The Boise .NET Developers User Group in cooperation with INETA is thrilled to announce that Rocky Lhotka will be visiting Boise, Idaho.  On July 21st he will be the featured speaker at our regular user group meeting.  Then on July 22nd we will have a full day with Rocky as we dive deep in the CSLA.NET framework.  I personally am on about page 250 of the Expert C# Business Objects book and I can't wait to put it to good use.  If you can please plan on joining us for both days of this this special event.

Get a free second shot at any Microsoft Certification exam:

Register for this offer by May 31, 2005, before taking any Microsoft Certification exam.

If you don’t pass on your first try, you can take it again for free. 

Click HERE to visit the website.

Offer expires May 31, 2005. See registration site for full details.

When I was a kid we had bracelets and such with colored beads to help us learn and share the truth about Jesus.  Today's “Chrisitian“ kids unfortionately are bombared with an explosion of trash.  Shame on their parents for suppoting this industry.  I refer to this stuff as Jesus Junk!  You may know some well intentioned folks who litter their lives with this stuff.  Come on people, be serious.  No wonder so many think that Chirstians are idiots.  We prove them right when we put the message of the cross on Jelly Bean bags!  Personally I prefer to buy my Bible's other Christian materials from retailers who do not carry this stuff.

If you are interested in the truth without the trite sugar rush you can find my favorite presentation at www.DesiringGod.org.

On March 2nd the very excellent group of Rainbow Portal developers released Rainbow 2005.  This is the fastest and most functional build ever.  I was very impressed with the speed when I loaded it up for the first time today.  Everything clicked into view instantly.

Excellent job my friends!

Jim Blizzard is moving to Florida.  He will go on record as the best Microsoft employee to regularly visit Boise.  His support of the Boise .NET developers user group was outstanding.  More importantly he has become a friend and I will miss him.  As I read Rory's post this morning I was reminded again how great he is.  Microsoft, if you are listening, the role of Developer Evangelist is a fantastic thing and Jim Blizzard has done you very well.  Take care of him and let him help you improve the program accross the planet.

Rory mentioned sailing in Florida.  How about a nerd cruise?  I have never been to Florida, but now I look forward to paying a visit one day.

Wishing you the best Jim!

I have been writing about some things related to Programming Inside Out while here at VS Live!  Last night I had a couple of good conversations with some vendors in this product space. 

First I talked a bit with DevExpress about their XPO product.  Currently it is the only OR Mapping product I know of that follows the Inside/Out rule.  Instead of starting with the DB and helping you map it to your objects (it does that too) it will create and update a database for you based on your objects and their relationships.  I plan to give it a closer look soon. 

The second vendor I talked with was Versant.  They not only have an OODB, but also an OR Mapping tool for .NET.  They have been in the business for several years, so I am confident we will be hearing a lot more from them.

I am glad we are seeing more companies playing in this space.  Issues of object versioning and various integration challenges will continue to be worked on to improve OODB options.  Will we see then end of the relational database anytime soon, probably not.  And, that is perfectly fine.  The most exiting thing for me is the increasing support I am seeing for Domain Driven Design concepts and tools.

I have had some readers tell me that my link to Microsoft's back-ported membership API is not working.  I am aware of that.  Apparently it has been pulled so that it can be brought into sync with Beta 2.  There have been a few database changes for the SQL providers and some minor API changes.  I hope we see it back online soon, but I have no idea when it will show up again.  In the meantime you can still get it the hard way.

Permission Manager has been updated for Beta 2 of VS 2005.  The more exciting part is the addition of Authorization Manager.  This is similar to the AzMan from Microsoft in purpose.  The best part about Fredrik's version however is that it is true .NET and does not require any install (think standard .NET XCopy) or COM+ registration like AzMan.  For more info head on over to the run down on Fredrik's blog.

You will not want to miss the February 17th NETDUG meeting if you are anywhere near Boise.  We have the privilege of having ineta speaker and MSDN Regional Director of the year Scott Hanselman.  He will be speaking on the Zen of Web Services.

