Thursday, April 30, 2015

Never share your password with the following sites…

One of worst security mistakes we, as developers, could make is to store your users passwords as plain text into your database. This was a bad idea 10 years ago, is a bad idea today and will be a bad idea in the future. Any good password storage mechanism stores your password in a non-recoverable fashion. This means that any website that allows you to recover your password (and even worse, send it to you over email), is doing it wrong.

To stop this bad practice, was created.

A website storing a password in plain text means that your password is there, waiting for someone to come and take it. It doesn’t even matter if you’ve created the strongest possible password. It’s just there.

Whether it’s someone hacking into their servers, using a simple flaw in their site or even stealing their backups, over 30% of sites store plain text passwords.

We’re tired of websites abusing our trust and storing our passwords in plain text, exposing us to danger. Here we put websites we believe to be practicing this to shame.


Wednesday, April 29, 2015

Tackling Technical Debt with SonarQube and Team Foundation Server

Great news! Just before all the big announcements at Build, the Microsoft  ALM team announces the availability of a set of integration components that allow you to configure a Team Foundation Server (TFS) Build to connect to SonarQube. SonarQube is an open source platform that is the de facto solution for understanding and managing technical debt.

Although SonarQube had a C# plugin before, with the new set of components it becomes really easy to share the following data:

  • results of .Net and JavaScript code analysis
  • code clone analysis
  • code coverage data from tests
  • metrics for .Net and JavaScript

In addition, SonarSource have produced a set of .Net rules, written using the new Roslyn-based code analysis framework, and published them in two forms: a nuget package and a VSIX. This makes it possible to run the same set of rules in SonarQube AND directly in Visual Studio.

More information:

Tuesday, April 28, 2015

Git-tf–Save your credentials

At the moment I’m working on a hybrid source control project where I combine GIT for local development and Team Foundation Server Version Control as a centralized repository. To simplify the process, I’m using Git-TF:

Git-TF is a set of cross-platform, command line tools that facilitate sharing of changes between Microsoft Team Foundation Server, Visual Studio Online and Git.
These tools make it easy to clone sources from TFS, fetch updates from TFS, and update TFS with changes committed locally in Git.

One of the things I found annoying was that I had to specify my username and password each time the tool tries to connect to TFS. To fix this, you can store your username and password in the git configuration for your repository:

git config git-tf.server.username your-username
git config git-tf.server.password your-password

Remark: This will store your password in the git configuration file in plain text. So don’t tell a security expert Glimlach

Monday, April 27, 2015


You probably already heard about the DRY principle. DRY of course means “Don’t Repeat Yourself”. The DRY principle is stated as “Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.”


But did you know there is an opposite principle? WET: “We Enjoy Typing” also known as “Write Everything Twice”.

Friday, April 24, 2015

OWIN + WIF: Specify Home Realm

This week I lost some time searching where I could specify the ‘Home Realm’ when using the WIF components inside OWIN.

I finally found it and decided to share the code:

Thursday, April 23, 2015

Karma–“browser-is-not-defined” error

(Unit) Testing really made the difference on any project I did. So every tool that can help me simplify or improve my testing experience, is a welcome addition to my tool belt. Recently I started using Karma, a test runner created by the Angular team.


From the website:

The main goal for Karma is to bring a productive testing environment to developers. The environment being one where they don't have to set up loads of configurations, but rather a place where developers can just write the code and get instant feedback from their tests.

Karma runs on Node.js and is available as an NPM package. Karma is essentially a tool which spawns a web server that executes source code against test code for each of the browsers connected. The results for each test against each browser are examined and displayed via the command line to the developer such that they can see which browsers and tests passed or failed.

After installing Karma through NPM (npm install karma --save-dev ), the first thing you need to is create a config file(karma init karma.conf.js). This command walks you through a set of questions to generate a config file specific for your application.


Next step is starting karma(karma start) to run your (Jasmine) tests. However my tests failed with the following error message:

ReferenceError: browser is not defined

Turns out that to get it working against Angular.js, there is one extra step you need to do. In the frameworks section you have to add ‘ng-scenario’ before ‘jasmine’:

Wednesday, April 22, 2015

Angular and TypeScript Cheat Sheet

I don’t think I have to say it again; but Angular and TypeScript are a great combination. And as the new version of Angular will be built on TypeScript, you have one extra reason to already start using it today.

To help you getting started, Jeremy Likness created an easy to use Angular and TypeScript Cheat Sheet.


Thanks Jeremy!

