Category Archives: .net

.net, microsoft, silverlight, software development

Testing a web service with IIS 7 on Vista

Not long ago I created a simple CRUD example using Silverlight 2.0 beta 2. I used Visual Studio 2008 and the ASP.NET Development Server. I wanted to test the same WCF web service with a different client (more on that soon), so I decided to deploy it to the instance of IIS 7.0 which comes with Windows Vista. I created a new web site on a different port than the default.

Nothing worked. Reason: although I have installed .NET 3.5 SP1 beta and Vista SP1 – which should do this automatically – the IIS 7 mime types and  handler mappings were not configured for Silverlight and WCF. How to fix the mime type is here and the handler mappings, here.

The web service still didn’t work. I got:

A first chance exception of type ‘System.ServiceModel.ProtocolException’ occurred in System.ServiceModel.dll.

I changed the debug options to break on all managed exceptions, and got this further detail:

The remote server returned an unexpected response: (404) Not Found.

Problem: Silverlight is looking for a cross-domain policy file.  The reason was that at this point I was still running the Silverlight app from the ASP.NET Development server, and it considered IIS to be on a separate domain. The 404 error does not make this obvious; but a quick Google for Silverlight 404 shows that this is a common problem.

Silverlight is designed to support cross-domain policy files in either Microsoft’s format (clientaccesspolicy.xml) or Adobe’s format (crossdomain.xml). If the service is just for Silverlight, use Microsoft’s format; otherwise I suggest adding both.

Nearly there; but I still had to fix SQL Server authentication. I normally use Windows authentication, and if you are using the ASP.NET Development server this just works. Move to IIS though, and it does not work unless you set up ASP.NET impersonation, or create a SQL Server login for the account under which the application pool is running. Oddly, when I tried the app without fixing the SQL Server login I still got a 404 exception; I’m not sure why.

Incidentally, I noticed that if you configure ASP.NET impersonation for a web site, the username and password gets written to web.config in plain text (bad). If you configure the application pool to run under a different account, the password is encrypted in applicationHost.config (better). In the end I decided to use good old SQL Server authentication.

One last tip: when debugging a web service, put the following attribute on the class which implements your ServiceContract:

[ServiceBehavior(IncludeExceptionDetailInFaults = true)]

Otherwise you get generic fault messages that don’t help much with debugging. Remove it though for release builds.

Once I’d fixed the SQL server login, everything was fine.

.net, adobe, apple, flash, internet, java, microsoft, silverlight, software development, web authoring

The messy world of the Web 2.0 user interface

Verity Stob’s Web 2.0 app diagram is worth a look.

So is it back to plain old HTML+forms then? That won’t do either; your app will look a decade old, and offline will never work.

This is why the current RIA wars are fascinating – particularly since Apple seems averse to runtimes like Flash, Java or Silverlight on its iPhone.

Which leaves what? JavaScript, hélas.

.net, microsoft, software development, web authoring

Microsoft accused of reinventing EJB – ouch!

3 Comments

There is a lot of discussion around Microsoft’s object-relational efforts right now. There are a couple of key issues:

  • Is Microsoft really committed to Linq to SQL, or is it shifting its attention to Entity Framework?
  • Is Entity Framework being pushed out before it is ready? A “vote of no confidence” open letter along those lines has been signed by over 300  including more than a dozen MVPs (Most Valued Professionals), experts in Microsoft data technologies.

Now a post from MVP Ian Cooper makes the frightening suggestion that Microsoft is ignoring the lessons of Java’s problems with EJB:

The .NET community had a huge amount to gain from this experience. Ports of Hibernate and Spring offered the community the chance to avoid the mistakes of the past. However, seemingly unaware of the lessons of history the EF team embarked on a project to produce a complex framework, of which persistence is just one aspect, reminiscent of the EJB initiative. So the reaction against the EF comes from its failure to learn lessons that another community has struggled with around complexity and ambition.

Microsoft’s success with .NET has been partly enabled by over-complexity in the Java world. Microsoft’s secret sauce is enabling developers to build stuff that works quickly and easily – which, incidentally, is why I am really disappointed that Visual Studio 2008 is still such a mess for quick database applications.

My own knowledge of the Entity Framework is rather thin. I’ve treated it as a layer that you have to generate in order to use ADO.NET Data Services, a REST API that I really like. It has to be said though – Microsoft’s data story is getting confusing. Roger Jennings is doing a great job of tracking developments.

.net, microsoft, security, software, software development

Native code client coming for CardSpace as .NET runtime too demanding

I spoke this morning to Paul Mackinnon and Steve Plank at Microsoft, about Information Cards and CardSpace. CardSpace is part of .NET Framework 3.0 and higher. It enables uses to authenticate on web sites by presenting a virtual card, instead of typing in a username and password.

The CardSpace concepts strike me as sound, but as far as I can tell adoption has been minimal. I expressed my frustration; why is it that 18 months after the 1.0 release even Microsoft is not using it to any noticeable extent? I still see username/password dialogs whenever I need to sign into a Microsoft property like MSDN subscriptions or Live Mesh. Actually there is a beta service which lets you sign in with CardSpace – but I believe my point is still valid – how many people even know about this?