I had the privilege of meeting Jimmy Nilsson today in the speaker lounge.  He did a talk on Domain Driven Design today at VS Live.  It was good introduction to the concept.  I had hoped it would go deeper, but in 1 hour it is hard to cover much.  After my exploration into Business Objects earlier this week with Rocky I was curious about Jimmy's recommendations for persistence with the private fields problem I mentioned before.  In short the answer was that nHibernate uses reflection to address the problem.  He acknowledged the performance costs.  

I guess it just brings out the reality that as solution architects we have to balance performance and maintainability and choose wisely.  I know that most of the things I work on can afford the impact of reflection and it will not be problem.  Today I am back with thinking that the best approach for Domain Design will include a service layer that handles the interaction with the persistence layer.  So, when I use the CSLA framework I will move the Data Portal code to separate classes and find a way to integrate my favorite best practices for persistence and object creation.

I has the pleasure of presenting today.  I promised everyone in the session that I would post the sample code and slides so have at them: VSLive.zip (3.22 MB)

I feel honored to be part of this lineup.

I made an exciting discovery today in the vendor hall at VS Live.  SoftWIRE is here and I stopped by to talk to them about their tool.  I ran across it a couple years back when I was looking for tools to help teach my kids programming concepts.  They have a library of controls for programming Lego Mindstorm robots among many other things.  Now that the toolkit is free you can all afford to pick up a Mindstorms kit right!  I asked about some books to help me get started teaching the kids and what do you know they now have some teacher and student guides included with the SoftWIRE software.  I am looking forward to giving this one another look and getting my kids and others interested in programming.  I think I will stop back by their booth and pick up a few extra CD's for the user group.

Thanks SoftWIRE!

After lunch yesterday I continued the session on OO with Rocky.  I really appreciated the practical aspects of his presentation.  It is obvious he has been striving for OO purity and landing in the real world.  That is a difficult thing to do, but so often necessary.

Fro example he said that Tiers are bad.  He was speaking of physical ties in the architecture.  The obvious problem with Tiers include the deployment issues and performance issues.  The trade offs include scalability, fault tolerance and security.  At Idaho Commerce and Labor those of us doing more Object centric development have realized how painful it is that we are running on a web farm.  If the user sessions were sticky or we we running on a single front end box then we could use caching and working with object graphs would be smother.  So, I definitely understand and agree with Rocky that Tiers are bad.  I have also come to believe that many solutions would be best run on a simplified physical architecture.  So often more energy and money is put into redundancy than it would cost to have a hot spare standing by with instructions for staff on how to switch it over.  Of course there is no perfect one size fits all solution.

Another thing that struck me was Rocky's belief that using serialization is bad practice for persistence.  To clarify he was not talking about an in memory working set, but for long term storage.  Serialization is necessary for passing objects around, but has significant challenges when it is used as a more permanent storage mechanism.  The biggest problem is versioning.  Say you store an object and then have a need to modify the class by adding or removing properties.  Then you try to deserialize your stored object for version 1 of the class using the schema of version 2 of that same class.  OOps!  There are ways to deal with the versioning issues, but Rocky's opinion is that its not worth it.

I was impressed with the CSLA Data Portal concepts as they are similar to many of the ideas I have been considering in the past.  Primarily I like the concept of a single port of entry for storing and retrieving objects. 

My conclusion is that I want to use the CSLA framework.  It has been well tested in the real world.  Well improved since the book was printed.  Actively used in the community.  Strives for purity, and lands in reality. 

