The art of simplicity

One of worst security mistakes we, as developers, could make is to store your users passwords as plain text into your database. This was a bad idea 10 years ago, is a bad idea today and will be a bad idea in the future. Any good password storage mechanism stores your password in a non-recoverable fashion. This means that any website that allows you to recover your password (and even worse, send it to you over email), is doing it wrong. To stop this bad practice, plaintextoffenders.com was created. A website storing a password in plain text means that your password is there, waiting for someone to come and take it. It doesn’t even matter if you’ve created the strongest possible password. It’s just there. Whether it’s someone hacking into their servers , using a simple flaw in their site or even stealing their backups , over 30% of sites store plain text passwords . We’re tired of websites abusing our trust and storing our passwords in plain text, exposing us to danger.

Great news! Just before all the big announcements at Build, the Microsoft  ALM team announces the availability of a set of integration components that allow you to configure a Team Foundation Server (TFS) Build to connect to SonarQube. SonarQube is an open source platform that is the de facto solution for understanding and managing technical debt. Although SonarQube had a C# plugin before, with the new set of components it becomes really easy to share the following data: results of .Net and JavaScript code analysis code clone analysis code coverage data from tests metrics for .Net and JavaScript In addition, SonarSource have produced a set of .Net rules, written using the new Roslyn-based code analysis framework, and published them in two forms: a nuget package and a VSIX . This makes it possible to run the same set of rules in SonarQube AND directly in Visual Studio. More information: http://blogs.msdn.com/b/visualstudioalm/archive/2015/04/28/technical-debt-

At the moment I’m working on a hybrid source control project where I combine GIT for local development and Team Foundation Server Version Control as a centralized repository. To simplify the process, I’m using Git-TF : Git-TF is a set of cross-platform, command line tools that facilitate sharing of changes between Microsoft Team Foundation Server, Visual Studio Online and Git. These tools make it easy to clone sources from TFS, fetch updates from TFS, and update TFS with changes committed locally in Git. One of the things I found annoying was that I had to specify my username and password each time the tool tries to connect to TFS. To fix this, you can store your username and password in the git configuration for your repository: git config git-tf.server.username your-username git config git-tf.server.password your-password Remark: This will store your password in the git configuration file in plain text. So don’t tell a security expert

You probably already heard about the DRY principle. DRY of course means “Don’t Repeat Yourself”. The DRY principle is stated as “Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.” But did you know there is an opposite principle? WET: “We Enjoy Typing” also known as “Write Everything Twice”.

This week I lost some time searching where I could specify the ‘Home Realm’ when using the WIF components inside OWIN. I finally found it and decided to share the code:

(Unit) Testing really made the difference on any project I did. So every tool that can help me simplify or improve my testing experience, is a welcome addition to my tool belt. Recently I started using Karma , a test runner created by the Angular team. From the website : The main goal for Karma is to bring a productive testing environment to developers. The environment being one where they don't have to set up loads of configurations, but rather a place where developers can just write the code and get instant feedback from their tests. Karma runs on Node.js and is available as an NPM package. Karma is essentially a tool which spawns a web server that executes source code against test code for each of the browsers connected. The results for each test against each browser are examined and displayed via the command line to the developer such that they can see which browsers and tests passed or failed. After installing Karma through NPM ( npm install karma --save-dev

I don’t think I have to say it again; but Angular and TypeScript are a great combination. And as the new version of Angular will be built on TypeScript, you have one extra reason to already start using it today. To help you getting started, Jeremy Likness created an easy to use Angular and TypeScript Cheat Sheet . Thanks Jeremy!

Microsoft is working more and more in the open.  Now they are extending this transparency and started to share the feature timeline of Visual Studio a few months after they already did this for Visual Studio Online and Team Foundation Server .

By default the Build output window in Visual Studio is not very user friendly. If you have a large project, you have to scroll a long list of output information to find relevant information. Project Hero, you have to love the name, a free Visual Studio Extension tries to solve this. Project Hero is a simple and easy to use plugin that allows you to see the build/clean status of projects in your solution in a clean and visual way. The need for findinga better alternative than the Output Window for large solution build notification drove this effort. I then landed upon Marius Bancila's plugin and that was no longer supported and hadn't been updated in years, and with no source code available I started from the drawing board.

