Wednesday, September 29, 2010

ASP.NET Vulnerability

If you haven't heard already there is a security problem with all versions of ASP.NET (yes...including MVC) which allows attackers to read/request protected files, like the Web.Config.

In order to protect these files you'll need to install the patch that is appropriate to your OS and .NET version. Click here for that patch.

Version 1.1 is Available

I just wanted to post a big thank you to several readers who helped with the 1.1 of PDF. David Jenkins (who's posted more to this forum than I have!), Greg Heath, Alexander DiMauri, John CrankShaw,Robert Dzikowski, and Dave Mateer.

Thanks to yours and others feedback the new version now has a downloadable Visual Studio solution file per chapter under /code/chapter_name/solution to let you check your answers against mine.

Now onto MVC 3.0 changes... :)

Monday, September 27, 2010


Just finished an interview with InfoQ on my book.

As part of the interview the prags released an exclusive excerpt of chapter 9 - Integrating with Controllers that you can download off InfoQ. If you're trying to plug-in Windsor Container with ASP.NET MVC that chapter will show you how to do it.


Friday, August 27, 2010

Windsor 2.0 and Log4Net

So I was looking for two DLL's to get Log4Net working with Windsor 2.0.
I had a hard time finding the version I needed, as I guess I'm in the dark ages not using Windsor 2.5.

The files in question are: Castle.Facilities.Logging.dll and Castle.Services.Logging.Log4netIntegration.dll

Why am I using Windsor 2.0? Since the version of FluentNHibernate I'm using is 1.1 and uses CastleDynamicProxy2.dll version 2.1 - even Windsor 2.1 (which includes the logging files I need) uses CastleDynamicProxy2.dll version 2.2.

To make a long story short - without changing a bunch of code around it was easier to just solve the problem myself. It's open source so I just downloaded and compiled the assemblies I need and provide them to the community of how many others might be looking for these.

Download them here

So here they are - enjoy!

Tuesday, August 24, 2010

ASP.NET MVC in 4 minutes!

I just published a short 4 minute video on how to build an ASP.NET MVC project. It walks you though the absolute basics of MVC. You can take a look below or visit YouTube here.

Monday, August 16, 2010

New to C#, Visual Studio, and SQL Server

I've had a lot of questions recently for developers who are new to C# and Visual Studio for some guidance as to where to begin. So, I've compiled a list of links that will help you get started:

  • Intro to Visual Studio 2008 – Even if you’re using Visual Studio 2010 this tutorial can still help you with the basics. If you’re in a rush skip forward 4 minutes and 44 seconds into it.
  • Intro to C# and VS2008 – Good 15 minute intro to Studio and C#, although the accent can be a little hard to understand.
  • SQL and SQL Express Intro – Covers some basics of how to manage databases with these tools.
  • MVC in 4 minutes - a video by yours truly on building a quick MVC app.
  • Intro to MVC Basics – A good intro (73 minutes long) starting from File->New Project
  • Dave Mateer has written an excellent blog post about how to
    setup nunit-gui.exe with Visual Studio Express.

I’ll add more to this post as I collect more links and tutorials.

Monday, July 19, 2010

MVP != MicrosoftFanBoy

I was pleasantly surprised last week to hear that Microsoft awarded me an MVP (Most Valuable Professional) for my work in the community with ASP.NET MVC.

Thank you to everyone who nominated me, and all the community members who tried not to fall asleep during my presentations and talks ;)

And now for the official logo...

One of the most interesting things about being an MVP is participating in the MVP Global Summit. It's a chance to meet other professionals from around the world whom are passionate about finding the best way to use Microsoft tech to get the job done. Looking forward to attending early next year.

Now that I've basked in all this honor and glory, on to the real content of this post...

Does MVP = Microsoft fan boy? No - at least not from what my discussion with Simran Chaudhry, the Microsoft employee in charge of the program in Canada. Since it's a Microsoft sponsored program, there is a code of conduct that is expected that sums up to basic professionalism.

