Tuesday, April 30, 2013

Enterprise Library 6 is out!

Enterprise Library provides an excellent way to keep the cross-cutting concerns outside your main application code. Microsoft Pattern & Practices team released new version of Enterprise Library last week. This was released on 25th April and this is Version 6 of the library. Full version of the library and source code can be downloaded from Microsoft's Download Center.



The documentation can be downloaded directly form Pattern & Practices team's codeplex page. The documentation is still in preview version and is not updated on MSDN. Still this can be downloaded from the main page. In addition to the Enterprise Library documentation, it also includes the migration guide for migrating applications from Enterprise Library 5. You can also find the reference PDF for Unity Application Block version 3 which is provided as part of the new version of Enterprise Library.



List of Application Blocks in Enterprise Library 6
The library seems to be released with exciting new features in existing application block. It includes a new application block with the name Semantic Logging Application Block. Transient Fault Handling application Block seems to have been added from Azure Integration Pack for Enterprise Library 5. Enterprise Library 6 includes the following application blocks.
  1. Data Access Application Block
  2. Exception Handling Application Block
  3. Logging Application Block
  4. Policy Injection Application Block
  5. Semantic Logging Application Block
  6. Transient Fault Handling Application Block
  7. Unity Application Block
  8. Validation Application Block
As discussed above, Semantic Application Block is the newest in the list. This is supposed to be built on top of EventSource provided in .net framework 4.5 for structured logging. EventSource provides structured logging support for ETW events. Semantic Application Block is supposed to add support structured logging by specializing EventSource, where the logs can be sinked to Azure or SQL Server database.

There are other application blocks which used to be in Enterprise Library 5 and haven't been migrated over to EntLib6. They include the following:
  1. Cryptography Application Block
  2. Caching Application Block
  3. Validation Application Block
Back in 2010, we did discuss about how we can use Validation Application Block in an MVVM based application.

Unity 3.0
The release also includes a new version of unity application block. This is version 3 of Unity. As we know Unity provides the support of Dependency Injection for .net applications. This is a container based approach to Inversion of Control. Unity 3 extends Dependency Injection Windows store Apps and deeper integration with ASP.net MVC and Web API.

Requirements for Enterprise Library 6
Enterprise Library 6 only works with .net framework 4.5 and .net for Windows Store Apps (for Unity and Transient fault handling application block. It cannot be used side by side with existing Enterprise Library 5 binaries. If you are still on .net framework 4.0, you will need to make a decision about migrating to .net framework 4.5 first before moving to the new version of the enterprise library.

Using Enterprise Library Application Blocks
You can download the list of the binaries from the link provided in download section to use enterprise library's application blocks in your code. Pattern & Practices team suggests using Nuget for this purpose. For ease of developers, Pattern & Practices team has provided these application blocks in the form of Nuget packages. These Nuget packages can be used individually as per the requirement. Just add the appropriate package to your project using Nuget



Still To Come
This is the view of the release from top. There are other minor improvements and updates which require more detailed discussions. I am planning a few posts about the updates in Enterprise Library 6. You might find me blogging about them next month. You can find release notes here.

Monday, April 29, 2013

Being a Software Consultant - Microsoft Attack Surface Analyzer

I have been working as a software consultant for a long time now. During this time, I have to be at customers' locations adding new products, features and provide recommendations about their design. In order to do all of that, we first need to understand their current domain and eco-system of tools and applications. Many of these applications are custom-built while others are off the shelf toolkits, frameworks and software tools from various vendors. Most of the organizations which don't have Software Development and Design as a line departments don't have a very focused and streamlined approach to these toolkits, frameworks and tools. It is uncommon and rare to find out an individual who could give you an overview of the software eco-system.

