Less than 2 weeks to Modern Apps Live in Orlando – hope to see you there

Hope to see some friends and former colleagues at Modern Apps Live – co-hosted with Visual Studio Live, SQL Server Live, and SharePoint Live

Posted in Uncategorized | Leave a comment

Windows 8 User Group Presentation

On Tuesday January 22 I will be presenting to the Twin Cities Windows 8 User Group on Data Access and Asynchronous Programming for Windows Store Applications -

Windows 8 User Group

Sample Code

Posted in Uncategorized | Leave a comment

Code Mastery sample data solution

Solution zip file available here
NOTE: I still have a problem with the SQL Lite example-
however to use the samples, you simply have to open the app.xaml.cs file in the windows 8 project and comment/uncomment the view model in use.

Posted in Uncategorized | Tagged , | Leave a comment

Code Mastery Minneapolis

Still time to register for Code Mastery Minneapolis on October 2!!  http://codemastery.com/minneapolis

Code Mastery Minneapolis is hosted by Magenic with the goal to present attendees with meaningful technical content by the professionals that are using the subject matter every day.

The featured speaker for the Minneapolis event is Magenic CTO and CSLA .NET creator Rockford Lhotka. Along with a great agenda, we’ll make time for you to network and make some great connections.

Please pass this on to your friends and colleagues that may be interested in the event.

Posted in Uncategorized | Leave a comment

Windows 8 Storage pools!! – Welcome Back WHS Drive Extender

I’ve been wrangling with how to build a home server storage volumne with my mix match of hard drives I have on hand – frustrated by Windows Home server having deprecated the drive extender feature I was exploring the OpenSolaris ZFS file system because of it’s capability to have a volume built with different capacity drives, dynamically extended, and resilient to failure. Of course I’d like to do this on the windows box I have so without sacrificing the ability to play games and other stuff I want windows for – so I thought I’d use solaris with virtualbox to run a windows VM – thankfully before I reformated and tried to knock the rust off my unix skills I saw this post on Windows 8 Storage Pools.

Virtualizing storage for scale, resiliency, and efficiency

Bring on the beta!! I may have to knock the dust of a few drives I’ve been sitting on but I can’t wait (sorry I’m not throwing the dev preview on my home PC where I want a chance at recovering data ;)

Posted in Uncategorized | Leave a comment

Please Stop Storing Plain-Text Passwords!!!

Too often I still see plain-text passwords in a database – really, what need is there to store the actual password?  I find it rather funny that some of the IT types out there will fret for days over performing a firewall change but don’t really bat an eye at the fact that a simple SQL Select query may return all of their user’s password data.  I’ve heard arguments like “but the database server isn’t accessible to the internet” – really?  So can you really guarantee that your entire app is immune to SQL injection attacks?  And it will always remain that way?  And what about the administrative DBA that becomes disgruntled and quits?  Are you at risk now?  I think anyone that stores a password in plain text or even using SQL Server’s encryption should say they are at risk in the last scenario (DBA’s made the encryption key backups, right?)

At this point, if I have to do an evaluation of an existing application, one of the first things I’d do is query the main user table and just look at the data set – if I see passwords, it’s a FAIL IMHO.  There was a time where the encryption and/or hash was more difficult to do, but that time has passed.  Let’s move on Smile.

Recommended Approach

My best recommendation to you would be to use what is called a salted hash to store a representation of the password (but not the password itself) – there are plenty of detailed articles online for more detail, feel free to search for more information – my goal here is to quickly define what this means and to show how little code is needed with the .NET framework to achieve a functional salted hash.

Definitions

First some quick definitions:

  • Hash – generally a math formula that is applied to a given string or set of bytes that provides a numeric derivation or hash of the value provided – good algorithms offer excellent protection against 2 different values hashing to the same hash value.  In cryptography the common hash algorithms are SHA-1 and MD5 with more recent advancements being SHA-256 and SHA-512.  Hash values are often used for what is called a digest in security systems.
  • Salt – a cryptographically random sequence of bytes generated once for each user – the function of salt in a user store is to generally obscure the fact that 2 users may actually have the same password.

