Yesterday I was tagged on Facebook by Hunter Payette, son of Carey Payette for the ice bucket challenge for ALS. I did some research, and learned that this Ice Bucket Challenge was the brainchild of former Boston College baseball player Pete Frates.
You learn more about Pete and the Ice Bucket Challenge from ESPN.
Next Pluralsight Course: Advanced ASP.NET Web Forms
I was a bit coy about my next Pluralsight course, but now lets get right to it. I’m going to open the box and show you all of the cool tricks that can make you successful with an Advanced ASP.NET Web Forms course.
This course is designed to cover:
- Building re-usable components
- User Controls
- Custom Controls
- Scaffolding
- Dynamic Data
- Advanced Data Access Techniques with Model Binding
- The OWIN-based ASP.NET Identity and Security sub-system
- Extensibility of ASP.NET with Modules, Handlers, and Dependency Injection for Web Forms
- Unit Testing your Web Forms
I wanted to cover these topics to deliver the insight and abilities that made me a successful web forms developer. You shouldn’t be mired in repeating your code and stuck software practices when you can use these features to make your web forms development easier.
Oh, and just to sweeten the pot: I’m bringing some of the Telerik secret ingredients to the controls modules so that you can learn some of the techniques that help us to create the tools that you know and love.
I’m actively producing this course now, and hope to have it delivered in August. Are there any problems that you have with ASP.NET web forms that you want to learn how to solve? Sound off in the comments below
Application Security: Where You Want It, When You Need It with Visual Guard
This post originally appears on CodeProject.com
I’ve been spending a lot of time thinking about application security recently. This used to be one of those topics I would plan to implement last when I read specification documents for projects. “Security is easy … just put a few If/Then statements around the things that need to be secured and we’re done, right?” Then I went shopping at a large American retailer in the winter of 2013. Their systems were compromised and three months later, my credit card was shut off while I was attempting to pay for dinner at a nice restaurant. That hurt … and security of applications suddenly became a problem that hurt me in a REAL way.
When I think about all of the .NET applications that I have written over the last 10 years, I’m sure there are many features that could use an improvement to their authorization policies. Perhaps that customized authentication provider I wrote could be hardened a bit more. I think I’ve tried to play the security expert too much in the past, and if I were in a place to maintain those applications today, I would be thinking real hard about how to implement better security in them. After doing some research and looking at the new techniques published by Microsoft for securing their frameworks, I think I found a third party solution that does a great job with green-field and brown-field applications.
I’ve been reviewing Novalys Visual Guard for the last 2 weeks, and found some really interesting nuggets in this package that would make my network administrators stand up and take notice. Let’s start with the basics: Visual Guard will let me configure a secure repository for my organization in several mediums including Microsoft SQL Server, Oracle Database, and a file share. In this repository, I can connect Active Directory or any number of third party OAuth providers for my users. Sweet! However, storing user credentials is just the tip of the iceberg.
User Authentication is the door that opens to get access to an application. It is your logon page, the logon screen, and the persisting of those credentials for the duration of time that someone is using one of your secured applications. Notice the use of the plural there: applications. Visual Guard allows me to configure a security repository that can administer many applications for a shared user base. With theVisual Guard console, I can clearly see what applications are managed and the permissions available inside of each application. Let’s go over that again: permissions for an application are managed outside of the application.
Even better than permissions managed outside of the application, I can configure multiple servers to manage the authentication and authorization rights in my application. That gives me scalability, and according to the manuals that I read through, it is even possible to configure Visual Guard to allow management of users and permissions with a web based console. There’s a ton of flexibility in the deployment of the Visual Guard server, and I’ve only just scratched the surface.
The web-based console can have its look and layout customized, even integrated into my application so that it appears seamlessly alongside my content. I can then review and manage security from anywhere in the world, with any device that can connect to my website.
The windows console shows a tree of information about an application, like this one for the Console itself. You can clearly see the permissions available under the Visual Guard Console – Permissions folder. These permissions are grouped into Permission Sets and then assigned to Roles. Finally, roles can be assigned to users to grant authorization inside of your applications. With one set of credentials, I now have a single-sign-on across all applications that are integrated with my instances of the Visual Guard server.
