Friday, 18 December 2009

Installing AppFabric Caching Beta 1, Part 3

In Part 1 of this (unintentional) series, I talked about how the AppFabric installer works only with Integrated Security and so I needed a domain before I could install it, and in Part 2 I talked about how I then built said domain. At this point I tried once again to install AppFabric on CACHESERVER1, with all it's Integrated Security goodness. And failed. When the installer got to the configuration screen, I entered SQLSERVER in the connection string dialog, then clicked on the dropdownlist to get the list of databases on SQLSERVER. I then got a Timeout error in trying to retrieve the list of databases. No matter what I tried, I couldn't get this to work. I created a UDL file on CACHESERVER1, running Integrated Security, pointing at SQLSERVER, and confirmed that I could not only see SQLSERVER and retrieve a list of databases, but successfully connect to a database. I raised this as a question on StackOverflow and on the MSDN AppFabric Caching forum (where it looks like I'm not the only one having trouble with installations). And whilst it looks like at least some of the AppFabric team have been answering questions on the MSDN forum, I've had no answer at all to my posts.

Since then, my development laptop has been rebuilt with Windows 7, which has necessitated rebuilding my server environment from scratch with Virtual PC for Windows 7 (though there was a flirtation with VirtualBox, which I may yet go back to, although at the moment I find the process for setting up differencing disks a little too involved for my taste). With a rebuilt set of servers, I turned back to the AppFabric install, however there was one subtle difference in the server builds this time around. In trying to use the UDL files to verify that the server could contact the database ahead of the install, I encountered a problem that the SQL Server Native Client provider was not installed, so to fix this I installed the Client Connectivity bits from the SQL Server 2008 disc. When I then tried the AppFabric installer, this resolved the issue of not being able to any databases on the server. Result!

Well, not really. Although this let me proceed with the installation, the installation failed with error code 2. And no explanation for what this error means or how to fix it. And once again, the MSDN Forum has (so far) been no help. I've tried a few other things since then, including using the XML Provider for storing the configuration information instead of SQL Server. This I actually watched as it created a ClusterConfig.xml file on the network share I'd set up (thus proving that the account had enough rights on the folder), and then  removed the file again. The installation failed with error code 2. Tonight I tried something else - when you select the SQL Server provider and go to enter the connection string, you can enter your own connection string, or leave it selected at Default. I tried it with Default, thinking that this would create, perhaps, a SQLExpress database that I could then transfer to my SQL Server. At the very least it would give me a working AppFabric installation that I could play with. No. Leaving the Default radio button checked does, from what I can see, nothing. There is no 'Default' connection string, in fact the installer doesn't even allow you to continue if you select this, making it the stupidest UI possible.

All of which leaves me totally stalled on working with AppFabric since I have yet to find a working configuration. It's all very tiresome.

Tuesday, 24 November 2009

Installing AppFabric Caching Beta 1, Part 2

Last week I blogged about how far I'd got with installing the AppFabric Beta 1 caching engine, in which I got stalled because the caching configuration only supports Integrated Security with SQL Server. In this part I'll cover how I've got round this problem by building a domain on my virtual servers. IT Pros may wish to skip ahead to Part 3 (or point out in the comments my no doubt numerous mistakes in how I've gone about this).I've used two reference sources in going about this: this Microsoft article, and Dave McMahons Network Admin for Developers sessions (part 1 part 2) from DDD7.

My setup is as follows:

All servers are running Windows Server 2008 on Virtual PC 2007, and all on fixed IP addresses from upwards. Liam's already blogged about my initial troubles in getting these servers to talk to each other - they currently all have each other's names and IP addresses in their hosts file.

So, building the domain. Step 1 is installing the Active Directory Domain Services role on to SQLSERVER. This allowed me to create my velocity.local domain with SQLSERVER as the domain controller. I then created a pair of users, VelocityAdmin and VelocityUser - my plan is to use VelocityAdmin to install AppFabric onto the CACHESERVERs and then change it to use VelocityUser in normal usage, but we'll get to that in Part 3. I've also created SQL Server logons for those accounts with permissions on my VelocityConfig database.
With the domain and domain controller all set up and running Active Directory and DNS I can now add the other servers to the domain, and this is where I hit a problem. Every time I tried to add CACHESERVER1 to the domain, I got an error:

I tried a number of different things to get round this but eventually I figured it out - when I configured the network settings originally (in a non-domain world), I didn't setup a DNS server. Once I entered the IP address for SQLSERVER, I could join servers to the domain.

So at the end of all that I now have a network of servers all running under a domain. The next piece of the puzzle is to go back and try installing AppFabric Beta again, which will be Part 3 of this short series.

