Monthly Archives: February 2009

More Castle Windsor

.NET

In an unexpected move, I decided to go back and demonstrate the automatic injection of dependencies in the old Castle sample app from before. I did so because, well, not doing so I felt kind of missed the entire point of dependency injection.

Code Changes

There are a few initial changes to the source worth mentioning: I renamed the DataSourceFacility assembly to simply DataSource as I wished to avoid the ‘Facility’ word which has a different meaning altogether in the context of Castle Windsor.

As I hinted in the previous blog post I lifted the data access method  from the HomeController class to a dedicated data factory consumer class (cunningly name FactoryConsumer) in the DataSource assembly. To maintain an air of civility I also defined a new interface IFactoryConsumer which the FactoryConsumer class would then implement.

 

using System;



using System.Collections.Generic;





namespace DataSource



{



    public interface IFactoryConsumer



    {



        void LoadData(ref List<DataModel.Entity> lst, 



             NHibernate.ISession session);



    }



}







using System;



using System.Collections.Generic;



using System.Linq;



using System.Text;



using DataModel;





namespace DataSource



{



    public class FactoryConsumer : DataSource.IFactoryConsumer



    {



        IDataFactory m_fac;





        public FactoryConsumer(IDataFactory fac) {



            m_fac = fac;



        }





        #region IFactoryConsumer Members





        void IFactoryConsumer.LoadData(ref List<Entity> lst, NHibernate.ISession session)



        {



            lst.AddRange(m_fac.GetData(session));



        }





        #endregion



    }



}





In the home controller I, perhaps not so wisely, renamed the existing data access function LoadDataFromFactory to demonstrate that it loads data directly from the IDataFactory, and created a new function LoadData that gets its data from a IFactoryConsumer.  Then I changed the caller to access both function, getting product data from the Factory Consumer, where Castle secretly and automatically figures out which factory to use, while still loading service data from the factory directly as before.


Config changes


To accomplish the above there had to be some changes to the configuration file. I specified that the Product Data factory has a ‘service’, which is, incidentally IDataFactory. Ahead of both factories I declared my factory consumer. As you can see, Castle cleverly figures out quite a few things on its own, like how to create my Factory Consumer with no more than two empty hands and, incidentally, a component just a line or two below in the web.config file that actually implements IDataFactory which is what it needs to call the constructor of the FactoryConsumer.


 


  <castle>



    <facilities>



      <facility id="loggingfacility" 



                type="Castle.Facilities.Logging.LoggingFacility, Castle.Facilities.Logging" 



                loggingApi="log4net" 



                configFile="logging.config" />



    </facilities>



    <components>



      <component id="ProductLoader" 



                 type="DataSource.FactoryConsumer, DataSource"  />



      <component id="ProductData" 



                 type="DataSource.ProductInfoFactory, DataSource"



                 service="DataSource.IDataFactory, DataSource"/>



      <component id="ServiceData" 



                 type="DataSource.ServiceInfoFactory, DataSource" />



    </components> 



  </castle>



 


Output changes


When you make the above changes to the source, rebuild and ‘play’, you will notice the following changes compared to the other source:


 


That’s right. Nothing. Exactly the same output is produced. 


So, what was the point of all this you ask? Well, as you can see, I could easily move the ‘service’ tag in the config file and have the web page display service info only. We have lifted the dependency control right out of our lap and left it in the hands of the guy/gal who owns the config file. There are so many implications of this; everything from enabling completely changing to different data sources or services on the fly, making partial upgrades, moving from staging to production environments dynamically and so on. 

	

	
	


							


	

		
				

			The ASP.NET project
		

		
		

			.NET, General					

	


		

		
As the returning reader may have noticed I have used the Model-View-Controller framework for ASP.NET again and again in the few posts I have produced so far. This is because unlike the ASP.NET standard framework, the MVC framework allows and simplifies actual programming in lieu of VB3 style component hell. To show proof of my benevolent and magnanimous generosity, I have however decided to let go of my loathing for the standard ASP.NET setup and actually try to make something out of it, utilizing every bit of it just to see if it can be used for anything real.


