On Katrien’s MSDN Blog:

 

During TechDays Belgium 2012 two weeks ago, Scott Guthrie announced the Beta release of ASP.NE MVC 4 slated for that same week. Since February 16th you can now download ASP.NET MVC4 Beta.
Interesting to note is the availability of a Go-Live license with this release. In other words, if you feel like using these bits on production you now can!

 

A few important updates and features are part of the Beta:

 

• - Bundling and Minification, brought to ASP.NET 4.5 and now also integrated into ASP.NET MVC 4. This allows you to build faster applications by minimizing the number of requests to the server (bundling requests).
  
• - Web API integration into ASP.NET: new support for creating HTTP REST services, has built-in support for content negotiation with support for JSON, XML and Form URL-encoded formats
  
• - ASP.NET Mobile support through custom view engines for mobile sit.es and jQuery Mobile integration.
  
• - Async and WebSockets: when using ASP.NET MVC 4 with .NET 4.5 and VS 11 you’ll also be able to take advantage of the new async and WebSocket support built-into .NET 4.5.
  
• - Single Page Applications: new in the beta is support for building better end-to-end experience for building applications with client-side interactions using JavaScript (Upshot, History.js) and the MVVM pattern (knockout.js). On the server side the ASP.NET NET Web API is used, mainly an abstract class DataController. Note this is a new project template type in experimental phase.
  
• For more information on creating Single Page Applications with ASP.NET MVC 4 I recommend you watch the fantastic session Steve Sanderson did during TechDays: Building rich Single Page Applications (SPAs) for desktop, mobile, and tablet with ASP.NET MVC 4. Worth watching until the end where Steve even shows an offline capable implementation using HTML5 application cache and offline storage. These latter ones however are not yet part of the beta.

 

Resources

 

• Download ASP.NET MVC 4
• Watch Scott Guthrie’s session going through ASP.NET MVC 4
• Watch Steven Sanderson’s session on Single Page Applications
• Read Scott Guthrie’s series on ASP.NET Web API
• Learning: new Intro to ASP.NET MV4 tutorial
• Learning: ASP.NET Web API Samples

There are a bunch of new SDL resources available on the Microsoft Security Development Lifecycle page. For every step in the software development process (Requirements, Design, Implementation, Verification, Release) there are tools and/or training videos available. For a video giving an overview of the SDL tools, click here.

 

Source

 

Requirements

Templates:

- SDL Process Template for Visual Studio Team System 2008

- MSF-Agile + SDL Process Template for Visual Studio Team System 2010

- MSF-Agile + SDL Process Template for Visual Studio Team System 2008

 

Videos:

 

• Introduction to the SDL Process Template for VSTS
• How to set up the SDL Process Template
• How to improve your check-in process
• How to change default work items
• How to use the SDL Process Template documentation and reporting

 

Design

 

SDL Threat Modeling Tool

 

For more information on the treat modeling tool, click here.

 

Implementation

 

FxCop 

 

FxCop analyzes managed code assemblies (code that targets the .NET Framework common language runtime) and reports information about the assemblies, such as possible design, localization, performance, and security improvements. For more information, click here. Watch the video here.

 

Anti-Cross Site Scripting Library

 

This is specifically designed to help mitigate the potential of Cross-Site Scripting (XSS) attacks in web-based applications. Watch the video here.

 

Microsoft Code Analysis Tool .NET

 

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection, and XPath Injection. Watch the video here.

 

 

Verification

BinScope Binary Analyzer

 

BinScope Binary Analyzer is a verification tool that analyzes binaries to ensure that they have been built in compliance with the SDL requirements and recommendations. Watch the video here.

 

SDL MiniFuzz File Fuzzer

 

MiniFuzz is a basic testing tool designed to help detect code flaws that may expose security vulnerabilities in file-handling code. Watch the video here.

 

AppVerifier

 

Application Verifier is a runtime verification tool for native code that assists in finding subtle programming errors that can be difficult to identify with normal application testing. For more information, click here.

 

SDL Regex Fuzzer

 

SDL Regex Fuzzer is a verification tool to help test regular expressions for potential denial of service vulnerabilities. Watch the video here.

 

Attack Surface Analyzer Beta

 

Attack Surface Analyzer is a tool that highlights the changes in system state, runtime parameters and securable objects on the Windows operating system.

 

 

Release

The release resources are the same templates and videos as the ones in the Requirements section.

If you want your WCF service to use certificate-based (X.509) certification to authenticate the users accessing your service, you’ll need to provide the right configuration on both the client and the server side. The keyword here is configuration. When I first started searching for a solution I knew it had to be done in the configuration file, but, as usual, I kind of underestimated the amount of configuring that had to be done.

 

Especially when you’re looking at the generated configuration file provided by Visual Studio, it’s easy to get lost in all the possible security settings. I once attended a course given by Juval Löwy (IDesign) on WCF where he applauded the fact that the WCF-team had made everything configurable and at the same time warned us for the complexity that came with it.

 

The solution: There is a easy-to-follow example where you can learn how certificate-based authentication for WCF can be done at Mitch Denny’s blog - Using Certificate-based Authentication and Protection with Windows Communication Foundation (WCF)

 

He starts out by creating a simple WCF service (with 1 HelloWorld-method) and afterwards adding the authentication configuration.

