0 Comments

I’ve been a little quiet on my blog lately. That is due to my grand plan for 2009 which was born as my New Year’s resolution. The original plan went like this:

In average, I need to visit a new country I have never visited before, every month of 2009.

That means 12 trips to a new destination for the entire year. I soon realized this was too ambitious, expensive and time consuming. I needed to adjust the plan to something more realistic and this is what I came up with:

In average, I need to visit a new country that I may have visited before, every month of 2009.

So, still 12 different destinations but it is now ok for me to visit countries I’ve seen before. So far it is going quite well. Here is my itinerary for 2009 as it looks right now.

  • January: Germany
  • February: England and Moldova*
  • March: USA
  • April: Spain, Gibraltar* and Portugal*
  • May: Scotland*
  • June: Holland*
  • July: Greece* and Albania*
  • September: Turkey*
  • December: Egypt*

* = have never visited before

These trips have been a mix of business and pleasure. Whenever I go on business trips, I always try to find time to explore the place I visit. Lately I’ve fallen for the idea of visiting the countries along the old silky way including Azerbaijan, Kirgizstan, Georgia, Armenia and a few more. I hope to find the time to spend some time there in the fall. Also, I’ve never been in Asia or Oceania so that’s also very high on my wish list.

Often times when travelling, I don't have access to a PC so I don't read or write many blog posts. Instead I tweet from my mobile phone just to keep a little up to date with the news in tech world.

0 Comments

A few weeks back I gave a talk about ASP.NET performance optimization techniques. The talk was filmed and is now available to anyone interested in watching it. Unfortunately for some, the video is in Danish. If you want an English version of the performance talk, then you'll get the chance at the Umbraco CodeGarden conference in June.

Watch the video (opens in Windows Media Player)

0 Comments

I’ve read a lot of posts and articles about why and when you should choose WebForms or the MVC framework to build your ASP.NET websites. They are all pretty good, but for some reason they forget or ignore the obvious third option - standard ASP.NET without the WebForm.

Let’s call standard ASP.NET without a WebForm for ZeroForm. Basically, the ZeroForm approach is to use ASP.NET like you always have but without a <form runat="server"> element. I consider the ZeroForm as an excellent compromise between WebForms and MVC.

Server- and user controls

There are some immediate drawbacks from regular ASP.NET WebForms by not using the <form runat="server"> tag. A lot of the regular server controls like the TextBox, DropDownList and all the validators will not work. Other controls like the Repeater, PlaceHolder, custom user controls and all HtmlControls like <div runat="server"> will work as normal. Where WebForms support all the controls and the MVC framework none, this can be considered a good compromise.

ViewState and HTML markup

By getting rid of the WebForm, you are now in (almost) complete control of your markup. No ViewState, WebResource.axd’s and embedded JavaScript are injected in your pages anymore. The only thing that remains out of our control is the rendered ID’s of HTML elements. If you nest server- or user controls you still cannot control that until the release of .NET 4.0. Again, a fair compromise.

Pretty URLs

The MVC framework has a very cool way of creating pretty URLs using the new routing engine in .NET 3.5 SP1. You can use the routing engine with your WebForms and ZeroForms, but it isn’t really as fluent as in a MVC application. But hang on; URL rewriting has always been possible in ASP.NET so you could get the same pretty URLs by using ZeroForms. It does take some extra work but people have been doing it for years using various libraries or their own implementations. This is not a compromise, but the notion of that it's possible on both frameworks.

Separation of concerns

The MVC framework is the champ in separating concerns in your web application. No question about it. A lot of articles explain this very well, so I will not go into details. What haven’t been well explained is that by using the ZeroForm you can also separate a whole lot. Keep your model (custom objects) separate from the code-behind and your .aspx’s and .ascx’s as dumb as possible by leaving the code-behind to deal with data using utility classes or helpers that can be tested. This is nothing near the separation the MVC framework offers, but it is a good compromise.

This post is not meant to bash either WebForms or the MVC framework, but to offer an alternate view for your consideration. I’m a huge fan of WebForms, ZeroForms and the MVC framework and I use them all for different types of projects respectively.

An example of a website using the ZeroForm approach is ifjernsyn.dk (in Danish).

0 Comments

Last Wednesday I gave a presentation about performance optimization techniques in ASP.NET. In the demo I used a class called WebOptimizer that I’ve written specifically for that presentation, but based on techniques and code I’ve been using for years.

The static WebOptimizer class contains a few public helper methods that allow any web project to do HTTP compression, removal of whitespace from HTML, CSS and JavaScript, and support for conditional GET requests. After the presentation I promised to publish the class on my blog, so here it is. I hope you find it useful.

WebOptimizer.zip (2,15 kb)

0 Comments

In the first part of the checklist, we looked at creating high quality websites from a client perspective and the tools that helps us do that. In this part we look at the (free) tools that will help us build high quality on the server side of the website.

Code quality

Treat compiler warnings as errors

When you compile your solution in Visual Studio it will by default allow compiler warnings. Compiler warning occurs when there is a problem with the code, but nothing that will result in severe errors. Such a warning could be if you have declared a variable that is never used. These warnings should at all times be treated as errors since they allow you to produce bad code. Keyvan has written a post about how to treat compiler warnings as errors.

StyleCop

The StyleCop Visual Studio add-in analyses your C# code and validates it against a lot of rules. The purpose of the tool is to force you to build maintainable, well documented code using consistent syntax and naming conventions. I’ve found that most of the rules are for maintainability and consistency. After using StyleCop on my latest project I will never build a C# project again without it.
 
Some of the rules might seem strange at first glance, but when you give it a closer look you’ll find that it actually makes a lot of sense.

FxCop

This tool should be familiar to most .NET developers by now. It has existed for a long time and is now on version 1.36. FxCop doesn’t analyze your C# code but the compiled MSIL code, so it can be used with any .NET language. Some of the rules are the same as in StyleCop, but it also actually helps you write more robust methods that result in fewer errors.

If you use StyleCop and do proper unit testing, then you might not need FxCop, but it’s always a good idea to run it on your assemblies. Here's a guide to using FxCop in website projects. Just in case. If you own a Visual Studio Team Edition, then you already have FxCop build in.

Security

Anti-Cross site Scripting (XSS) Library

The Anti-XSS library by Microsoft is not just a fancy way to HTML encode text strings entered by users. It uses white-listing which is much more secure than just trust any input and then HTML encode it in the response. It works with JavaScript, HTML elements and even HTML attributes.

Code Analysis Tool .NET (CAT.NET)

When your website relies on cookies, URL parameters or forms then it’s open for attacks. That’s because all three of them is very easy to forge and manipulate by hackers and robots even. By using the CAT.NET add-in for Visual Studio you can now easily analyze the places in your mark-up and code-behind that is vulnerable to those kinds of attacks. CAT.NET analyzes your code and tells you exactly what the problem is. It’s easy to use, understand and it lets you build more secure websites.