Today, I won a Surface at DevWeek…
What follow is a brief summary of the session that I attended at the 3rd overall day of DevWeek 2013 (the second day of actual sessions). Review of the other days of DevWeek can be seen here
First Morning Session
Presenter: Brock Allen (you can find his blog here, and twitter here)
Topic: Async ASP.NET
I really enjoyed this presentation. It was almost a near perfect continuation (see what I did there?) to Andrew Clymer’s talk that I went to yesterday. This talk went into specifics about how things used to be done in ASP.NET and how you can start to make use of both Task, and async/await in ASP.NET. There were loads of samples shown, and his slides were very detailed, which meant that it was really easy to follow along. Great presentation!
- ASP.NET has had async support since .Net 1.1
- HttpTaskAsyncHandler base class is new in .Net 4.5
- HttpContext is NOT thread safe, i.e contexts don’t flow by default, so when doing continuations manually, you have to take care of ensuring the original context is passed into the callback.
- jQuery doesn’t work in WebWorkers, since it is dependent on the DOM. There is however a stripped down version of jQuery available which you can use in WebWorkers
- jQuery supports a “promise” i.e. the .then() syntax
- Brock indicated that the source code for his presentation will be available on his blog in due course.
Second Morning Session
Presenter: Hadi Hariri (you can find his blog here, and twitter here)
A dynamic language that has somewhat given us a licence to do anything we want has been abused to the point that much of the blame has been placed on the language itself as opposed to the developers.
This was by far, the BEST presentation that I saw today!
- Always use ===
Due to Hadi’s style of presentation, there are quite a few quotes here, many of which I believe were said in jest, so please don’t take them out of context:
- “Feel free to get up and leave”
First Afternoon Session
Presenter: Dominick Baier (you can find his blog here, and twitter here)
Topic: Patterns and techniques for securing REST/HTTP-based services and (ASP.NET) Web APIs
The industry is moving to an HTTP/Web API based approach when it comes to modelling web services. These services are typically much more lightweight compared to their SOAP counterparts, which makes them easier to use in cross-platform and device architectures. But are they maybe too lightweight? Can they fulfil the security requirements? It turns out they can! In this talk we will have a look at how authentication and authorization can be implemented in HTTP-based services in general, and we’ll have a look at the security features of Microsoft’s new framework called ASP.NET Web API in particular. In addition we’ll shed light on what terms like OAuth2, JWT, OpenID and WS-Federation actually mean, and where these technologies make sense.
With all the buzz around Web API, it was interesting to hear in this session what needs to be done “behind the scenes” to ensure that things are secure. There are several gotchas, such as lack of built-in support for cross domain applications in Web API. The infrastructure is there to do it yourself, but it is a lot of work, and you have to know what you are doing. Thankfullly, Dominick, and his mates at thinktecture have created the IdentityModel and IdentityServer (which can be found here) which attempts to fill this void. These projects are open source, and released under an MIT license, meaning that you can do whatever you want with them. A very good presentation, although, I did feel that in parts, it was a little rushed. Also, no fault of Dominick’s, but the room was a little warm, which I think was a contributing factor to the guy in front of me sleeping through out the entire talk. I think several people were put off by this, as the gentleman in question was snoring quite loudly, but no-one had the heart to wake him.
- All Web API Security is built on top of SSL
- Authorize Attribute on ApiController specifies what Authentication is required
- New AllowAnonymous Attribute to specify that no Authentication is required
- You can create your own Authorization Filter
- No built-in support for Cross Domain applications
- Useful site for decoding tokens
- Token-based Authentication is “THE” way to do it
- When generating tokens, keep the token lifetime short
- “IF you are ignoring SSL Certificate Errors, you are not doing security properly”
- “For some reason it is in German… That means it is extra secure!” – when talking about a login prompt that appeared in German text
Second Afternoon Session
Presenter: Christian Weyer (you can find his blog here, and twitter here)
Topic: I wanna be cool! Push communication with SignalR for the web & beyond
Google, Facebook & Co. are leading the way: users want to see data and updates, live & now. There is need for a server or service to send messages and data into clients – without the client actually explicitly asking. Christian Weyer shows how .NET developers can implement this with SignalR – a framework with a simple yet powerful programming model. You should not have to care about the underlying protocols and (quasi-) standards in order to realize bi-directional communication over standard network infrastructure with potentially any device (desktop, browser, mobile) – not just for the web.
For me, Christian’s session at last years DevWeek was a stand out one! He is an amazing presenter, and clearly loves what he does. This session was no exception! We were taking on a whistle-stop tour of SignalR, including loads of real world examples, that really help to drive home how SignalR could be used in practice. If you have never been to one of Christian’s presentation, you owe it to yourself to go along to one!
- Wow, just wow! He showed how, using SignalR, you can surface changes that were made directly to the database (using SQL Server Management Studio) could be surfaced to a DataGrid running in the browser.
- CEFSharp – an embeddable version of Chrome that you can run in your .Net Applications
- Suggestion that you don’t create native applications, in the traditional sense, but rather create native apps that host a browser, and run your application there.
- SignalR Sample Applications – Mouse Tracking – truly mind-blowing what is being done in only a few lines of code!
- Regardless of browser, long polling will always work and will be used as fall back connection with SignalR
- “If your software doesn’t contain a DataGrid, you have failed!”
- “Dynamic! Ah, can you feel this?” – you had to be there to appreciate this one!
Another great day of sessions, made all the better by winning a Surface RT! Looking forward to more sessions tomorrow!