Friday, 20 November 2009

Installing AppFabric Caching Beta 1, Part 1

So Velocity now has a 'proper' name - AppFabric Caching, and it's finally in beta.

AppFabric Beta 1 can be downloaded from but it has a big list of dependencies and Microsoft didn't link to the download page for each dependency :-(

So, things you will need to install before installing AppFabric Beta 1 on Windows Server 2008:
IIS Web Deployment Tool (

Go get it all and install it - it's OK, I'll wait...

Got all that? Good, let's continue...

Fire up the AppFabric installer. Once you get past the licensing, you get to this screen:

This is where you select what to install. By default the Worker and Distributed Cache Service components are selected. The Worker component is for the Workflow and Windows Communications Frameworks parts of AppFabric. Assuming you're just interested in the caching side, unselect Worker and select the others.

Then we're into the caching configuration screen. If you installed one of the Velocity CTPs this will look fairly familiar.
Note that the default is Join Cluster, not New Cluster, and that there's now a fourth port required (though it might have looked a bit better if the four ports had been arranged in ascending order).
 You can still choose whether to store the caching configuration in XML files on a network share or in a SQL Server database, but there are some changes here, especially in the way you enter a SQL Server connection string.

Whereas previously you could enter by hand a connection string, you now enter the name of the server and, once the list of databases has been retrieved from the server, the name of the database that holds the configuration information. The installer then creates the connection string for you. Or you can click the Default radio button and go with the default connection string. However as this puts nothing into the connection string box, you can't see what the default is. More annoyingly, if you do click the Default option, you then can't get back into this dialog to change your mind without cancelling out of the installer and starting the install again.

Note that the connection string is using Integrated Security. And you can't change it. And you can't set the account that AppFabric runs under.
I liked the old installer where you entered your own connection string. It had a couple of quirks about what it considered to be a valid connection string, but that was OK because I'd learnt what they were. Now I feel like I've lost an element of control - I'd rather decide myself that I want Integrated Security, thank you.

And this is as far as I've got on my Velocity demo setup. Every time I finish the install, it installs the caching engine but fails to configure it. I suspect this is because although I have a network of virtual servers set up, I now need to add a domain and accounts so that the Integrated Security works.

To be continued...

Saturday, 31 October 2009

StackOverflow DevDays Cambridge Review

I attended the StackOverflow DevDays event in Cambridge yesterday, here's my review now I've had a little time to compose my thoughts...

Overall I enjoyed it lots - I saw lots of interesting bits and pieces that I want to go back and investigate properly. Here's the session-by-session breakdown:

Keynote - Joel Spolsky
Joel's theme was Simplicity vs Power and the (perceived) paradox that giving users more choice makes them less happy. It was an interesting session with some food for thought about UI design.

Yahoo Developer Tools - Christian Heilmann
I'd expected this to be about the YUI Yahoo Javascript library, however it was actually more about creating mashups using Yahoo's YQL library. Which is fine because YQL seems very cool. It takes SQL and applies it to the Internet- sites like Flickr and Yahoo Maps look like tables and can be joined, so you could, say, put up a map and overlay it with pictures taken in the appropriate places. One thing that was very impressive was Christian's use of the tools to create a tag predictor for StackOverflow, which when you type a question, looks at what you've typed and uses it to generate a set of tags for the question - I expect we'll see this implemented on the site before too long.
An audio recording of Christian's talk is here.

Seven Principles for Systems Security - Frank Stajano
This talk showed the principles by which people get scammed, whether in a shell game in the real world, or as part of a 419 fraud. Frank used video from BBC's The Real Hustle to demonstrate some of these principles. Unfortunately I didn't think there was enough linking of the principles to designing security into systems, so whilst it was an interesting session, it was only generically so. Frank's original paper can be found here
(I should mention that I don't think I'd fall for the scam involving the honeytrap - I'm a geek, if a pretty girl starts talking to me, I'm instantly suspicious!)

FogBugz - Joel Spolsky
I saw Joel last time he came to Cambridge on the FogBugz World Tour, so I'd seen much of this before. The section on Kiln was new though, and it looks interesting. It does however rely on an available Internet connection - our company lost our main Internet feed last year for about six weeks, we'd have been boned if we'd been using it then.