Only 1 major complaint I have and I need more experience to decide where to land.  Love to have feedback from others on this.  In the CSLA framework the Data Access methods are contained within the Business Object Classes themselves.  The pattern I prefer places the Data Access in its own classes.  I like to have a Manager class or service class has responsibility for persistence.  I asked Rocky about it and he is happy with his solution of course.   The reason is private members.  The only way to persist and retrieve private members is if you have access to them which means you are either inside the class or you are using reflection.  Reflection is expensive and much more difficult.  As I think about the purpose of private fields I realize that they certainly can and do exist without a public property accessor.  Also, the encapsulation of of property into a private field allows for some behavior in the Get/Set blocks.  Often you would not want that behavior to happen if you are merely recreating an object from a data store.  If the Object itself represented data and not behavior then it be much less of an issue.  Of course understanding Rocky's presentation that objects should model behavior and not data helps me to clearly understand his framework decisions.

Take a look at the ASP.NET 2.0 Membership system.  It uses the static Membership class for persistence and creation of MembershipUser.  This doesn't fit Rocky's model because the business object of Membership user is not responsible for its own persistence.  I like it much better though because the behavior of persistence is modeled separately than the behaviors around the authentication object. 

Anyone care to share their thoughts on this?  Is it a case or purity meets reality?  Perhaps some Objects best fit the CSLA model and others a different model?

Recently I gave a presentation to my co-workers at Idaho Commerce and Labor on programming inside out.  The core concept was on designing objects around use case.  I stressed the need to forget the database, not because data is un-important, but that is must not drive design.   Similarly the UI must not drive the application design.  Rocky is fully backing up that concept in his pre-conference talk.

I am not 1.5 hours into Rocky's presentation on Building Distributed Object-Oriented Apps.  Here are the bullet points I have noted so far:

• Objects are defined or modeled by behavior, not data
• Objects consolidate behavior, not data
• Don't do relational data modeling of objects
• Code re-use is a myth (at the business level, not at the framework level)
• Help out the UI developers with support for things like undo, data binding and broken rule tracking
• Data should only be owned by a single application (SOA concept)

There was also a discussion on the difference between approach a framework with base classes versus interfaces.  I will leave that research for you to do on your own.  There are important considerations for each.  Understand the options and chose appropriately.

To be continued....

This morning I got all checked in.  Hotel was nice and close.  First time at VS Live.  First impression is that this show is much smaller than shows like Tech Ed and PDC (my favorite).  It looks to be similar in size to a Connections conference, but probably a bit larger.  I will have a better feel later.

Found out Bliz will not make it.  Bummer.  He is moving to Florida and will be sorely missed!

This time around I am not only an attendee, but also a speaker.  I am excited about the opportunity to be presenting at the show.  In the future I hope to do that more, but probably on some very specific topics I have not seen others cover.  I will not give anything away yet.  So if you want to catch my talk on security, its on Tuesday at 2 PM in the ASP.NET track.

Off to get filled on building distributed apps with Rocky Lhotka.  He just said datasets/datatables have a home.  Backyard in the doghouse.  Go get 'em Rocky!

So, here I am in San Francisco preparing to attend and speak at VS Live this week.  So in order to make sure everyone is well fed and networked I will list the evening activites here as I run accross them.

---

Dear INETA board members, speakers, user group leaders and liaisons, volunteers, and distinguished conference guests

Please join us for the INETA Rendezvous at VSLive! San Francisco

An informal get-together during the conference

Monday, 7 February 2005
8:00 pm until whenever

Room Pacific H, 4^th floor
San Francisco Marriott
Fourth Street at Mission Street 

Great company — Open bar — Hors d’oeuvres

Hosted by the Microsoft Western Region Developer Evangelism Team

Get Flashed at VSLive! San Francisco!
Expose yourself to the latest in .NET training at the... AppDev Expose Yourself Party Tues., Feb. 8th, 6:30-8:30 p.m. Exhibit Hall, Moscone West Free food, beverages, fun and prizes...don't miss it!
VSLive Attendees...Get flashed at the AppDev Booth (#701) Check your conference bag for details!

A coworker and I were talking about wireless internet providers  in our area yesterday.  The number of providers continues to grow so I thought I would make a list for anyone interested.

