Tuesday, 22 February 2011

CSRF Prevention with MVC.NET

There's plenty of information on the inter-tube on the Cross Site Request Forgery Hack (CSRF, also known as XSRF and Confused Deputy - go on just Google those acronyms) so I'm only going to give a general overview of the exploit but know that it is a problem that has been around pretty much since the birth of of the internet, that browsers cannot prevent it (and have in the past aided it), and pretty much relies on a User's Trust / Stupidity.

Read more »
Posted by at No comments:
Labels: , , , , ,

Monday, 21 February 2011

Custom Validation via Action Filters

At the end of last week, I was tinkering with the Entity Framework 4.0 and MVC3;  MVC which we’ve been using a long time here and we all know and love, Entity Framework which quite frankly feels unfinished unless you have the CTP5 patch so that one can write true code-first with POCO’s.  Now I know it’s illegal to use CTP patches on production environments, but apparently this is the last CTP release before a full release first quarter this year, so we can begin prototyping with it at least.  Anyway getting to the point, during my tinkering, I think I may have worked out a means of custom validating objects in the controller, setting ModelState, and creating errors well before a controller method is invoked, essentially creating a validation layer that at run time sits between a UI post and the controller.  I'm sure I'm not the first who's done this, and this has been worked out and blogged a gazillion times before but I figure I'll have my say on the matter...

Read more »
Posted by at 2 comments:
Labels: , , , ,

Friday, 18 February 2011

O/RM Schema Design Approaches

I've spent this afternoon looking at the various schema design approaches available to an O/RM user, in the context of Entity Framework (EF).
Read more »
Posted by at 2 comments:
Labels: , , , ,

Thursday, 17 February 2011

"A computer lets you make more mistakes faster than any invention in human history—with the possible exceptions of handguns and tequila."

and another one from the snowy wastes of that there internet:
"Walking on water and developing software from a specification are easy if both are frozen."
Posted by at No comments:
Labels:

ViewEngines in Our Solution

So the three of us have been looking at the Razor view engine over the last couple of days and decided it has many advantages over WebFormViewEngine. A good summary can be found here (note that Declarative HTML helpers aren't really out of the box, see here).
Read more »
Posted by at No comments:

Windows Identity Foundation

In Brief

 Windows identity Foundation (WIF) is a component of Microsoft's identity and access management solution. It is a 'Federated' and 'Claims' based identity framework with the distinct goal of decoupling the mode of authentication from an application and/or service. On the face of it then, WIF appears to be an solution for externalising the authentication mechanism altogether, no longer necessitating the need to create custom identity providers and user account tables for disparate applications within and without an organisation. 

Read more »
Posted by at 1 comment:
Labels: , , , , ,

Wednesday, 16 February 2011

DotNetDevNet Usergroup meeting

Mike and I went to a great .Net usergroup meeting yesterday. After sitting through a couple of 10 minute presentations on Fogbugz(!) and Android development, the main part of the meeting kicked off. Presented by Steve Sanderson it was basically a quick run through of asp.net MVC3. I definitely recommend seeing Steve if you have the chance - no powerpoint, and lots of code!


Read more »
Posted by at No comments:
Labels: , , , , , , ,

Unit Testing Best Practice

I'll start this off with the things I think make good best practice for unit tests. Please feel free to add more or to correct me in the comments.

Read more »
Posted by at 4 comments:

Monday, 14 February 2011

Ext.JS view implementation

Alistair wrote a great post on Friday recapping his visit to Bath. Amongst his points was a section on his concerns with implementing Ext.JS in an MVC environment, and an equally excellent reply from Nathan (at 2am when he was on holiday!)

Rather than further dilute Alis post covering a multitude of points, I thought I'd start a new post specifically for discussing our Ext.JS implementation.

Read more »
Posted by at 2 comments:

Friday, 11 February 2011

Recap - from the bath visit

Hi guys, thought this might be a good place for this; just wanted to have a little recap of what we went over and any decisions made or points still up for discussion.


Read more »
Posted by at 3 comments:

Thursday, 10 February 2011

Phase 1 Backlog


Phase 1 Backlog in One Note

We need to put some initial estimates (using PlanningPoker) in over the next few days. As Mike is off this week and Nathan is off next week, I'll split it into two sessions, one with Nathan, Luke and Ali tomorrow, and one with Mike, Luke and Ali next week.
Posted by at No comments:

If (then else)

If you can keep your code clean while others are corrupting it,

And losing their data and blaming it on you,

If you can be sure that DVCS is right when all coders doubt you,

But make allowance for SVN being pretty nifty too,

If you can wait for compiles and not be tempted to turn off warnings,

Or, seeing a broken window, fix it,

Or, getting a harsh peer review, don't give way to stubborness,

And yet don't appear to be a guru, nor talk like one

Then you'll be a developer, my son.

(From Programmers Stack Exchange, Apologies to Kipling)
Posted by at No comments:
Labels:

Welcome

Welcome to the new team blog!

Feel free to share articles, code, gotchas and any WTF code snippets you might come across ;)

Also any updates or general points for discussion.

Happy blogging!
Posted by at No comments:
Subscribe to: Posts (Atom)