ASP.NET MVC - Steve Sanderson
This was a tour through developing an application using the MVC stack for ASP.NET, although ASP.NET MVC 2.0 would have been a more accurate title as Steve used the MVC 2 bits for all his code. Which was no bad thing, and it was really interesting to see him using jQuery, including jQueryUI - I did feel that this session and the session after it would have worked better the other way round, with an intro to jQuery first and then showing it 'hands-on' integrating with ASP.NET. Steve went through it all really quickly, which I think may have worked against him a bit as he was on after lunch, however for a change in the first afternoon session of a conference I managed to stay awake and interested!

jQuery - Remy Sharp
This was an overview of the core jQuery library, and although Remy was an engaging presenter, I felt it suffered a bit in trying to go through everything that jQuery covers, I thought it would have worked better in focussing on some of the common tasks that developers need to address with JavaScript and showing how using jQuery makes it easier/less code etc. One thing Remy did cover was how to create a jQuery plugin, which takes a lot less code than I'd anticipated. At the end of the session Remy started to use jQuery to build a tag cloud based on the Twitter lists he's on, which was getting really interesting until he ran out time. I thought he was going to finish coding it in the break and then show it at the start of the next session, but actually he finished and demoed it in the break, so I missed it :-(

Python  - Michael Foord
The last technical session of the day was on IronPython, which is something I've flirted with learning now and again. Michael demonstrated using it to build a spell checker which uses the algorithm that Google uses when you mistype something and it comes back with 'Did you mean...'. Which is done in 21 lines of code and uses some statistical analysis based on some source text like a dictionary, the works of Shakespeare etc. It works out every permutation of letters based on what you typed and compares it to every word in the source text to find the most likely word you meant e.g. in the source text 'the' occurred about 80 000 times, meaning if you type 'teh' it's most likely you meant 'the' and that's what it matches you up with. Michael then demonstrated that the results of the algorithm can be fed into itself enabling it to correct two errors in a word. Very neat and worth some investigation.

StackOverflow - Jeff Atwood
Jeff talked about the evolution of the StackOverflow trilogy, the team, StackExchange and the importance of having someone hate you. He talked about how it's OK to fail sometimes as that means you are pushing the boundaries. But his main thrust wasn't particularly about coding at all, it was more about the importance of writing, which he said is probably the single most important skill for developers. He backed this up with quotes from people like Douglas Crockford and Jon Skeet. As part of this, he revealed the etymology of the Strunk and White badge on the SO sites - it comes from this book, which certainly in the UK I don't think is known at all (I think this may be the closest equivalent). (Jeff said on the way to the pub that he accidentally localised the site to the USA with this badge!)
As a result of seeing Jeff's thoughts on this, I resolve to try and write better SO answers!

On to the infrastructure:
Even though I've worked in Cambridge for years, the colleges aren't somewhere I'm really familiar with. So although my satnav got me to the right road, I was then looking for the college. And I nearly drove right past it whilst looking for a sign for a car park. Which then led to my discovery that there was no car park - I ended up parking down a side street where I think I got just about the last space.
Check-in was good - I'd expected there might have been a problem as I originally registered for the London day, then switched to Cambridge. Amiando would only let me print out a London ticket, but in the event there was no issue at all with this. And it was nice to run into my old friend Graham Parker helping out.
The food was fine - having seen some of the talk on Twitter from London about what had happened there, I was a little concerned about this. I didn't try the biscuits or the fruit cake, but the main finger buffet lunch was fine, particularly the sausage rolls! I have to say, though, that having seen the tables laid out in the refectory, I'd expected we were actually having a sit-down lunch. The coffee was OK, not great by any means but it contained caffeine which, let's face it, is the important thing.
In the hall itself I found the chairs pretty comfortable, but I'd have preferred chairs with a fold-out desk that you could have put a pad on to make notes.
The big annoyance for me was the wi-fi - I was accessing it on my phone, which meant that I kept having to put the key in and then accept the terms & conditions. I would have thought an open connection would have been easier for everyone.

All in all, a solid day's learning - I'll most likely be back next year!

Tuesday, 13 October 2009

Enabling Hardware Virtualisation On A Toshiba Tecra

I've been doing a bit of playing recently with Virtual PC (and struggling, but that's a subject for a longer post). One of the options in Virtual PC is to selectively enable hardware-assisted virtualisation, however the option was greyed out on my Toshiba Tecra. Until yesterday when a chance comment by a colleague (who's also looking at VirtualPC to enable some work with SQL Server 2000 Analysis Services) let me know how to enable it...

As your laptop boots, hit [Esc] to get into the BIOS setup. You should then get a prompt at the top of the screen that reads 'Check system and press F1' - hit F1 to get into the BIOS. On the first page of the BIOS on the right-hand side is a pane for virtualisation, with a setting for enabling it - it was disabled on mine, I suspect/assume that's how they leave the factory. Highlight the setting, hit [Space] to change it, then hit [End] to save your changes and restart the machine. Let it boot into Windows, fire up Virtual PC, and you should now find that hardware-assisted virtualisation is enabled.

