Five years ago, everyone working server-side was obsessed with building scalable software. Some said we could never be scalable with Microsoft technologies. Fast forward to 2004. Everyone is obsessed with building “secure” software. Some say we can never be secure with Microsoft technologies. If we look at what has happened over the last five years, perhaps we can see what might happen in the next five. 1) For scalability, expectations have leveled. In 1999 everyone believed they were building the next eBay and Amazon. Today, nobody is over-hyping the ability to go from 0 to huge overnight. I don’t foresee...

Any problem in computer science can be solved with another layer of indirection. – Butler Lampson Since the dawn of the HttpModule class in .NET 1.0, we’ve seen an explosion of URL rewriting in ASP.NET applications. Before HttpModule, URL rewriting required an ISAPI filter written in C++, but HttpModule brought the technique to the masses. URL rewriting allows an application to target a different internal resource then the one specified in the incoming URI. While the browser may say /vroot/foo/bar.aspx in the address bar, your application may process the request with the /vroot/bat.aspx page. The foo directory and the bar.aspx...

John Woods stopped in yesterday to clarify some of the finer points of the nasal demon effect. John has another contribution to the world of knowledge: "SCSI is *NOT* magic. There are *fundamental technical reasons* why you have to sacrifice a young goat to your SCSI chain every now and then."

Years ago, I helped put two large systems together. We were C++, they were Java. We were Microsoft based, they were Unix based. We were an Internet startup approaching the bursting bubble, they were a Fortune 50 company in the midst of a refinancing boom. During the initial integration we used beta 1 of the Microsoft SOAP Toolkit 2.0 (released in December of 2000). They used the Apache SOAP 2.1 toolkit (pre-AXIS), which I believe the Apache team released in February of 2001. The toolkits worked. We moved a tremendous amount of information about mortgages back and forth. Of course,...

A source entrusted me with the following paper she found at a Starbucks this summer. The hand written notes are proof of a hidden agenda lurking in the world of SOA. I’m trying to get this to Dan Rather, but he is not returning my phone calls.

As you read this there is a team of 850 people in India writing software in .NET for the healthcare industry. The company, iSoft, already has a 60% market share in the UK, and a 70% market share in Australia. They plan to target the US market in 2006. Building enterprise scale health care software is a massive effort. Not only do they need  the general business functionality of inventory, accounting, and payroll, but there are  specialized needs in every corner of the hospital: nursing, radiology, pathology, microbiology, blood bank, admissions, pharmacy, and patient care records, just to name a few....

I tried to update my Linux distribution this week by starting over on a fresh virtual PC. I tried SuSE 9.1 Personal only to have a kernel panic early in the installation. Then I tried Fedora Core 2 only to have another kernel panic. That’s when I began to suspect a more sinister problem and found this bug entry - complete with a 57 step work around. Maybe I'll just wait three months and try again.

I’ve found static constructors very appealing in .NET class design. I think this is partially due to coming into .NET with a C++ background. Although there are techniques available to achieve the same effect in C++, the language did not have the syntax to support the concept as elegantly. The first time I received the “Do not declare explicit static constructors” message from FxCop I was a bit dismayed. Why is it telling me there is a performance penalty for a static constructor? One caveat I’ve always had with FxCop is that the tool enforces design guidelines for a framework,...

If you are looking for online resources about the ASP.NET Community Starter Kit, here are a couple places to look: Stephen Redd’s Site (full of CSK Articles, Mods, and Fixes) Dave Rank’s Personal Web Site Matthew Roche’s CSK Resources 

Football season (American) started today. To be precise, it started on Thursday night, but since we never had football games on Thusday nights when I was growing up as a kid, I tend to pretend this doesn’t happen. A few years ago, my interest in pro football was on the decline. This was around the time when football began to morph from being a team sport into a form of modern dance, and players began to augment their costumes with cellular phones and permanent markers. Plus, the Steelers can never seem to get back to the super bowl, so, really, who...

On October 5, 2004 I’ll be talking about the Community Starter Kit for the CMAP .NET User Group meeting in Columbia, MD. I plan to focus in on a couple key pieces of the architecture that can be applicable to ASP.NET applications today and tomorrow. The presentation will stay practical, and I hope to use only two buzzwords during the talk: indirection and virtualization. To finish the talk I’ll touch on customization and deployment of the CSK, which hopefully doesn’t put everyone to sleep. If it does, I plan to make off with all the free pizza, soda, and raffle...

This just in from the Microsoft Downloads RSS feed!! Microsoft Calculator Plus is now available! Update: The CalcPlus link seems to lead nowhere now. It really did exist for a time. Donna Buenaventura saw it too. The plot thickens.... Everyone has been talking for years about how Microsoft has killed calculator innovation by including calc.exe with the operating system. After all those messy anti-trust suits and allegations of anti-competitiveness, Microsoft has finally answered the critics. The calculator dev team has been back in feature development mode. A new age of calculation is upon us. Prepare your eyes as I now convert...

When I first started working with SQL Server (v 7.0), I found two part / four part names a bit confusing: SELECT * FROM ownername.tablename SELECT * FROM servername.databasename.ownername.tablename What would confuse me was why anybody would want an owner name - a login - appearing as part of a fully qualified database object name. This creates all sorts of limitations. If an admin needed to remove a user, all the objects belonging to the user had to...

John is addicted to chocolate. I think I am too. Just recently, I noticed a new product in the vending machine at work. It’s a chocolate bar with miniature M&M’s inside. Just think – you have pieces of chocolate inside of hard candy shells then embedded into a larger bar of chocolate. Human achievements just never cease to amaze me. I somehow resisted the urge to plunk money into the machine and go on a chocolate feeding frenzy. I wish they wouldn’t keep these in the machine - it would be much easier to resist the spicy pork rinds Heather...

I listened to the .NET Rocks episode with Jeff Richter this week. At one point, Jeff made a comment about C# having an inherent performance benefit over VB.NET. About two beats after Jeff finishes the statement you hear Carl suck in air. I think he wanted to explode at this point but winced instead. Carl is a fervent supporter of VB.NET and dispels all sorts of myths about the language. Carl told Jeff he didn’t agree, but didn't start a debate. Jeff commands a great deal of respect in the .NET community, as well he should, but I think the truth is somewhere...

Here are a couple of my pet peeves in source control. Let’s say the sales and marketing department has decided the company is about to build version 3.0 of an amazing product: FooBar. Sometime thereafter, someone checks in a file named FooBar3.cs into source control. I see two problems here. First, source control software, also known as version control software, will manage versions all by itself. Instead of putting version numbers in the file name, leave version numbers to the tool. When it comes time to associate a file version with a specific product release, I use the tagging /...

Designing an authentication and authorization scheme for a non-trivial web application is, in most cases, non-trivial. You need to minimize risks and always err on a safe side, while giving customers usable software. .NET provides useful mechanisms to implement a security design, including impersonation, delegation, role-based authorization, and a choice of authentication options. The technical part is sometimes the easy part. Designing an authentication and authorization scheme for software in the healthcare market means sitting down with people and understanding their interpretations about the sticky pit of legal and regulatory goo they live in. Everyone has a different opinion about...

Don Kiely recently pointed to an article on CodeProject with C# code to run a process in a new security context. The code PInvokes CreateProcessWithLogonW, but doesn’t work under ASP.NET. CreateProcessWithLogonW is one of those tricky APIs that doesn’t pick up and move well from one environment to the next. Unfortunately, there is no way with .NET 1.1 to start a new process under alternate credentials without PInvoke. A spawned process always inherits the token of the creator process, so even if a thread is impersonating when it calls Process.Start, the new process always has the same identity of the current...