During the early part of my professional career one of my mentors once said, "When you are thrown into a mud, don't just panic, just settle down first and then smoothly make your transition out" [I had to clean it up a bit for the respectable blog readers :)]. And this is so true as panicking in a situation like this only makes the situation worse. I have seen some consultants asking for the moon asking for the documentations about the current software design and domain in general. As I said, it is very rare to find such a thing expecting that this would be up-to-date is really an idealized view. Don't think employees would know better than consultants as they have been long enough in the organization. I have never seen this to be the case.

As a tech consultant, we are expected to know the technology bits required to work on the system but understanding the domain and host organization software eco-system is really necessary. Absence of people / documentation makes it really difficult. Organizations also suffer a lot because of this. We see multiple tools which seem to do the same thing (may be doing it differently). You see different design patterns followed in different parts of the same application. It makes it more challenging when development teams are geographically distributed as it affects the communication structure, which has an impact on design as we know from Conway's law, Organizations which design systems are constrained to produce designs which are copies of the communication structures of these organizations.

So a convoluted mesh of software tools, frameworks and toolkits is a reality. Finding no navigation support in the systems is common. We need to learn how to deal with it as a technology consultant in order to be successful. Panicking is just not an option. As a software developer, we shouldn't be needing any document to understand the design as we know, Design lives in the code. In order to deal with this situation, I have learnt to follow some fixed steps when I step my foot in the doors of an organization. This includes making a list of the tools and frameworks used and having an externalized view of the software eco-system without first looking into the code.

Let's assume this is your first day in an organization. A software tool is thrown at you to look into that you would need to work on once you gets settled. Never just jump in the code and start looking at the classes and their relationship. This would be needed at later steps. First try to understand what is this tool consisted of? What does it do when it runs? What sort of changes does it make when installed on a client system? What components it loads when it is running. Is there any network activity involved? In order to answer these questions we need tools suitable. I recommend to be hands-on on major SysInternals tools, Profilers and DotPeek / Reflector. I have seen many developers running away from these tools and it appears that they would be turned into stones if they look at them (OK this is exaggerating, I admit :))

A few months back Microsoft has released one tool which should definitely draw our attention as a software consultant. This is Attack Surface Analyzer. The tool was introduced in August last year. It lets us take snapshot of system features including registry, drivers and other details. The recommended approach is to get the snapshot before we install the application being tested. We call it Baseline Snapshot. We then install the product and take a snapshot afterwards. The snapshots are created in the form of CAB files. The tool then supports comparing the CAB files and generates an HTML report which can be used to understand the changes caused by the software in the system. The report is also persisted automatically so we can later review the report.

Attack Surface Analyzer can be downloaded from Microsoft's download site. You can use the following link to download the tool:



The download consists of installation files for x86 and 64-bit operating systems. It also includes a read me file with the details of the tool. Running the download file would install the tool by running the setup program. We can select the folder where we want to install it.



Once installed, the tool is available in Windows Startup. Since the tool is supposed to collect sensitive information about the system, it needs to run with administrative privileges. Based on your system settings Windows UAC can ask about running with admin privileges.



As discussed above, the analyzer is used to run scan and saving the scan report as a cabinet file. The tool can then be used to run the comparison between any two files. Both of these use cases can be selected by selecting the appropriate radio buttons on the view. The idea is to run the scan first. Then install and run the tool running a scan second time.



Running the scan would collect data from the system. The list of details, being collected, is shown in the grid. It also shows the status of collecting each information. Once the collection is completed, the information is updated as Completed.



Once the run is completed, a cabinet file is generated in the selected folder with the specified name. It also generates a new sub-folder as data.



The data folder seems to have following details. The content of these files is based on XML. You can open the file and see the data about any particular details.



After complete scan and generation of these cabinet and data files, the view is updated showing with updated message. It also has information what you might need to do next. If it is baseline scan, you need to install and run the tool again and run a second scan. This scan is called Product scan.



Like the previous scan, we can generate the product scan in a selected folder. For my test scans, I have created them side by side in the same folder as follows:



Since we have both baseline and product scan and we have recorded the scan in the cabinet files. We can compare between these two scans by comparing these files. The tool supports this comparison. We need to update the selection to Generate standard attack surface report.



