Concatenating Column Values in SQL

I was looking for a way to concatenate the values (comma separated) in a column and group it by another column.

I didn’t want to use cursors and I didn’t want to use the .NET CLR to do it. I just wanted to use sql and this is what I found and liked…

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
 
CREATE TABLE StrConcat (col1 nvarchar(10),col2 nvarchar(10))
GO
INSERT INTO StrConcat
SELECT 'db1','host1'
UNION ALL SELECT 'db1','host2'
UNION ALL SELECT 'db1','host3'
UNION ALL SELECT 'db2','host1'
UNION ALL SELECT 'db2','host2'
UNION ALL SELECT 'db3','host2'
UNION ALL SELECT 'db3','host3'
 
SELECT * FROM StrConcat
 
SELECT col1, stuff( ( SELECT ','+ col2
FROM StrConcat t1
WHERE t2.col1 = t1.col1
FOR xml path('')
),1,1,'') test
FROM StrConcat t2
GROUP BY col1
ORDER BY col1

This is what the results look like…

Posted in SQL | Tagged | 2 Comments

Utilizing JSON Endpoints in WCF Domain Services

In the real-world, there is a possibility that you may be interested in leveraging the WCF Domain Services that you’ve created alongside your Silverlight application… for other client types. (Such as Javascript clients.) In order to do this, there are some simple hoops to jump through. However, once you’ve made it through those initial setup hoops… the REAL work begins. You’ll want to successfully execute a query across the JQuery/JSON platforrm against the WCF Domain Services. You may also want to perform update and insert data operations! How is that done?

These videos (4 in total) will explain how it is done. They will be using a relatively simple T4-template that I’ve implemented specifically for the .NET 4.0 version of Entity Framework. The T4-Template is written to support basic CRUD operations against a single collection of table-related classes. (Notice I didn’t mention scenarios where there are INCLUDE statements in the LINQ syntax behind the WCF Domain Services.) The T4-Template doesn’t do much in the way of supporting the necessary operations to track related entities in JSON that come back from the WCF Domain Service query.

At any rate… the following video takes about 6 minutes and describes how to setup a basic ASP.NET MVC3 application to utilize Entity Framework data models, and expose them via a WCF Domain RIA Service through JSON formatting… to a JQuery client-side script. (Note, it is assumed in the video that the user has already installed and configured the ASP.NET MVC3 Razor engine in their VS2010 environment. It is also assumed that the user has installed VS2010 SP1 successfully.)

This 12-minute video is a simple demonstration of how to get your JQuery AJAX request to work with WCF Domain Services (RIA Services) that expose your Entity Framework class elements. It’s a simple matter of understanding the JQuery AJAX API and options… and then understanding what Microsoft wants you to set the AJAX parameters to.

Finally, these 2 (related) videos demonstrate how to leverage a somewhat simple T4 template that I created to auto-generate an entire Javascript file that replicates the entities/classes that are exposed via the Entity Framework model. In other words, this video explains how to easily work with the Entity Framework class-fields and WCF Domain Services tricks that are necessary to implement a working C.R.U.D. application with zero post-backs. (14 and 10 minutes respectively)

… and here is the second part of the final JQuery INSERT logic necessary to get records into your SQL Server database via WCF RIA Services from JQuery.



So now that we have the videos out-of-the-way, I wanted to make certain that the readers understood what the JSON actually looked like in the ‘REQUEST’ body prior to being processed by the WCF RIA Service’s ‘SubmitChanges’ method.

Below, you can see what an ‘INSERT’ operation actually looks like:

1
{"changeSet":[{"Id":0,"Operation":2,"OperationName":null,"OperationData":null,"Entity":{"__type":"Candidate:#MvcApplication2.Models","CandidateId":1,"FirstName":"Chad","LastName":"Stoker","Nickname":"sdf"}}]}

Below, you can see what an ‘UPDATE’ operation actually looks like:

1
{"changeSet":[{"Id":0,"Operation":3,"OperationName":null,"OperationData":null,"Entity":{"__type":"Candidate:#MvcApplication2.Models","BonusOptions":null,"CandidateId":1,"FirstName":"Chad2","IsNeverHire":false,"LastName":"Stoker2","NegotiatedSalary":null,"Nickname":"sdf","RankingId":null},"OriginalEntity":{"__type":"Candidate:#MvcApplication2.Models","BonusOptions":null,"CandidateId":1,"FirstName":"Chad","IsNeverHire":false,"LastName":"Stoker","NegotiatedSalary":null,"Nickname":"sdf","RankingId":null}}]}

