robbie

Patterns and Practices: Dependency Injection 101

0
Posted by robbie on May 9, 2012 – 9:14 am
Filed under .NET, Productivity, Software Architecture

This is the start of a series of posts that I’ll be doing on design patterns and best practices; it involves the use of common development concepts that I find a core part of development.  If your interested in following, they will be under the category ‘Patterns and Practices’.

One of the most common patterns seen in ASP.NET MVC is dependency injection (otherwise known as Inversion of Control).  Why? It loosely couples the parts of the application and really emphasizes the ability to unit test the separate layers of your application.  Why is unit testing important? Unit Testing, while it may add more time to your development, it allows developers, testers and the client to feel more confident that their code is doing what it is supposed to do.

So what exactly is dependency injection?  Many of us use patterns without even knowing that we are doing it, so this may sound familiar.  It’s actually pretty straightforward, using an instance of one class, it calls an instance of another class, but not by a concrete implementation, but rather by interface.  In essence, dependency injection, aims to reduce the amount of boilerplate wiring and infrastructure code that you must write and implement one of the core design principles, code to an interface not a implementation.

Here’s a simple example, the AccountService has to get a Account.   It looks like this:

public class AccountService
{
  private IAccountRepository _accountRepository;
  public AccountService(IAccountRepository accountRepo)
  {
    _accountRepository = accountRepo;
  }

  public Account GetAccount(int accountId)
  {
    return _accountRepository.GetAccountById(accountId);
  }
}

When we need the AccountRepository, we ask the dependency container to get it for us the instance based on what it’s mapped too.  Why does this benefit developers? It’s good because the AccountService doesn’t know or care about it gets an Account.  You can stub out what the methods and properties on a fake IAccountRepository might return, and test just the AccountService.  You can also use this to change the implementation of the IAccountRepository on the fly based on the type of storage you may be using.  Coupled with a framework such as Ninject, using dependency injection is a powerful pattern that should be used more often.  In one of my following posts I’ll go into using an example of using Ninject and a basic tutorial.

Article source: http://robbiemadan.com/2012/05/09/patterns-and-practices-dependency-injection-101/

robbie

Password Storage 101

1
Posted by robbie on May 8, 2012 – 9:58 am
Filed under .NET, Software Architecture

For all sites that store memberships in a database, security and encryption of sensitive data is extremely important. The password being the obvious field that would need to be protected.  It’s surprising to see how many sites still use plain text passwords or one-way hashes for password storage and don’t realize how easy those are to hack.  Most systems implement a format known as the “one-way hash”. This means that for any input that set the password, the same input will always result in the same hash. But, there is no mathematical method of taking the resulting hash and determining what the original input was.  Using a system such as MD5, hashing the password “qwerty” will result in the string “d8578edf8458ce06fbc5bb76a58c5ca4″, but if I give this same string to people to reverse, it will be impossible for them to determine that the string comes from “password”.

How does this work from an application perspective? Lets assume your building out a membership provider, when you first go to create the user you will store the password as a hash – so instead of storing ‘qwerty’ you will store “d8578edf8458ce06fbc5bb76a58c5ca4″. When that user logs in next, they will enter their password, the system will hash this password using the same algorithm and compare the hashed values, there is no way for you to compare the actual passwords without hashing them. This is quickly becoming standard practice.

Now what if I wanted to break into this account? The fact that the same input always generates the same hash tag means I can build up a database of inputs and outputs and use that to attack an account, this is called using a ‘rainbow table’, a database of inputs/outputs used to determine a hashed password.  Rainbow tables are easily found on the internet, so this one-way hash is not as safe as once thought.  If your interested in learning more about rainbow tables, check out http://ophcrack.sourceforge.net/.

So what’s the best way of stoping rainbow table hacking? Salting. By generating a random “salt” for every user and attaching it to their passwords before hashing, you have made the rainbow tables ineffective. For example, the password ‘qwerty123′ becomes ‘qwerty123AS@#$fgr=’ and is then hashed into ’8a7bb436d4849395072483f7715b7edb’.  Because the salt generates a random string and each user in your database has a different salt value, you have effectively removed the threat of rainbow tables.

If you want to read more about the inner workings of rainbow tables, take a look at this post: http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html

Article source: http://robbiemadan.com/2012/04/26/password-storage-101/

Jakew

Missing TFS Build Templates

0
Posted by Jakew on March 21, 2012 – 10:46 am
Filed under .NET

Background

I am just learning how to use TFS 2010 build services and ran into an issue setting up the default build.  The XAML templates just didn’t exist.  Being my first experience with TFS build I had no idea they were missing in the first place.  I realized fairly early on that something was not quite right with the team project.  I started going through blogs, MSDN, etc… trying to determine where I went wrong but could not find any information on how to create the templates or why they would be missing in the first place.

All the documentation referred to the BuildProcessTemplates folder in source control which was not created with our project.  The  team project was created with Visual Studio 2010 on a brand new TFS 2010 installation.

Steps I took

I created my own test project to try and recreate the issue.  When I created a new team project, the BuildProcessTemplates folder was created and populated with the XAML files.  This obviously confused me as the projects were built less than a week apart.