MVP doesn't mean you're singing Microsoft's praises and pushing product. You're free to disagree with Microsoft tools/frameworks, etc from a professional point of view - the key is to be professional about it.

Example - it's well known to many of my colleagues that I feel Subversion is superior to Team Foundation Server when it comes to source control. Having used both on different projects, Subversion is faster for checkins, updates, and merges. Also, Subversion is a lot easier to use when the server goes down or you're working remotely in a disconnected state, like when you're on an airplane for example.

However, I realize that a lot of corporate environments use it for MORE than just version control (i.e. issue tracking, project workflow, continuous integration even). I learned this while working for the Enterprise Architecture department for a client last summer. There is more to tool choice than just what the developers finds best. Yes, the world doesn't revolve around us.

So while I'd rather use Subversion (or Git if you're a cool kid) there are advantages to TFS from an Enterprise Architecture point of view, like looking at critical bugs raised across the 80 projects running at your company. I also know that TFS 2010 is way better than 2005, so Microsoft is improving their game. Maybe in 20xx TFS will be on par with Subversion for source control?

In the end a healthy debate and feedback to Microsoft will ultimately help them make better products that serve their customers. This is another core part of the MVP program, being a channel from the community back to the Microsoft product teams.

You might say "yeah but Microsoft is just in it for the money." So what's wrong with that? They are running a profitable business, just like all of their competitors - all who have also had their reputation muddied in the pursuit of profit. Look at Google - have you read through their latest privacy policy? Did you know that Facebook owns the rights to all the photos you upload of you and your friends getting smashed?

Even open-source contributors make a profit - look at JBoss or Firefox! My friend Clinton Begin didn't make millions off iBatis, but he certainly helped his career along by doing it. That might not be their primary motivation, but it certainly is an outcome. Do you think that Linus Torvald will ever have a problem finding a great paying job? I say - good for them! They're helping the community while helping themselves.

So ends my rant. Please post comments if you disagree :)

Monday, July 12, 2010

Even Microsoft knows that IE6 has Past its Due Date

Update: The link below is now broken. Microsoft has removed the site and now is redirecting to an IE9 page.

A Rare Moment for Microsoft Advertising.

Alternatively, there are a number of competing browsers for those of you who have old milk...Firefox, Chrome, Opera, and even Safari. Internet Explorer 9 also promises to support HTML5 specifications, so it's a good option as well.

The most surprising thing in all of this is that large corporate IT departments still refuse to upgrade browser versions every year, despite security and usability risks. I think there is a business in there for someone who can figure out how to sell to big IT departments that browsers need upgrading at least annually, if not semi-annually.

My colleague Mike Mason and I spoke about this in our talk "Does Anyone Even Know What this Thing Does?" earlier this year. Companies need to take platform road mapping (and yes, the browser is a platform) more seriously. They need to make sure they don't end up in a legacy system situation earlier than they need to.

Do the right thing, upgrade to a modern browser!

Monday, July 5, 2010

Sharpening Your Markup with "Razor"

ASP.NET MVC has a new View Engine that it will ship with. The codename is "Razor" and to boil down Scott Guthrie's post here is my brief summary.

Razor condenses and makes the markup more concise, while preserving support for HTML Helpers.

<a href="@model.Id">@model.Name</a>

//Or the HTML Helper Version
@Html.ActionLink(Model.Name, Model.Id)

Essentially it replace <%= and %> with @.

There are also improvements to Master Pages, which are called Site Layouts which further reduce markup. All in all it feels much more Rails like.

The engine will be going through a public beta shortly.

Monday, June 28, 2010

Rails3 vs. ASP.NET MVC

This article by Anders Janmyr shines the light on the differences between these frameworks.

Whether your going from Rails to ASP.NET MVC or vice-versa - a quick read through this article will save you many hours of hitting your head against the keyboard.