Edit: In my excitement to post this, there was something I forgot to add. I'd saved my running virtual machines, however when I fired them up again after enabling hardware virtualisation they would not run correctly. I needed to clear the saved state and fire them up again from scratch. Not an issue particularly, just something to be aware of.

Thursday, 24 September 2009

On the Demise of Visual Systems Journal

I was disappointed to receive the latest edition of Visual Systems Journal last week. Not because of anything in the content but because it's the last (print) issue. I've been reading VSJ for over a decade (I think - it's been going 12 years, and I'm reasonably sure I received a copy of the first issue) and it's always been quite rewarding - there's always been at least one article in it that I've got something out of, and usually several. Their book reviews have also always been insightful.
They are moving to being an entirely online publication, which means I probably won't see anything more from them - not only do I get prompted to actually read it when the physical magazine turns up on my desk, but I think things sink in deeper when I read them from a tangible page than a virtual one. And I won't get either of those benefits from looking at their website, assuming I remember to hit it at all. I see their website, ironically, still has the link offering free subscriptions.
They also run the DevWeek (where I had my first real objects epiphany) and Software Architect conferences, although I always felt they never really made the most of these assets - they had high-quality people like John Robbins, Jeff Prosise and Don Box around and never got them to produce any articles.

Tuesday, 11 August 2009

SQL Server 2008 Installation Problem

I'm blogging this in the hope that it might help someone else who's struggling with an install...

I had my laptop rebuilt last Friday, so I've spent the last two days at InstallFest :-) (I would have done most of my installing over the weekend but due to a slight oversight IT forgot to make my account an Administrator so all I could was download installers).

I started installing SQL Server 2008 Developer last night at home, but hit a problem with it. I tried again and got the same error, the exact text of which I'm repeating here in case someone Googles for it:

"Wait on the Database Engine recovery handle failed"

I put it down to a flaky connection to our VPN (a reasonable guess since our VPN has been playing up for me for a few weeks, although I think me and IT solved this between us this afternoon), so I tried again this morning in the office. Same result.

I Googled the error and found KB960781 which has the exact error message, but applies to upgrading SQL to SQL 2008 where the sa account has been renamed. As I was doing a clean install, this wasn't likely to be my culprit.

However, my fourth install attempt succeeded! What changed? I'd been configuring the SQL services to run under the Network Service account, but for this install I changed the account to the local System account. I'm guessing I could now change this back to Network Service, but I'd rather not chance it. What was the underlying issue? Frankly, I've no idea - my working theory is that there are some permissions missing from my Network Service account.

Friday, 7 August 2009

@philpursglove is in Demo Hell

Last Tuesday I took my new session on Velocity to the NxtGen User Group at Oxford, having responded to Barry's plea for a speaker. And I had a bit of a 'mare. In fact, a lot of a 'mare.

I knew I was in trouble when I fired up my laptop and the Velocity Powershell console showed an error immediately. So I tried to fix it by uninstalling and reinstalling only to discover that if you have no network connection Velocity will not install. At all. It makes no difference whether you're using a network share on the local machine to store the cluster config, or trying to store it in a SQL database on the local machine - no network, no cache.

So I'd like to thank everyone for listening and offering suggestions as to how I might have got things working faster. I've put my slides up at , but I'm doing a bit more work on the demos, I'll put them up later this week.

Wednesday, 1 July 2009

Book Review: Code Complete

Back in April, inspired by John Robbins' blogpost about it, I promised I'd read Code Complete and review it here. I finished it last night (I confess I've read one or two other novels in between), but I can't believe it's taken me almost three months. Lest you think I'm some kind of slow reader, I will add at this point that there were also nights when I didn't read at all!
As soon as I finished it I felt like I should pick it up again and start from scratch - it's easy to see why people read it once a year. It's also easy to see why those who have read it suggest that everyone else should read it too - it's chock full (and I mean it's absolutely full at 862 pages plus bibliography and index) of tips, suggestions and methods to enable you to be a better developer.
I loved the checklist at the end of each section that you can apply to your development processes - these are also available (registration required) on the book's website though it's a slight disappointment that they aren't available as a Word or PDF download.

The message of the book is that creating high-quality software doesn't have to cost more and/or take longer than creating low-quality software, and it then lays out tools to help you do that.

It's nice to come across recommendation for things like coding styles and think 'I'm doing that already'. It's also good that the coding examples in the book are done in a variety of languages - I was fully expecting all the samples to be in C and therefore impenetrable to me, however they are done in a mix of C, Java and VB.