To solve one issue, I copied the BuildProcessTemplates folder into my existing projects and checked them into source control.  I was then able to create a default build in less than five minutes.  This did not answer why the folder was missing in the first place.

What Happened

I did determine why the original project did not have the Build Templates created but the newly created test project did.  When TFS was installed, the build services were not configured.  The build services were configured after the original project was created.  If build services are not configured, TFS will not create the default build templates.  In hindsight this make sense, if there are no build services why bother with creating build templates.

Conclusion

I learned a few things from this issue, the most important for me being that the default build templates are not specific to a project and can be used in any project to created the default build.

This was my first Blog posting and I hope that it helps some people just getting started with TFS 2010 builds.

Bhavin M

Lync for Android Update

0
Posted by Bhavin M on February 24, 2012 – 12:08 pm
Filed under Lync

A new update for the Lync app for Android was released yesterday.

Here are the changes:

  • Enabled call-via-work – allowing Enterprise Voice enabled users to make and recieve calls using your Enterprise Voice (Lync ID) number only. Connect with other using a single identity.
  • Added user controls for adjusting the sound/vibration for incoming notifications.
  • Improved Lync status icon: know if you can receive IM messages.
  • Enabled copy of IM text to the clipboard.
  • Multiple bug fixes.

Grab it at the Market: https://market.android.com/details?id=com.microsoft.office.lync&hl=en

paulg

Drive: The Surprising Truth About What Motivates People

Comments Off
Posted by paulg on January 10, 2012 – 10:02 am
Filed under Corporate Culture

By Daniel H. Pink

Original Source: The RSA Animate: ‘DRIVE – The Surprising Truth About What Motivates Us’

robbie

The Focus of Leadership

1
Posted by robbie on January 10, 2012 – 9:42 am
Filed under Corporate Culture, Developing Teams

 

I first heard of the concept of Convex Leadership during a TEDTalk by R.A. Mashelkar, when he was speaking at TEDIndia in 2009. His talk discussed breakthrough designs for ultra low cost products being developed in India. Borrowing the concept, Gandhian engineering, from Tata Motors, his discussion expanded on the concept of frugality and challenging conventional wisdom in technological innovations, engineering and new product development. Getting more, from less, for more….. meaning Getting more service, from less resources, for more people. Amazing concept for the manufacturing and production world; especially for a world of depleting resources and a population that can’t afford luxurious overpriced designs.

Going back to the concept of convex leadership, the talk by Mashelkar brought up the idea of how leaders can transform the views and perceptions of those around them to focus and act as one; this type of leadership is needed to take advantage of concepts like Gandhian Engineering. Mashelkar further discusses how he came up with the concept:

Read More »

Article source: http://www.robbiemadan.com/2012/01/04/the-art-of-leadership

Bhavin M

Video Call Federation with Microsoft Lync to Windows Live Network

Comments Off
Posted by Bhavin M on January 9, 2012 – 2:06 pm
Filed under Lync

I was recently troubleshooting an issue where Lync clients could not connect via video calls with Windows Live Messenger 2011 clients. The users could instant message each other but video calls would never connect.

The underlining issue for the disconnect is that Lync requires SRTP encryption by default which the Windows Live network does not support.

Assuming that your federation is working to the Windows Live network, we have to insure that the Lync users have Public A/V connectivity:

Set-CsExternalAccessPolicy Global -EnablePublicCloudAudioVideoAccess $true

 

The second step is to change the Lync encryption requirement fromt required to supported. The Lync client will still try to negotiate an encrypted session first, but if that fails it will allow the unencrypted session with the Windows Live network to take place:

Set-CsMediaConfiguration Global -EncryptionLevel SupportEncryption

 

You can also apply these commands to a specific policy that you have created. After these commands are entered on the server, wait a few minutes and then sign out and back in to the Lync client. You can verify that change has taken place by looking at the PC to PC AV Encryption in Lync (hold down CTRL and right click the tray icon and select “Configuration Information”. The setting should display “AV Encryption Supported”.

If the encryption level is not changed there will be an error logged on the Front-End server when an A/V call is trying to be established:

Start-Line: SIP/2.0 488 Not Acceptable Here
ms-client-diagnostics: 52017;reason="Encryption levels do not match"
paul.patterson

Microsoft LightSwitch – Sending Emails From the Client

Comments Off
Posted by paul.patterson on January 9, 2012 – 10:20 am
Filed under .NET, LightSwitch, Productivity

Most of you may have already read an earlier post on how to send emails from LightSwitch (seen here). This post extends what was learned in that previous post, and shows how to wire up a button to send an email on demand.That previous post showed a specific function that would send out an email when an entity was added to the database. A helper class was created in the Server project of the LightSwitch solution. Then, when the new record was created in the database, that server code was called and an email went out. Here is how  I did that… Read More »

Article source: http://www.paulspatterson.com/technology/lightswitch/microsoft-lightswitch-sending-emails-from-the-client/

Copyright 2011 by Quercus Solutions
Login