I was told that it is still early days and that we will hear more about the Live ID service when it comes out of beta. Mackinnon also mentioned that Microsoft is working on a native code client for CardSpace. Currently users need at least .NET Framework 3.0 which is a huge download and can be problematic. A native code client will be a small download with few dependencies. There is no firm date for release, though it is at least a year away (maybe previews before then).

Technorati tags: , ,
.net, ruby, security, software development, web authoring

Ruby interpreter flaws make the case for JRuby?

1 Comment

The official Ruby blog reports:

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.

More discussion here and here. The community is fixing the problems energetically; but they do appear serious, and some are struggling with compatibility issues.

Since these seem to be bugs in the interpreter, it strikes me that this makes a good case for JRuby or in due course IronRuby, on the grounds that the Java and .NET runtimes are more mature. When I spoke to ThoughtWorks about its extensive Ruby work, I was told that JRuby is almost always used for deployment, partly because enterprises are more comfortable with it.

Technorati tags: , , ,
.net, microsoft, open source, software development, web authoring

Ruby on Rails on .NET

1 Comment

Microsoft’s John Lam reports:

IronRuby dispatched some simple requests through an unmodified copy of Rails a few days ago. Today, we’re going to show off our progress live at RailsConf.

He adds that performance is terrible; so you might not want to migrate your project just yet. Why bother? Mainly, to get Rails productivity plus access to .NET libraries – in other words, integration with Microsoft’s platform.

Technorati tags: , , , ,
.net, microsoft, windows

Installing .NET, PowerShell on Windows 2008 Server Core: it can be done

Dmitry Sotnikov explains how to install .NET and PowerShell on Windows Server 2008 in its Server Core configuration. It is necessary to tweak the .NET setup with Orca, a low-level editor for Microsoft Installer files. Note this is unsupported.

The lack of PowerShell is an annoyance; the lack of .NET is a major obstacle to making use of Server Core, so this is interesting work. Sotnikov does not say whether ASP.NET springs to life; I presume it may be possible.

I imagine that one of the issues with .NET on Server Core is that some parts of the Framework will not work because dependencies are missing. Server Core has little in the way of a GUI, so I would not expect System.Windows.Forms or Windows Presentation Foundation to work; yet the .NET runtime is all or nothing. This is changing; Microsoft has announced a Client Profile Setup to reduce the runtime size in .NET 3.5 SP1, for client applications.

What we now need is a Server Profile, tailored to work on Server Core.

.net, internet, php, software development, web authoring

Cenzic web app report highlights security problems

Will we ever get a secure Internet? There’s no cause for optimism in the latest Cenzic report into web app security. A few highlights:

  • 7 out of 10 Web applications analyzed by Cenzic were found vulnerable to Cross-Site Scripting attacks
  • 70% of Internet vulnerabilities are in web applications
  • FireFox has the most reported browser vulnerabilities at 40%; IE is 23%
  • Weak session management, SQL Injection, and poor authentication remain very common problems
  • 33% of all reported vulnerabilities are caused by insecure PHP coding, compared to 1% caused by insecurities in PHP itself.

OK, it’s another report from a security company with an interest in hyping the figures; but I found this one more plausible than some.

The PHP remarks are interesting; it would be good to see equivalent figures for ASP.NET and Java.

.net, microsoft, silverlight, windows

Substantial .NET, Visual Studio 2008 update in Service Pack 1

Microsoft’s Scott Guthrie has announced .NET 3.5 SP1 and Visual Studio 2008 SP1 beta. Some of the things which caught my eye:

  • Performance: up to 40% faster startup for desktop .NET apps, up to 10% faster ASP.NET.
  • Smaller runtime in .NET “Client profile”. There is a new cut-down runtime for Windows Forms or WPF client apps, bringing the setup down to “only” 26MB. The key point here is the size of the file a user must download and run if she does not already have .NET installed in the right version. Tim Sneath has more details about the new client profile.

A bit of context: the .NET 2.0 runtime is only 22.4MB. This ballooned to 50.3MB for .NET 3.0, and 197MB for .NET 3.5 (check the size of the full package, not the 2.7MB bootstrapper which launches further downloads) – though there are ways to reduce the size of the 197MB monster, which actually includes several versions of the .NET Framework.

  • New vector shape, Printing, and DataRepeater controls for Windows Forms – echoes of old VB controls.
  • A datagrid for WPF – not actually in SP1, but promised shortly afterwards.
  • WPF interop with Direct3D
  • ADO.NET Data Services (formerly Astoria) and Entity Framework

The new SP offers compatibility with SQL Server 2008, and the database product itself is still expected “third quarter” as far as I’m aware. I guess it may go final at the same moment as SP1 for .NET and Visual Studio.

The smaller runtime for .NET desktop apps is welcome, but those in search of a lightweight .NET runtime should look at Silverlight 2.0, which is currently 4.38MB.