Finally, this is what a ‘DELETE’ operation looks like :

1
{"changeSet":[{"Id":0,"Operation":4,"OperationName":null,"OperationData":null,"Entity":{"__type":"Candidate:#MvcApplication2.Models","BonusOptions":null,"CandidateId":1,"FirstName":"Chad2","IsNeverHire":false,"LastName":"Stoker2","NegotiatedSalary":null,"Nickname":"sdf","RankingId":null}}]}

Attached here, you can find the T4-Template that I created to automatically generate a series of Javascript classes based on the Entity-Framework C# code and foreign-key relationships.

T4-Template : EF_to_Javascript_T4

Enjoy! Let me know if you have any questions…

Thanks.

Posted in AJAX, Entity Framework, Training | Tagged , , , , | Comments Off

HTML 5 Presentation for IPMA 2011 Forum

All of the IPMA 2011 HTML-5 content I presented is included in the ZIP file available for download… here.

HTML 5 is new set of features that are being recommended by the W3C and several other “standards” governing bodies. I.T. companies that develop browsers for every-day use are taking notice and working overtime to implement most of these new features. The content attached to this article explains with a set of PowerPoint 2010 slides and demo source-code… how to leverage and plan for the new HTML 5 standard.

The ZIP file includes a matrix on “HTML5 Browser Compatibility”. All you have to do to check it out is click on the “Default.html” file under the “HTML5 Browser Compatibility” directory.

Also included is some source-code for a simple “Life-Balance” wheel that is programmatically created using Javascript and the new CANVAS element. I included some tricks for showing how to make the canvas element available to older versions of Internet Explorer. (IE7 & IE8) It is located under “Canvas Demo\Wheel Demo”.

Please let me know if you have any questions or need help understanding any of the sample files and content.

Posted in Training | Tagged | Comments Off

Problems with WAMP and Windows IIS 7.0+ settings

I wanted to share with the community at-large, a problem I identified with WAMP installations (or possibly any PHP utilities that configure Windows Server settings) on a Windows 2008 Server. I’m guessing this problem could occur in Windows 2003 servers as well.

Basically, when ASP.NET developers are working… they make heavy use of “localhost” as the dns name that should resolve to their local 127.0.0.1 IP Address. IIS automatically leverages the Windows Authentication mechanisms in Windows and, assuming Windows Integrated Security is being used on the website in question, authenticates the developer/user to proceed to access the website resources.

When attempting to install and configure Apache to run on your Windows 2008 server in order to leverage MySQL and PHP based web-frameworks… you may realize that your normal Windows Integrated Security websites are no-longer running and actually prevent you from accessing them. (This occurs only if you’re using the standard port 80 to access your website.) This is because the WAMP install package and other similar packages that configure Apache to run on a Windows Server, typically modify the “hosts” file burried in your Windows directory. The fix was emailed out to my staff in this following communication:

————————————————————–
After working all morning on understanding why my XXXX, XXXXXXXXXX, and demo Silverlight web applications were failing to allow me to access them, I discovered the following :

When using Windows-Authentication on websites, I was being “prompted” for a username/password while accessing my webapps on “localhost” or . This is never supposed to happen because “localhost” is supposed to resolve to your local machine and automatically authenticate you using the normal Windows Integrated security.

It turns out that installing “WAMP”, which was necessary to get the XXXX application up-and-running with MySQL, phpMyAdmin, and the like… messed around with the “hosts” file located at C:\Windows\System32\drivers\etc!

In particular… it modified this :
————————————————————–
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

To this :
————————————————————–
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 localhost127.0.0.1 localhost

To fix the problem… with non PHP specific web-pages… you need to modify the HOSTS file and set it back by doing this :
————————————————————–
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
#127.0.0.1 localhost127.0.0.1 localhost

I have logged in to the www.xxxxxxx.xxx server and corrected this problem. The impact is that anytime we were logged on to the web-server directly (or our local development boxes for that matter) this would have prevented us from viewing websites that had Windows Integrated Security enabled and Anonymous Authentication disabled unless we were using a non-standard web port.

Consider yourselves warned about the dangers of installing PHP sdk’s and runtimes alongside your ASP.NET/Silverlight/MVC3 stuff.

