".NET Designers"

I'm working on a series of small pieces for an area of MSDN online called ".NET Designers". The first one is about looking at the Microsoft sample applications through the lens of the Patterns and Practices security model. We have a few ideas about where to go from there, but I'm particularly interested in what design issues .NET developers are currently struggling with.

So...I'd like to hear what topics you'd like to see covered. Ideally, you'll add a comment to this post but it's OK to send me something in mail (keithp@guideddesign). If I end up using your idea, I'll send you a copy of either Microsoft's book "Building Secure Miscrosoft ASP.NET Applications" or its soon-to-be-released companion volume.

9 Comments

  • Middle-Tier or Data-Tier best practices. More specifically, ideas on how to design your objects that reside in these layers.

  • oh goodie me first!!





    This didn't take any thinking on my part.





    There needs to be a better example of going from a windows form app, through a business layer to a webservice with security. The TaskVision was a great starting place for me. But I revised a lot of it to include soap headers for the authentication, plus I re-architected some of the code so that it wasn't so voluminous. So TaskVision uses authentication tickets and passes around encypted strings. But I want to see it in a way that the Web Services team would think of as best practices.





    There is also the approach of using WSE and the digital signatures with GetName. This is very complicated - ask Erik Porter - smart as he is, he gave up on it (last time I read). So (this is #2) how to use the digital signatures without the paid tokens (Kerberos X.509, etc) but doing it on your own. (I have never done Digital Sig but read about them a bunch. Hopefully I got that right)





    Oh, I'll be back... :-)

  • I'm back - there is a discussion going on in the ASPAdvice (aspalliance) listserv about using hash to send passwords and not encrypted text. Is this a better practice? If so, I want to see that in your sample. I don't want to mess around doing things poorly. I want to do it the best way. Who is the definitive source going to be? I would assume anything on Patterns & Practices from MS oughtta be.

  • Just 'the usual':


    * object persistence - SQL v. SPs v. code generation v. strongly typed datasets


    * logging and exception handling


    * separating layers in a way that makes sense; not just tier-mania!


    * 'embedding' security. I watched the MSDN TV piece on SD3+C which covered areas in broad detail, but I want more!


    * simplicity: Why do topics like design, patterns and architecture engender so much fluff? I'd like to see greater focus on design as done by the majority of developers ('Architecture for Dummies'?)


    * assemblies and namespaces - how should the code base be organised? Should we generate multiple assemblies or just one?


    * SCM - design, code, documentation, CVS. Practical patterns and best practice

  • 1) "Why you should implement security even when you think there's no reason to implement security"





    2)"So, you think you'r app is secure?"


    3)"The How and Why of Web Service Security Framework"





    4)"Using encryption formatters in webservices and remoting""


  • I would like:





    - A sneak peak at the new UIP stuff. Win Form app and convert it to a Web App.


    - An end to end example of secure web service *without* MS security infrastructure (no Integrated or Passport security)





    adam...

  • Best practices for creating templated page designs in ASP.NET. I've seen many different methods, but no consensus on them.

  • I've been thinking about the same things, it would be nice to hear about:





    1. When/How to use design patterns in ASP.NET applications.





    2. How to create multithreaded scalable P2P communication frameworks.





    3. Object <-> XML <-> Relational mapping

  • As I've been using the .NET Framework SDK without the "direction" provided by VS.NET and other stuff Microsoft provides when you buy it, I see a few "getting started" issues:





    Designs that fit with the .NET Framework (and those that don't).





    Which .NET Framework class hierachies to study and duplicate (and which to study to see what to avoid...).





    And, of course, designing and coding in VB.NET for users of VB6 who have never designed with-out coding...

Comments have been disabled for this content.