Clicking Generate button would load both cabinet files as specified in Baseline and Product Cabs. It then compares between both cabinet files. While generating report, it keeps showing the status message which keeps the user updated with each step running by the tool.



Finally it generates the comparison report with title Attack Surface Report. The report is opened in the default browser for the machine running the tool. It compares various aspect of the machine including content of Global assembly cache. We can argue that the report could have further details or the options could be selectable by the user and should be customized.



The report is also persisted for later viewing. The tool also creates a help file to look up the information about the comparison. You can see them persisted in the folder specified in the tool. Please notice the html files for report & help.

Saturday, April 27, 2013

Nuget 2.5 Released This Week!

Microsoft finally released Nuget 2.5 this week (Apr 25, 2013). It is a very big release with 160 work items. In February, we discussed about some of the challenges introducing Nugets in an enterprise world. They included using nuget packages in an enterprise world and hosting internal nuget feeds. The release is a good news for native developers as the realase added support for C \ C++ projects. You can see the announcement on CoApp site where they announced CoApp power shell tools for Nuget 2.5. The tool was also released yesterday.



A new version of Nuget Package Explorer has also been released yesterday. The click once download is available here:



The new version of the explorer is released to be compatible with this release of Nuget [2.5]. There are still some features which are still not supported in the explorer including .net framework version specific references.



We can easily divide the released features as the improvements for packages clients and authors. There are various improvements for packages clients. The most obvious improvement which you would notice is the ability to update all packages which are already installed. Please notice the Update All button in the dialog to manage nuget packages.



As a package author, we can now enforce Nuget version on client machines before they install your package. This would make sure that clients have enough support for the features our packages are based on. Obviously this feature would be usable by the nuget clients 2.5 and above as the earlier clients don't know how to handle this metadata attribute. The attribute can be added as follows:

Installing Nuget package with requirement for higher version of Nuget would result in an error. In Visual Studio, it would show you the option to upgrade Nuget version. This would open the dialog for extension and updates in Visual Studio listing the available updates.



If you have earlier version of Nuget supporting previous versions of Nuspec, the package is shown in Manage Nuget Package dialog as follows:



The similar error message is available when package list is requested using Package Manager console (Get-Package -ListAvailable).



We cannot install such a package using Manage Nuget Pacakge Dialog.Installing such a package using Package Manager Console would also result in the following error message:



In the previous versions of Nuget, we could limit the assemblies to be added to target project's assembly references. The filtered list must be part of the assemblies in the lib folder or one of its framework specific sub-folder. Let's assume we had these two libraries in v4.5 folder for our package.



By default, if a client is adding this package, both of these assemblies would be referenced by the client project. If we need to reference only a filtered set of assemblies from the source set we can include the list in the nugetspec for the package. This would still copy all the assemblies to the packages folder.

This should allow you to include the assemblies that are dependent on some other assemblies where you don't want the types from these assemblies to be directly used by the client code.



Nuget 2.5 allows to define this filter based on the client's target project. This has been provided by including framework specific groups in the nuspec. We can also include a framework independent group as a fallback mechanism when our package is referenced by an unidentified framework version.


File Overwrite Option for Package Installation
A new option has been added for package installation to give the user an option to overwrite an existing file or keep the copy of the content already present. Please notice FileConflictAction with Install-Pacakge command. Here we are installing MyPackage while selecting to overwrite contents already present. The options are Overwrite and Ignore.



Installing package with Manage Nuget Packages dialog would give you an option to overwrite or ignore the content.

Import for MSBuild targets and props files
A new build folder is now supported at the root level in a package. The folder supports framework specific sub-folders. The build folder contains targets and props files. When a package is added to a target project, it would add <Import> in project file.



Please notice how these <Import> elements are added to the project definition. The element for build is added to the top of the project file.