Chad W. Stoker
President & CTO
CodeSmart Inc

Posted in Gotchas | Tagged , , | Comments Off

ASP.NET MVC 3 Security Re-Visited

While presenting at the IPMA, I demonstrated to the 150+ person audience how easy it is to hijack another user’s credentials within an ASP.NET MVC 3 application that hasn’t been vetted for coding-practices. In this article, I will show a video of me re-demonstrating that attack, exactly how to fix it, and post the source-code for everyone to take a look at.

ASP.NET MVC 3 is a new web-development framework that is in its early-stages of development and adoption by the community at large. As such, it warrants some attention to address the new techniques for managing security vulnerabilities. These vulnerabilities aren’t new and they’ve been around in ASP.NET, classic ASP, and pretty much ANY technology you can think of. There is no way that a framework can really protect the software-developer from him/her self.

Case-and-point, as I was working on a project for a client of mine, I realized there was a vulnerability being exposed in the way that I displayed a user’s registration information. Nothing looked inherently amiss at first glance… but when I sat down and thought about it, I realized I had really messed up.

Below is the offending code that I’m referring to.

1
2
3
4
5
6
7
8
public ActionResult Edit(int id)
{
    Models.UserRegistration userReg = _model.UserRegistrations
                                        .Where(i => i.UserRegistrationId == id)
                                        .SingleOrDefault();
 
    return View(userReg);
}

This code is located in the 1 Controller that I have added to the MVC 3 project. What it’s supposed to do is provide the data to the user based on the unique Identifier in the database associated with that user. Now you might be saying to yourself, as I did, “This code looks fine to me. It’s functional, and if you’ve got Windows Integrated security turned on… the user shouldn’t be able to see this page anyway!” In fact, you could even go so far as to say, “Why don’t you just add a line on the method to prevent users that aren’t in the appropriate Role from accessing this code?” There’s a problem with both proposed solutions and summaries… namely… what if I’m already an authenticated user and I’m already a member of an appropriate Role? (This is the case when allowing users to access your Washington State agency web applications through Secure Access Washington or S.A.W.)

The attached video on YouTube describes fully, how this poor coding practice can be exploited by legitimate users of your web application. (** NOTE ** I had to edit out the first 1.1 minutes of the video so that I would not exceed the 15 minute limit imposed by YouTube!)

The video does a pretty good job explaining how to fix the code problem and why you shouldn’t just stop at the ‘Read-Only’ screens that users commonly access and assume that an Http-Post of your data to a web-server is difficult for an amateur to hack. Tools like Fiddler2 make it extremely EASY to exploit poor application coding practices.

Here is the code for the PRE hack-proofed example.

And here is the codde for the POST hack-proofed example. (i.e. Fixed)

Posted in Training | Tagged , , | 3 Comments

SQL Injection Solution using Table-Value-Parameters

Alright, after a long… ok, really long… wait I have finally gotten around to posting the content folks were asking for from the recent IPMA security presentation. The source-code and walk-thrus are below.

First up is the SQL-Server injection problem. There are many ways that a hacker can exploit vulnerabilities, and SQL Server injection is one such area. Typically, the out-of-the-box tools available to you in the Microsoft .NET programming environment make it pretty easy to avoid SQL injection vulnerabilities in your application. However, what do you do when you’re working with complex search logic? When it comes to selecting multiple filters for lookup-data, I like to make use of Table-Value Parameters. They ensure that you will not be passing in strings and forced to perform a general SP_EXECSQL call.

Here’s a screen-shot of a generic ‘Advanced Search’ screen with some lookup-list filters that I was referring to.

App Screen

SqlInjection_AppScreenResults

As you can see, there is a panel on the right-hand side that contains several search filters. The important ones for the sake of this post are the 2 checkbox lists. When I check them, I’m expecting to limit the results to only those that are selected. When none are selected, the results returned should be anything that has an Eye or Hair color.

App Screen Filter results

SqlInjection_AppScreenResultsII

Now, these are the only records with the last name of “Stoker” that also have the ‘Hair Color’ choices that have been selected. Now here… you can see that the additional filter of several ‘Eye Colors’ results in fewer records matching…

App Screen Filter detailed results

SqlInjection_AppScreenResultsIII

What’s going on behind the scenes is that I’m using the SqlDbType ‘Structured’ as a the parameter type and passing a simple System.Data.DataTable along as a parameter-value. The code is available for download here.

