Thursday, 5 November 2009

SQL update with INNER JOIN

Just a reminder to self:

update ICD
set ICD.if1_deleted = 'Y'
and ID1_NAME =
and ID1_VALUE = ''

70-536 Passed :)

Friday, 23 October 2009

Reflecting on a Reflection description

I was quite surprised when I arrived at the Reflection chapter in my self training book, because on the first page I found the following:

Reflection is useful anytime you need to examine or run code that isn't available at runtime.

MTS Self-Paced Training Kit (Exam70-536): Microsoft .NET Framework - Application Development Foundation, SECOND EDITION

After I read this, I fear I really need to study Reflection, because the reflection I studied at the university, was exactly the opposite. But I guess just because reflection means something in the Java world doesn't mean that its the same on .NET.

Thursday, 15 October 2009

Code Access Security (CAS)

In the .NET framework all assemblies (which run managed code) is running in their own security scope. Which doesn't just depend on the user running the assembly(in respect to the Role-Based security (RBS)) but also on the Code Access Security (CAS).

The CAS system gathers evidence to identify assemblies to determine which code group the assembly belongs.


Evidence is data which the CAS collects at runtime to determined the assembly's security level, like a user is identified by username and password.

Examples of Evidence is:

  1. Applications directory

  2. Hash

  3. Publisher

  4. Site

  5. Strong Name

  6. URL

  7. Zone: The zone in which the assembly is running(Internet Zone, Intranet Zone, or Trusted Zone)


There is a long list of things an assembly needs to have permission to do, like sending web requests, read or write files ect. for a complete list look here: (System.Security.Permissions Namespace)

A specific example could be the File dialog permission(link), which specifies whether an assembly may present one to the user. Another permission can be File IO which restricts access to files and folders(link)

Permission set

So, this seems pretty straight forward, a permission set is a set of permissions right, it is a so called ACL (Accesss Control List), which means it is a list of permissions, used by the CAS to verify whether it should give permission/access to an assembly.

A well known permission set is the Internet default permission set, which contains the following permissions:

  1. File Dialog

  2. Isolated Storage File

  3. Security

  4. User Interface

  5. Printing

Most are self describing, even if it is worth noting that the Security permission gives the permission to execute, but as with all permissions there are many levels of a permission, look further here SecurityPermissionFlag

.Net framework contains seven default permission sets.

Code group

Based on the evidence, an Assembly is places in a specific code group. A code group is a user groups provided to RBS, its connects the assemblies with permission sets. A group membership condition is determined by one piece evidence which the assembly should have.

An assembly can be member of several groups, if so the assembly will receive the union of the permissions in the permission sets.

Code groups can also be nested inside each other, which allows the manager to make arbitrary complex structures. An example of such a hierarchy is: assemblies with Microsoft strong names is placed in a group called Microsoft_Strong_Name code group, which is contained in My_Computer_Zone code group which again is contained inside All_Code. (in short All_Code->My_Computer_Zone->Microsoft_Strong_Name)


Security Policy

Okay so all these things together, should also have a term, so we can make different sets of all these things, and these sets is called a security policy.

A security policy is a logical grouping of code groups and permission sets. The security policy is used to group the security into levels. There are four default security policy levels; Enterprise, machine, User and Application Domain.

Since these overlap an assembly's permission set is the intersection of the policies.

By default, the Enterprise and User security policies grant all code full trust.

Put It All Together

The system administrator can make security policies for the hole network (enterprise security policy), for each computer, for each user, and application domain.

Inside each policy he might look at the different code groups (fx. My_Computer_Zone, LocalIntranet_Zone, Internet_Zone) and check permission set of the groups.

When an assembly is loaded, the system will look at the evidence, and figure out which groups the assembly is in. then all the permissions of these groups are joined, but then you have to take the intersection of the policies, meaning that the policy which is most restrictive sets the permissions. when all this is finished the CAS will compare notes with the RBS of the operation system, and again choose the most restrictive set of permissions. This is also called Security stack walk

Wednesday, 7 October 2009

System.Drawing for backend programmers... hmm

On my quest to become certified microsoft programmer I have arrived at chapter 6 in my self paced training kit for exam 70-536. Which is about drawing graphics. So far I have seen the logic in the topics that every Microsoft certified something should know - reading from files, using different encodings, but drawing graphices, is a bit of a strange topic to put in the basic certificate. Especially when you take it to be allowed to take 70-503 exam which will enable you to call yourself Microsoft Certified Technology Specialist (MCTS) in .NET Framework 3.5, Windows Communication Foundation, which is about communication in distributed systems.