What didn't I like? McConnell talks in several places about programming into a language rather than programming in a language, and if I'm honest I'm not qure I entirely got what he means with this. And I found it a bit dry in places, but then I'd expect a book on software engineering written by Matthew Reilly (whose books are faster paced than anything else I've ever read) to be at least a little dry.

And I can already report some success traceable directly to Code Complete; I've tried laying out some code in a class using pseudocode that then forms the comments in the body of the code. And it is definitely a useful technique as I found it did make me think about the structure of the code before writing the code itself. So something to take forward there...

What's next for me? I may read it again in a few months - I suspect it's going to go round all our team first as I have two takers lined up already. In the interim, I have Professional ASP.NET MVC to read. I guess I should also read Writing Secure Code as I haven't read that either!

Wednesday, 24 June 2009

VBUG London

My thanks to VBUG London for allowing me to speak on Tuesday night, and also to Sam and Keith for organising it. I hope everyone found the session useful - I really enjoyed it. And the pizza was good too :-)

I've updated the slides and code samples at - the Velocity demo is now updated to Velocity CTP3. I re-ran the Velocity demo yesterday morning and it worked perfectly. I suspect that it failed on Tuesday as my laptop couldn't contact a domain controller to verify my admin credentials :-(

Tuesday, 26 May 2009

What I Learned Last Week

I went down to London twice last week for user groups; VBUG on Tuesday for 'How To Stop Your Website Being Stung', and DNUG on Thursday for 'WebForms vs MVC'.

How To Stop Your Website Being Stung

I was pleased to see this session from the ever-present Barry Dorrans as I'd wanted to see it at WebDD but went to Andy Westgarth's session instead. Barry took us through the OWASP Top Ten list of web application vulnerabilities, and demonstrated how to mitigate against them in code. This was a really good session for me as it's directly relevant to some security testing I've been involved with recently. Among the highlights were:

  • Use the PrincipalPermission attribute to protect your code.
  • When outputting user-entered content, HTMLEncode it - this protects you against persistent cross-site scripting that makes it past your input checking.
  • Use the AntiXSS library's HTMLEncode method rather than the HttpServerUtility object's version as the AntiXSS library has more tests.
  • Don't trust MIME types for uploaded files - I didn't know you could futz with this, although in retrospect I don't know why I'm surprised either.. And obviously never trust the uploaded file's extension (hangs head in shame).
  • Use salts every time you do any form of encryption.
  • Don't leak information. This could be through viewstate, or a YSOD.
  • Pages have an OnError event, which you can use to call Server.Transfer to switch to your error screen, which doesn't indicate to the client that an error occurred.
And those are just the points I noted down, there was lots more good info. Barry's slides are available here, and the code samples are here.

WebForms vs MVC
I'd been looking forward to this meeting for a couple of weeks, and I wasn't disappointed. Billed as Clash of the Titans, this featured Phil Winstanley speaking for WebForms and Sebastian Lambla on the side of MVC. It was the first time I've seen Seb present, and he's, um, energetic :-) I thought Seb got sidetracked into more of a TDD demonstration halfway through rather than keeping on topic with MVC. It was interesting to see Phil do some ASP.NET testing with WaTiN - it's something I must look at. There's a DDD session waiting to happen for someone to do some comparisons between WaTiN, Selenium and the Lightweight Test Framework - ASP.NET Testing Smackdown anyone? Nice to see SessionPageStatePersister make an appearance too - everyone should use it!

As holder of the WebForms Thumb (you had to be there!) I'd love to report that Phil carried the day, however commentators agreed it was a draw, but it would be interesting (hint hint guys!) to see a 'rematch' once there is some guidance on what types of application suit either school of thought - this is definitely the weak spot with MVC right now.

Tuesday, 28 April 2009

Today's Learning Points - AutoCompleteType & RegisterStartupScript

Just wanted to share a couple of things I discovered in ASP.NET today.

We had some security testing done on our main web app a few months ago, as a result of which we did work around things like password expiry, complexity etc. We got retested last week and we've been asked to review three points, which I've been looking at today.
One of the points was that on our login page, our password textbox is auto-completable. So I edited the page today to add "autocomplete='off'", however as I started typing Intellisense kicked in and revealed to me the AutoCompleteType attribute. I'd never seen this before! There's a whole Enum of options you can use for autocompletion, or if you set AutoCompleteType="None" then input elements that share a common ID will share their values for autocompletion.
To output "autocomplete='off'" the ASP.NET markup is

However when I was checking the output in View Source, the autocomplete attribute wasn't being rendered at all, presumably because, duh, it opens a security hole. So how did our testers pick up on this? We suspect they'd used the 'Do you want to remember this password' feature, which we don't believe we can defend against.