The killer feature here is the integration with your application. This is where I really saw an application for those long-life applications that I wrote many years ago. You can add Visual Guard on to an existing web application without having to recompile! Due to the provider model of the ASP.NET web forms project, as long as your login page is using the security providers defined in web.config, you should be able to swap out the authentication provider for Visual Guard. After that, the addition of an HttpModule is all you need to secure the rest of the application. Visual Guard secures your application by intercepting normal events as they occur, and allows you to specify what actions to take at those events.
Each permission defined in Visual Guard can have Property Actions or Script Actions associated with it. These are codified changes to make to your application, written and managed in the administrative console and executed at run-time of the application. You can do something as simple as create a ViewGrid permission and set the Visible property on a grid to true if the user has that permission. Once the permissions are defined, this can be managed by your operations or security teams with no intervention from a developer required. There are more advanced integrations available that involve a developer modifying code to provide additional security checks if that is what you require. However, this is too cool for me to be able to delegate the authorization checks of my application to the operations team!
Another interesting feature that Visual Guard could help me with is multi-tenancy. I have architected and written several large multi-tenant applications in my past, and the story of data access and security is always a sticky one to describe and get correct with thousands of lines of code to manage. Visual Guard has built in inheritance of permissions from group to child-group. This hierarchy is a nightmare to manage in a SQL database, and I can now rely on Visual Guard to apply that hierarchy and data-filter for me.
Finally, there is always a question of accountability. Who performed what secured operation and what time in the application? In the past, I’ve written huge database tables and logging mechanisms to provide this auditability of secure content. Visual Guard provides an audit report that outputs all records of security checks in your applications. After having handcrafted several of these services, I am happy to see that I don’t need to do that again. According to the docs from Novalys, Visual Guard is HIPPA and SOX compliant … another headache that I can leave to professionals who are focused on that task.
My mindset on security has changed. No longer do I view it as an afterthought that can be added to my code once I have the core functionality working. Now I see security as something that I can partner with my operations team to implement. I can enable them to secure the services we are producing with the help of Novalys Visual Guard. This leads to more secure systems, security officers who are more aware of how software services are secured and more secure control of authorization capabilities within those facilities.
Disclosure of Material Connection: I received one or more of the products or services mentioned above for free in the hope that I would mention it on my blog. Regardless, I only recommend products or services I use personally and believe my readers will enjoy. I am disclosing this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.
Microsoft MVP – Two Years Running..
This morning I was renewed as a Microsoft MVP in ASP.NET and IIS. This is a tremendous validation of the efforts I have put in through conference appearances, Pluralsight courses, blogging, and writing of other articles.
I’m going to be writing a lot more in the coming weeks and months on the advances in ASP.NET vNext, my next Pluralsight course, and I’ve got an app idea or two in the plans as well.
Stay with me and I think you’ll find some neat angle brackets, curly braces, and web goodness coming from yours truly before the summer is out.
MultiTasking is a Myth
Yesterday, I took my family to the Franklin Institute in Philadelphia (we have a membership there) and visited their new permanent exhibit on the brain. While going through, I found this display and it really hit home for me:
I have always had a problem with multitasking. Its not something that I can do well, as I prefer to focus on one thing at a time, giving it my undivided attention. Once I’ve completed that task, I move on to the next task. As someone who works from home, I’ve found several benefits from this approach, and I’ve also found several pitfalls.
Successful Techniques
1. Make a list and stick to it
I’ve made task lists all sorts of ways in the past. I’ve used a paper notepad, notepad.exe, Outlook Tasks, OneNote, and Trello. They all are used for the same thing: allow me to forget future tasks and only focus on the current item.
This is one of the concepts behind Kanban and Scrum. You can only take one task card at a time to be worked on. Once the task card is finished, it gets placed into another queue for review and validation by other team members. Trello is an excellent free tool for this, but has its drawbacks, as do all online task managers.
The biggest problem I have with the online task list manager is what I can the “in your face” problem. I need to open the application or navigate to the website in order for me to face my task list of the day. It is all to easy for me to say, “lemme open Facebook first” or “hey what’s going on at LinkedIn” before I face my list of tasks for my work session.
However, by keeping a paper list of tasks and leaving them on my desk chair, or on my keyboard. Now, I need to look at my to-do list before I begin working on anything. It may seem simple, but it keeps someone like me who can get distracted very easily on task right from the get go.
