Problems with WAMP and Windows IIS 7.0+ settings

When attempting to install and configure Apache to run on your Windows 2008 server in order to leverage MySQL and PHP based web-frameworks… you may realize that your normal Windows Integrated Security websites are no-longer running and actually prevent you from accessing them. (This occurs only if you’re using the standard port 80 to access your website.) This is because the WAMP install package and other similar packages that configure Apache to run on a Windows Server, typically modify the “hosts” file burried in your Windows directory.

Posted in Gotchas | Tagged , , | Comments Off

ASP.NET MVC 3 Security Re-Visited

While presenting at the IPMA, I demonstrated to the 150+ person audience how easy it is to hijack another user’s credentials within an ASP.NET MVC 3 application that hasn’t been vetted for coding-practices. In this article, I will show a video of me re-demonstrating that attack, exactly how to fix it, and post the source-code [...]

Posted in Training | Tagged , , | 3 Comments

SQL Injection Solution using Table-Value-Parameters

Alright, after a long… ok, really long… wait I have finally gotten around to posting the content folks were asking for from the recent IPMA security presentation. The source-code and walk-thrus are below. First up is the SQL-Server injection problem. There are many ways that a hacker can exploit vulnerabilities, and SQL Server injection is [...]

Posted in Technology Philosophy, Training | Tagged , , | Comments Off

IPMA Security Training 2011

Today, I delivered a basic 3-hour session on areas to focus on when hardening security in WA State Agencies. I mainly focused the first half of the presentation on common best-practice methods like clear lines of communication between Project Managers and Network, Security, and Database Administrators as well as practicing good coding practices such as peer-programming, code-reviews, and the like. I finished off the first 2 hours be demonstrating the use of Fiddler2 and how it could be used to probe, and then attack an ASP.NET MVC application.

Posted in Training | Tagged , , , | Comments Off

GeneratedWCFClientCode and RIA Services Toolkit changes Silverlight project behavior!

The impact is that “RIA Services Toolkit” modifies your Silverlight Project file such that any linked Web projects will be scanned for “Silverlight enabled WCF Services”. Once any WCF services are found, VS2010 will automatically generate a GeneratedWCFClientCode hidden folder and drop the service proxy class in it at compile time! (Similar to how it generates the Generated_Code folder for RIA Services proxy classes.) It also automatically appends or overwrites the appropriate settings in the ServiceReferences.ClientConfig file typically associated with WCF references from Silverlight.

Posted in Gotchas, Silverlight, Uncategorized | Tagged , , | 3 Comments

Silverlight 4 Training – March 10, 2011

The files for the last day! My next post will go into a bit more detailed description of each of these. This was the final day of introductory training for Washington State agency I.T. staff on Silverlight 4. Training today covered offline disconnected Data queries, Unit-Testing asynchronous methods, working with Effiproz, leveraging COM Interop and [...]

Posted in Silverlight, Training | Tagged , | Comments Off

Silverlight 4 Training, March 08 2011

The first day of Silverlight 4 training took a slight deviation from the original agenda. Based on a “show of hands”, I decided to delve into a 1-hour session on the basics of creating XAML and what Silverlight is meant to do. I also discussed where its getting competition from and how it should fit into [...]

Posted in Silverlight, Training | Tagged , | Comments Off

Silverlight 4 – 070-506 Exam… Passed!

Today I passed the first-ever Silverlight-specific Microsoft Certification to be released! The exam is # 070-506. It checks on your skills with :

Data-Binding, INotifyPropertyChanged, and ObservableCollection stuff.
VisualStateManager, Control-Style Templates, Resource Dictionaries, and XAML Layout
HtmlPage API, Application Init Params, Custom Load Screens, and Javascript interop
Printing, Text Globalization, Cross-Domain Service access, and WCF experience.

Posted in Silverlight | Tagged , , , , | 2 Comments

Leveraging OData end-points in JSON format with JQuery

I’ve been looking for a good way to leverage the Entity-Framework model that I already have in-place so I don’t have to dream up an entire new way of piping my .NET data over to Javascript. It turns out that using WCF Data Services works awesome! (I haven’t tried using EF RIA Services yet, but I bet it will work awesome too.) Using JQuery and .NET’s OData endpoints is fun!

Posted in AJAX, Entity Framework, JQuery | Tagged , , , , | 6 Comments

Why Silverlight is right for the enterprise…

Silverlight offers huge benefits to shops that already leverage .NET languages to develop web and windows-based applications. It’s strongly-typed, it supports a wide array of dynamic and interactive controls, it enables outstanding visual effects, its data-binding capabilities are second-to-none, and it draws the user in to the web experience.

Posted in Silverlight, Technology Philosophy | Tagged | Comments Off

Our Capabilities Include:

Custom Software Development
Enterprise Architecture
Project Management
Systems Analysis
Performance Testing


These methods are vital to our work:

Agile Methodology
Test-Driven Development


About CodeSmart, Inc.

CodeSmart has been locally owned and operated in the Olympia, WA area since 2002. We direct, design, develop and deliver full end-to-end information systems using leading edge Microsoft .Net technologies and recommended best practices.