Monday, June 22, 2015

Tag Helpers replaced HTML helpers...


Tag Helpers are an alternative to HTML helpers for generating HTML. MVC6 introduces a new feature called Tag Helpers. 

Tag helpers can be used to improve the readability of your Razor views that generate HTML forms. Tag Helpers provide a cleaner syntax that more closely matches the HTML that will be generated.

Enable Tag Helpers

Tag Helpers are located in the Microsoft.AspNet.Mvc.TagHelpers package, So add a reference to that in the project.json file. Then can enable tag helpers by adding this @addTagHelper "*, Microsoft.AspNet.Mvc.TagHelpers" into _GlobalImports.cshtml.

HTML helper vs Tag helper

It might look like Tag Helpers are just a syntax change with no obvious benefits. The difference however, can make your Razor forms much more readable


As you can see, the HTML helper approach becomes very hard to understand while the tag helper approach is very clear and concise.  

Most Common Tag Helpers
  • Tag helper automatically get the value from the Display attribute
  • HTML attributes that added to the textarea element will be merged with the generated attributes.
  • All the functionality provided by the select tag helper provides a clean syntax for generating select elements based on the values in the model
  • Any HTML attributes you add to the form element will be included in the generated HTML
  • validation message tag helper directly after the input tag helper for the same property. This allows for the validation message to be displayed in close proximity to the input that it applies to

Wednesday, June 17, 2015

Why AngularJS awesome...?


AngularJS is a structural framework for dynamic web apps. It lets you use HTML as your template language and lets you extend HTML's syntax to express your application's components clearly and succinctly. Angular's data binding and dependency injection eliminate much of the code.

Angular is client-side MVC framework, it extends HTML with new attributes. it's perfect for Single Page Applications (SPAs).

Basics of AngularJS: 


ng-app : defines AngularJS application

ng-init : initialize AngularJS application variables

ng-model : binds the value of HTML controls to application data
ng-bind : binds application data to the HTML view
ng-controller : defines the controller
ng-repeat : clones HTML elements once for each item in a collection

*** We can use data-ng-, instead of ng-, if you want to make your page HTML valid

ex:

Friday, April 10, 2015

K's in vNext

MVC6 is know as vNext. The goal is to create a lean and composable .NET stack for building modern cloud-based apps.

 vNext name bind up with 3 K components. 

So we will have a quick overview about K-world components 


ASP.NET vNext comes with a new runtime environment called KRE. Besides KRE that runs ASP.NET vNext applications there are also tools for managing KRE versions and NuGet packages that application uses. 

K has three components:

This is a Powershell script used to get the runtime and manage multiple versions of it being on the machine at the same time.

KRE – K Runtime Environment is the code required to bootstrap and run an ASP.NET vNext application. This includes things like the compilation system, SDK tools, and the native CLR hosts.

KVM – K Version Manager is for updating and installing different versions of KRE. KVM is also used to set default KRE version.

KPM – K Package Manager manages packages needed by applications to run. Packages in this context are NuGet package


Install KVM for the first time you have to do the following steps:
  • Open a command prompt with Run as administrator.
  • Run the following command:
    • @powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/aspnet/Home/master/kvminstall.ps1'))
  • The script installs KVM for the current user.
  • Exit the command prompt window and start another as an administrator (you need to start a new command prompt to get the updated path environment).
  • Upgrade KVM with the following command:
    • KVM upgrade

References:


B' happiiiiiii always..............!

Tuesday, February 17, 2015

Are u Aware of Security?

Security Awareness for .Net Developers

I wanted to share with you what I have learn form MS Tech Ed 2015.

"No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer." 

                                                                             -Chris Shiflett


This article give some tips and tricks of secure a applications, understand security threat, tools and others.


Vulnerabilities & Solution


What are Vulnerabilities?


A vulnerability in Microsoft could allow an unauthenticated, remote attacker to execute arbitrary code, RegEx & ect.


  • RegEx vulnerability

    • RegEx - Regular Expressions provide a concise and flexible means for identifying strings. Also widely used in Text validations, Search engines and especially in security related applications, tools and libraries.