I dropped some project work onto our internal test site last week, where I've done some enhancements and also moved the project up to ASP.NET 3.5 and added a couple of UpdatePanels with some controls from the AjaxControlToolkit. I had an email today from our user who is doing some testing, who said that some of the buttons didn't seem to do anything eny more. I ran the project upon my laptop, checked it and found I was seeing the same behaviour. I dug into the code and reminded myself that the buttons that weren't working, worked by emitting some script using ClientScriptManager.RegisterStartupScript.
Knowing that the major change to the page was to add UpdatePanels, it didn't take much to deduce that a combination of UpdatePanels and partial page rendering had broken the RegisterStartupScript model. But how to solve it? My first thought was to change the ScriptManager's rendering mode to disable partial page rendering on the basis that if you re-render the entire page then a startup script might be correctly emitted, however on trying this I learned you can't change the rendering mode in any event that occurs after Page_Init. But I did spot that there are several other methods on ScriptManager, including one called RegisterStartupScript. I swapped out my calls from ClientScript.RegisterStartupScript to ScriptManager.RegisterStartupScript, ran it up, and success, my buttons were functional once more. And I should go on to learn the other methods of ScriptManager...

Sunday, 19 April 2009

WebDD Roundup

I had a really enjoyable day at WebDD yesterday. Aside from presenting my own session and catching up with people like Andy Westgarth and Barry, I attended four other sessions:

ASP.NET 3.5 - Miss something? - Dan Maharry
This was a really interesting session covering a number of out-of-band releases from Microsoft that may have been a little overshadowed by the ASP.NET MVC release. For me, the high points that I need to go off and investigate further are:
Lightweight Test Framework
This is a framework which was initially used internally by Microsoft's QA teams for ASP.NET but has now been released on Codeplex. It is a single DLL which works cross-browser and supports integration testing for ASP.NET sites. It also supports AJAX callbacks.
AJAX HistoryState and Back-button Support
This is a feature that was added in ASP.NET 3.5 SP1. It provides a method enabling the Back button to be fully supported by AJAX postbacks so that the browser's History list includes entries showing different states. I'm afraid I threw Dan a little bit as I asked about how well supported this is across different browsers - my thoughts were that I could see this would work with IE but I wasn't really expecting it to work in Firefox (or, to be frank, any other browser). However Dan confirmed that it does work in Firefox, though he hadn't tested it in against the other browsers. Definitely one to look into.
Composite Scripts
This is a method by which a number of JScript references can be combined into a single file, meaning your site only has one file to download instead of opening up a number of connections to download seperate files. I was unsure about this from a scalability point of view as it involves referencing scripts inside the ScriptManager control (which normally prevents the browser caching scripts since the URL is different for each postback), however the combined file is also put into the output cache instead of being compiled on the fly.
This was Dan's first time presenting at a DDD but I thought he presented very well and I'd like to see more from him in the future.

What's Good in .NET 4.0 and VS2010 - Alex Mackey
This session covered a number of things from the next release of the CLR and Visual Studio 2010. The things that stood out for me from this session were:
The improved code editing experience, including highlighting of every instance of a method call whenever you enter one of them, and showing the hierarchy of calls down to the method you are currently editing.
Something called variance and contravariance - I'll be honest, I didn't understand this. At all.
Much better control around disabling Viewstate, including better support in the grid controls around working without Viewstate.
Static client IDs for controls.
The ability to compress Viewstate (though attendees to my session will have seen that this is possible in ASP.NET 2.0)
Environment-specific changes for web.config files e.g. web.config.debug, which looks like a mix of XSLT and the .dconfig configuration deltas from the Enterprise Library.
Better server-side control over META tags, for those developers interested in SEO-type activities.

For Workflow:
Performance improvements - up to 10x better performance.
A new workflow type, the Flowchart, which is a hybrid between the existing Sequential and State Machine workflows.
It will be easier to include information in a workflow, hopefully remving the need for the ExternalDataExchange object.
Overall, Alex' recommendation was that if you're currently thinking of developing a workflow application, wait for this version. This was particularly relevant for me, as I'm currently looking at a workflow app for a project at work.

I want it on that one, that one and that one! And it all needs to be synched! - Andy Westgarth
This session from VBUG Chairman Andy Westgarth covered the new Web Deployment bits coming from Microsoft. This tool is built on top of MSBuild and allows you build deployment packages to be deployed to IIS. These packages are not MSIs, the idea of the tool is to produce a package that can be passed to IT types without the need to handhold them as they deploy your application.

