At a recent TechTalk I talked about code access security and how to perform declarative and imperative security demands & requests. There’s no doubt declarative security checking is nicer than imperative checking, but not everything can be done declaratively.

Inspired by a recent question on StackOverflow, I felt like sharing my thoughts on static methods in general.

Once you start receiving visitors from all over the world, a new kind of scaling issue arise. It’s not a matter of adding more servers to the cluster or optimizing code (we’ll assume these factors are perfect), it’s a simple matter of geography and mathematics. Serving code from one end of the world to the other will take time, no matter how quick your servers are handling the request. The speed of light suddenly seems quite slow.

Some time ago Peter Loft Jensen wrote about how to easily give a user account the neccessary permissions to access the IIS metabase & required directories, and thus be used for running the IIS process.

I continued my TechTalk on security in the .NET framework today, taking off from where we left last time. As promised, here are the demos and slides (in Danish).

Since I originally posted my XmlOutput class I’ve received lots of great feedback. I’m happy that many of you have found it useful.

Having recently read The Pragmatic Programmer and Working Effectively with Legacy Code (both books are amazing - and neither need further review or description as they are globally appreciated as classics), I was feeling ready to read something non-development related, just to get back on my feet again.

I held my TechTalk on CAS security in the .NET framework today. As promised, here are the demos and slides (in Danish). If you’re asked for a key password, it’s “123456”.

I will be hosting two TechTalks on security in .NET, at Microsoft Denmark in August. The TechTalks will be held in DANISH.

I recently mentioned the possibility of having an assembly provide custom evidence alongside the CLR provided evidence. Let’s see how to do it.

Skilled developers are hard to come by these days, that includes Flash/AS3/Flex developers. As the product I’m working on is very much dependent on a Flash based frontend, I’ve been forced to learn & work with AS3 & Flex recently.

When the CLR loads an assembly and needs to determine the appropriate permission set to apply, it’s based on various evidence. Assembly evidence tells the CLR about the origins of the assembly, the zone it’s loaded from and the file hash of the actual assembly file - these are just some of the more common evidence types the CLR uses, there are a lot more that are rarely used. Any object can be a piece of evidence, the CLR will only react on well known evidence types though.

I often need to output indented text in one way of the other, it could be HTML, XML, source code etc (please look beyond the actual problem domain - I’d enver write XML this way, it’s just an example). Usually that involved me writing tab characters manually (or by calling a function that returned the current indentation string), cluttering the actual output. An example might look like this:

Through various projects, I’ve had to do some shortest-path finding in a connected graph. An efficient and straight-forward way to do this is using Dijkstra’s Algorithm. Notice that it’ll only work for graphs with non negative path weights, like 2D maps for instance. While I’ve used the algorithm on several occasions, it’s only now that I’ve rewritten it in generic form

I just finished reading the book Programmers at Work by Susan Lammers.

I’ve previously written of how to automatically map a DataTable into a strongly typed collection of objects. There’s a problem though, it’s not fast… I wanted to improve on it, and this is what I ended up with.

I’m a big fan of strongly typed database querying as well as returning strong typed results. Due to the nature of static languages, you’ll get compile time checking of all our tables and columns. You can easily rename columns as you can be sure all your (internal) references are accounted for.

I often do code profiling, usually involving a stopwatch and some boilerplate code. I decided to make a quick’n’simple class that’ll help me get rid of some of that code and concentrate on the actual code being profiled.

Time flies fast. Back in 2006, during my time as an MSP, I made a series of presentations on securing intellectual property in .NET code, resulting in my Securing .NET Code article. Although it’s about two years old, most points are still valid today, unfortunately.

In my earlier blog post about the dangers of using Response.TransmitFile, I gave an example of a workaround involving spawning a new thread in the ASP.NET page. While this does solve the issue at hand, it presents us with a new way to kill our application even quicker than last.

Before attempting to optimize code or fix any kind of load issue, you should first gather data and become aware of what bottlenecks you’re experiencing. A great way to do this is through the Performance Monitor application. Recently I tried monitoring my ASP.NET applications, but all my counters had a value of 0. As I thought initially, it’s a simple problem, but the solution was not easily found.

I got quite a lot of comments for my XmlDocument fluent interface, and I’m very glad I did. I’m always open towards new ways to solve problems, and I got a couple of suggestions to my post that I afterwards experimented with. One of those is using the XmlSerializer to serialize strongly typed classes (or structs - performance is the same) into XML. Jon von Gillern originally suggested it, but Kris Vandermotten made me want to test it out.

Just before last weekend I noticed that a website I’m responsible for started spitting out “Server is busy” messages, not something you want to see on a website with millions of visitors per day. The quickfix was to recycle the application pool, and thus I solved the symptoms by setting a 15 mins recycle cycle on all the application pools. Not exactly optimal, but sometimes pissing your pants is the way to go.

In this post I’ll take a practical approach at talking about what SQL Server Mirroring is, the advantages and considerations that follows.

Switches are rarely nice in an architectural aspect, but they are often required none the less. One of the ways we can reduce the risk of errors as well as increase readability is to use enumeration values instead of constants. Unfortunately this only works for numeric types, we cannot create a string enumeration. Here’s a workaround. This is a typical console application, taking in an input value (stored in the input variable) and switching on the content:

When performing queries against a SQL Server database, there are a couple of methods readily available. However, an option is missing.

There are two primary reasons for venturing into the realms of clustering/load balancing - availability & scalability. In this post I’ll give a quick demo of how to setup Windows Network Load Balancing (NLB) on Server 2003 and how it affects the availability of a web application.

Some of you may know that I used to play a lot of poker. Unfortunately that’s not the case any more. I really enjoy live poker when I’m in Vegas, I enjoy the major tournaments and I’ve definitely not participated in my last WSOP. But as for online poker and the daily grind, I’ve quit it. I just don’t find it exciting any more. While the mathematical aspect acquired my interest early on, I never enjoyed grinding as such, it was purely for monetary reasons.

I spend a lot of time architecting for scalability, availability and security during my daily work. Currently I’ve got a distributed system consisting of several windows services communicating across machines using WCF and authenticating through Active Directory.