I’m in the middle of switching between the ASP.NET WIF implementation and the OWIN WIF implementation. I had some unexpected issues, but the positive thing is I learned a lot about WIF and OWIN . I had an existing project where I wanted to start using OWIN. So I included the OWIN NuGet package and added a startup class. Afterwards I started my application. But no luck, the breakpoint inside the Startup class was never hit?! What did I do wrong? OWIN is just a specification and is host independent. If you want to run it on a specific host, you have to add some extra NuGet packages. In my case, I wanted to run OWIN on IIS inside the ASP.NET request pipeline. Therefore I had to add the Microsoft.Owin.Host.SystemWeb NuGet Package. After doing that, my breakpoint was hit and my OWIN middleware was called… More information: http://www.asp.net/aspnet/overview/owin-and-katana/getting-started-with-owin-and-katana

I’m in the middle of switching between the ASP.NET WIF implementation and the OWIN WIF implementation. I had some unexpected issues, but the positive thing is I learned a lot about WIF and OWIN . One of the issues I encountered was the following error message: “A default value for SignInAsAuthenticationType was not found in IAppBuilder Properties. This can happen if your authentication middleware are added in the wrong order, or if one is missing.” Fixing it is a one-liner: app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

I’m a big fan of SpecFlow , a BDD style testing framework for .NET. For me it was a life changer, that made testing fun again. As you start to use SpecFlow more and more, you’ll see the same test steps appear over and over again. The guys from Endjin recognized the same pattern and bundled some of these steps in a re-usable NuGet package (together with some other useful functionality) . Here is the list of features from the GitHub site : Path & ScenarioContext extensions Shared Steps for dealing with Exceptions: [Then(@"an ""(.*)"" should be thrown")] [Then(@"a ""(.*)"" should be thrown")]       And Results:       [Then(@"the result count should be (.*)")] [Then(@"the result should equal the datetime (.*)")] [Then(@"the result should equal the datetimeoffset (.*)")] [Then(@"the result should equal the integer (.*)")] [Then(@"the result shou

For an integration scenario I’m working on I had to connect Microsoft Azure with my local datacenter. I know there are some solutions available to create a secure connection between your datacenter and Microsoft Azure, but in this case I had to fall back to a direct TCP connection. To minimize the security footprint, I wanted to restrict the range of IP addresses that could access my local server. But how do I know which IP address range is used by Microsoft Azure? Easy, download the Microsoft Azure IP Ranges document. This file contains the Compute IP address ranges (including SQL ranges) used by the Microsoft Azure Datacenters. Exactly what I needed…

Interested in the latest SPA web frameworks? Rob Eisenberg is presenting an introductory talk on building applications with Aurelia tonight at 7pm EDT.  It is streamed on YouTube , so you can watch it live…

I’m currently switching from NuGet to Bower as my client side package manager. The process is not going as smoothly as I hoped. During the process I got a range of problems I blogged about before. In this final post, I walk through the process of getting Bower up and running inside Visual Studio 2013. Outside the .NET world(where NuGet is king), NPM and Bower are the 2 mainstream package managers. I don’t like NPM as it creates a deep tree of package dependencies ending up with the NTFS 260 path length issue . Bower uses a flat dependency tree, requiring only one version for each package. Installation Steps Before we can use Bower inside Visual Studio 2013, we have to install 2 Visual Studio Extensions: Grunt Launcher: https://visualstudiogallery.msdn.microsoft.com/dcbc5325-79ef-4b72-960e-0a51ee33a0ff Package IntelliSense: https://visualstudiogallery.msdn.microsoft.com/65748cdb-4087-497e-a394-2e3449c8e61e Now open up Visual Studio and create a new AS

If you can’t wait until Windows 10 is released and you already want to learn how to develop against the next incarnation of Windows, Microsoft Virtual Academy created a free online course : Would you like a preview of the developer tools for Windows 10? If you’ve signed up for the Windows Insiders program , get early access and a head start on developing for Windows 10. Plus, you can offer your feedback to help us shape it! Join experts Jerry Nixon and Andy Wigley as they introduce the Windows 10 developer platform, give guidance on developing Windows universal and web apps, and take a look at some of the interesting new features for developers in Windows 10.

I’m currently switching from NuGet to Bower as my client side package manager. The process is not going as smoothly as I hoped. During the process I got a range of problems. One of the problems was that Bower throw the following error when I tried to install the Bower packages: ECMDERR Failed to execute "git ls-remote --tags --heads git://github.com/angular/bower-angular.git", exit code of #128 On StackOverflow I found some solutions that mentioned altering your global git config, but I would prefer not to do that if possible. So how did I fix it? I opened up a command prompt, browsed to the location of my bower.json file  and tried to do a bower install from there: And this succeeded! Now I moved back to Visual Studio and invoked Bower from there. And believe it or not, it worked . Anyone with a clue why this fixed the problem?