ASP.NET 4.0 - Mike Ormond
This session from Mike Ormond of Microsoft was, like Alex, concerned with .NET 4.0, however it was much more focussed on ASP.NET. The highlights I picked out were:
VS2010 is going to be productivity-focussed - there will be a new range of snippets for both HTML and AJAX authoring, although Mike pointed out that a snippet called 'requiredfieldvalidator' doesn't actually save you much typing. A nice feature is that when you add a validator, it will try and attach itself to the nearest control that can be validated - nice, but it seems Microsoft haven't grasped that not many people use the designer, they code the HTML in Source View.
Mike covered some of the new provider-based caching functionality and demonstrated a custom cache provider. Velocity was mentioned, but only as one of the available providers. Mike also mentioned that the existing System.Web.Cache namespace is likely going to be moved to a more general namespace, which explains the decision of the Velocity team to change their namespace - it seems likely to me that SYstem.Web.Cache will become System.Data.Caching. This is a small change but will clear up a lot of confusion over whether you should use System.Web.Cache in a WinForms application.
In WebForms, the need for the CSSFriendly adapters will go away - controls will be much easier to style in CSS out of the box. Mike also covered the Routing engine (which was split off from the MVC effort) which gives you much better control over URLs you generate inside your application, and the NamingPanel, a new control which is part of increased control you will have over client IDs.

I'd have liked to have seen Andy Gibson's session on jQuery but it was on at the same time as me :-( however all the sessions have been videoed so I will be able to see it on the web!
I had a great day, it was just a shame I couldn't stick around for beers afterwards. Next time!

Saturday, 18 April 2009

ASP.NET Scalability at WebDD

Thanks to everyone who attended my session on ASP.NET scalability at WebDD today - I hope you all found it useful. I got to the end of the section on caching, which is more or less the first half, and realised I had ten minutes left for the entire second half, so apologies for having to race through the rest of the slides. If anyone has any questions please feel free to post them in the comments here and I'll answer them.

I had a few questions afterwards over coffee, which were:
Q) Output Caching. Can you VaryBy things other than elements in the QueryString?
A) Yes, there are a range of VaryBy options: VaryByContentEncoding, VaryByControl, VaryByHeader, and VaryByCustom. In each case ultimately it boils down to a string. There's a discussion of all these options on MSDN, but basically VaryByContentEncoding's probably not going to help you too much since this looks at what encodings your browser can accept e.g. compressed content (and remember that I mentioned all the current browsers (and previous generation browsers) can accept compressed content). VaryByHeader looks at a semi-colon seperated list of HTTP headers. VaryByControl looks at the controls declared inside a UserControl. VaryByCustom is perhaps the most interesting as it allows you to roll your own scheme by implementing GetVaryByCustomString in your Global.asax file, or if you set it to 'browser' it caches page instances based on the browser name and major version.

Q) Is there a reason not to use VaryByParam=*?
A) VaryByParam=* will cache pages on all combinations of elements in the QueryString - I can only tell you what it does, it's up to you to decide whether this facility is going to fit into your application or not.

Q) Can you cache objects for longer than 20 minutes?
A) Yes. If you use sliding expiration, it takes a System.TimeSpan object. TimeSpan has three constructors - I used the hours/minutes/seconds constructor, but there's nothing to stop you using the second constructor which adds a days parameter onto the constructor. Bear in mind, however, that doing that means you're sacrificing that much memory on your server for that length of time. As with so many things in scalability, it's a trade-off...

Q) Do you need command-line access to your server to enable a SQL database for SQLCacheDependencies?
A) No. There's two options here: one is to keep in mind that the ASPNET_REGSQL command-line tool takes a server name from the -S parameter - this can be any SQL server that is on your network, you don't have to run the tool locally to the server you're enabling.
The second option is to use the SqlCacheDependencyAdmin static class, which gives you the ability to programmatically enable and disable databases and tables for cache dependencies.

Thursday, 16 April 2009

Manually Uninstalling Velocity CTP2

Now that Velocity CTP3 is out I was looking forward to installing it however going through Add/Remove Programs it prompted me to locate the original installation MSI. Which I haven't got any more :-(

However I contacted the Velocity team and they sent me instructions for manually removing CTP2.

"Note: To un-install Velocity CTP bits use 'Add-Remove Program', however for scenarios where a user is unable to un-install e.g.
'Add-Remove Program' entry is missing, following workaround of using manual steps for un-installation can be used, but they need to be done at users discretion.