    • ReDoS - Regular expression Denial of Service is a denial-of-service attack that exploits the fact that most regular expression implementations may reach extreme situations that cause them to work very slowly. An attacker can then cause a program using a regular expression to enter these extreme situations and then hang for a very long time

    • The art of attacking the Web by ReDoS is by finding inputs which cannot be matched by the above Regexes and on these Regexes a Regex-based Web systems will get stuck.

  • External Binaries vulnerability
    • Due to an improper restriction by the affected software on the path used for loading external binaries.
  • Web Server vulnerability
    • The attack on specific web server configuration files and it allows an attacker to run arbitrary, system level code on the vulnerable server and retrieve any desired information contained therein. Improper coding errors lead to this vulnerability.

How MS helps to solve?

  • BinScope 
    • is to help detect potential vulnerabilities that can be introduced into Binary files. The tests it implements examine application binary files to identify coding and build practices that can potentially render the application vulnerable to attack or to being used as an exploit attack vector.

  • Attack Surface Analyzer
    • The purpose of this tool is to help software developers, Independent Software Vendors (ISVs) and IT Professionals better understand changes in Windows systems’ attack surface resulting from the installation of new applications. It's for the analysis of changes made to the attack surface of the OS.



Unsecured transportation & Solutions



Why Secure transportation channel?
  • Packet across network readable and there a risk to getting hacked. For example using Wireshark can caputer the  packets. Most important of online business is creating a trusted, secured & confident purchases environment.

How MS helps to solve?
  • The Secure Sockets Layer (SSL) is a computer networking protocol that manages server authentication, client authentication and encrypted communication between servers and clients. SSL uses a combination of public-key and symmetric-key encryption to secure a connection between two machines, typically a Web or mail server and a client machine, communicating over the Internet or an internal network.


Obfuscation & Solutions

What is Obfuscation?
  • Obfuscation is to make code harder to understand or read. The code is often obfuscated to protect it from such an attack. Deobfuscation techniques, such as program slicing, are sometimes employed to reverse engineer obfuscation.

What is the use of Obfuscators?
  • Compresses managed resources to reduce the size of the assembly. Takes all the DLLs and merges dependencies into the main assembly, so you don't have to load lots of DLL files, and so that they can also be obfuscated. Compresses and embeds your dependencies into your main assembly, simplifying the deployment of your software and reducing the size of your program. Remove unused codes make .NET assembly smaller.

Finally, This may helps you to understand application vulnerabilities & practice SDL

Specially thanks to MVP Walter Wong

References:

MS Tech Ed 2015 - Dev325: Security Awareness for .Net Developers by MVP Walter Wong

B' happiiiiiii always..............!

Monday, February 16, 2015

Little about a Windows Mobile app

I wanted to share with you what I have learn form MS Tech Ed 2015.

Windows Phone platform commonly known as a mobile platform that provides personalized characteristic, unique experience and smooth performance. In 2014, a signature cinema chain launches a Windows Phone GCS application with Microsoft. 

I got an opportunity to listen to a speech of one of a big figure in IT about an architectural & development experience of the Golden Screen Cinema windows mobile app.



During the development life cycle they have highly focus on the following facts.


  • Identified the Platform uphill Challenges
    • iOS & Anroid already exists with high number of download
    • Customer does not understand Windows Phone from consumer
    • Windows phone platform market share is not convincing
  • Strategy
    • Differentiate itself from iOS & Anroid
    • Propose  new features & hopefully new business to generate more revenue
    • Using Hi-fidelity story-boarding to convince customers
  • Improvement Challengers
    • Better brand marketing
    • Increase application performance & reduce internet data usage
    • Support new method of payment via mobile app
    • Speed up application loading time & don't sacrifice user experience
    • Mobile application version checking
  • Increase application performance
    • Cache movie poster image offline
    • Download once & reuse
    • Reduce Flickr effect
  • Key Features
    • Voice Recognition
    • Movie poster stick to the wall paper
    • Advertising
    • Movies details & biography
    • Offline history records
    • Remainders for movie date time& snacks orders
    • Continuous client support
  • Conclusion
    • Understand platform capability during proposal stage and be innovative
    • Understand customer needs 
    • Stay connected with customers

Think different...

Specially thanks to MVP Walter Wong

References:

MS Tech Ed 2015 - Dev216 - Journey of Developing Windows Phone Application for Cinema by MVP Walter Wong

B' happiiiiiii always..............!