Notice what the SQL-Profiler shows is occurring in the background when using Table-Value Parameters to pass collections of list data. The data is strongly-typed! In other words, you don’t have to pass a string when you mean to be passing a list of Integers. You don’t have to mess around with SQL string-parsing logic and user-defined functions.

SQL Profiler results

SqlInjection_ProfileLogII

Ok, so you may be asking… “Chad, how do you pass in a custom Table-Type from .NET?” Here is the important section of the source-code that answers that question. After doing the obligatory setup of the SqlConnection and SqlCommand objects respectively, I begin creating the first 4 filter parameters to be passed into my ‘Search’ stored-procedure. Then, I proceed to create my 2 Data Tables consisting of 1 System.Int32 data column each. I dynamically add a new row for each ‘Color’ that I want to include the search-results. Finally, I set those newly populated data tables to the ‘Value’ property of the SqlParameter object instance, and add the parameter to the SqlCommand. It’s actually pretty simple if you’re already familiar with creating SqlParameter’s manually.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
protected void btnSearch_Click(object sender, EventArgs e)
{
    //********************************************************************************
    //** NOTE **
    // MAKE CERTAIN YOU READ AND FOLLOW THE INSTRUCTIONS IN THE README.TXT FILE...
    // OTHERWISE THIS FUNCTION WILL FAIL SINCE IT IS UNABLE TO FIND THE 'searchPeople'
    // STORED PROCEDURE!
    //********************************************************************************
    DataSet searchResults = new DataSet("SearchResults");
 
    using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings[_connKey].ConnectionString))
    {
        SqlCommand sCmd = new SqlCommand("searchPeople", conn) { CommandType = CommandType.StoredProcedure };
 
        //Now add the SQL Command Parameters to the Collection...
        sCmd.Parameters.Add(new SqlParameter("@FirstName", SqlDbType.VarChar, 255) { Value = string.IsNullOrEmpty(this.txtFirstNameSearch.Text) ? null : string.Concat(this.txtFirstNameSearch.Text.Take(255).ToArray()) });
        sCmd.Parameters.Add(new SqlParameter("@LastName", SqlDbType.VarChar, 255) { Value = string.IsNullOrEmpty(this.txtLastNameSearch.Text) ? null : string.Concat(this.txtLastNameSearch.Text.Take(255).ToArray()) });
        DateTime? dob = null;
        if (!string.IsNullOrEmpty(this.txtDateOfBirthSearch.Text))
        {
            DateTime dobValue = DateTime.MinValue;
            if (DateTime.TryParse(this.txtDateOfBirthSearch.Text, out dobValue))
                dob = dobValue;
        }
        sCmd.Parameters.Add(new SqlParameter("@DateOfBirth", SqlDbType.VarChar, 255) { Value = dob });
        sCmd.Parameters.Add(new SqlParameter("@Last5Ssn", SqlDbType.VarChar, 5) { Value = string.IsNullOrEmpty(this.txtLast5SsnSearch.Text) ? null : string.Concat(this.txtLast5SsnSearch.Text.Take(5).ToArray()) });
 
        //------------------------------------------------------------------------------------------//
        //Now build the Data Tables that contain the checkbox unique identifiers...
        SqlParameter hairColorsParam = new SqlParameter("@HairColors", null);
        hairColorsParam.SqlDbType = SqlDbType.Structured; //IMPORTANT FOR TABULAR PARAMETER TYPES!!
        DataTable hairDt = new DataTable();
        hairDt.Columns.Add(new DataColumn("key", typeof(int)));
        List<int> hairIdsSelected = (List<int>)ViewState["hairColors"];
        if (hairIdsSelected == null || hairIdsSelected.Count == 0) //If no Hair-Color was selected... then select ALL.
            hairIdsSelected = _hairColors.Select(i => i.ColorId).ToList();
        foreach (int colorId in hairIdsSelected)
            hairDt.Rows.Add(colorId);
        hairColorsParam.Value = hairDt;
        sCmd.Parameters.Add(hairColorsParam);
 
