Wednesday, December 24, 2014

Microsoft Threat Modeling Tool

Security is a hot topic today(certainly with the recent Sony hack). Integrating security into an application cannot be an afterthought but should be an integrated part of the software development lifecycle. One approach to tackle this problem is the Security Development Lifecycle as adopted by Microsoft:

The Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost.

Threat modeling is an invaluable part of the Security Development Lifecycle (SDL) process. By applying a structured approach to threat scenarios during the design phase of development helps teams more effectively and less expensively identify security vulnerabilities, determine risks from those threats, and establish appropriate mitigations. One tool to help you do this is – Microsoft Threat Modeling Tool 2014. It’s available as a free download from Microsoft Download Center here.

Microsoft Threat Modeling Tool 2014 comes with a base set of threat definitions using STRIDE categories. This set includes only suggested threat definitions and mitigations which are automatically generated to show potential security vulnerabilities for your data flow diagram. You should analyze your threat model with your team to ensure you have addressed all potential security pitfalls. To offer more flexibility, Microsoft Threat Modeling Tool 2014 gives users the option to add their own threats related to their specific domain.

sdl

More information:

Tuesday, December 23, 2014

Visual Studio 2013–SQL Server Data Tools error: SQL71501: User: [user] has an unresolved reference to Login [user]

After importing a database using the SQL Server Data Tools in Visual Studio, I got a compilation error on my database project:

SQL71501: User: [user] has an unresolved reference to Login [user]

The SQL Server Data Tools by default only import the database specific objects. A database login, which is a global database server object, is not imported. This explains the error. But how can we fix this?

In previous versions of the SQL Server Data Tools, you had 2 types of Database Projects; the normal Database Project and also a Database Server project. However in VS 2013, the Database Server project no longer exists. So we need a different solution.

I first tried to solve it using Schema Compare.  I clicked on the 'Options' button in the Schema Compare window and selected the "Object Types" tab. There I choose to include logins. But when I ran the Schema Compare, it didn’t made any difference.  I probably did something wrong, but as I was short on time, I took a different approach. I added a Login object myself and copied the script code over:

CREATE LOGIN [user] WITH PASSWORD = 'myverycomplexpassword'

Done!

Monday, December 22, 2014

LabManager VMM Server Background Synchronization Job Failing

The Team Foundation Server logs of a client was filling up with errors about a failing job: LabManager VMM Server Background Synchronization. This runs every few minutes and tries to keep the LabManager server up to date.

 Capture

The reason why this job fails on our system is because the Lab Management functionality is no longer in use. We used it when we were still on Team Foundation Server 2012. But when we moved to Team Foundation Server 2013, we didn’t upgrade the Lab Management part as well. So the Lab Management parts were gone and we didn’t de-register it first.

I wanted to get rid of these errors and decided to look for a solution.

First thing I tried was using the tfsconfig command and ask TFS to delete the lab management part:

tfsconfig lab /delete /collectionName:<collectionname>

Capture2

But this failed with a TF255384 error complaining that the Virtual Machine Manager Administration Console could not be found on the application server. I didn’t want to install it again, so I looked for another solution. This blog post mentioned that I could delete the lab management data from the Configuration database. It sounds like a hack, it smells like a hack and it even looks like a hack. But I had a backup of all components, so why not?

I connected the TFS Database Server and executed the SQL script as mentioned in the post:

use Tfs_Configuration;

delete tbl_RegistryItems where ParentPath = '#\Configuration\Application\LabManagementSettings\';

And the great thing is, it worked!

Friday, December 19, 2014

Use Hangfire to schedule jobs in ASP.NET

Hangfire is a great library to schedule and execute asynchronous work in a web application. One of the things I like about this library is that you can start with a simple background process inside the Application Pool and when your jobs get larger(and take more time) you can move them to a separate process.

Here are the steps to move your Hangfire jobs outside your web application:

  • Step 1 – Change the Hangfire configuration inside your web app to disable the Hangfire server functionality(note that the job information is stored inside a database):
  • Step 2 –Schedule your jobs(like you did before):
  • Step 3 – Inside another project, a console application in this case, you can host the Hangfire server:

Thursday, December 18, 2014

Team based vs Project based

As a certified Scrum Master, I do most of my projects using Scrum (or Scrum but…). I really like the transparency and continuous feedback that Scrum brings to the table. But I also notice that Scrum isn’t the perfect fit for all kinds of projects. It’s suited well for Green-Field/Brown-Field projects but I struggle applying Scrum to a Maintenance project or where one team is working on multiple projects at the same time(which is not done in Scrum).

After reading the following article – No projects, Beyond projects – I stopped trying to use Scrum as the hammer that works for every nail(and screw). In this article, the author promotes an alternative model to think about work. He calls this the Beyond Projects model or more descriptive Continuous Work, or Steady State Work Model, or Work Streams.

The author doesn’t mention it, but it sounds familiar to Kanban

Wednesday, December 17, 2014

Angular.js 1.3: bindToController

I keep finding new stuff inside Angular 1.3. One of the things I found is the bindToController attribute. I’m an advocate of using the controllerAs syntax to get rid of the $scope variable. The only problem before is that in a directive you still had to use $scope…until now.

Let’s first have a look at what the AngularJS documentation has to say about the bindToController attribute:

When an isolate scope is used for a component (see above), and controllerAs is used, bindToController: true will allow a component to have its properties bound to the controller, rather than to scope. When the controller is instantiated, the initial values of the isolate scope bindings are already available

Before scope variables were not included in the controller scope when controllerAs was used. This means that the directive's scope variables were not bound to the object created by controllerAs.  The bindToController attribute fixes this.

Enough talk, show me the code:

Tuesday, December 16, 2014

Woops! Angular suddenly stopped working… and it was Batarangs fault

Last week I encountered a strange problem. Without changing anything to my code, my Angular application started failing. I had no clue why… until I noticed that Batarang, a Chrome Extension for Angular.Js had been updated. It looked completely different and injected some custom JavaScript into my application. As far as I could remember, it did not do that before.

Could it be? I disabled the extension in Chrome and yes, my Angular.js application started to work again. Verwarde emoticon Anyone who had the same problem with the latest AngularJS Batarang extension?

Note: I’m using Angular 1.3 but a colleague had the same issue with Angular 1.2

image

Monday, December 15, 2014

WPF Performance Tips

With the recent announcements about new WPF features, it’s time to re-introduce some WPF related blog posts.

When browsing through the CodeProject articles, I noticed this great post about WPF performance: http://www.codeproject.com/Articles/784529/Solutions-for-WPF-Performance-Issue

This is one of the most complete performance guides I’ve ever seen and certainly useful for every WPF (and even XAML) developer.

Here is the list of topics covered:

  • Basic knowledges of WPF rendering.
    • Pixel Snapping in WPF Application
    • WPF Visual Rendering
  • Detect issues with WPF performance suite - Performance Profiling Tools for WPF
    • Detect Software Render
    • Detect Undesired Rendering
  • Make a trade-off between graphique's quality and performance.
    • Disable Pixel Snapping and Anti-Aliased option
    • RenderOption
    • UIElement.CacheMode and BitmapCache
  • Make a trade-off between architecture and performance
    • IValueConverter and IMultiValueConverter
  • Improving scrolling performance in WPF (Virtualization)
  • WPF in remote desktop
  • Third party libarary
  • The Roadmap for WPF (published at 12 Nov 2014 by Microsoft Project Manager)
  • Brief and Conclusion
  • References

Go bookmark this link!

Friday, December 12, 2014

Microsoft Azure–A/B testing

A/B testing is a technique whereby different users get a different version of an application of website. This allows you test new features ‘in the wild’ and allows to check which experience or functionality is preferred. Facebook uses this technique a lot, but it’s also a useful technique for the ‘non-facebooks’ of the world.

Doing A/B testing in Azure Websites is really easy. It is supported out-of-the-box by using multiple deployment slots. Let’s walk through the steps:

  • Open the Azure Management Portal. Use the new portal available at https://portal.azure.com/. The A/B testing functionality can only be configured there.
  • Create a new Website. Choose a URL, Web Hosting Plan(Deployment slots are only available when you use a Standard plan), Resource Group, Subscription and Location(or just use the defaults Glimlach). Click on Create.
  • Once the website is created, open the blade of the site and look for the Deployment slots section.

image

  • Click on Deployment Slots to load the Deployment Slots blade. Click on Add Slot to create a new deployment slot.

image

  • Specify the name of the slot(this will become part of the URL) and click OK.

image

image

  • Click on the Testing in production configuration. The configuration blade is loaded. For every slot, you can specify how much of the traffic is going to one of the slots or the production site. Click Save to apply the changes.

image

Thursday, December 11, 2014

TypeScript build server error: "tsc.exe" exited with code 1.

typescriptAfter configuring a Continuous Integration build for a TypeScript enabled web application, the build turned red with the following error message:

C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v11.0\TypeScript\Microsoft.TypeScript.targets (118): "tsc.exe" exited with code 1.

On the build server I had installed the TypeScript components for Visual Studio 2013, but for this particular project we were still using Visual Studio 2012. I was able to fix the problem by installing the TypeScript 1.0 Tools for Visual Studio 2012 on the build server.

Wednesday, December 10, 2014

Angular.js templates inside Visual Studio: SideWaffle Template Pack

If you want to save some time when building Angular.js applications, have a look at SideWaffle.