Wednesday, February 11, 2015

Waiting for VS 2015.....


I wanted to share with you what I have learn form MS Tech Ed 2015.

As all of you know VS 2015 CTP was released very recently. And they are waiting for the user feed backs for the final release.


New Features:


Create custom window layouts
enables to save up to 10 custom window layouts and quickly switch between them
Menu -> Window -> Save/Apply/ Mange or Reset Window layouts

Color management & Fade up unused component
fade up all the unused componanet & able to clean up at once with the help of lightbulb option

Colorized tool tips
when hover over collapsible outline editor display the hidden code in full color and even shows the full declaration to provide more context



Code fixes and Refactorings
When hover over an error or warning in the editor then it will often show a lightbulb with a tooltip explaining the problem. The lightbulb tells us there are possible fixes for the problem.
By right click on the code & select Quick Actions will helps to define a toll tip which contains the existing code in red & correction code in green




Debugging improved
Debugging has more extensive support for modern language features like LINQ queries, Lambda Expressions and Extension Methods, that can now be used in the Watch window, Immediate window, conditional breakpoints and other debugger contexts




Inline renaming
rename re factoring find all of the references to rename and do tons of work, taking minutes on a large solution. rename works as inline in the editor.




Diagnostic analyzer
new window appears while debugging that gives Debugger Events (with IntelliTrace), Memory Usage, and CPU Usage

Blend
with new look Start page links to recent projects, creating new projects and lots of related content and news.Solution Explorer contains lists projects, folders and files and Properties are switched to using Visual Studio-like layout. Code/XAML editor supports IntelliSense across both code window and XAML

View History
ability to monitor code change history inspecting the functions.

.Net natives
ability to configure
right click on project -> Properties -> Build -> enable Compile with ,net (not clear)

Specially thanks to MVP Walter Wong

References:

MS Tech Ed 2015 - Dev233 - New Improvements of Microsoft Visual Studio 2015 by MVP Walter Wong
http://www.c-sharpcorner.com/UploadFile/736ca4/new-improvement-of-C-Sharp-and-visual-basic-in-visual-studio-2015/
http://blogs.msdn.com/b/visualstudio/archive/2015/01/16/visual-studio-2015-cpt-5-now-available.aspx

B' happiiiiiii always..............!

Monday, January 26, 2015

What SSH is....


SSH ??



It’s a certain way for devices to communicate with each other over a network..FTP and SSH are both network protocols that run on top of the TCP/IP layer, just like HTTP. 


Just like a web browser uses the HTTP protocol to talk with websites, a shell account needs a certain protocol to enable data exchange between the two networked devices. 


SSH – Secure Shell Protocol.


SSH uses a public key encryption and was developed to replace Telnet and other insecure shell protocols. The two major versions, SSH-1 and SSH-2, are now the dominating protocols to access shell accounts.


These days, SSH is used to log into and execute code on remote hosts, browse the web using encrypted proxy clients, and transfer files – even setting up a Virtual Private Network.


SSH clients are available for all major operating systems. Unix-based systems, including Linux and Mac OS X, can use OpenSSH.


FTPS


pros:



  • Widely known and used
  • The communication can be read and understood by the human
  • Provides services for server-to-server file transfer
  • SSL/TLS has good authentication mechanisms (X.509 certificate features)
  • FTP and SSL/TLS support is built into many internet communication frameworks.

cons:


  • Doesn’t have a uniform directory listing format
  • Requires a secondary DATA channel, which makes it hard to use behind the firewalls
  • Doesn’t define a standard for file name character sets (encodings)
  • Not all FTP servers support SSL/TLS
  • Doesn’t have a standard way to get and change file and directory attributes

SFTP

pros:



  • Has good standards background which strictly defines most (if not all) aspects of operations
  • Has only one connection (no need for DATA connection)
  • The connection is always secured
  • The directory listing is uniform and machine-readable
  • The protocol includes operations for permission and attribute manipulation, file locking and more functionality

cons:


  • The communication is binary and can’t be logged “as is” for human reading
  • SSH keys are harder to manage and validate
  • The standards define certain things as optional or recommended, which leads to certain compatibility problems between different software titles from different vendors.
  • No server-to-server copy and recursive directory removal operations
  • No built-in SSH/SFTP support in VCL and .NET frameworks

References: