. You’ll note a new menu item ‘Use IIS Express..’:

Once you follow the pop up boxes, you’ll have the project configured to use IIS Express

Clicking into the project’s web settings (right click-> Properties, select the Web tab) you’ll see that it uses the ‘Use Local IIS Web server’ option, and that there is a new check box called ‘Use IIS Express’ – it reuses the IIS settings, which threw me initially.

I’ll write up some more on using IIS Express 7.5 as I develop more with it..

For the full IIS Express experience, I highly recommend that you take a look at the IIS Express configuration files, which you can find conveniently in the following location (once you have configured it to be used, I would guess):

C:\Users\[Profile]\Documents\IISExpress\config

Here we will find three configuration files:

applicationhost.config – the bulk of the IIS configuration you’ll need
aspnet.config – specifies assemblies and versions
redirection.config – self explanatory, allows you to configure redirects and other goodness

Troubleshooting

If you migrate away from Cassini (Visual Studio Development Server – the ‘built-in’ web development server), there was one gotcha we found initially. When the project had previously been configured to use Cassini, we had specified a specific port (rather than dynamic ports):

When we configured to use IIS Express, you can see IIS settings are enabled, but when people ran the solution, it used the old Cassini port number instead! The solution was to set the Cassini option to Assign auto port, and then re-enable the IIS settings – it then used the correct port:

Configuring Firefox to Allow Pass-Through Authentication (NTLM)

Tips and Tricks, Web Development No Responses »

May 172011

So this is a pretty short (but hopefully useful) post to show you how to add to a list of “trusted servers” much alike Internet Explorer’s trusted sites options. In short, adding the address of servers allows the browser to “pass through” your user’s credentials when it tries to resolve a URI, without prompting you for your username and password (unless it fails to authenticate, of course).

Start FireFox and enter (no quotes) “about:config” in the address bar.
Confirm the security warning and proceed to the next page

Scroll down the list until you see an entry called NETWORK.AUTOMATIC-NTLM-AUTH.TRUSTED-URLS (or use the filter to filter the list)

Double click this entry and add (separating with commas) the list of servers you wish to add as trusted servers (which will pass through your account credentials)

Ensure you prefix with the correct protocol (e.g. http://server.name, ftp://other.server)

Browse to any of these servers to test that it works, it’s that simple!

The ADO.Net Entity Framework, POCO Objects and You

Design Concepts and Code, Entity Framework, Featured Articles, Programming, Web Development 10 Responses »

Aug 202010

Introduction

Now if you are like me, you’ve probably had some interest in POCO (plain old CLR objects) objects for at least some time. They are an invaluable tool in the distributed systems and service oriented architecture areas, but up until now they’ve been inaccessible for those designs.

In a nutshell, both LINQ to SQL and Entity Framework (v1) class entities did not support serialization for the purpose of stateless transport(such as web service communication). This stems from the embedded context tracking attributes, and the design which stipulates a fairly poor experience for those daring enough to detach entities and “pass them around”.

Enter the ADO.net Entity Framework v2.. ahem, version 4 which shipped in the early part of this year. Whilst the EFv4 doesn’t support POCO objects out of the box (you have to use an online template), it’s easy enough to accomplish with minimal effort. Plus, they can used (almost) as seamlessly as non-POCO objects.

Before we get into the nitty gritty of this particularly long post, I will direct your attention to the following MSDN article which covers most of the steps for harmonious life with POCO objects and WCF services. What the article does not cover is handling somewhat more complex object graphs. In other words, the MSDN scenario is fine with fairly basic (and bland) objects, but it’s pretty nasty when you have objects containing, well, joins (collections, relationships, yada yada).

Now what follows, is based on a number of other articles floating around the Internet. I’m not trying to take any credit for (the majority), I’m just collating the information into one handy to reach place. I’m also going to supply sample code in case you have any trouble getting it all configured. The parts which are my implementation alone, I’ll highlight.

The Data Model

First, let us take a quick look at the sample data model. Nothing fancy, I’ll admit, but enough for our purposes:

Which we will use with a WCF Service or two. You can use the attached T-SQL script to create and populate a SQL Server database (and later generate your EDMX model from that schema). Next, create a solution containing WCF services, and add a ADO.net Entity Framework (v4) model. You can see from my sample below, the model is admittedly not very complex. Notice the “self join” on the Category table. This is not an uncommon scenario in designing parent/child relationships at the DB level. It also has the (awesome) advantage of generating Parent/Child navigation properties (you may need to do some renaming if you generated the model from my sample schema).

The Object Model

Solutions and Settings

Once you have generated the model, right click anywhere on the blank model surface and select “Add Code Generation Item”. This prompts you with a bulky dialog window – select “Online Templates” from the left hand side tree view.

Select ADO.NET C# POCO Entity Generator and click OK a few times as needed. The template builds up the POCO entities and removes the EDMX/Designer based implementation which the EF designer would have originally generated. This leaves you with a number of new files in your solution, which should look a lot like the following:

Web Services

Now that I’ve got your attention, lets have a think about how we’re going to expose these via WCF. I’ve created two WCF Services, SystemLogService.svc and ProductService.svc.
The interface definition of each is per below:

Don’t worry about those attributes just yet! I’ll explain a little about why they are necessary shortly. If you have reviewed the original MSDN article you’ll recall:

“The POCO proxy type cannot be directly serialized or deserialized by the Windows Communication Foundation (WCF), because the DataContractSerializer serialization engine can only serialize and deserialize known types. The proxy type is not a known type. For more information, see the Serializing POCO Proxies section in the Working with POCO Entities topic. To serialize POCO proxies as POCO entities, use the ProxyDataContractResolver class to map proxy types to POCO types during serialization.”

Which means that the default (runtime) classes generated by LINQ/EF are incompatible with WCF because WCF requires classes defined at compile time.

The Solution

As such, you need to both disable the use of Proxies, and also label your web service methods with the [ApplyDataContractResolver] attribute as seen above. You can obtain the details about this attribute from the MSDN article or from my sample solution. You only need to use it on the service side. This is as simple as creating a new class and pasting the implementation from either source. Then add the attribute to decorate your web service definition (on the interfaces).

Now, for the part not previously covered – we generally encounter a problem with passing entities which are a little more complicated than the example POCO objects encountered in the MSDN article. Take our sample application. The System Log entities define a basic relationship, and the products include a (fairly standard) self join, allowing product categories to have a hierarchy.

If we then create a standard console application, and add a web service reference, we can observe the class definition from the generated WSDL (below).

If you’re unsure about how to view the WSDL code within Visual Studio, simply follow these steps:

Right Click on the Service Reference
Select “View in Object Browser”
From here, expand the namespace of the reference, then right click on one of the interfaces
Select “Go To Definition”

Now assuming you have done everything correctly, you should be able to consume the web services and the POCO objects in your console application:

Execution

If we execute the code, the first web service call returns fine, with no errors. The second call however, which returns a collection is not as fortunate.
When we step over the following line of code, we receive an exception with the following message:

SystemLog[] logs = logClient.GetLogEntryByCategoryId(1);
“The underlying connection was closed: The connection was closed unexpectedly.”

Looking deeper into the service side of affairs (debugging), we may discover that the exception being thrown is, in fact, the following:

There was an error while trying to serialize parameter http://tempuri.org/:GetLogEntryByCategoryIdResult. The InnerException message was ‘Object graph for type ‘Products.WcfServices.SystemLogCategory’ contains cycles and cannot be serialized if reference tracking is disabled.’. Please see InnerException for more details.

After a fair amount of searching, I found a way to work around this little problem. Implementing the suggested attribute [CyclicReferencesAware(true)] to methods involving collections appears to fix the problem. After applying the attribute and updating the service reference (just to be sure!) you will find the call succeeds, as per below:

But Wait.. There’s More..

Just when you thought it was safe to go back into the ocean.. What happens when we want to send things the other direction?

Let’s look ahead to a web service method which takes one of our POCO objects, and tries to apply an update.
The logic I’ve used here detects a new entity, and also when an existing entity can not be located in the data store.

So nothing terribly complicated, correct? If we implement something on the client side – something very simple, like the following:

When we try to execute this rather simple update scenario, we get the same kind of exception we’ve seen before:

I love it when a plan comes together..

So what is the solution? Well, rather simple, if somewhat complex in the implementation.
The outcome I found which works quite well is to emit the same attribute into the generated WSDL on the client side, when the reference is created.
This turned out to be a pretty straightforward idea, but a terribly intriguing problem to try to solve.

Without delving too much into details (please download and examine the sample solution) the basic premise was two fold:

Define the required files in a common or shared assembly that both the service and the client project can consume.
Build a class which implements several WSDL extensions: IWsdlImportExtension, IServiceContractGenerationExtension,IOperationContractGenerationExtension and IOperationBehavior

Basically, the class is triggered when the WSDL is being imported, and it adds the appropriate [CyclicReferencesAware(true)] attribute above the appropriate methods.
To do this, you must modify the client’s App.Config to include the following configuration:

When the WSDL import is called, the referenced extension finds operations decorated with the CyclicReferencesAware attribute (the export decorates them with a documentation text).
When an operation decorated with the attribute is found, the importer adds (writes) a reference to itself to the operations’s behavours collection.
As the WSDL is being generated, it’s a relatively easy step to output the required attribute.

Now, when if you update the service reference the appropriate attribute is applied to the generated WSDL code, as you can see from the screenshot below:

Side Notes

The only thing I didn’t figure out was how to add the required using directive to the generated code, however it is very easy to add the reference yourself – just compile the client project and you’ll get the appropriate errors.

Double click on one, right click on the reference and you can easily add it to the code. I realise it’s a bad practice to modify generated code, but I ran out of patience and figured this wasn’t a terrible oversight. If you find a nice way to fix this, please get in touch.

Running the solution after updating the configuration (and referencing the shared assembly) and now the previous code runs just fine. You can check the database to ensure the update occurred.

Summary and Disclaimer

Thus far, I haven’t had much time to test this any further. I’ve implemented it on a number of web service clients without any problems.
I’ve not tried any further complicated scenarios, but I’d really appreciate any feedback if people find further problems.

To wrap up, I’ve included the sample project and T-SQL to create a database. This is not production code, so please use it as a demo.
There’s no encryption, compression or other types of scenarios we might encounter in a complete system.
It is supplied “As-IS” and no warranty is implied

As always, if you have any feedback please leave it here or get in touch.

Seriously though, I sincerely hope this might help out some folks who are as intrigued and equally baffled with WCF and the Entity Framework.

Bon Appétit. /R

[ Download Sample Project and Schema ]

Additional Reading

http://blogs.msdn.com/adonet/archive/2009/12/22/poco-proxies-part-1.aspx
http://blogs.msdn.com/adonet/archive/2010/01/05/poco-proxies-part-2-serializing-poco-proxies.aspx

MSDN Walkthrough on POCO Entities

http://msdn.microsoft.com/en-us/library/ee705457.aspx

The source for the cyclic check is courtesy of:

http://chabster.blogspot.com/2008/02/wcf-cyclic-references-support.html

Reading Ahead – ADO Entity Framework v4 and POCO Entities

Database Magic, Design Concepts and Code, Entity Framework, Projects, Web Development No Responses »

Mar 252010

There’s going to be more to this in coming posts, but I thought I’d add all the articles I’ve been reading ahead of schedule. The long and short of the story is this –

I’ve managed to implement round trip CRUD operations using POCO (Plain Old CLR Objects) using a WCF Service & Client in conjunction with the ADO Entity Framework v4 (and Visual Studio 2010 RC).

In doing so, I’ve implemented all the “fun stuff” (plumbing, configuration, attributes, etc) but I’m currently investigating the options for supporting non-lazy loading queries which return a partial object graph. Part of the problem I’m facing is with the POCO Proxies (which are unknown types at runtime) though I hope to have a solution soon.

Enjoy the reading, or please be patient, and I’ll write a post going into more detail soon!

POCO Templates for Entity Framework v4 (applies to RC as well):

http://blogs.rev-net.com/ddewinter/2010/01/25/poco-templates-for-entity-framework-v4-beta-2-released/

How to set up POCO Entities using the template:

http://blogs.msdn.com/adonet/pages/walkthrough-poco-template-for-the-entity-framework.aspx

ADO Team – Creating and Serializing POCO Proxies:

http://blogs.msdn.com/adonet/archive/2009/12/22/poco-proxies-part-1.aspx
http://blogs.msdn.com/adonet/archive/2010/01/05/poco-proxies-part-2-serializing-poco-proxies.aspx

MSDN – Serializing POCO Proxies:

http://msdn.microsoft.com/en-us/library/ee705457%28VS.100%29.aspx

Exposing POCO Entities via WCF (forum):

http://social.msdn.microsoft.com/Forums/en/adonetefx/thread/1c37447a-e303-4947-a3ee-d2e6592aac0a

Debugging/Trace tips and tricks:

If you find yourself with the dreaded “Object graph for type ‘X.Y.Z’ contains cycles and cannot be serialized if reference tracking is disabled error”
then check out this outstanding article: http://chabster.blogspot.com/2008/02/wcf-cyclic-references-support.html

A Dynamic Data Website with SQL Azure and the Entity Framework

Cloud Computing, Database Magic, Entity Framework, Featured Articles, Programming, Projects, Technology, Web Development 2 Responses »

Jan 272010

This is part of a series of entries written about Microsoft’s new SQL Azure database service and the Entity Framework v4.

Following on from my previous posts (check them out before continuing) – this article assumes you have followed steps outlined in the previous posts to create various models and accounts etc.

Part 1 – Working with Entity Framework v4 and SQL Azure
Part 2 – Next Steps with SQL Azure
Part 3 – Putting it all together – SQL Azure
Part 4 – A Dynamic Data Website with SQL Azure and the Entity Framework (this post)
Addendum – Getting a SQL Azure Database

Continuing along..

Our next step is to create a Dynamic Data website. If you haven’t come across this yet, it’s most likely because you haven’t been using Visual Studio 2010 or the .Net Framework 4.0. Recently introduced and compatible with both LINQ-to-SQL and the Entity Framework, this nice site template makes use of the dynamic nature of both LINQ-to-SQL [.dbml] (SqlMetal) and Entity Framework [.edmx] data models.

Continuing within the solution we created in Part 3, we shall now add a Dynamic Data website to our solution. Open the solution in Visual Studio 2010 Beta 2 and then Right click the solution, “Add –> New Project..”.

Please note: this portion of the solution will also work in conjunction with any other database provider supported by the Entity Framework, not just SQL Azure. To use a Dynamic Data site all you need is a LINQ-To-SQL or Entity Framework Data Context! For details, read on..

I’ve called the new project “SQLAzure.Application.Web” and it sits in a subfolder off the root folder level for the solution. Once you click the OK button, you’ll be presented with the Global.asax.cs (or .vb) which, at first, I found a little unusual. We’ll explore why shortly.

First things, let’s add a project reference to our DataAccess project. Right click the References solution folder and add the reference. You might notice that the project already has the appropriate references for the Entity Data objects. At this point if you compile, it will build without any errors (and if not, you are off to a bad start indeed!).

Configuration Bliss

There are some configuration options which will need to be set. First, double click on the web.config and copy your <connectionString> values from the app.config located in the DataAccess project.

Once you’ve updated the Web.Config, save and close it. You should now be looking at the aforementioned Global.asax.cs (or vb). To get us up and running, with the very minimum of configuration (and hassle), we’ll keep the default settings (using the ASP Development Server a.k.a Cassini). Right click the Web project in the Solution Explorer and “Set as StartUp project”.

Web Scaffolding and other treats

Next, in the Global.asax.cs (or .vb) in the method “RegisterRoutes” uncomment all the code lines, remembering to substitute the value (line 31) “YourDataContextType” with the name of the actual data model context (in our case, SqlDataModelContainer) and you’ll also need to add “using SQLAzure.Application.DataAccess;” at the top of the file.

In the first line, change { ScaffoldAllTables = false }); to { ScaffoldAllTables = true });
We can always customize the data model later to only scaffold specific tables (if we want to).

Once this is all done, you should be able to cleanly compile the project/solution. Assuming you’ve followed all the steps I’ve outlined, your Global.asax.cs should look like the following:

Compile and run the solution (without debugging). You should notice the ASP Development Server load into the System Tray, and then your default web browser should open and browse to your nice new site. If you get the following error message:

Server Error in ‘/’ Application.
There are no accessible tables. Make sure that at least one data model is registered in Global.asax and scaffolding is enabled or implement custom pages.

It means you haven’t changed the value on Line 31 from false to true:

You *should*, assuming everything has been correctly set, see the following in your web browser, a list of tables in your SQL Azure database! If you click on the “Albums” link, you should drill into a paginated view of the first 15 records in the Albums table in your nice SQL Azure database in the cloud..

Prepare to be amazed!

Notice the combo boxes in the top left hand corner? Yes, the site has automatically created those so you can filter the results according to foreign keys in the entiry relationship model – very nice. Go ahead, select an artist. I’ve selected “Bob Dylan”:

…but wait, there’s more..

That was pretty effortless, wasn’t it? You want more functionality? Of course – click on the “Edit” button for the first result. You’ll be treated to this “details view” of the record:

You’ll notice, of course, that again the site has detected all the relationships (including many-to-many) and created combo boxes/checkboxes according to the cardinality of the relationships. You may edit any of these settings and hit the “Update” button – you are now updating your data in the cloud!

Another nice touch is that you can navigate the relationships (hyperlinked) as well. All the tables are inter-related (where applicable). I’ll leave you now to play with your shiny new website, backed with a SQL Azure data store.

The big picture

This was, by far, the easiest website-to-database project I’ve ever wired up, period. The functionality is uncanny for an out-of-the-box template driven site, and what’s more, if you hook it up to a Server instance (as opposed to SQL Azure) you can run SQL Profiler and see that the queries (T-SQL) themselves aren’t terrible, either.

This is amazing value – foreign key filters, paginated data views, complete with full edit/delete functionality.

However, it also has some additional work which should be addressed in any decent implementation, for example, security and brevity (reducing the footprint of the tables). We could also do with some optimization and customization! For example, the screen (1) below could obviously be truncated as the results run right off the screen, and clearly look better in the “Details” view (2).

There are many more things which a “production” quality implementation would require. I may (or may not) go into details in future posts, but off the top of my head you would need to address any of the following:

- Move from Cassini to IIS (should be done early for serious multi-access websites)
- Add a custom App Pool and Identity
- Strong name the assemblies
- Edit all the templates with a scheme
- Restrictions/reductions in the data displayed in “grid views”
- Optimization of some T-SQL to suit the data model design
- Implementing a security model to restrict read/write/deletion of data
- Auditing changes
- Create an automated build and deploy script

However, this is a great start and would probably suit a number of “intranet” style applications.

Looking ahead

In my next entry, we’ll look at some customizations as well as the technology underpinning this great functionality. I do hope you are enjoying this series of entries, please leave comments!

Intelligent Paging using LINQ to SQL and the LinqDataSource control

Design Concepts and Code, Featured Articles, Programming, Web Development No Responses »

Jan 052009

Undoubtedly, anyone who has evaluated LINQ to SQL has fond it a fairly powerful yet lightweight ORM technology which is less complex than the ADO Entity Framework yet utilizes the strength and power of Language Integrated Queries.

One problem with LINQ to SQL is the auto paging feature of the LinqDataSource. Below is a rough GridView which displays three columns, UserName, FirstName and LastName. This is just a rough demo, so we’re looking at paging.

If you simply drop a GridView and a LinqDataSource control onto a Web Form and configure the LinqDataSource (using Smart Tags) without specifying a Group By field or Order By field (Figure 1) then you will get fairly optimal database querying (Figure 2) although without any ordering.

Figure 1: Configure Linq Data Source

Figure 2: SQL Trace of a page load

While it is great for lightweight or simple applications, it’s rather unacceptable for use in anything serious (especially with more complex queries).

Should you supply a Group By/Order By field, the LinqDataSource control will query for a RowCount before executing a single query for each row in the range, i.e. if Page Count is 10, it will execute 10 queries after the initial row query (Figure 3).

Figure 3: SQL Trace when using Group By

This occurs when you choose to use a group by/order by sort – The select clause of the LinqDataSource becomes:

GroupBy="UserName" OrderGroupsBy="key" Select="new (key as UserName, it as Users)"

Obviously we’d like decent performance and the ability to sort/group our data. So there is a pretty low-overhead solution. The first (obvious) step is to disable the LinqDataSource AutoPage property. The next is to implement an event for LinqDataSource’s OnSelecting event, as so: (note: I’ve included the GridView for reference)

<form id="form1" runat="server">

<asp:GridView ID="UserGridView" runat="server" AllowPaging="True"
      DataSourceID="UserLinqDataSource" AutoGenerateColumns="False">
      <Columns>
          <asp:BoundField DataField="UserName" HeaderText="UserName" ReadOnly="True"
              SortExpression="UserName" />
               <asp:BoundField DataField="FirstName" HeaderText="FirstName"
              SortExpression="FirstName" />
               <asp:BoundField DataField="LastName" HeaderText="LastName"
              SortExpression="LastName" />
      </Columns>
</asp:GridView>
<asp:LinqDataSource ID="UserLinqDataSource" runat="server" AutoPage="False"
      ContextTypeName="DataAccess.DataClassesDataContext"
      OnSelecting="UserLinqDataSourceSelecting"
      Select="new (UserName, FirstName, LastName)" TableName="Users">
</asp:LinqDataSource>
</form>

Now for our code behind, we only need to implement the Selecting event, and we have our smarter paging enabled.

                /// <summary>
        /// Implements Server Side Paging for the LinqDataSource
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        protected void UserLinqDataSourceSelecting(object sender, LinqDataSourceSelectEventArgs e)
        {
            /*
             When AutoPage is false, LinqDataSource requires that the user handle the paging
             manually during the Selecting event. In this case, you need to set
             DataSourceSelectArguments.TotalRowCount yourself and perform the paging manually
             using DataSourceSelectArguments.StartRowIndex and
             DataSourceSelectArguments.MaximumRows (pageSize).
            */

            e.Arguments.StartRowIndex = 0;
            e.Arguments.MaximumRows = 10;                //add your paging limit requirement here
            DataClassesDataContext dc = new DataClassesDataContext();

e.Arguments.TotalRowCount = dc.Users.Count(); //you could store this value or cache
//it to avoid the extra DB hit

            //uses an example of ten records/page modify to fit your own paging
            //requirements
            e.Result = (from i in dc.Users select i).Skip(UserGridView.PageIndex * 10).Take(10);

//uses Linq’s Skip() and Take() functions to select a sub section
}

Let’s take a look at the SQL profile trace, just to be sure:

alt="image" src="http://byfiles.storage.msn.com/y1pALcXoBV6stTj5NZsZuk_XI4ZPxrmDfEbNajaEHxCJlA7IZDC2GQDPw-to7v5qhMvr8nqcJAYnng8izH51uR6bQ?PARTNER=WRITER" width="418" border="0"/>
Figure 4: New SQL Trace with custom paging

So this is just a simple little scenario. It’s nothing big. It might help some people out there who are looking to use LinqDataSource but don’t like the overhead of the Auto Paging. You’d probably also need to take a look at supporting sorting (which would need to be factored in to the custom paging query).

This entry doesn’t discuss management of Data Contexts or a plethora of other considerations which you should take into consideration before implementing a solution. Please plan ahead accordingly before choosing an approach.

If you’re serious about using Linq to SQL I’d highly recommend you take a look at Patterns and Practices ‘ObjectContainerDataSource’ instead. It allows you to wire up your data access to queries or providers and is far more robust. There’s a good chance I might write a separate blog entry about the ObjectContainerDataSource.

ASP.net Development: ADO Entity Framework and Foreign Keys

Design Concepts and Code, Entity Framework, Programming, Web Development No Responses »

Dec 012008

Here are some lessons learned from using the Entity Framework and the EntityDataSource provider in ASP.net development.

Edit: Hi Everyone,
I’ve been getting some traffic on this topic and I realise I’ve only written half the details (there is more to come). Please bare with me and I’ll aim to get the second part of this post published shortly. If you’ve found this or some of the previous posts helpful, please don’t be shy.. add a comment and say hi!

Introduction

One of the challenges when dealing with an ASP.net GridView is rendering foreign keys with friendly data such as a display name instead of an ugly or often meaningless number of unique identifier.�

Since our preferred implementation is typically to use data binding, this automatically infers we’re going to need some magic on the DataBound event.

To begin with, let’s review our Web Form. The premise is that we have an Entity Framework data model in our solution. On our Web Form we’ve placed a ASP GridView and an EntityDataSource.�

Using smart tags in the form designer, we’ve configured the EntityDataSource to use a specific Entity Set which has at least one Navigation property.

A Navigation Property is basically a relationship, for example “SectionListLink”, which is a one-to-many relationship between a section (one) and a link (many), as in the model below. We will use the “Link” entity as our example.

The first thing is we’re going to need to extend the Query Path on our EntityDataSource.�

By default, the EntityDataSource isn’t going to retrieve the foreign key data (such relationships are lazy loaded) which is going to be necessary if we are to walk the relationship hierarchy. When we obtain this additional information we are referring to loading or retrieving the complete object graph – we retrieve other objects with which our primary object has a relationship with.

This isn’t as hard as it sounds! To extend the EntityDataSource simply use the “Include” property and name the Navigation Property, e.g.

We can also do this programmatically (in the event you do not use a EntityDataSource) by adding the Include query path specification to our LINQ query, like so:

A word of warning: use the Include operator sparingly! As a general rule of thumb, avoid using more than three query paths otherwise resulting queries will be severely bloated.�

Below is a snapshot of an Entity Framework query against SQL Server where the Include property has three Navigation Properties (foreign keys) specified (column names blurred):

However, back to our example – in order to create a GridView which would look something like the example below, we’re going to have to retrieve the appropriate display value after each row is data bound. The section highlighted in yellow is the Display Name of the associated section.

Instead of binding the identifier of the associated section (which is not very useful for users), we’re going to render the name of the section instead. As a result, in the GridView’s columns we’ve added a TemplateItem so we can add the display text once each row has bound.

Before we take a look at the DataBinding event for this GridView, we need to take a peek at how we can cast the DataItem to an Entity – which you can not do by simply casting the GridView’s Row.DataItem (“how to get the real entity object in the RowDataBound event of a GridView?”). Refer to this article for details.

Basically, you need to implement this functionality in order to convert a data bound entity:

/// <summary>
/// Used by many Modules and Pages to Obtain the Correct Entity Framework Data Item
/// from a GridView or DetailView or FormView
/// <typeparam name="TEntity">The original Entity type</typeparam>
/// <param name="dataItem">Data Item to convert</param>
/// <returns>Entity object or null</returns>
public static TEntity GetItemObject<TEntity>(object dataItem)
    where TEntity : class
{
    var entity = dataItem as TEntity;
    if (entity != null)
    {
            return entity;
    }
    var td = dataItem as ICustomTypeDescriptor;
    if (td != null)
    {
            return (TEntity)td.GetPropertyOwner(null);
    }
    return null;
}

Now, let’s review the code from the GridView’s OnRowDataBound event handler:

/// <summary>
/// Update Section Name
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void LinkGridRowDataBound(object sender, GridViewRowEventArgs e)
{
    if (e == null || e.Row == null || e.Row.DataItem == null)
        return;
    Link linkData = EntityDataSourceExtensions.GetItemObject<Link>(e.Row.DataItem);
    if (linkData == null)
        return;
    if (linkData.SectionListLink != null) //Ensure the foreign key data is valid
    {
        Label lbl = e.Row.FindControl("sectionName") as Label;
if (lbl != null)
        {
            lbl.Text = linkData.SectionListLink.DisplayName;
        }
    }
}