Orientation


There is a plethora of Server Controls, at least one for every imaginable application known to man. The idea is that when you have a business problem you want to solve, you simply write <asp: in front of a general description of your problem. switch to Design view and edit the properties of your server control. 


Example:


I would like to create a wizard that allows me to create a ASP.NET Forms user account… Let’s try it:




Hmm… that would mean…  ‘<asp:’ and then, let’s try .. ‘ CreateUserWizard />’ … Switch to design view… Woah!!!




This is just one example, but the amount of server controls  out there is limitless and you can watch your ViewState go from 0 – 60MB in seconds with ease, building your website with themeable data bound server controls fully integrated with your web.config. 


I have seen people dismiss the MVC framework as it means ‘a move away from Server Controls back to spaghetti code’. I find this unfathomable. Server controls try to abstract away the fact that this the application runs on a web server which is inherently stateless. Through the use of ViewState and other constructs the server controls use a variety of dirty tricks behind the scenes to hide this basic fact from the confused developer. In practice however I have never seen a case where this abstraction has been successful and there have always been places in a web application that have deteriorated into near-ASP Classic monstrosities. 


I have always put the blame for this squarely on the shoulders of the ASP.NET Server Control concept.  However, I have decided to actually put my money where my mouth is on this one and actually make a serious effort to build something usable out of a bucket of server controls and see if it can actually be done. For real. All the way.  


Example


I am going to build an application that uses the following aspects of the ASP.NET basic features:


    

  • ASP.NET Forms Authentication
    • 

  • Themes
    • 

  • Profiles
    • 

  • Wizard
    • 

  • DataGrid
    • 

  • GridView
    • 

  • DetailsView
    • 

  • DataGrid
    • 

  • MultiView
    • 

  • … any other controls that I find irresistibly disturbing
    • 



I have a useful scenario which I have been working with, however I will not release the details of this yet, and I will only briefly discuss the actual application. The point of this exercise is whether or not the controls are useful, how difficult they are to manage in a professional way and the amount of ugly code that is necessary to patch things up.  I  will go through this anxiety ridden journey on my own and spare you most of the details and only report back when I need to vent or when I, maybe, reach points of success. I do this so that I will reach a point where I can disrespect the ASP.NET framework with greater authority. I admit there is a risk I may come out on the other side a changed man, a born-again VB3 fanatic, touting opaque server logic, horribly leaky abstractions and other features as reigning supreme over so-called real programming, we never know.

	

	
	


							


	

		
				

			IIS Security
		

		
		

			BOOL					

	


		

		
While working on a project today I got a bit frustrated. Instead of having one security setting per node in the conceptual tree that a web server in effect is, thus allowing people to actually configure authorizations to the allow the least possible and still run the applications, there are six hundred and fifty nine separate places to configure access usually meaning that in the initial phase people run everything as Enterprise Administrators, from the web site identity down to the least possible scriptlet just to get something up on the screen when you test the app on your own box.  If you insist that ‘but we need to make the websites impossible to configure, otherwise there is no security’, at least provide me with a big fat ‘Make it so’ button that allows me to ensure that, say, an AD group that should be allowed to look at a web site, by me having pressed the Patrick Stewart-button while the group was selected, they would actually be able to see the web content without any error 500.x/ 403.x because a .config file had the wrong permission sets way back somewhere. I love low permission worker process identities, but please configure them automagically through the admin tools. The problem is other people and viruses messing with the websites, Making them impossible to configure isn’t exactly helping people to lower security settings. Just don’t leave the server open  for attacks in the first place so that other people than me get to configure my server and you’ll see that security will be just fine.


OF course, once I calmed down I realized there are ways of dealing with the frustration, especially with IIS7.0 and I should at least share this link.


Basic IIS7 troubleshooting