Neil Bostrom: Microsoft TechEd (Friday)

Attacking and Defending ASP.NET Applications
This session provided a valuable insight into some of the small mistakes you can make in your applications that can be exploited. SQL injection, Cross site scripting and malformed url being some of the common ones. The key point that was raised was to not trust user input whatever form this may be, Querystring, Form Input, URL or Cookies. Validate any input and always assume it's malicious until proven safe.

Membership and Profiles in ASP.NET 2.0
The new membership object model that was introduce in ASP.NET 2.0 is extremely flexible and provides a lot of functionality out of the box. All the controls can have their HTML customized as well as just setting the CSS classes. The provider model that plugs into the back end also always almost complete customization.

A Distributed Solution with .NET 3.0
This was a practical session using all the new technology, WCF, WPF and WF. The Speaker had created a media library application with multiple front ends using WCF to communicate with a single server application. The application also demonstrated streaming video using WCF, but required some custom handlers as the out of the box functionality is not provided for streaming.

OlyMars
Take one crazy French guy that works at Microsoft and an awesome idea on how to take generation to the next level and you have OlyMars. It's a template-based generation system that comes with a bunch of inbuilt templates supporting ADO.NET, Presentation Controls and even Documentation. The framework that has been put in place is extremely well made and gives you incredible control on what you generate and where.

Neil Bostrom: Microsoft TechEd (Wednesday)

LINQ More Questions
We had another session on LINQ this morning covering much of what we have seen before. There was a lengthy Q&A slot at the end of session giving us a good chance to raise our questions on LINQ. Our main question was on how you control population of related objects to optimise the number of SQL calls made. This was always the biggest drawback we faced with using Gentle.NET. This seems to have some nice solutions in LINQ with declarity control over what is pulled back in your SQL calls.

Windows Presentation Foundation (WPF) In Web Applications
I was interested in joining this session to find out what kind of support WPF has for the web. Turns out is very limited; being only supported on IE7 and you have to have the framework 3.0 installed. It has almost no intergration with your existing web applications.

However, planned at the end of the development is a product code-named WPF/E (for everywhere). This is a cut down version of WPF that is planned to be shipped on most current platforms and browsers as a Flash-like plug-in. This could make for a very powerful addition to web development.

Hardcore .NET Production Debugging
This was a fantastic session covering some of the most advanced tricks to debugging memory leaks, crashes, application hangs and threading issues. It highlighted some of the great tools available to debug your applications on production servers. The most interesting point was on what you could do with crash dump files. These files had always interested me and I wanted to know more about making the most of them.

Dot NET Rocks!
This session was a live recording for the popular Dot Net Rocks show. Turns out the topic for this show was one very close to my own heart: Agile development. The Dot Net Rocks team had managed to dig up three very good experts on the topic and it made for a heated show covering really good tips on getting Agile development working for you in your company. We have already starting using most of the important Agile features (Unit testing and Continuous builds). This puts us in a very strong position to maybe try to pick up some of the other Agile features (XP Programming, The Planning Game, Sprints or Scrum Meetings).

Patterns for Service-Oriented Architecture (SOA)
This session was a do's and don'ts on web services for creating an SOA. Ron Jacobs was clearly a very experienced speaker in this field and brought across the issues very well. Here is a highlight of his points:

Do's:

• Make very strongly typed web services for business processes
• Try to version your service objects if you have to change them with existing clients
• A good design plan is to base your interface on the mental image of moving documents around an office, make it feel right
• Try not to think of web service calls as methods but more business processes

Don'ts:

• Make very general interfaces into your services. e.g DoEverythingMethod
• Use internal objects as part of your interfaces
• Create a chain of web service calls, as these would add a dependency of the client calling the methods correctly