Tuesday, April 21, 2015

Visual Studio (Online) and Team Foundation Server Visual Studio Upcoming Features Timeline

Microsoft is working more and more in the open.  Now they are extending this transparency and started to share the feature timeline of Visual Studio a few months after they already did this for Visual Studio Online and Team Foundation Server.


Monday, April 20, 2015

Visual Studio: Improve your build output with Project Hero

By default the Build output window in Visual Studio is not very user friendly. If you have a large project, you have to scroll a long list of output information to find relevant information.

Project Hero, you have to love the name, a free Visual Studio Extension tries to solve this.

Project Hero is a simple and easy to use plugin that allows you to see the build/clean status of projects in your solution in a clean and visual way. The need for findinga better alternative than the Output Window for large solution build notification drove this effort. I then landed upon Marius Bancila's plugin and that was no longer supported and hadn't been updated in years, and with no source code available I started from the drawing board.

Project Hero

Friday, April 17, 2015

OWIN error: OWIN middleware is not invoked

I’m in the middle of switching between the ASP.NET WIF implementation and the OWIN WIF implementation. I had some unexpected issues, but the positive thing is I learned a lot about WIF and OWIN Glimlach.

I had an existing project where I wanted to start using OWIN. So I included the OWIN NuGet package and added a startup class.

Afterwards I started my application. But no luck, the breakpoint inside the Startup class was never hit?!

What did I do wrong?

OWIN is just a specification and is host independent. If you want to run it on a specific host, you have to add some extra NuGet packages. In my case, I wanted to run OWIN on IIS inside the ASP.NET request pipeline. Therefore I had to add the Microsoft.Owin.Host.SystemWeb NuGet Package.

After doing that, my breakpoint was hit and my OWIN middleware was called…

More information:

Thursday, April 16, 2015

WIF–OWIN error: A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties.

I’m in the middle of switching between the ASP.NET WIF implementation and the OWIN WIF implementation. I had some unexpected issues, but the positive thing is I learned a lot about WIF and OWIN Glimlach.

One of the issues I encountered was the following error message:

“A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.”


Fixing it is a one-liner:


Wednesday, April 15, 2015

SpecFlow Reusable steps

I’m a big fan of SpecFlow, a BDD style testing framework for .NET. For me it was a life changer, that made testing fun again.
As you start to use SpecFlow more and more, you’ll see the same test steps appear over and over again. The guys from Endjin recognized the same pattern and bundled some of these steps in a re-usable NuGet package(together with some other useful functionality) .
Here is the list of features from the GitHub site:
    • Path & ScenarioContext extensions
    • Shared Steps for dealing with Exceptions:
      [Then(@"an ""(.*)"" should be thrown")]
      [Then(@"a ""(.*)"" should be thrown")]
      And Results:
        [Then(@"the result count should be (.*)")]
        [Then(@"the result should equal the datetime (.*)")]
        [Then(@"the result should equal the datetimeoffset (.*)")]
        [Then(@"the result should equal the integer (.*)")]
        [Then(@"the result should equal the string ""(.*)""")]
        [Then(@"the result should be false")]
        [Then(@"the result should be greater than the datetime (.*)")]
        [Then(@"the result should be greater than the datetimeoffset (.*)")]
        [Then(@"the result should be greater than the integer (.*)")]
        [Then(@"the result should be greater than or equal to the datetime (.*)")]
        [Then(@"the result should be greater than or equal to the datetimeoffset (.*)")]
        [Then(@"the result should be greater than or equal to the integer (.*)")]
        [Then(@"the result should be less than the datetime (.*)")]
        [Then(@"the result should be less than the datetimeoffset (.*)")]
        [Then(@"the result should be less than the integer (.*)")]
        [Then(@"the result should be less than or equal to the datetime (.*)")]
        [Then(@"the result should be less than or equal to the datetimeoffset (.*)")]
        [Then(@"the result should be less than or equal to the integer (.*)")]
        [Then(@"the result should be null")]
        [Then(@"the result should be of type (.*)")]
        [Then(@"the result should be true")]
        [Then(@"the result should contain")]
        [Then(@"the result should equal the context value (.*)")]
        [Then(@"the result should not be null")]
        [Then(@"the result should not equal the string ""(.*)""")]
    • Custom step argument transformations:
      • TimeSpan transformation converts to TimeSpan for the following free-text argument formats:
        1 day, 1 hour, 1 minute, 1 second
        5 days, 4 hours, 3 minutes, 2 seconds
        5 days, 4 hours, 3 minutes
        5 days, 3 minutes, 2 seconds
        5 days, 4 hours, 2 seconds
        4 hours, 3 minutes, 2 seconds
        5 days, 4 hours
        5 days, 3 minutes
        5 days, 2 seconds
        4 hours, 3 minutes
        4 hours, 2 seconds
        3 minutes, 2 seconds
        5 days
        4 hours
        3 minutes
        2 seconds
If you are a SpecFlow user, this is a must have!