Fixed antenna ISP's
Heritage Wireless Internet (roaming available?)
Big Sky Telecom

Hot Spot providers
Imperial Wireless (Jackson's stores, many more)
MetroCloud Networks (mostly downtown)

NomadISP (some RV parks)
Airpath (Various)
Wayport (McDonalds)
T-Mobile (Borders, Kinko's)
SBC FreedomLink (B&N, UPS Stores, Wayport sites)

Let me know which ones I might be missing.

From Microsoft:

Today we have made available the Microsoft ASP.NET v1.1 Member Management Component Prototype on the ASP.NET site.
You can download it at http://www.asp.net/Default.aspx?tabindex=6&tabid=41
Comments, questions, bugs should get posted on the forum at http://www.asp.net/Forums/ShowForum.aspx?tabindex=1&ForumID=186

The Microsoft ASP.NET v1.1 Membership Management Component Prototype contains classes that allow a developer to more easily authenticate users, authorize users, and store per-user property data in a user profile. The authentication feature validates and stores user credentials which a developer can use to manage user authentication on a web site. The authorization feature lets you treat groups of users as a unit by assigning users to roles such as manager, sales, member, and so on. Combined with ASP.NET's built-in authorization functionality, Windows Shared Hosting developers have end-to-end support for maintaining user-to-role mappings and authorizing users based on this information. The profile feature enables you to provide users of your Web site with a custom experience. By defining and using profile properties, you can track any custom information your application requires, including user information and user preferences.

There already two applications in beta using this component; DotNetNuke by Perpetual Motion and Community Server by Telligent Systems.

Important: The functionality provided by this component is a preliminary version of the Membership, Roles, and Profile functionality coming in ASP.NET 2.0 and will change in the final release of ASP.NET 2.0. This means that any ASP.NET v1.1 applications you develop using this component will need to be updated when you migrate to the final release of ASP.NET 2.0. This is also a non Microsoft supported component.

In my previous Microsoft.ScalableHosting post I described with some excitement the .NET 1.x Membership API found hidden inside of DotNetNuke 3.0.  My excitement is mostly about using the API outside of DNN.  There is also excitement about the possibility of DNN supporting alternate authentication stores through the provider model and the improved API.  Windows authentication is something missing from previous DNN that may work well now.  I have not yet tried it.

 

2 days ago a document describing Membership usage inside of DNN was posted.  The reading of that document prompted several thoughts which I will share here.

 

Why use Microsoft’s Membership API? 

One of the important things the API does for us is standardize how authentication is handled in ASP.NET.  With everyone cooking up their own solutions we constantly are learning a different authentication methodology and system with every application.  With standardization of the API we can now use front end tools like the Login controls in ASP.NET 2.0.  As long as developers stick with the base API’s, controls can be written against them and have high levels of assurance that they will work consistently.

 

Second, an equally important feature of Membership is the underlying provider model for implementation.  With a provider back-end developers are able to completely customize their data storage and data access as it related to Membership.  This design pattern also allows every application that uses the Membership API to share user accounts and roles when so desired.  How many times have we heard the complaints that ASP.NET Forums doesn’t use the same authentication system as DNN, Rainbow and IBS.  As these systems are updated to support the Membership API the only thing required to share authentication will be a configuration line in the web.config to point them all at the same provider.

 

DNN 3.0 Membership description falls short!

The reason for this whole post is to share my belief that DNN 3.0 falls short in its implementation of Membership or at least the description of such.  Throughout the DotNetNuke Membership document I was disturbed by the logic I discovered.  In the section DotNetNuke & Whidbey (Page 1) Shaun Walker says that DNN must avoid creating its own provider to simplify future migration.  This is absolutely backward and representative of other architecture decisions that continue to pain DNN.  DNN already has a robust solution for membership data.  Apparently there are business rule dependencies at the data level in some places (Page 7, UserRoles).  DNN is classic textbook example of an application that should create its own membership providers for use with the API.  By doing so other applications could share DNN’s user base easily and DNN would not be forced to make as many core changes.