Friday, June 25, 2010

Lazy Load This!

Or rather - "Lazy Loading can cause problems with C# code"

Here was my dilemma:

class Foo
public virtual Bar bar {get; set;}

Had the Fluent NHibernate ClassMap:

class FooMap : ClassMap<foo>
References(x =>;

No problem right? Well it was working fine until I tried to serialize the result using MVC Contrib's XmlResult object. Kaboom! It took me many hours to figure out that the serializer was trying to use the proxy class to Bar instead of Bar itself.

The solution was to modify the FooMap to not lazy load like this:

class FooMap : ClassMap<foo>
References(x =>;

This could probably lead to performance problems in production - so if you do turn off the default lazy loading behavior, ensure you're using a product like NHProf or a SQL Profiler to monitor what your ORM is doing.

Wednesday, June 23, 2010

Test-Drive ASP.NET MVC = Released!

After over 15 months of work, my book is now officially available directly from the publisher here. I love the cover - wish one of these came with every book**:

I'd like to thank Dave and Andy, as well as my editor Susannah Davidson Pfalzer for helping me through the entire process.

I expect in the next few weeks the book will be available through other channels like Amazon, Barnes&Nobles, etc. However, the only way to get an e-book version is directly from the Pragmatic Bookshelf

**no cars are included with the purchase of the book ;)

Wednesday, June 2, 2010

Interview with Phil Haack - Project Manager of ASP.NET MVC

PragPub magazine, the Pragmatic Bookshelf's monthly publication, has a couple of articles on ASP.NET MVC this month. The first is an article by yours truly on introducing the framework to a non-Microsoft audience. I'd be interested in your feedback on how I fared - especially from seasoned Rails developers.

The second article is an interview with Phil Haack himself. I found Phil's narrative on how ASP .NET MVC has been received by the Rails community very interesting.

Best part of the whole June edition is the Chinese dragon on the front.

To view the magazine in PDF click here. If you like it you can sign up for a free monthly subscription here.

Saturday, May 1, 2010

Couldn't have said it better myself

Was working through some code examples this morning and found a nice reference to testing ASP.NET MVC on Jag Reehal's blog

If you need a quick cheat sheet on how to test basic things like Session, Redirects, etc (including how to leverage MVC Contrib) this post serves the purpose. Thanks Jag!

Monday, April 19, 2010

My Favorite Part of Authoring

Epigraphs. Yeah - I didn't know what that meant either when I first came across the term (well other than the Epi part). An epigraph is a quote that starts off each chapter of your book.

I love trying to find the perfect quote to kick things off. I'll spend hours upon hours looking for one. The big caveat is you need to pick quotes from public figures or people who have been long dead to avoid having to seek permission.

I ran into this a few times while writing my book. For example, a Mario Andretti quote about control I really liked - "If you feel like you're under control, you're not going fast enough." Unfortunately, getting permission from Mario's handlers became more trouble than it's worth and I had to remove the quote from the final copy of the book.

So my advice, and my publisher's advice, is seek out old dead people! Here are a few from the book that I wish I could weave into everyday conversation more often:

"It is better to be beautiful than to be good, but it is better to be good than to be ugly." --Oscar Wilde (from Portrait of Dorian Gray - awesome book BTW)

"Simplicity is the ultimate sophistication." --Leonardo da Vinci

"A small leak can sink a great ship." --Benjamin Franklin

For more fun quotes and a whole lot of tutorials on ASP.NET MVC you can check out the final copy of my book on

Friday, February 12, 2010

Does Anyone Even Know What This Thing Does?

Presenting at the Calgary Hyatt on strategies for effectively managing legacy systems.

Here is a link to the abstract. Unfortunately, Mike and I were not able to fly to Toronto to present - Mike's baby was due and I had to move into my new home. In our place, our colleagues Derek Longmuir and Amit Uttam presented in Toronto and were video tapped on InfoQ.