Below steps assume removal of Velocity Service and product from a single machine, to un-install multi node Velocity cluster below steps need to be performed on each machine (node)

1. Under 'Administration Tools' -> 'Services' ensure that Velocity service DistributedCacheService with Display Name "Microsoft project code named "Velocity" is stopped

2. Go to Command Prompt and use SC.EXE command to delete velocity service i.e.

SC.EXE delete DistributedCacheService

3. To ensure removal of entries from 'Add-Remove Program' for existing 'Velocity Installer', Download and install 'Windows Installer Cleanup Tool' as per following KB , Or directly from

Launch the above installed Tool and from the list choose 'Microsoft project code name "Velocity" CTP2' and select Remove

4. Next delete files under installed folder, typically under \Program Files\Microsoft Distributed Cache\V1.0

5. Remove 'Firewall Exception' for DistributedCacheService

6. If Cluster Config Store chosen during installation was 'XML'
or 'SQL Server Compact' then remove the files from the Network Share Folder (which was provided during installation)

Else if 'SQLClient Provider' was used as the Cluster Config Store then -

Drop the database (provided as 'Initial Catalog' ) which was mentioned in the connection string during installation.

or, To avoid Dropping the database in case you want to keep it, you can also just drop the table 'dbo.config' present in the above mentioned database."

I haven't tried these instructions out yet as I don't want to fry my laptop ahead of WebDD this weekend but I will try them next week and report back.

UPDATE: I ran through these instructions last week, for me they worked perfectly. The only thing I struggled with was the fact that IT have locked down the UI for firewall exceptions so I couldn't remove the ones I had set up. However I was able to remove them by hacking the Registry.

I now have Velocity CTP3 installed - details coming soon!

Friday, 3 April 2009

Answering the call

One of the feeds in my Tech tab (which is distinct from my Microsoft tab :-) ) is Wintellog, which is an aggregated feed of all the bloggers at Wintellect. I've seen several of these guys speak over the years, mostly at DevWeek - they are all top-notch and I thoroughly recommend seeing them if you get chance.

Yesterday John Robbins wrote something of a call to action: read Code Complete and write a 'book report' on it as a comment in his blog.

Guilty confession time: I've never read it, despite it being on my desk for a number of years. It's not something I'm proud of, but I'm confessing. And I'm undertaking to answer the call: I took it home last night, and I'm going to read it (as soon as I finish the excellent Six Sacred Stones). I'll post my review here as well as on John's blog, and I encourage everyone to do the same.

Thursday, 26 March 2009

Speaking at WebDD

I had an email from Phil Winstanley overnight to say that my talk on writing scalable ASP.NET has been accepted for WebDD at Reading on 18th April.

I'm looking forward to running it again, this'll be the third outing. Maybe Barry'll get to it this time...

Update: Delegate registration is now open. Book early to avoid disappointment.

Wednesday, 4 March 2009

Thanks to NxtGen Oxford

Thanks to everyone at NxtGen Oxford who came to see my ASP.NET scalability presentation last night. The code and slides are available for you to download at I haven't had chance yet to work out why the SqlCacheDependency demo didn't behave, I'll look at this later on today and update this blog entry when I've worked it out! Feel free to email me at or comment here if there are things that need more explanation or you just want to discuss something.

Update: I just figured out why the aspnet_regsql command-line was failing when I tried to enable my Northwind database for caching. I hibernated my laptop when I left the office on Tuesday afternoon, on Tuesday evening when I switched it back on it couldn't contact our domain. So when I tried to run aspnet_regsql with the '-E' switch for integrated authentication, I couldn't be authenticated against our domain and consequently SQL Server's security (correctly) wouldn't let me do anything. If I'd instead used the '-U' and '-P' switches with an administrator username and password it would have worked.

Thursday, 19 February 2009


I was pleased to see a tweet from Phil Winstanley yesterday announcing that there will be another WebDD this year. I went to the one in 2007 and had a fab time.

Once I've come up with some words about myself I'll be submitting my scalability in ASP.NET session. I'm also trying to write a session on scalability with Velocity - maybe this'll be the kick I need...

Friday, 23 January 2009

web.config Administration

This sucks :-(

I was deploying a new ASP.NET 3.5 application to our web servers this afternoon, which uses the AjaxControlToolkit. As part of this the web.config included a 'remove name="ScriptModule"' in the httpModules section. However there was no httpModule called ScriptModule in the parent web.config. When I fired up the application it threw a YSOD immediately. It seems that if you try to remove an entry that doesn't exist, the compiler throws an exception. This seems a little bonkers to me - if you're trying to remove an entry, why should it matter that it doesn't exist? It's easy to fix, obviously, just a bit annoying and I don't see what purpose it serves...