Remark: Also check the other SpecFlow extensions they made; Endjin.SpecFlow.Composition and Endjin.SpecFlow.Owin.Hosting

Tuesday, April 14, 2015

Azure IP Ranges

For an integration scenario I’m working on I had to connect Microsoft Azure with my local datacenter. I know there are some solutions available to create a secure connection between your datacenter and Microsoft Azure, but in this case I had to fall back to a direct TCP connection. To minimize the security footprint, I wanted to restrict the range of IP addresses that could access my local server.

But how do I know which IP address range is used by Microsoft Azure? Easy, download the Microsoft Azure IP Ranges document. This file contains the Compute IP address ranges (including SQL ranges) used by the Microsoft Azure Datacenters.

Exactly what I needed…

Monday, April 13, 2015

Aurelia: Live introductory talk


Interested in the latest SPA web frameworks? Rob Eisenberg is presenting an introductory talk on building applications with Aurelia tonight at 7pm EDT.  It is streamed on YouTube, so you can watch it live…

Friday, April 3, 2015

Bower–Visual Studio 2013 Integration

I’m currently switching from NuGet to Bower as my client side package manager. The process is not going as smoothly as I hoped. During the process I got a range of problems I blogged about before.


In this final post, I walk through the process of getting Bower up and running inside Visual Studio 2013.

Outside the .NET world(where NuGet is king), NPM and Bower are the 2 mainstream package managers. I don’t like NPM as it creates a deep tree of package dependencies ending up with the NTFS 260 path length issue. Bower uses a flat dependency tree, requiring only one version for each package.

Installation Steps


  • Similar to NuGet where we have a package.config file, we need a file (bower.json) to configure the list of packages. The easiest way to create this bower.json file is by opening up a command prompt and running the ‘bower init’ command.
    • This will walk you through a list of questions. You can use the default for everything except the ‘Would you like to mark this package as private which prevents it from being acidentally published to the registry?: (y/N)’. For that question, change the response to yes.


  • Include the generated bower.json file inside your project.


  • Let’s add some dependencies to the bower.json file. We add a new “dependencies” property and start adding dependencies. The moment you enter a few characters, Visual Studio will offer to search the Bower registry for published packages.


  • When I click on the Search Bower… option, a list of matching packages is shown.


  • Same thing when I specify a version number.


  • Once we are done adding our dependencies, you can right-click on the bower.json file and choose Bower install packages to download and install the configured dependencies.


  • Visual Studio will invoke Grunt to get the packages from the registry. By default the packages will be installed in the bower_components folder.


  • Now you can include the packages or even better use a Grunt or Gulp task to copy the files over to the correct folder.(but this is for another blog post).


Thursday, April 2, 2015

Developer's Guide to Windows 10 Preview

If you can’t wait until Windows 10 is released and you already want to learn how to develop against the next incarnation of Windows, Microsoft Virtual Academy created a free online course:

Would you like a preview of the developer tools for Windows 10? If you’ve signed up for the Windows Insiders program, get early access and a head start on developing for Windows 10. Plus, you can offer your feedback to help us shape it!
Join experts Jerry Nixon and Andy Wigley as they introduce the Windows 10 developer platform, give guidance on developing Windows universal and web apps, and take a look at some of the interesting new features for developers in Windows 10.


Wednesday, April 1, 2015

Bower - ECMDERR Failed to execute "git ls-remote --tags --heads git://", exit code of #128

I’m currently switching from NuGet to Bower as my client side package manager. The process is not going as smoothly as I hoped. During the process I got a range of problems.


One of the problems was that Bower throw the following error when I tried to install the Bower packages:


ECMDERR Failed to execute "git ls-remote --tags --heads git://", exit code of #128

On StackOverflow I found some solutions that mentioned altering your global git config, but I would prefer not to do that if possible. So how did I fix it?

I opened up a command prompt, browsed to the location of my bower.json file  and tried to do a bower install from there:


And this succeeded! Now I moved back to Visual Studio and invoked Bower from there. And believe it or not, it worked Verwarde emoticon.


Anyone with a clue why this fixed the problem?