Tigraine

Daniel Hoelbling-Inzko talks about programming

ASP.NET Security

Ok, reinventing the wheel every time you build an application works great, as long as you aren't on a very very tight schedule. So due to time constraints (and my reluctance for spending time) I figured out this time I'll stick to standard ASP.NET role based security.

I never really bothered with trying, mainly because I usually had complex security built into my data structure (like individual access rights for different records).
So, obviously there is a way to do this with custom ASP.NET security providers, but doing security on my own saved me messing around with doing custom ASP.NET security.

So, this time I figured out, doing custom ASP.NET security isn't going to happen. Obviously there is only one administration website that needs authentication all over the place with no special roles and other fancy stuff. Just some plain .htaccess like security on a file-level basis.
.htaccess isn't the most scaleable solution (and quite impractical on IIS ;)) so I just started off by following the quite simple walkthrough on MSDN.

Now, after doing the user-creation you just need to drag the Login-Control onto your design surface and the user is presented with a pretty nice looking login form:

login So, obviously this saves time. I don't need to drag 5 controls to the surface, I don't need to build some fancy cookie-login stuff for my application and the whole thing works. Great isn't it?

 

Now, where this really shines is when you try to access a folder that ASP.NET security was configured to deny. You get redirected to the Login.aspx file and the Log In control automatically handles redirection to the previously requested page etc.

Now, that's it basically. ASP.NET comes packed with loads of great tools that do authentication for you. Like password recovery dialogs, change password dialogs, create user wizard, login name display etc.
This all combined gives you a very solid toolset to work on from a programming and security perspective.

Filed under net, programmierung

Unfortunate news...

I've been very happy with my project's progress over the last week, so I was totally shocked to hear that a similar project just launched in Germany and appears to be pretty competitive.

It's called pizza.de and is doing pretty much the same thing we were hoping to do. Providing a platform for online food delivery for a whole country.
So, the first design meeting today started with something along the lines of "Why didn't I know".
The research on competitors we did is now almost 3 or 4 months old, and apparently pizza.de launched 3 months ago, slipping through.

They are providing a pretty good platform for online food delivery and service, are using some AJAX to spice up the user experience while providing great branding support for corporations (like PizzaHut, Subway etc... Everything looks pretty solid and it's pretty clear they are working on a far bigger budget than my team currently.

So I had some doubts if we'd carry on our project pizza.at, mainly because pizza.de is almost exactly what we thought we'd have to deliver and we were hoping to be able to expand to Germany in the future.

So, because we can't compete with pizza.de in Germany, we brought up another issue: i18n. Austria is far too small to be the only place where we want pizza.at to be available, so after the initial Austria launch we will be looking into expanding to the east and south.

Now, because of our tight schedule (that just got tighter) hopes are high we'll be launching at the end of march so we'll be first to hit the Austrian market with our site.

Filed under job

I'm frightening!

Today I really scared the hell out of my co-workers.
Although I don't officially work for pixelpoint I am currently working at their office, and so my fellow co-workers had to witness one of my scarce "I jump up and dance through the room in ecstasy because it works" moments.
No need to say that they where completely shocked and came running with water and tranquilizers :).

Why I am a full of joy currently is because my first prototype of my online food-ordering application works!
I was fighting the whole day with validation and data-binding issues on ASP.NET and finally got it to work.

I'll blog on my experiences with LinQ2SQL and ASP.NET in the future. For now I'll just say that I am very very happy with LinQ2SQL and I am absolutely sure that it saved me almost 3 weeks of development.

The whole application is completely functional after 7 days of development (still lacking a GUI)! I mean, obviously you need to be a programmer to order a pizza through the exposed model, but shopping cart, order checkout and product view functionality is already there.

I will spend next week working on a admin application and meeting with the design guys to get the front-end out.

Filed under net, programmierung, job

Strange LinQ to SQL oddity

I'm still in the process of doing some research on the tools I'm going to use over the next weeks to build the Pizza.at web app.
So today I tried some LinQ to SQL so I can get used to it a bit. And while doing so I started out with reading through ScottGu's LinQ to SQL series.