How it Works

OK, so the basic idea is that when you create a user account, you generate a ‘salt’ – that is a random sequence of bytes usually 6-8 bytes long.  This is generated once and ONLY once – it can never be updated or you’ll break the password authentication.

So with a user created with a salt, you then calculate a hash by doing the following (pseudo code)

user.PasswordHash = CalculateHash(Concat(user.Salt,passwordString);

OK, now to validate a user’s login, it’s basically the same calculation and you compare the hashes – again pseudo-code for this section

if (user.PasswordHash == CalculateHash(Concat(user.Salt,passwordString))
	// user entered the correct password
else
	// passwords don't match

Continue reading

Posted in .NET Development, Security | Tagged , | Leave a comment

Update to My Twin Cities Code Camp solution

The solution I did for TCCC 10 had a couple problems – I corrected the edit page so it actually saves the changes and also added a new business rule (attribute) based code generation T4 template for the EF context so simple attributes get your business rules invoked on change to an entity. see my earlier blog entries for more info on this.
Anyway the solution is here ExampleNTier V2

Posted in .NET Development | Leave a comment

Attribute based business rules with EF model

This entry is an example illustrating how you’d apply the attributes generated by my T4 template add-in.
The solution for the extension itself is here EF4 Attribute Business Rule Code Gen Solution. Feel free to customize it to your own needs.

– the vsix (installer for it) is here EF4 Attribute BR Code Generator Extension

Please note – right now the T4 template generates the attribute classes themselves along with a UnitOfWork helper class – in larger solutions where there will likely be multiple edmx files you wouldn’t want multiple copies of these classes – so treat this as a starting point for solutions like that.

Example using the business rule attribute – assuming you have a table mapped called Customer (and hence a generated to represent this called Customer in the EF generated code and a context interface of IAdventureworksEntities)

// note the rest of the Customer class is generated by the T4  template
[BusinessRule(typeof(CustomerRules))]
public partial class Customer {} 

public class CustomerRules
{
     public CustomerRules(IAdventureworksEntities context)
     {
         CurrentDataSource=context; //save the context in case the business rule needs them
     }
      [BeforeInsert(typeof(Customer))]
      public void BeforeInsert(Customer cust)
      {
             // before insert logic here
      }
      [BeforeUpdate(typeof(Customer))]
      public void BeforeUpdate(Customer cust)
      {
             // before update logic here
      }
      [BeforeDelete(typeof(Customer))]
      public void BeforeDelete(Customer cust)
      {
             // before delete logic here
      }
      [AfterInsert(typeof(Customer))]
      public void AfterInsert(Customer cust)
      {
             // after insert logic here
      }
      [AfterUpdate(typeof(Customer))]
      public void AfterUpdate(Customer cust)
      {
            // after update logic here
      }
      [AfterDelete(typeof(Customer))]
      public void AfterDelete(Customer cust)
      {
            // after delete logic here
      }
}
Posted in .NET Development | Tagged | Leave a comment

Twin Cities Code Camp interview available

Many thanks to the folks that run TCCC 10 – the speaking experience was great.  I was fun to get back into the swing of speaking in front of a bunch of people about a fun piece of technology..

They interviewed all the speakers and my interview is available at…

http://www.youtube.com/watch?v=kqagpdBnOYY

I still can’t get used to seeing myself on video – oh well.

Posted in Uncategorized | Leave a comment

Twin Cities Code Camp: Build a N-Tier App with Entity Framework, WCF Data Services, and ASP.NET MVC

For those of you who saw my presentation at Twin Cities Code Camp, the sample code download can be downloaded as a solution zip file: ExampleNTier

Posted in .NET Development | Leave a comment