 

A very interesting read, written by Haralambos Marmanis, Dmitry Babenko, on how the web provides us with a rich user experience with the help of algorithms. Topics such as ranking and recommendation systems are explained very well and are illustrated with examples. Also, API's from well known sites such as Google, eBay and Facebook are discussed.

 

The book on amazon.

A new list of free e-books on Microsoft technologies has been released on the Microsoft Press blog. Below is the list of available books (including sample code if available).

Programming Windows Phone 7 (Charles Petzold) PDF - Sample Code C# - Sample Code VB.NET
Introducing Microsoft SQL Server 2008 R2 (Ross Mistry and Stacia Misner) XPS - PDF
Understanding Microsoft Virtualization Solutions, From the Desktop to the Datacenter (Mitch Tulloch) XPS - PDF
Introducing Windows Server 2008 R2 (Charlie Russel and Craig Zacker with the Windows Server Team at Microsoft) XPS - PDF
First Look Microsoft Office 2010 (Katherine Murray) XPS - PDF
Deploying Windows 7, Essential Guidance (Mitch Tulloch, Tony Northrup, Jerry Honeycutt, Ed Wilson,...)  PDF
Moving to Microsoft Visual Studio 2010 (Patrice Pelland, Pascal Paré, and Ken Haines) XPS - PDF - Sample Code

 

(original post)

The new MSDN Flash arrived this morning, and it offered 7 free e-books (actually 6 e-books and some reference cards) on .NET and architecture. For the original article that was posted in the newsletter, click here.

 

The books:

 

- Foundations of programming (Karl Seguin)
- Microsoft Application Architecture Guide, 2nd Edition (Microsoft)

- Rob Miles C# Yellow Book 2010 (Rob Miles)

- Threading in C# (Joe Albahari)

- Improving .NET Application Performance and scalability (Microsoft)

- Applying Design Patterns (Anoop Madhusudanan)

 

And some References Cards (RefCardz) from DZone:

 

- Getting Started with WCF 4.0 (Scott Seely)

- Getting Started with Silverlight + Expression Blend (Victor Gaudioso)

- Essential F# (Chance Coble, Ted Neward)

Mike Bevers has done some cool work with log4net. Next to creating his own logging framework using L4N, he also implemented a custom AdoNetAdapter (logging to a database) and a RollingFileAppender with XML.

 

For more information, please check his blog, or the Log4Net posts:

 

- Logging Framework with Log4Net
- Log4Net: custom AdoNetAppender
- Log4Net: RollingFileAppender with XML

Microsoft patterns & practices is excited to announce the release of a new guide: Developing Applications for the Cloud on the Microsoft Windows Azure™ Platform

 

The cloud platform provides you with access to capacity on demand, fault tolerance, distributed computing, data centers located around the globe, and the capability to integrate with other platforms. Someone else is responsible for managing and maintaining the entire infrastructure, and you only pay for the resources that you use in each billing period. You can focus on using your core domain expertise to build and then deploy your application to the data center or data centers closest to the people who use it. You can then monitor your applications, and scale up or scale back as and when the capacity is required. - Source MSDN

Links:

- Code Samples
- Community

From Scott Guthrie’s blog:

 

Last month we released a beta of the Microsoft Web Farm Framework. The Microsoft Web Farm Framework is a free product we are shipping that enables you to easily provision and mange a farm of web servers.  It enables you to automate the installation and configuration of platform components across the server farm, and enables you to automatically synchronize and deploy ASP.NET applications across them.  It also supports integration with load balancers - and enables you to automate updates across your servers so that your site/application is never down or unavailable to customers (it can automatically pull servers one-at-a-time out of the load balancer rotation, update them, and then inject them back into rotation).

 

Downloads: X86 / X64

 

 

Features:

- One step provisioning of servers added to a farm
- Platform Provisioning using Web PI
- Application Provisioning using Web Deploy
- Policy-based Provisioning
- Installation of additional platform components and content
- Reduced down time with load balancing integration using ARR
- Up-to-date status and trace logs of server farm servers
- Extensible model that allows you to write additional providers

 

 

Resources:

- Microsoft Web Farm Framework web site

- Official post on Scott Guthrie’s blog (includes tutorial)

 

Microsoft release version 5.0 of it’s famous Enterprise Library. This is a collection of application blocks designed to assist developers with common enterprise development challenges. Application blocks are a type of guidance, provided as source code that can be used "as is," extended, or modified by developers for use in enterprise development projects.

 

Microsoft Enterprise Library 5.0 – April 2010

Download Microsoft Enterprise Library 5.0

Microsoft Enterprise Library 5.0 Documentation

Microsoft Patterns & Practices

Microsoft Patterns & Practices – Enterprise Library on CodePlex

There is a new release of the Architecture Journal (which is free)! You can download it here (ZIP: 1,98MB) or check it out on the Architecture Journal web site.

 

Contents:

 

- Keeping Architectures Relevant: Using Domain-Driven Design and Emergent Architecture to Manage Complexity and Enable Change

- Evaluating Application Architecture, Quantitatively

- Software Architecture in the Agile Life Cycle

- Driving Efficiency and Innovation by Consistently Managing Complexity and Change

- Multiple-Context Systems: A New Frontier in Architecture

- UML or DSL: Which Bear Is Best?

- Modeling in an Agile Context

- Architecture Modeling and Processes. Companion Videos