Skip to main content

Posts

Showing posts from November, 2016

NIST is bringing some common sense to password policies

As a consultant I’m frequently confronted with strange password policies. Every company I visit has different password rules with different expiration windows and so on. Although a password manager helps me to keep my sanity, I have a hard time understanding some of the multipage password rules that customers are using. But ok, if it makes our systems more secure, it’s a burden I’m willing to carry. Unfortunately there is enough research available that shows that most of these rules make no sense and doesn’t help to improve security at all… So reading the following post( https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ ) about NIST(the United States National Institute for Standards and Technology) and the new guidelines for password policies they published made me happy. An extract of some of the rules: A minimum of 8 characters. Allow at least a maximum of 64 characters(I hate it when I cannot use passphrases) No compositi

NUnit tests are really slow when using Microsoft.Owin.Testing TestServer

After introducing Microsoft.Owin.Testing TestServer in a Test project we noticed that our test execution time increased from a few milliseconds for all tests to multiple seconds for each individual test. With the help of dotTrace I noticed that most time was spent inside Microsoft.Owin.Hosting.Tracing.DualWriter . This class is used by OWIN to write all OWIN related data to the console. After removing the related tracelistener using the line of code below, I noticed that the test execution time returned back to normal: Trace.Listeners.Remove("HostingTraceListener");

Fun retrospectives

In my job as a consultant I visit a lot of development teams. Most of them are using a ‘Scrum-like’ approach meaning that the typical Scrum ceremony(Daily Standups, Sprint reviews, Retrospectives,…) are in place. However I noticed that especially the Retrospective becomes boring after a while. To spice up your retrospectives and make them meaningfull again, I recommend having a look at http://www.funretrospectives.com/ . This site brings a lot of activies and ideas together for making agile retrospectives more engaging. Part of the information is also available as an e-book at http://www.caroli.org/book-fun-retrospectives/

ASP.NET Web API 2 Request Pipeline

I remember a time where ASP.NET WebForms was mainstream and ASP.NET MVC and Web API still had to be invented. To do a good a job as an ASP.NET WebForms developer you needed deep understanding of the ASP.NET WebForms page lifecycle . (I even got some related interview questions at the time). These times have gone and now you should understand ASP.NET MVC and Web API both having their own lifecycle. Here is a great poster explaining the ASP.NET Web API Message Lifecycle : And a similar one for ASP.NET MVC : Must print material!

Xamarin Workbooks

I started experimenting with Xamarin Workbooks as a new(better) way to create my API documentation. Workbooks are an interactive combination of executable code snippets and markdown documentation. Xamarin Workbooks is a cross platform tool both available for Windows and Mac. Download information is available here: https://developer.xamarin.com/guides/cross-platform/workbooks/install/ After installation, it is time to create your first workbook: Open Xamarin Workbooks. The new C# workbook window is shown. You can choose between a Console iOS, Android or WPF app(at the moment of writing). Xamarin Workbooks uses the concept of agents. Agents are responsible to inject and execute your code in a specific application type. This means there is a seperate agent for WPF, iOS, Android,… Let’s start simple and choose Console . You are welcomed by a blank workbook. In the workbook you can add two types of cells, either an executable C# cell or a document

TFS Build vNext: Build artifacts are not cleaned up on UNC file share

A while ago, I got a message from one of my customers mentioning that their build servers were running out of disk space. As they had a lot of teams and projects and each of these projects had at least a CI, Nightly and Release build, the number of build artifacts was growing at a large pace. To keep this under control, we reconfigured the build retention policies for all our builds. I removed most of the old CI builds and we were good to go, at least that was what I thought… One week later, they called me again saying that one of the build server was again running out of disk space. I double checked all the retention policies, they all looked OK. However there were 2 things that I noticed: The builds that were consuming all the space were TFS vNext builds using the new task based system. XAML builds didn’t cause any trouble. Although I specified in the Build retention policy to only keep the latest build, I noticed in the drop folder that all previous builds were still ther