        SqlParameter eyeColorsParam = new SqlParameter("@EyeColors", null);
        eyeColorsParam.SqlDbType = SqlDbType.Structured; //IMPORTANT FOR TABULAR PARAMETER TYPES!!
        DataTable eyeDt = new DataTable();
        eyeDt.Columns.Add(new DataColumn("key", typeof(int)));
        List<int> eyeIdsSelected = (List<int>)ViewState["eyeColors"];
        if (eyeIdsSelected == null || eyeIdsSelected.Count == 0) //If no Eye-Color was selected... then select ALL.
            eyeIdsSelected = _eyeColors.Select(i => i.ColorId).ToList();
        foreach (int colorId in eyeIdsSelected)
            eyeDt.Rows.Add(colorId);
        eyeColorsParam.Value = eyeDt;
        sCmd.Parameters.Add(eyeColorsParam);
        //------------------------------------------------------------------------------------------//
 
        SqlDataAdapter sAdapt = new SqlDataAdapter(sCmd);
        sAdapt.Fill(searchResults);
    }
 
    this.GridView2.DataSource = searchResults;
    this.GridView2.DataBind();
}

The final piece of the whole puzzle is to create a Stored-Procedure that can leverage this stuff… right? So here is how I accomplished that and what the SQL looks like :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
CREATE PROCEDURE [dbo].[searchPeople] 
	-- Add the parameters for the stored procedure here
	@FirstName VARCHAR(255) = NULL,
	@LastName VARCHAR(255) = NULL,
	@DateOfBirth DATE = NULL,
	@Last5Ssn VARCHAR(5) = NULL,
	@HairColors dbo.GenericTVP READONLY,
	@EyeColors dbo.GenericTVP READONLY
AS
BEGIN
	-- SET NOCOUNT ON added to prevent extra result sets from
	-- interfering with SELECT statements.
	SET NOCOUNT ON;
 
    -- Insert statements for procedure here
	SELECT DISTINCT pd.*, hc.ColorDescription [HairColorDesc], ec.ColorDescription [EyeColorDesc] 
	FROM PeopleDetail pd
	INNER JOIN @HairColors hcs ON pd.HairColorId = hcs.ID
	INNER JOIN @EyeColors ecs ON pd.EyeColorId = ecs.ID
	LEFT OUTER JOIN Color hc ON hc.ColorId = hcs.Id 
	LEFT OUTER JOIN Color ec ON ec.ColorId = ecs.Id 
	WHERE (@FirstName IS NULL OR FirstName LIKE '%' + @FirstName + '%')
	AND (@LastName IS NULL OR LastName LIKE '%' + @LastName + '%')
	AND (@DateOfBirth IS NULL OR DateOfBirth >= @DateOfBirth)
	AND (@Last5Ssn IS NULL OR Last5Ssn LIKE '%' + @Last5Ssn + '%')
END

The stored-procedure has some funny data-types on the last 2 parameters. Those ‘funny’ data-types are basically custom data-types that I’ve actually created and they are the most important point of this whole post. I obviously wouldn’t want to leave out the final, and most important piece of the puzzle… the ‘User-Defined Table Type’… as seen here:

1
2
3
4
5
/****** Object:  UserDefinedTableType [dbo].[GenericTVP]    Script Date: 05/10/2011 13:38:43 ******/
CREATE TYPE [dbo].[GenericTVP] AS TABLE(
	[ID] [INT] NOT NULL
)
GO

Once I’ve created that custom table Data-Type as shown above, I can then proceed to create my Stored-Procedure that will accept a .NET Data Table as a parameter assuming the columns of the Data-Table are using the same data-types and in the correct ordinal position. This helps to ensure that nothing fishy is getting passed to SQL Server regarding our search-logic and it also ensures that we don’t have to fall back on writing dynamically executed SQL strings to accomplish our complex search functions!

Cool, huh?


Anyway, the source-code I refered to above is here :
SqlInjection_DemoCode

Posted in Technology Philosophy, Training | Tagged , , | Comments Off

IPMA Security Training 2011

Today, I delivered a basic 3-hour session on areas to focus on when hardening security in WA State Agencies. I mainly focused the first half of the presentation on common best-practice methods like clear lines of communication between Project Managers and Network, Security, and Database Administrators as well as practicing good coding practices such as peer-programming, code-reviews, and the like. I finished off the first 2 hours be demonstrating the use of Fiddler2 and how it could be used to probe, and then attack an ASP.NET MVC application.

In the second half of the presentation, I demonstrated how ASP.NET MVC’s default behavior for the “Model Binder” could be leveraged by saavy users of Fiddler2 to overwrite somebody elses “User” information on a basic application. In both scenarios, I demonstrated how to defeat the hack by writing a bit more extra code to validate that the user logged in was actually the same as the user-data being updated or queried.

