Scott Guthrie just published a comprehensive post detailing Microsoft’s .NET web products roadmap.
To sum up the release schedule:

• .NET Framework Source Code - No date specified in the post but should be any time now.
• ASP.NET 3.5 Extensions – Preview version will be available next week
• Silverlight 2.0 – Public beta on Q1 2008 (With Go-Live licence)
• IIS 7 – Will be part of the Windows 2008 release. The official launch is at February 27th 2008 so it’ll probably RTM before that.

I’m extremely happy to see Silverlight maturing as a web development platform with its 2.0 version that includes:

• WPF UI Framework: The current Silverlight Alpha release only includes basic controls support and a managed API for UI drawing.  The next public Silverlight preview will add support for the higher level features of the WPF UI framework.  These include: the extensible control framework model, layout manager support, two-way data-binding support, and control template and skinning support.  The WPF UI Framework features in Silverlight will be a compatible subset of the WPF UI Framework features in last week’s .NET Framework 3.5 release.

• Rich Controls: Silverlight will deliver a rich set of controls that make building Rich Internet Applications much easier.  The next Silverlight preview release will add support for core form controls (textbox, checkbox, radiobutton, etc), built-in layout management controls (StackPanel, Grid, etc), common functionality controls (TabControl, Slider, ScrollViewer, ProgressBar, etc) and data manipulation controls (DataGrid, etc).

• Rich Networking Support: Silverlight will deliver rich networking support.  The next Silverlight preview release will add support for REST, POX, RSS, and WS* communication.  It will also add support for cross domain network access (so that Silverlight clients can access resources and data from any trusted source on the web).

• Rich Base Class Library Support: Silverlight will include a rich .NET base class library of functionality (collections, IO, generics, threading, globalization, XML, local storage, etc).  The next Silverlight preview release will also add built-in support for LINQ to XML and richer HTML DOM API integration.

When evaluating Silverlight (1.0 and 1.1) a few month ago I came to a conclusion that its not mature enough for us to use it for building business UIs. Having support for only vector graphic shapes meant that any control had to be built manually which means we would have had to manually build a lot of controls ourselves.

With the new support for WPF UI Framework and Rich Controls it now seems more robust for building LOB applications.

Some ideas regarding Silverlight in LOB apps:

1. Embed Silverlight in InfoPath. InfoPath forms only support a limited set of controls and since its driven by IE it could be extended by embedding ActiveX controls. If you want rich graphics, animations, graphs, etc. as part of your form you have to embed some sort of an ActiveX.
   Of course, you can always develop you’re own ActiveX and embed a WinForm or WPF inside InfoPath but why go through all that work when Microsoft already implemented Silverlight ActivX for you?
2. Outlook folder Homepage. Folder homepages in Outlook are htmls. To display rich UI in that view the only (hacky) way (presented by Microsoft as part pf project Elixir on MSDN) is to embed an ActiveX in that html and have it connect with an Outlook addin via .NET remoting. Silverlight can be used to save the work and effort on developing (and deploying) your own ActiveX.

I guess we’ll have to re-evaluate Silverlight when the 2.0 beta comes out…

On other notes, I’m at Redmond right now attending the Silverlight 1.0 Firestarter event which should be interesting…

Tags: ASP.NET, IIS7, Microsoft, Silverlight

Finally found the definite answer to the question raised in the following post.

The following link at MSDN describes all the breaking changes when migrating from .NET 1.1 to 2.0 and sort them by categories.

Tags: ASP.NET

Someone asked me if there’s a publication of a list of incompatibilities between .NET 1.0 and 2.0. I tried searching for this info but all I could find was articles about migrating between ASP.NET versions and and about System.Xml migration.

Anyone can recommend of other helpful migration resources?