SideWaffle is an extension for Visual Studio. It contains both item- and project templates suitable for building websites, Windows apps, Windows Phone apps, WPF, Visual Studio extensibilty project and a lot more. 

sidewaffle

More information can be found at the official website: http://sidewaffle.com/

Tuesday, December 9, 2014

Angular.js: Use an Angular filter inside your controller

Most of the time you’ll use your Angular filter inside your view, but sometimes it’s useful to use it from inside your controller. To do this, you have to inject the ‘filterFilter’ service:

Monday, December 8, 2014

Azure Websites–Site Extensions

Site Extensions allow to enhance the management experience of Azure Websites. There is already a small set of extensions out there, but nothings stops you from creating your own(you have to create them as NuGet packages).

The list of available extensions can be found at http://www.siteextensions.net/. This is also the place where you can upload your own extensions and share them with the rest of the world.

image

Friday, December 5, 2014

ASP.NET Web API–Return 401 when using OWIN cookie authentication middleware

Wen using the OWIN cookie authentication middleware inside ASP.NET Web API, I noticed that I didn’t got an unauthorized (401) HTTP code when I was not authenticated. Instead the response was a 200 status code with a JSON response body:

{"Message":"Authorization has been denied for this request."}

This is not what I want. To change this you have to reconfigure the CookieAuthenticationProvider on the cookie authentication middleware:

Thursday, December 4, 2014

SpecFlow Assist Helpers

If you are a SpecFlow user certainly check out the Helper classes inside the TechTalk.SpecFlow.Assist namespace.

The helpers offer a wide range of functionality. I use it most of the time to translate the parameter table to a typed object:

FeatureWithDataTable

More information can be found here: http://www.specflow.org/documentation/SpecFlow-Assist-Helpers/

Wednesday, December 3, 2014

SpecFlow: Visual Studio does not recognize steps in another assembly

On my current project we are using SpecFlow to create our BDD style tests. I really like the experience so far. One of the things that you have to understand when using SpecFlow is that the end goal is a set of re-usable steps that allow you to specify new scenario’s (and tests) fast.

specflow_logo

In our case we already have a set of steps that we want to re-use in multiple test projects. Therefore I created a separate assembly where I put some of my shared steps classes.This is a supported scenario inside Specflow, the only thing you need to do is to specify the assembly name inside your app.config:

<specFlow>
    <!-- For additional details on SpecFlow configuration options see
http://go.specflow.org/doc-config -->
    <stepAssemblies>
      <stepAssembly assembly="Tests.SharedSteps" />
    </stepAssemblies>
    <unitTestProvider name="MsTest" />
  </specFlow>

However when I opened a SpecFlow feature file that should use one of the shared steps, the steps showed up purple (which means that SpecFlow is unable to find the step).

SpecFlowFeature

It took me some time to figure out a solution. Here is how I did it:

  • Close all your .feature documents in Visual Studio.
  • Close Visual Studio.
  • Go to the %TEMP% folder. Delete the SpecFlow cache files.
  • Open Visual Studio again.
  • Open your .feature files again.

That did the trick for me…

Tuesday, December 2, 2014

Use JavaScript to write Macros in Visual Studio

The Visual Studio Platform team released a new extension for Visual Studio 2013; Macros for Visual Studio 2013.

From the documentation:

Macro ExplorerMacros for Visual Studio 2013 is an extension for Visual Studio 2013 that enables the use of macros to automate repetitive tasks in the IDE. The extension can record most of the commands in Visual Studio including text editing operations.

Features

  • Record and playback active document operations and Visual Studio IDE commands
  • Playback multiple times

  • Manage and persist macros with a Macro Explorer

  • Assign keyboard bindings to any macro

  • Macros recorded as JavaScript files that call VS DTE APIs

  • Macro editing in Visual Studio with DTE IntelliSense

  • Stop playback

  • Sample macros

Monday, December 1, 2014

LocalDb error: Cannot attach the file ‘sample.mdf’ as database ‘sample.mdf’

In a demo app I  used the LocalDB functionality to host my database files. This should have saved me some time. However when I ran the application, I ended up with the following error message:

{"Cannot attach the file 'C:\\Projects\\SampleApp\\App_Data\\sample.mdf' as database 'sample'."}

Looking at my connection string data inside my web.config, everything looked fine:

<add name="DefaultConnection" connectionString="Data Source=(LocalDb)\v11.0;Initial Catalog=Sample;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\Sample.mdf" providerName="System.Data.SqlClient" />

But when I opened up the App_Data folder, I found an empty folder. Aha! It seems like you have to create the database file yourself. I opened up the solution, right clicked on the App_Data folder and choose Add –> New item…

image