 

On one hand I am glad to see that Satellite tables have been created in DNN to separate Membership data for DNN specific user/roles data.  On the other hand, the integration issues should have nothing to do with the underlying data storage and instead be addressed in the DNN API’s.  With a custom DNN Membership system both the Microsoft Membership API and the DNN specifics could easily be combined.  This would allow DNN to use any Membership provider while still supporting all of the DNN specifics and managing synchronization issues.  Page 9 CBO (Custom Business Objects) is exactly the right approach.  I believe the issues are being addressed, but the failure to see things from a Domain (objects, services) perspective really bothers me.  DNN thinking still tightly couples Data structures and the API’s and the 2 should be considered separately. 

 

Sharing users between portals is now a simple matter of sharing the ApplicationName that the Membership provider uses.  To make users unique all that is needed is to use unique ApplicationName’s.  The scenarios presented in Deployment Scenarios on Pages 1-2, Data on Page 3 and Multiple Portals on Page 10 do not make much sense.  By standardizing on the API, any deployment should be supported as long as a provider is used that supports the desired scenario.  The provider is the implementation and it is the key to supporting different scenarios.  Thankfully MembershipProvider.ApplicationName can be changed on each request enabling support for multiple portals with or without shared authentication systems.  By using multiple providers it is even possible to use different authentication stores for each portal in a DNN multiple portal scenario.

 

In Development Tasks (Page 2) it is apparent to me that there is a significant misunderstanding of Membership that must be clarified.  It is true that the UI controls built on top of Membership have not been back ported.  But there is a clear separation of the API and the SQL DB & Provider.  The API and the Provider should not be confused.  They must be considered as independent components.  Sure they work together, but the API does not in any way dictate underlying provider or storage that is used.  See the sidebar on the Membership API architecture at the end of this post.

 

When I hit the Data section at the end of page 2 and beginning of page 3 hope was returned to me.  Separation of responsibility is acknowledged between DNN data and the Membership data.  This is absolutely critical in order to use providers that only give DNN access to the data through the API and not in the database.  This separation creates a new paradigm for some developers.  It requires business rules to be placed in code and not in stored procedures.  The code has full access to the data through the API, but the database has no access to it or knowledge of it unless developers violate the intended usage.  If you are used to putting rules in your database it’s time to quit it!  You are asking for trouble with Membership data if you do this.  Thankfully DNN has fully acknowledged this in the Membership area.  Now we all need to be building software with the principles of separation of responsibility from the foundation.

 

Custom Attributes on Page 4 shows more confusion about the API and Provider.  It leads me again to believe futher that a DNN provider and custom DNN system would be best.  The custom attributes of course would still have to be treated as DNN specific data, but that is acceptable and exists no matter how Membership is implemented.  (DNN developers, I am not suggesting you replace Micrsoft's Membership, merely that you wrap it to support your additonal features.)

 

As a final note I want to publicly state that even though I have been critical of DNN here I am mostly seeing a reflection of my own failures in software development.  Now I desire to improve my own practices and help others see the benefits of good architecture and patterns as well.  With DNN’s prolific exposure it deserves a careful critique so that its best practices are adopted and its worst avoided.  This critique in no way reflects my opinions of Shaun Walker or any DNN developers.  Shaun and I have met personally and I enjoyed my meeting with him.  I also have great respect for him and his work in the ASP.NET community through the DNN portal.  Some readers may also know that I work with Rainbow Portal.  I choose not to be a fanatic about software and this post is neither for nor against DNN.  Each person must choose the solution that is best for them.

 

Sidebar: UserName and RoleName are not updatable through the Membership API as indicated in the DNN document.  The SQL database that goes with the default SQLMembershipProvider does not prevent you from updating UserName or RoleName through your own tools.  All relationships within the database are done by unique id’s so changing names will not break anything.  If you desire to change these names you must simply take care to update your own systems that may reference them and also to ensure that you keep them unique per application.  (Application referring to the definition of application inside of the SQL Membership database.)  Perhaps Microsoft should expose UserId and RoleId through the API so that we can store those in our applications instead of storing username and rolename as the unique ID’s provided through the API currently. 