Tags: ASP.NET

Here are my answers to the second part of the questions (without using MSDNGoogleetc. except when noted):

Mid-Level .NET Developer

• Describe the difference between Interface-oriented, Object-oriented and Aspect-oriented programming.
  • Interface-oriented programming means defining and working strictly through interfaces.
    Object-oriented programming means defining defining a program using relationships between objects a classes (inheritance, polymorphism etc.)
    I’ve heard the buzz about AOP (aspect-oriented programming) but I have yet to study what exactly does it mean…
• Describe what an Interface is and how it’s different from a Class.
  • An interface defines a contract without implementation. A class implements an interface.
• What is Reflection?
  • Reflection is used to query .NET assemblies and types for information. It can also be used to create type instances, invoke methods and even emit .NET code at runtime (Reflection.Emit).
• What is the difference between XML Web Services using ASMX and .NET Remoting using SOAP?
  • I’ve never used .NET remoting but I assume the difference is that remoting is not as interoperable as web services.
• Are the type system represented by XmlSchema and the CLS isomorphic?
  • No.
• Conceptually, what is the difference between early-binding and late-binding?
  • When using early-binding the call information is known at compile time.
    When using late-binding the call information is only known at runtime.
• Is using Assembly.Load a static reference or dynamic reference?
  • Dynamic reference.
• When would using Assembly.LoadFrom or Assembly.LoadFile be appropriate?
  • For loading assemblies from given file or folder (such as plugins etc).
• What is an Asssembly Qualified Name? Is it a filename? How is it different?
  • The Assembly Qualified Name contains the assembly name, version and public key token and thus allows
    versioning and singing as opposed to a simple filename.
• Is this valid? Assembly.Load(”foo.dll”);
  • No because “foo.dll” is not an assembly qualified name.
• How is a strongly-named assembly different from one that isn’t strongly-named?
  • Strongly-named assemblies are signed using a privatepublic key pair which helps with code verification.
    signed assemblies could be placed in thee GAC.
• Can DateTimes be null?
  • No because it is a structure and not a class.
• What is the JIT? What is NGEN? What are limitations and benefits of each?
  • JIT means Just In Time compilation which means the code is being compiled just before it is supposed to run.
    This means longer startup time (because the code takes some time to compile) but more efficient compilation (since the compiler has more information about the target system etc.).
    NGen is used to pre-JIT code which yields faster startup time but the compiler produces less efficient code because it has less information.
• How does the generational garbage collector in the .NET CLR manage object lifetime? What is non-deterministic finalization?
  • It divides the objects into three generations.
    The first generation is used for short lived objects and is collected often (its cheap to collect it).
    The other two generations are used for longer term object.
    Non-deterministic finalization means that it is not known when the object’s finalizer is called since it is called when the GC decides to collect the object and not when the object falls out of scope etc.
• What is the difference between Finalize() and Dispose()?
  • Finalize() is called by the runtime (the GC) and Dispose() is called by the user.
• How is the using() pattern useful? What is IDisposable? How does it support deterministic finalization?
  • The using statement defines a scope at the end of which a given object will be disposed.
    Using the ‘using statement’ helps not to forget disposing of a disposable object.
    IDisposable is an interface used to define a way to dispose of objects in a deterministic manner.
    When the ‘using statement’ scope ends the Dispose() method is automatically called on the given object.
• What does this useful command line do? tasklist /m “mscor*”
  • It shows all the processes that loaded a DLL with a name matching the given pattern. In this case we will see all the processes using the .NET framework.
• What is the difference between in-proc and out-of-proc?
  • out-of-proc requires marshaling between two processes and thus slower.
• What technology enables out-of-proc communication in .NET?
  • Remoting.
• When you’re running a component within ASP.NET, what process is it running within on Windows XP? Windows 2000? Windows 2003?
  • The ASP.NET worker process.

Tags: .net, ASP.NET, Aspect-oriented programming, interview questions, Object-oriented programming, Scott Hanselman, web services, XML

A serious vulnerability issue that affects ASP.NET was recently discovered.

There’s a bug in ASP.NET’s canonicalization process which can allow an attacker to slip past the UrlAuthorizationModule by using a backslash instead of a forword slash.

For example, an unauthorized attacked might be able to access a secured directory using the following URL (notice the ‘\’ between “something“ and “secure“:

http://www.ekampf.com/something\secure/securedPage.aspx

Apperantly this isn’t reproducable in Windows2003 (the built-in URLScan capability is fixing the URL before it gets to ASP.NET) but earlier platforms are still vulnerable.

Microsoft has posted an article detailing steps that you can take to protect yourself in the meantime, while they work on a patch.

Tags: ASP.NET