I’ll be posting the links to the ZIPPED source-code that I was demonstrating shortly… (Monday, May 2nd, 2011)

Drop me a line if you have any questions or wanted to discuss something else!

Posted in Training | Tagged , , , | Comments Off

GeneratedWCFClientCode and RIA Services Toolkit changes Silverlight project behavior!

I thought I’d blog about this… because it was certainly unexpected. The RIA Services Toolkit. I’m currently working with the May 2010 release. I’ve used it to do all kinds of cool JSON work using my pre-existing Silverlight RIA Services domain methods. It’s fun and really gets you into thinking about Silverlight and HTML 5 client web applications.

Unfortunately, it comes with a side-effect which impacts Silverlight projects that have any “Silverlight enabled WCF Service” references. (As my project did.) I use WCF services to quickly pull run-time configuration data from the server. Since Silverlight gets packaged up and compiled as a *.XAP file… it’s not easy to modify any server-specific settings when moving the Silverlight project from DEV, to QA, and then to PROD. So I use simple WCF endpoints to pull down configuration information at runtime where necessary.

The impact is that “RIA Services Toolkit” modifies your Silverlight Project file such that any linked Web projects will be scanned for “Silverlight enabled WCF Services”. Once any WCF services are found, VS2010 will automatically generate a GeneratedWCFClientCode hidden folder and drop the service proxy class in it at compile time! (Similar to how it generates the Generated_Code folder for RIA Services proxy classes.) It also automatically appends or overwrites the appropriate settings in the ServiceReferences.ClientConfig file typically associated with WCF references from Silverlight.

Here is a link to the article that explains more about all this in details.

http://ria.feedables.com/story/5753744/A-Walk-Through-on-%E2%80%9CSilverlight-RIA-Service-Toolkit%E2%80%9D-New-Feature-WCF-Client-Proxy-Auto-GenerationUpdating-for-WCF-Core-Service

Consider yourself warned…

BTW, the article points out how to disable this “feature” that is created in VS2010 after installing the RIA Services Toolkit.

Posted in Gotchas, Silverlight, Uncategorized | Tagged , , | 3 Comments

Silverlight 4 Training – March 10, 2011

The files for the last day! My next post will go into a bit more detailed description of each of these. This was the final day of introductory training for Washington State agency I.T. staff on Silverlight 4. Training today covered offline disconnected Data queries, Unit-Testing asynchronous methods, working with Effiproz, leveraging COM Interop and the “AutomationFactory”, extending the Navigation Framework, and more.

(UPDATE: After a couple of days off, I’ve gotten back to this and posted the Effiproz 1.5 sample Silverlight 4 application!)

SLTraining_Testing

OOBSimpleI

EffiprozOffline

Posted in Silverlight, Training | Tagged , | Comments Off

Silverlight 4 Training, March 08 2011

The first day of Silverlight 4 training took a slight deviation from the original agenda. Based on a “show of hands”, I decided to delve into a 1-hour session on the basics of creating XAML and what Silverlight is meant to do. I also discussed where its getting competition from and how it should fit into the Enterprise Application Developer’s tool box. The second part of the session covered WCF and Entity Framework basics as well as data-binding and WCF RIA Services creation. I talked about cross-domain scripting and mentioned the cross-domain-policy file that is necessary to work around this issue in the enterprise.

Those who stayed 10 minutes after the end saw a successful database update occur using the “SubmitChanges” operation on the RIA Services data context in Silverlight 4.

The files associated with this first day are posted here. Each “Solution” that was created during the training is Zipped and linked for you to download.

Basics Demo Silverlight_Basic

WCF Data Access Demo WCF_Data

Posted in Silverlight, Training | Tagged , | Comments Off

Our Capabilities Include:


Custom Software Development
Enterprise Architecture
Project Management
Systems Analysis
Performance Testing

AND THE LIST GOES ON...

These methods are vital to our work:


Agile Methodology
PMBOK
Test-Driven Development

LEARN WHY...

About CodeSmart, Inc.


CodeSmart has been locally owned and operated in the Olympia, WA area since 2002. We direct, design, develop and deliver full end-to-end information systems using leading edge Microsoft .Net technologies and recommended best practices.

LEARN MORE...