Noffke.com

So long buddy, sad to see you leave, but he had cash in hand

When using updateable websites, one on the nice features of .Net Development in Visual Studio is the helper page during the publishing process. The auto-generated page is app_offline.htm. So, if you are updating a production site and want to do te publish process manually, or want to script out your own process, just drop a page of that name in your root and you are all set. When you are done, just delete the page. Guess there is a little magic left at Microsoft. btw… what about the Skype purchase?

So we all know that the built in ASP.NET upload control sucks. What are the options then? Well, uploadify or swfupload are easy enough to use instead. I’ve found the later to be a bit easier to implement. What else? the ajax control toolkit sucks. If you have a budget, I’d definitely recommend going with Radupload. Its super easy to use and very customizable for your specific needs.

Two cool plugins are serious options to simplifying the task of creating a “Select From/To” or Multi-Select sort of a list. The old ASP.NET solution would be to create two multi-value dropdownlists, then wire up postbacks or complicated javascripts.

Not necessary anymore.

Try this one for a simple “classic” solution that has tons of configurable options – senamion

Or if you want to knock their socks off, try this one – Searchable jQuery UI

If you want to learn more about jQuery, try some free lessons at appendto

If you have an opion about whether Scott Walker is a Packer Fan, voice it here…

Wishing the best to you and your family in the new year.

I upgraded to WordPress 3.0.4 today, not much there, but it was a pain on Godaddy. Just a couple of permission settings that don’t allow the upgrade by default. Let me know if you need more info on that!

Also added a new tag cloud widget…. maybe the coolest ones ever! You can learn more about the WP Cirrus if you read German!

Looking forward to a great year!

Of course wikepedia has a list of Internet Media Types, so if you are interested in a quick reference guide, here you go… http://en.wikipedia.org/wiki/Internet_media_type
Also, notice that the vnd. (vendor specific), and x- (nonstandard) had and accepted meaning too.

So, what are the official Microsoft office types? Check here

Is .Net really faster than using Java? Microsoft thinks so, and updated their Stocktrader benchmark application to prove it. Not to mention its a whole lot cheaper. Read the Microsoft® .NET Framework 4.0 vs. IBM WebSphere® 7 StockTrader Benchmark Report to find out the details of their testing.

OBJECTIVE

Implement a standard security mechanism based on the recommended Microsoft SQL Server provider for use in a custom asp.net web application.  The diagram below is helpful to understand where this component lies in the overall solution design.

This visualization shows how the security of an application can be implemented across the standard layers of an application.  It’s taken from the 2^nd edition of the .Net Application Architecture Guide which is a solid point of reference for implementing our Microsoft based solution.

There are two primary points of focus in securing the application:  Authentication and Authorization.  We need to know that users are who they say they are through authentication. We need to control access to those components that the user is granted access to via authorization.  Each of these is discussed in detail below in how they can be implemented and leveraged to meet our needs.

Authentication

When configured within an application, users are prompted to authenticate.  This is easily implemented in an asp.net solution via settings in the web.config.  This sample code below shows the basic structure used to set the base attributes.


<authentication mode="Forms">
…
</authentication>


Clearly this is not all that is necessary, although it’s already shown that the Forms mode will be easier to use in implementing an extensible authentication process.  This is the first departure from the default settings.

In order to address what underlying process is used to manage the users of the website, we need to implement a provider.  In our Microsoft SQL Server based solution, it is straight forward to leverage the SQLMembershipProvider, more on this in a moment.

Authorization

Once the user has been identified as who they represent themselves to be, we inevitably will need to determine their privileges.  Fortunately we have another simple structure that can be used to implement this within the web application.


<authorization>
<deny users="?"/>
<allow roles="Administrators"/>
</authorization>


This straight forward structure can be used to secure access to entire files and directories.  Similar to the first provider, we can use the SQLRoleProvider to assist in our handling of user authorization.

SQL Membership and Role Providers

When we are ready to store users in our SQL database, all that needs to be done is to run the aspnet_regsql.exe installation program.  What is created is a set of tables and stored procedures that are used by our providers.

The foundations are nearly in place with the creation of the database structures.  To utilize them within our solution, we’ll need a few more lines of code in our web.config.


<membership defaultProvider="OurMembershipProvider">
<providers>
<clear/>
<add name="OurMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
…
/>
</providers>
</membership>
<roleManager defaultProvider="OurRoleProvider">
<providers>
<clear/>
<add name="OurRoleProvider"
type="System.Web.Security.SqlRoleProvider"
…
/>
</providers>
</roleManager>


With these settings in place we can now make use of the core methods of the providers that we are implementing.  The primary Membership provider method is ValidateUser, while the Role provider would rely on using the IsUserInRole method.  Various other methods can be used to manage the users and roles within the application, all relying on the standard features provided.

Should this simple approach proved incomplete, a custom provider class structure can be created to override and implement the base level behavior, and must implement a core set of methods, although the application can choose to not utilize these features.