SQL Server Extension for VS Code

Yesterday I discovered the following great extension for VS Code: mssql . From the marketplace : An extension for developing Microsoft SQL Server, Azure SQL Database and SQL Data Warehouse everywhere with a rich set of functionalities, including: Connect to Microsoft SQL Server, Azure SQL Database and SQL Data Warehouses. Create and manage connection profiles and most recently used connections. Write T-SQL script with IntelliSense, T-SQL snippets, syntax colorizations, T-SQL error validations and GO batch separator. Execute the script. View the result in a slick grid. Save the result to json or csv file format and view in the editor. Customizable extension options including command shortcuts and more. Installation To install it, open Visual Studio Code Open the Extension tab by hitting ctrl-shift-x On the Extension tab, search for ‘mssql’ Click on the Install button. After the installation has completed, c

.NET Core SDK not found

I downloaded a sample project from Github to experiment with the new .NET Core.  However when I opened it, I was welcomed by the following error message: “.NET Core SDK Not Found” This is a known issue and can be solved by downloading the correct version of the .NET SDK: .NET Core 1.0.1 SDK 1.0.0-preview2-003131 download links Windows x64 - https://go.microsoft.com/fwlink/?LinkID=830694 Windows x86 - https://go.microsoft.com/fwlink/?LinkID=830695 .NET Core 1.0.0 SDK 1.0.0-preview2-003121 download links Windows x64 - https://go.microsoft.com/fwlink/?LinkID=809122 Windows x86 - https://go.microsoft.com/fwlink/?LinkID=809123 .NET Core 1.0.0 RC2 SDK 1.0.0-preview1-002702 download links Windows x64 - https://go.microsoft.com/fwlink/?LinkID=798398 Windows x86 - https://go.microsoft.com/fwlink/?LinkID=798399

TFS Build vNext : Running your JavaScript unit tests as part of your build process

Thanks to the Chutzpah test adapter , you can run your QUnit, Jasmine or Mocha unit tests inside Visual Studio using the built-in tools like the Unit Test Explorer. I’m using this VSIX for years, and it works great. But what if you want to run these same tests as part of your build process? I’ll explain the steps to get it up and running inside TFS Build vNext. Start by opening the solution that contains the test project in Visual Studio. Add the NuGet package for the Chutzpah test runner to your solution, this is a solution level package, so does not need to be associated with any project. Don’t forget to check-in the change into source control Now go to the TFS web portal. Open your build definition and add a Visual Studio Test build task: Configure the Test Assembly parameter inside the task to search for your JavaScript tests. All my JavaScript tests have ‘test’ as part of their filename so I used the following pattern; **\$(BuildConfiguration)\*

Azure: Cloud services are not available in this subscription

I encountered a strange issue when using the Azure Cloud Services(Web and worker roles). When I tried to publish the project to Azure using Visual Studio, I couldn’t continue after selecting the Azure subscription I wanted to deploy to. Instead I got the following error message: Cloud services are not available in this subscription The error is caused because the Cloud Services still use the old deployment model that is based on Azure Service Management (ASM). To deploy an ASM based component to Azure you need to be ‘co-admin’ for the subscription. Our subscription administrator made me ‘Owner’ on the new portal but this role only has impact on the new ARM based resources. So I had to ask our subscription admin to login to the old portal( https://manage.windowsazure.com ) and make me co-administrator: Login to the old portal Click on Settings –> Administrators Click on the Add button at the bottom Enter the co-admin email address and click on the OK butt

Building a modern JavaScript stack from scratch

Great tutorial I found on GitHub: JavaScript Stack from Scratch This is a minimalistic and straight-to-the-point guide to assembling a JavaScript stack. It requires some general programming knowledge, and JavaScript basics. It focuses on wiring tools together and giving you the simplest possible example for each tool. You can see this tutorial as a way to write your own boilerplate from scratch. You don't need to use this entire stack if you build a simple web page with a few JS interactions of course (a combination of Browserify/Webpack + Babel + jQuery is enough to be able to write ES6 code in different files with CLI compilation), but if you want to build a web app that scales, and need help setting things up, this tutorial will work great for you. Certainly worth the time…

SecurityTokenValidation exception: the X.509 certificate CN=LocalSTS chain building failed. The certificate that was used has a trust chain that cannot be verified.