Anyway, now I have just learned to make a jpg file with the following picture:

Which I am sure will come in handy next time I develop a WCF web service, or create a distributed application.

Did it with the following code: (more or less taken from the book)

Bitmap bm = new Bitmap(600, 600);
Graphics g = Graphics.FromImage(bm);

Brush brush = new LinearGradientBrush(new Point(1, 1),
new Point(600, 600),
Color.White, Color.Red);
Point[] points = {
new Point(77,500)
, new Point(590, 100)
, new Point(250, 590)
, new Point(300, 410)
g.FillPolygon(brush, points);
bm.Save("bm.jpg", ImageFormat.Jpeg);

Saturday, 3 October 2009

Streams and readers/writers

Finished chapter 2 in the 70-536 training kit book about IO (input/output)

I imagine things like this metaphor: imagine that you have an old tape recorder. You have you tapes and a machine to read it, and record it.

A tape is basically just a stream, which is ready to be read or written in a specific place. The same is the case with the streams in .NET. In the .NET framework is just nice enough to rewind the tapes every time you take out the tape from the machine.

A tape is best used with a reader/writer so to use the stream a reader is created, or to record something a writer is created.

Then there are different kinds of tapes, some are IsolatedFiles which can only be read by your machine.

Wednesday, 30 September 2009

70-536 exam links

A list of links which I found that was interesting for the certificate. (will be updated)

  • Nice friendly blogger who has decided to make a link to a page that describes every aspect of the 70-536 exam link

Sunday, 27 September 2009

WCF service behavior

Unlike the contracts and the addresses a behavior does not always affect both client and server. A behavior can be local and affect only the server sides way of processes the messages.

A behavior is not exposed as part of metadata.

A behavior can either be a service behavior or an endpoint behavior:

Service Behaviors (behaviors which implement IServiceBehavior

A typical service behavior is the debug logging behavior, which is enabled by adding a serviceBehavior in the config file.

Like this:
<behavior name="serviceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>

One thing that is important to remember is to associate the service with this behavoir. like this:

<service behaviorConfiguration="ServiceBehavior" name="host.HelloIndigoService">

Behaviors can of cause also be added programmatically.

Endpoint Behaviors(behaviors which implement IEndpointBehavior

A endpoint behavior is defined in the same way, but here its not associate with a service but with the actual endpoint.

WCF Metadata Exchange (mex)

To my understanding, metadata exchange (in WCF) means whether the service will offer a WSDL or other types of metadata to a client to enable them to autogenerate a proxy for the web services.

By default it is not enabled to exchange metadata, so its something that has to be added as an extra endpoint.

The endpoint works as any other endpoint (see link), where the contract type IMetadataExchange is mandatory. This contract type is a predefined service contract which is found in System.ServiceModel.Description namespace.

The endpoint can have different kinds of bindings like MexHttpBinding (meaning HTTP), MexHttpsBinding (HTTPS)

From a web service perspective it seems a bit strange that you would have to specifically add an endpoint to allow metadata transfer. But since WCF is a general communication framework I'm sure there is lots of places where its better not to have a service sending out metadata.

WCF service endpoint

An endpoint is defined by an address, contract and binding.

A address can be defined in the following ways (in the config file) either as implicit using the base address (which is required to be defined):

<endpoint binding="basicHttpBinding" name="basicHttp" contract="Host.ItecneckService" />

Which would make the service address: "http://localhost:8000/tecneck/"
or as a relative url:

<endpoint address="TecneckService" binding="basicHttpBinding" name="basicHttp" contract="Host.ItecneckService" />

making the url: "http://localhost:8000/tecneck/TecneckService"

or full url:

<endpoint address="http://localhost:8000/tecneck/TecneckService" binding="basicHttpBinding" name="basicHttp" contract="Host.ItecneckService" />

The base address is added like this (under the <service> tag):
<add baseAddress="http://localhost:8000/tecneck"/>

A Service can have several endpoints but they have to be unique, and differ in either address, contract or transport protocol. There can be several reasons why a service would have multiple endpoints for example:

  • The service implements several contracts, which could each need their own endpoint

  • More the one protocol should be supported

  • same service must be accessible by clients with different binding requirements, possibly related to security, reliable messaging, or transactions.

