SQLCLR is now considered a robust solution to the few niche requirements that can't be met by the built-in features of SQL Server. Amongst the legitimate reasons for avoiding SQLCLR, there is the fear of getting bogged down in code with special requirements that is difficult to debug. Darko takes a real example, extending the features of sp_send_dbmail, to demonstrate that there need be few terrors in SQLCLR.
… Read more
Hackers use the cross-site request forgery technique to grab the identity and privileges of legitimate authenticated users of a site to then perform any action that the victims have rights for. Without a way to detect this, the site will have no way to distinguish between a forged and legitimate request, ASP.NET has a robust defense if you remember to implement it, and Core introduces some other ways to ensure that this forgery can't succeed. … Read more
The danger of Cross-Site Scripting (XSS) has to be dealt with in any web application. You do this by validating the input from all possible channels. by constraining it in terms of its range, type and length, and by encoding the output from views. ASP.NET has some built-in validation of requests that can be extended to make it more effective, but this approach has changed with ASP.NET Core to place the onus on the application developers to provide the middleware to perform effective validation that is fine-tuned to the application. Dino Esposito explains.… Read more
The OpenAPI ‘Swagger’ Specification defines a protocol that allows applications to discover, and generate documentation of methods, parameters and models of REST APIs, This provides a way for any software to identify the features of a REST API. It does for REST APIs what WSDL (Web Service Description Language) did for web services. Visual Studio now provides it to support proxy creation for REST APIs, as Dennes Torres explains.… Read more
Because of its obvious importance in coordinating the MVC application, we tend to be wary of being too adventurous with it, but there are some interesting features that can sometimes be exploited to provide for less common requirements. The controller in ASP.NET MVC core, for example, can be a plain-old C# class (POCO), making it easier to create file-based content on the fly. The DefaultControllerFactory class can be changed, and you can override the GetControllerType method with a custom factory to give you localized routes and URLs. Dino explores some of the interesting internals of ASP.NET MVC controllers… Read more
PowerShell is a scripting language, and like all scripting languages it struggles to perform well with rapid iterative processes such as aggregation. It isn't well-known that PowerShell can use LINQ for many of those tasks which would otherwise use iteration, though somewhat awkwardly. However, some of the speed improvements you can get are startling. To get you well started, Michael explains every LINQ function , gives you example code in C#, The PowerShell way of getting the result, and finally Powershell's use of LINQ. This article could change the way you use PowerShell.… Read more
LINQ is best learned from examples, but few LINQ resources supply, along with the code, pictures that illustrate what each associated LINQ operator in the code is doing. This article is a visual index of all LINQ operators, that explain clearly with code and illustrations what even the most arcane LINQ operators actually do. To increase your enlightenment, it is accompanied with a reference chart to provide even more detail. Michael Sorens is, with these two articles, determined to persuade you of the power of LINQ.… Read more
Here is a handy wallchart that condenses the information contained in our article 'The Visual LINQ Lexicon' even further, but which adds some more technical specs that allow you, for example, to see at a glance which operators use deferred execution and which use immediate execution. You can use it to see what operators use lambda syntax and which ones are available in query syntax. You can see all the other key properties of all the LINQ operators, even including even how much of a sequence a given operator actually consumes. Click here to download the PDF version of the reference chart: … Read more
Model Binding has been a popular feature of ASP.NET MVC, but has, before now, had some minor restrictions. ASP.NET Core now has enhanced model binding: If a value passed via routes, posted data, or query strings couldn't be bound appropriately, it forced a global exception. Now, there are a number of ways of providing a more graceful reaction to incorrect data. You can now force the binding to a given source or create new sources for binding to. Dino Esposito explains.… Read more
Scala and Apache Spark might seem an unlikely medium for implementing an ETL process, but there are reasons for considering it as an alternative. After all, many Big Data solutions are ideally suited to the preparation of data for input into a relational database, and Scala is a well thought-out and expressive language. Krzysztof Stanaszek describes some of the advantages and disadvantages of a scala-based approach to implementing and testing an ETL solution. … Read more
Entity Framework (EF) is Microsoft’s Object/Relational (ORM) database access library, with a new generation, EF Core, released in 2016. In this article Jon P Smith looks at six different software principles and patterns that help to keep the EF code nicely separated from the rest of the application. The six approaches make the EF database access code is easier to write, test, refactor and, most importantly, performance-tune.… Read more
Model binders work under the covers in ASP.Net MVC to provide the data for the action methods on a controller class. This data is held by the incoming HTTP request embedded into POST-ed form values, and maybe even the URL itself. Much magic is performed to get this right and, with some care, you can ensure that you can bind to object data, arrays and collections, as well as providing default values.… Read more
When Google announced the 'Go' language in 2009 we were all underexcited. After all, a compiled, statically typed language in the tradition of Algol and C isn't that radical, especially one that eschewed generic programming, implicit type conversions, assertions, inheritance and pointer arithmetic. However, it has proved to be robust, highly-portable, simple to use, and productive to work with. Ed Elliott reckons that it is definitely worth checking it out. … Read more
User Acceptance Testing (UAT) is an important part of the development process. If carried out as early as possible and as regularly as possible, it not only alerts the development team to aspects that don't yet meet the requirements of the users, but also gives governance a better idea of progress. If UAT is delayed, defects become expensive and troublesome to fix. Sophia Segal gives an experienced summary view of UAT… Read more
There are many ways that static code analysis can help to speed software delivery. It can pick up, as a preliminary to check-in, errors and weaknesses in code that can happen incidentally to even the most experienced developer. It can give the team a measure of technical debt, and remove the obvious 'noise' from code before it is reviewed. Vishwas introduces a popular Code-quality inspection tool, SonarQube, and takes you through the basics of using it with C# and Java. … Read more
Amazon's Simple Workflow Service (SWF) in AWS provides a model of workflow that is simple to understand but is it simple to get a robust and durable workflow in place? Tom Fischer guides you through the bewildering early stages of your first SWF application, and concludes that workflows inherently take time and effort to get right, but SWF provides a formidable cloud-based solution … Read more
The design of ASP.NET includes the valuable session variables that enable the application to keep track of individual sessions. Unfortunately the ASP.NET pipeline will not process requests belonging to the same session concurrently but queues them, and executes them serially. MVC locks session variables to ensure thread safety and concurrency control, but takes a conservative approach to polling for these locks. Do you always need this level of thread safety? If not, what can you do to improve performance when you need to use writeable session variables?… Read more
Subscribe for more articles
Fortnightly newsletters help sharpen your skills and keep you ahead, with articles, ebooks and opinion to keep you informed.
Subscribe to our fortnightly newsletter
How you log in to Simple Talk has changed
We now use Redgate ID (RGID). If you already have an RGID, we’ll try to match it to your account. If not, we’ll create one for you and connect it.