 

Let me suggest a Membership best practice here.  Windows authentication uniquely identifies users as DOMAIN\USERNAME.  When using the Membership API with forms authentication I suggest always using APPLICATIONNAME\USERNAME.  By doing that you will be able to uniquely reference Membership users throughout your systems and not have to worry as much about username conflicts that could occur otherwise.

 

Sidebar: A look at the Membership API architecture reveals a nice model that may fit many other areas well.  MembershipUser is a simple entity to work with.  Its functionality is limited a single are of responsibility.  It knows nothing about the data store it is persisted in or even if it is persisted.  It also knows nothing about the collections it may be contained in (Roles).  To interact with an underlying storage system the Membership API acts as a service layer between the MembershipUser entity and a persistence Provider.  The Provider layer allows for complete control of the Membership implementation as it interacts with a persistence store.  The store may be a database, flat files, memory stream, or anything a developer chooses to be the implementation of the fields and methods required by the Membership system.  Developers are given a standard API to program against without concern for the underlying database.  The database designers do not have to be concerned with the API or the Domain entities that may represent the data.

 

using Microsoft.ScalableHosting;  // What is this namespace all about?  Read on!

With the release of DotNetNuke 3.04 in public beta comes a very interesting and powerful assembly.  A close look in the MemberRole.dll reveals that it is a fully functional port of the ASP.NET 2.0 Membership API.  So far it also looks to be a complete port.  The API includes features not even found in ASP.NET 2.0 Beta 1 such as account lockout.  This assembly contains several classes in the Microsoft.ScalableHosting namespace.  Classes inside this assembly include:

ProviderBase
Profile, Membership and Roles specific configuration classes
Profile + SqlProfileProvider
AnonymousIdentificationModule (httpModule)
Membership + SqlMembershipProvider
MembershipUser
Roles + SqlRoleProvider
RoleManagerModule (httpModule)

There are many additional classes as well.  I extracted the necessary configuration in web.config and put together a simple application to test the API.  I had no problem creating users and adding them to roles.  The API and SQL Providers worked perfectly with both Forms and Windows authentication.

Note: when using Windows authentication and adding a user to a Role a MembershipUser record is added to the database.  I am now wondering how the aspnet_Users and aspnet_UsersInRoles tables will get cleaned up when a Windows account is deleted.  This is currently necessary to create the GUID for the Windows account that is added to the aspnet_UsersInRoles table.  ASP.NET team comment please!

The license information for this assembly can be found at: DNN3\controls\MemberRole\Member Roles (Conf) (1101204) FINAL.doc.  Looks like this is some kind of Beta release of the API.

The SQL database installation script is found at: DNN3\Providers\DataProviders\SqlDataProvider\InstallRolesProfileMembership.sql  You will need to do a global replace of {databaseOwner} in the file with dbo. or other appropriate ownership for your scenario.

To use the API's in your own application you will need to do a few simple things.

1. Reference MemberRole.dll
2. Create the SQL database (or write your own custom providers)
3. Put the appropriate settings in web.config.  (sample web.config)

To create your own providers start a new class project, reference memberrole.dll, inherit the appropriate provider base class and override the abstract methods and properties (Microsoft.SecureHosting.ProfileProvider, Microsoft.SecureHosting.MembershipProvider, or Microsoft.SecureHosting.RoleProvider).  Then reference your new provider in the configuration.

You can of course leave out any configuration and providers details that you are not interested in using.  The RoleManagerModule must be added to the httpModules collection if you want to have the roles for a user added to the authentication cookie as is common practice in 1.x applications.

If you are interested in more details about the Provider Design Pattern I plan to post addtional information and providers at www.aspnetproviders.com.

Now that I have the MembershipUser and Roles I am planning to port PermissionManager to .NET 1.x as well.  Together with Membership the PermissionManager completes authentication and authorization package allowing us to abstract all aspects of security management out of applications.

How will you make use of Membership, Roles, and Profile for your current applications?