I had already some parts of the database schema in place and so I imported it to the ORM, giving me the following model:

linq1

So, this all worked perfectly and I immediately started doing some select statements (while learning how to use and write Lambda expressions - I'll blog about this later).

linq2

And yippie! It worked, although I was very confused that this statement would return a InvalidOperationException in case the Lambda didn't return something. Although I like the fact that it returns an exception, I think the exception given here is too generic. They could have done better in giving the exception a stronger name.

But, after getting over the exception name, everything went smooth from there. Except for me not seeing one thing:
The C and D in CRUD!

ScottGu showed off in his series that doing a simple Categories.Add and an afterwards call to dbContext.SubmitChanges() should do.
In my version of Visual Studio and LinQ I simply don't find this method. All lists I get from the ORM are IQueryable and don't incorporate any Add and Delete Methods.

I'm getting a bit confused, I must be missing something at this point, there must be something I have overlooked. Any thoughts?

Filed under net, programmierung, job

SQL Server 2005 GUI complexity

You know what?
I really love SQL Server 2005, just because it got rid of the Enterprise Manager stuff and introduced SQL Server Management Studio.

What's bugging me now is that although the Management Studio is great to work with most of the time, there are some tiny little things I really hate whenever I create new databases!

sqldb

Whenever I want a field to be a primary key id field I need to go to declare it as primary key, and then define the identity specification.

And there is the design flaw. You can't just double click Identity Specification to change it from No to Yes, you actually have to first click the + to expand the section in the property grid before I can set the Yes/No value.
I see the added complexity in some points where the increment or seed aren't appropriate, but to be honest, most of our ids start at 1 and increment by 1. So in 99,9% of the cases you don't need the extra complexity.

Filed under programmierung, job

A busy day

At first I didn't want to post this. I'm completely exhausted after 8 hours of doing training at pixelpoint and some computer administration stuff for a friend afterwards.

But, because I talked like 3 hours about the Web 2.0 phenomenon and kept repeating "You should blog" I forced myself into blogging about it.

Although I didn't plan to stay for so long I actually enjoyed the day. I was doing a course on .NET programming in VB.NET and people were very interested and doing very well. Afterwards we had an open discussion (after I showed off some Web 2.0 stuff) about Web 2.0 and how it can be used for various things in the carinthian context.

The Web 2.0 actually got out of hand after we covered WordPress and FeedBurner in detail and we spent like an hours discussing the pro's and con's of WordPress as a CMS system for smaller web sites.

The programming session was far more enjoyable for myself. I think they actually did learn something from the whole thing, although they are still hesitating to write code themselves (I had to force them into writing a small sample application). But I think they now understand the .NET syntax much better and will be more efficient on doing ASP.NET web sites in the future.

Filed under job

New job!

Yes, I'm going back to work.

I accepted to work on a new ASP.NET web project as CTO and developer for my previous employer pixelpoint.

So expect to hear new stuff about ASP.NET and AJAX.NET here on my blog during the next weeks.

The project is called Pizza.at and will be a online food delivery service.
I had been working on a previous version that didn't make it to a release while I was working for pixelpoint. Due to time constraints and poor planning the project failed and I was approached some weeks ago to try to get it done during these holidays.

I accepted the deal, mainly because I was offered complete freedom on development (so I can abandon the old codebase).
So, this time around I'm the one to blame if the project goes wrong, because I'm the guy doing all the planning.
I have chosen an agile development process and am currently working on the requirement analysis and some basic design stuff.
Because I want this project to be done fast I decided not to use any fancy new stuff like MVC or Silverlight. The whole project will be done on a SQL 2000 database with normal ASP.NET. Regardless, I'll be using C# 3.5 and some LinQ queries will surely make it into the application.

The whole thing will start later this week after I did another training course at pixelpoint for their employees.

Filed under programmierung, job

My Photography business

Projects

dynamic css for .NET

Archives

more