Thursday, 17 September 2009

The Pomorodo order

One of the things I have realised after I started using the Pomorodo technique, is that I am very bad at working on one thing at the time. Not working and chatting, or checking emails and so on, but continue and finish working on one task without working on other problems also.

So I set a mark at the task I'm working on, when I start, so I don't get tempted to shift between them :-)

Tuesday, 8 September 2009

How do you keep the pauses short with the Pomodoro Technique?

After half a day of using the Pomodoro technique, it seems that my biggest problem is to keep the breaks between the pomodoro's (or is it pomodori as it would be in Italian) short. Because my purposeful going away from work always enters in a conversation with a colleague which everybody knows takes a lot more than 3-5 minutes in Rome, or reading an article online...

On the other hand it also seems a bit hash to start putting a clock on the pauses... hmm what to do?

Doing the pomodoro technique.

Today on facebook I saw a friend mention a new agile technique called the pomodoro technique. Since Im doing a lot of documentation these days, and not really that motivate, I tought that it would be fun to try.

I found a pomodoro-technique-in-5-minutes post.

After skimming the post, I am now ready with my pen, three sheets (Records sheet, Activity Inventory sheet and To Do Today sheet), to start out using this pomodoro technique.

Still feel a bit unsure about the Records sheet, but hopefully Im going to figure that out in my first pomodoro: "Read the pomodoro technique book". Since I have a lot to do I will only allow one pomodoro for this, and read the rest later.

book is downloadable here:

So first pomodoro is finished, and I read concentrated in his book about how to continue using his technique. First I love the fact that it is an Italian who came up with the idea, living in Rome I don't really feel that Italians have much need for structuring their time too carefully.

Francesco Cirillo explains that you should add a "'" in your "To Do Today" sheet when ever you get an impulse to do something else, checking email, check facebook ect. and write it down on your list of things to do either on the "To Do Today" list or the Activity Inventory sheet if it doesn't need to be done today.

Even if I only read the first 20 pages of the book (45 in total) I see I need to priorities my work day a bit, and focus on the things I need to finish, and read the rest of the book tonight ( should I put it on the Activity list :)).

Tuesday, 16 June 2009

Visual Studio 2005 short cuts

Its important to know your tools. So here follows a quick list of short cuts for VS2005. (for a complete list (found it after I wrote everything below link)

Clipboard HistoryCtrl+shift+V
Opens object browserCTRL+K, CTRL+R
Delete the selected line.CTRL+Shift+L
cuts the selected line into the paste buffer.CTRL+L
Transpose Words CTRL+Shift+T
Show Solution ExplorerCTRL+ALT+L
Show Toolbox CTRL+ALT+X
CTRL+BREAK Cancel Build
Build SolutionCTRL+SHIFT+B
Start without debugging CTRL+F5


Step Into F11
Step Over F10
New Breakpoint CTRL+B
Next error or warning location F8
CTRL+SPACE Complete Word, this one's brilliant - no need to type in the full variable name type in few letters and hit this key combination
Comment selected area CTRL+K,CTRL+C
Uncomment selected area CTRL+K,CTRL+U


Search and replace in entire solution Ctrl+Shift+H
Incremental search Ctrl+I
Incremental search backwards Ctrl+shift+I
Find Next F3
Find Previous SHIFT+F3

Plan to expand it, until I find the one that I am looking for.

Friday, 27 February 2009

Easy way to make UML Sequence Diagrams

It is often very useful to make an UML sequence diagram, to explain functionality to a customer or colleagues (or simply to yourself). Here is a simple and easy site to make simple ones:

You can even embed on in your own site, by following the tutorial here link

an example could be:

Alice->Bob: Authentication Request

Thursday, 8 January 2009

Default values of minOccurs and maxOccurs

The default values of minOccurs and maxOccurs is 1. Meaning that the following XML schema element allows zero or one element:

<xs:element name="realmCode" type="CS" minoccurs="0"></xs:element>


<xs:element name="realmCode" type="CS">

allows one and only one.

W3 specification