I’m talking to a WCF service and use a bearer token to authenticate to the service. The bearer token is provided by a custom STS (during testing). However when I tried to invoke the service, I got the following error message back: The X.509 certificate CN=LocalSTS chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. And indeed this error makes sense as the tokens generated by the local STS are signed by an untrusted certificate. As we are using it for testing purposes only, it’s OK to disable the certificate validation. Open the configuration of your webservice. Add a serviceCredentials block to your serviceBehavior. Inside this block add an issuedTokenAuthentication section and set the certificateValidationMode to “ None ”. That should do

Unit testing Microsoft Orleans

Unit testing your Orleans actors in isolation is not easy. The problem is that they all have to inherit from a Grain or Grain<T> base class. This class has a lot of properties that you probably are using during the lifetime of your actor(e.g. accessing state, writing state, using the GrainFactory to talk to other actors,…) I first tried to avoid the unit testing problem by focussing more on integration testing and using the TestingSiloHost but the need to test some functionality in isolation remained. Time for a better solution… I searched around on the web to see how other people tackled this issue. Some falled back to mocking frameworks but it didn’t help to make the tests more readible. In the end I ended on a simple approach where we use some simple composition and extract the real actor logic into a separate class:

Swagger Type Provider for F#

One of the cool features of F# are Type Providers. Type providers provide an information-rich programming model where type information(types, properties, methods,…) can be deferred form internal and external information sources. For example, an F# type provider for SQL will provide the types, properties, and methods you need to work directly with the tables of any SQL database you have access to. Similarly, a type provider for WSDL web services will provide the types, properties, and methods you need to work directly with any WSDL web service. Last week I discovered a Type Provider for Swagger (a simple yet powerful representation of your RESTful API) called SwaggerProvider . Let’s see SwaggerProvider in action: Create a new F# application Add an F# code file Add the SwaggerProvider NuGet package to your project Load the provider in your module, specify the location of the swagger.json schema information and create a provider instance: If we now access

Create a clean ASP.NET MVC project

One thing I find annoying when creating a new ASP.NET MVC project is that the default templates are not well suited for my needs. You can take the MVC template but then you end up with a lot of extra stuff that you don’t need or you can choose the Empty template but then it is… too empty . I need to have something in between where I have the minimal set of boilerplate code without all the extra stuff added by the MVC template. Here is a way how you can do this: Start by creating a new ASP.NET project . Choose the Empty template from the list of available templates. Click OK . Once your new (empty) project is created, right click on the project in the Solution Explorer and choose Add –> New Scaffolded Item… Choose MVC 5 Controller – Empty from the list and click on Add . After the scaffolding is complete, you have a minimal set of starter code available… Great tip from a colleague, thanks Koen!

WCF Error when using BearerTokens - The security token is used in a context that requires it to perform cryptographic operations, but the token contains no cryptographic keys.

By default WCF uses symmetric encryption for token validation. However in our situation we were using a custom STS that created bearer tokens. This means that we don’t provide any proof about our identity. When we tried to use the token to call a WCF service we got the following error message: The signing token Generic XML token:    validFrom: 10/31/2016 10:52:49    validTo: 10/31/2016 11:52:49    InternalTokenReference: SamlAssertionKeyIdentifierClause(AssertionId = '_129cb505-83f0-4af0-a455-c51b51926d3a')    ExternalTokenReference: SamlAssertionKeyIdentifierClause(AssertionId = '_129cb505-83f0-4af0-a455-c51b51926d3a')    Token Element: (Assertion, urn:oasis:names:tc:SAML:1.0:assertion) has no keys. The security token is used in a context that requires it to perform cryptographic operations, but the token contains no cryptographic keys. Either the token type does not support cryptographic operations, or the particular token instance does