2. My Office is My Work Space
This sounds like a simple idea, but let me describe for you my mindset. I have a room in my home dedicated as my home office. When I am in that room, I am in there for one purpose only: to accomplish ‘work tasks’. After a bit of practice of this habit, I now get in the “working mood” just when I walk into the room. My mind knows that good stuff will be accomplished once I sit down.
This also has the side-benefit of ‘training my family’ that when Daddy is in his office, he’s working and we should leave him alone. Not that I want to be an office hermit, but this bit of training can grant me several hours at a time of uninterrupted work. In a home with two young daughters, this can be a welcome retreat.
3. Get in “The Zone”
If you’ve ever been there, you know what I’m talking about. “The Zone” or “Flow” as psychologists call it can be intoxicating. This is when your mind is fully immersed in a task and everything around you just falls away as unimportant. You’ll exit the zone and find out that five to ten hours have gone by and you haven’t eaten or been to the restroom in that time.
In the film The Social Network, they refer to this phenomena again and again as being “wired in”. The coders in the movie are oblivious to what’s going on around them and solely focused on their code:
For me, when I am analyzing some source code to better understand it, I start to enter this mindset. I’ll move further into it as I begin to write code and see the fruits of my progress. When I need to wait for a compilation or other process to complete, I’ll grab a Rubik’s cube and solve it while sitting at my desk. I can usually complete a cube in less than two or three minutes, and this has been an effective tool to keep my mind active.
Another trick I use to keep my mind going involves poker chips. Yes, I enjoy an occasional game of hold ’em, but in this case I’m not playing poker, just shuffling the chips. What I do is take a stack of 10 chips, typically of two different colors, and break them into two equal stacks of the same color. I then merge the two stacks, inserting a white chip between two blue chips. This should result in the stack perfectly merged, with white chips alternating between blue chips. I’ll repeat this separate and merge process until I get the chips back in a state where the two sets of colored chips are completely isolated from each other, like in the pic above.
Former co-workers will tell you, when they hear the sound of the shuffling poker chips, they know I am deep in thought and stuff is getting accomplished.
Carl and Richard on .NET Rocks had a great episode this week talking to Mark Seeman about getting in the zone. They have some great tips there, and its worth a listen.
Problem Areas
These are 3 great ideas to help me get in the zone, get focused and get going at a high speed. Unfortunately, the following problems arise that prevent my productivity.
1. The list runs empty
When I run out of tasks on my list, I end up wandering aimlessly. This can be a good thing, but typically its a bad thing. It is a good thing when I can take time to relax, grab a frosty adult beverage from my friends at Redds Apple, and take it easy. However, my mind is constantly racing at new ideas, and even when I’m not actively working on something, I like to write down ideas in OneNote on my phone.
2. Interruptions – Arrgh!
This is the killer one for me, and where that passage I read at the Franklin Institute grabbed me. Interruptions murder my productivity. This can be anything from a text message, a new tweet that mentions me, or some great post from a friend on Facebook. Kids wandering in to my office complaining about what their mother has chosen for dinner and buggy software that I’m using that prevents me from working productively are more time sinks that I try to avoid.
Like the sign at the beginning of this piece said, you can’t truly multi-task. The best you can hope for is context switching, and synchronizing your current mindset to paper or some other medium that you can use to pick up and return to your previous state quickly. Coworkers and family members have gotten very frustrated at me when they have attempted to engage me while I am ‘in the zone’ and I need to take that minute to “save my progress” so that I can resume after I’ve addressed their questions.
I’ve also learned to shut those things out, to silence my phone and to use a pair of gaming headphones with decent noise cancelling capabilities to limit the amount of ambient (read: distracting) noise that enters my head. Combine that with some mellow music (my current preferred tunes are from Lindsey Stirling) and I can stay very focused for hours on end.
3. Outside of my space
When I’m out of my space and can’t get comfortable, it is very hard for me to get in the zone. Sitting at the airport, in a coffee shop, in an office with lots of traffic going by my desk… these are all places that I have found very difficult to enter the zone. However, I have found tremendous value in the desk in a quiet hotel room.
I’ll pull the drapes shut, turn the lights down, so that the only light is coming from my laptop. With a nice venti caramel macchiato by my side, I can code anything! Its a strange experience, being away from home and feeling like I’m back in my comfortable office, but it works.
Summary
This is just a collection of tip about what works for me. Productivity and getting in the zone are difficult things to manage, and I like to manage them as best as possible through these simple environment management techniques. What works for you? Share your tips in the space below.