Concerns

Three concerns with the use of a pre-defined solution as described above have been noted.  This are briefly addressed below:

• There is only a practical limit to the number of roles that can be utilized, and there is not an inherent flaw in the design that limits the return of only one role.  For example, the SQLMembershipProvider implements a GetRolesForUser method.
• Changes to the database structure, like moving the tables and stored procedures to a different naming convention can be achieved by implementing a pair of custom providers that would them only be similar to the methods of the SQL provide methods.
• Limitations of groups and roles are only limited to the need for complex relations of user base.  The concept of a hosting domain as mentioned implies that integrated windows authentication is used.  This is different than forms based authentication and be configured independently.

Conclusion

Using the simple .Net framework provided solution has several benefits.  It was confirmed to meet the business requirements that have been documented outside of this analysis, minimizes custom application development and maintenance, as well as time savings.

Agile project methodology promotes the concept of an iteration and release in order to bring flexibility and adaptability into the software development life-cycle. In Scrum, the iterations are called sprints. Iterations are delivered in short 2-4 week cycles that combine to deliver the release. This is easy enough to understand and most all of us know that Agile methodologies rest on a set of common attributes that emphasize working software over comprehensive documentation and use self-organizing, cross-functional, self-managed teams. The team then is able to adapt itself to the build and deliver the right product with the correct balance of structure.

Scrum distinguishes itself from the generic agile methodology. The Scrum framework is comprised of several core concepts: Roles, Time Boxes and artifacts. These are the topics that are the focus of the Certified ScrumMaster seminar.

Roles

Roles of the project team are designed to emphasize individuals and interactions over processes and tools. Though co-location of the entire project team is not a pre-requisite to establishing a project team, it has its obvious benefits to meet this goal. The Product Owner is a key role and one that must be available for conversations with the developers throughout the sprint as well as being an active participant in the planning process. To have a single person act as the product owner can help the overall project velocity, but is also very dependent on the environment. Stakeholders and business owners contribute to the success of a Scrum project and are encouraged to participate in some time boxing activities, however they do not have a formally defined role within the team.

ScrumMaster has the task of managing the overall health of the project. This is to maximize the overall productivity of the team with a balance of the team’s efforts. This role addresses the two main priorities: calcification and inhibitors. Even budgeting can lead to calcification of the process by demanding a BEUF (big effort up-front), which although is very comforting to management and the business owner, must be managed through this role. The ScrumMaster is responsible for minimizing detractors or inhibitors in order to help the team grow from forming to storming to norming to performing.

Storming? At this point, it’s clear that one can spend an entire career studying the organizational behavior dynamics of the team and worker productivity as well as historical successes. From Taylorism to boss-worker mentality, just identifying collaborative inhibitors is helpful to the project team. Enabling team maturity will also affect the success of a project and individual productivity; however this has a lot to do with the team members and minimizing outside distractions. These too are responsibilities of the ScrumMaster.

The Development Team is optimally sized at 7 ± 2. This size is significant in that it balances the number of developers so that it doesn’t get so big that it sub-groups, while not being too small as to not benefit from the use of a ScrumMaster, thus no longer being Scrum, but another form of Agile. The team should be well-formed and comprised of team members that are capable of performing any task necessary to meet the sprints goals.

Time Boxes 

Scrum defines several Time Boxes that are key elements of the process. They create a sense of urgency during the project, and occur during various points along the overall project timeline. Release Planning can take a significant time and investment in order to determine what defines the product. Sprint planning occurs at the beginning of each sprint. The first part of the planning session must include the Product Owner. This will help prioritize the stories delivered during a project sprint. The team negotiates the stories to be taken on in each sprint based on the availability of each member. From this, a second planning session can take place. Each story is refined into individual tasks for the sprint. Each of these meetings can take up to 4 hours depending on the overall team maturity, health and mutual trust.

The Sprint is then the 2 to 4 week work cycle. Each day would normally consist of a Daily Scrum where each team member answers 3 basic questions: What did you do? What are you doing? And, are there any barriers in your way?

When the sprint time box is complete, the sprint review occurs. The entire project team has a walkthrough of the completed work effort. This too can take up to 4 hours. After the review, the project team completes the Sprint Retrospective. Though the retrospective can take up to 3 hours in itself, this can be one of the more difficult tasks for a ScrumMaster. It’s at this point that a mature team can discuss calcification or inhibitors that occurred during the sprint. The team should openly review the process and modify it as necessary in order to balance the overall product quality and project velocity. Depending on the health of the project team and number of inhibitors the team can collaborate and will respond to any project changes. Depending on how planning sessions are scheduled, team members may not be up for a 7 hour meeting, so scheduling is yet another SrumMaster challenge.

Artifacts

Artifacts are the things that the project produces. The more important ones to the ScrumMaster are the Product Backlog, the Sprint Burndown and the Release Burndown. Product Backlog is the product of the release planning efforts. Sprint Backlog is determined at the beginning of each sprint. This is normally a bunch of post-its and on a white board. These post-its serve as place holders to the tasks and provide a summary of sprint progress at a glance. Other artifacts include documentation and of course running, integrated, and tested code.

All of these pieces fit together in an effort to deliver a product that should be considered deliverable at the completion of each sprint. This product better matches the product owner needs by adapting itself at any point along the way. Where to next? This is clearly just a quick overview of the topics covered during a recent certification seminar, which was facilitated by a great trainer, Douglas Shimp. For your next steps, please lookup Agile Manifesto, Mountain Goat Software, 3Back Consulting, The Scrum Alliance, and of course Ken Schwaber.

- Chris Noffke