As you can see, this isn’t overly complex. However, failing to add and specify the “Include” property means that the Navigation Property (“SectionListLink”) wouldn’t be populated (although we could force a load programmatically), e.g.

   if (!linkData.SectionListLink.IsLoaded) //Ensure the relationship has loaded
        linkData.SectionListLink.Load();

It’s not a tough concept, but worth remembering if you are in the position of having to deal with rendering friendly names for foreign key relationships. Apologies for the example code, this has been crafted for a simple example, for explanation purposes only.

Next article, I’ll explain how to actually modify these relationships in the within context for a DetailsView – be warned, it’s not trivial

Tools to detect potential SQL Injection Attacks

Database Magic, Programming, Security, Web Development No Responses »

Jul 062008

We all by now have probably heard about the increase in SQL injection attacks to popular (and unpopular) web sites.

A SQL Injection attack is where an external party passes potentially harmful or exploitive data in the form of raw, formatted or encoded T-SQL in a way in which it is executed as a query within a database.

This typically can occur if a web site has not been well designed and allows the transfer of user supplied data to the database (to be executed, in a manner described as ‘dynamic SQL’) without being first checked (validated).

Microsoft have helpfully published a Security Advisory for their customers. Additionally, if you refer to this blog entry by Denis Gobo, there are three tools helpful in supporting users in protecting against SQL Injection attacks (and detecting potential problems and threats).

UrlScan has been around for a while now, restricts the types of requests which can be made of an IIS server. It integrates into Internet Information Services as an ISAPI filter. The latest beta works with IIS versions 5.1 or later, including IIS 7 (shipping on Windows Vista and Windows Server 2008).

Microsoft Source Code Analyzer is a .Net Framework 3.0 based tool which analyzes and detects first order and second order sql injection attacks in ASP pages.

Limitations
The tool has the following known limitations:
- The tool understands only ASP code that is written in VBScript. It currently does not analyze server-side code that is written in any other languages, such as Jscript.
- A new ASP parser was developed as part of this tool development process. However, this parser may not cover all ASP constructs. Therefore, you may see some parsing errors.

Drawback: This doesn’t work with ASP.net…just classic ASP.

HP Scrawlr is a tool I haven’t used before, apparently trawls web pages and tries various parameter injection attacks. It’s main use appears as a testing tool to test the security/integrity of web sites.

A download link is located here.

To learn more about ways to protect against SQL Injection in a design, look at using parameterized SQL queries – you can read about it here.

Older Entries

I’m debating a new article.

Here’s the premise:

Here’s where you fit in:

Issue 1

Issue 2

Issue 3

Issue 4

Issue 5

Issue 6

Issue 7

Issue 8

Issue 9

Issue 10

Issue 11

Issue 12

Issue 13

Issue 14

Issue 15

Issue 16

Issue 17

Issue 18

Issue 19

Issue 20

Issue 21

Issue 22

Issue 23

Issue 24

Issue 25

Issue 26

Issue 27

Issue 28

Issue 29

Issue 30

Issue 31

Issue 32

Issue 33

Issue 34

Issue 35

Feature 1

Feature 2

Feature 3

Feature 4

Feature 5

Feature 6

Introduction

The Data Model

The Object Model

Solutions and Settings

Web Services

The Solution

Execution

But Wait.. There’s More..

I love it when a plan comes together..

Side Notes

Summary and Disclaimer

Server Error in ‘/’ Application.

There are no accessible tables. Make sure that at least one data model is registered in Global.asax and scaffolding is enabled or implement custom pages.

Limitations

Don’t Miss This Section!

Wine Reviews

Stuff to cover the hosting costs

Pages

Translate this Page

Categories

Tag Cloud

Blogroll

Disclaimer

Aussie Wine Guy

Archives