The element for props file is added to the top of project definition as follows:



You can find further details about it from the release documentation available here:

http://docs.nuget.org/docs/release-notes/nuget-2.5

Thursday, April 25, 2013

Visual Studio 2010 - Debug T4 Templates

In the previous post we discussed about debugging T4 templates in Visual Studio based on the new option provided. This allows debugging T4 templates in the same Visual Studio Editor instance. As a matter of fact the options are new but we could still debug T4 templates by attaching external debugger.

Let's update the same project as we created in Visual Studio 2010. You can download the project and open it in Visual Studio 2010. In order to add an external debugger, we need to launch the debugger from the template code as follows:

In addition to launch external debugger we have also set debug attribute for template directive as true. Basically Visual Studio creates a temporary class to generate the text by the template. This template class is created on the fly. Setting the attribute as true would add it to a temporary directory. If there is a compilation error the we can open the temporary file from the Errors List debug window. After updating the template code, we can simply run the custom tool by manually running it. Saving the template would also run the same tool:



This should launch another instance of Visual Studio Editor. Click Yes on the following dialog asking for permission to open a new instance.



The debugger breaks the code execution at the line where we launched the debugger. We can now use all the debugging support in visual studio in order to step through the code.



We can also use other debug windows including Locals and Call stack windows in order to see the values of variables and call stack within the template code. It seems Autos window was broken even in Visual Studio 2010.



Visual Studio 2012 - Debug T4 Template

T4 is the acronym for Text Template Transformation Toolkit. People have always claimed T4 templates as a hidden gem from Microsoft. They are used by Asp.net MVC and Entity Framework to generate code elements including controller and model classes. Visual Studio 2012 supports debugging T4 templates. They can be debugged at design time. In this post we are creating a very simple application in WPF to discuss how to use this in Visual Studio 2012. In the example we are adding a text template to add a file based on application settings in App.Config in a project. The template would introduce a new class ApplicationProperties. This would hold properties for each setting added in the settings section. For simplicity, let's keep the data type of all these properties as string.



For this example we need to add assembly reference for System.Configuration assembly. This would allow us reading the configuration settings from App.config file for the project.



Let's add a text template to the project. We name the template as ApplicationProperties.tt.



Now we add template code in ApplicationProperties.tt file. We need to update the definition of the text template.



If your eyes just popped, put it back in its real place. Syntax Highlighting is still not supported in Visual Studio 2012. I know community has strong opinions about this and the absence of intellisense for template editor. Still not supported. Here I am using the Devart extension for T4 template. It adds syntax highlighting and intellisense for T4 templates.



The line numbers can be included by updating the setting for extension. The following is added to Options & Settings dialog. Checking the option would include the line numbers on a T4 editor.



The T4 template is added to the project definition [CSProj]. The resulting CS file is added to the item group for compilation. It is dependent on and automatically generated from the actual Text Template [TT] file at design time.



Let's update the definition of ApplicationSettings.tt to include the code generation logic. It starts with adding directives for template, output, assembly and import directives. The rest of the code reads App.Config and generates properties for all the app settings.

The code uses Host.ResolvePath to get the path for App.Config. It then reads the content in an XmlDocument class. If there are no such settings it uses Error utility method defined in TextTemplatingFileGenerator custom tool. Saving the template file should result in the following error message.



Let's assume that this template was given to us and we need to determine what we need to do to fix this problem. Let' us put some breakpoints in the template code. Visual Studio supports inserting breakpoints and trace points in the template code as well. If we right click the template file in solution explorer, please notice the additional Debug T4 Template option available. Let's try to debug the text template to determine the cause of error message. Add some breakpoints to the template code. You can read about using break points & developer productivity in one of our previous discussion.



As we debug the template, we notice that the breakpoints are being hit. We can also notice that the debugging experience is integrated with other debugging windows available in Visual Studio including Quick Watch, Immediate and Locals windows.



In the previous posts we have been discussing about code map to visualize and debug code in Visual Studio 2012. The feature also seem to completely work with T4 template debugging. Since Code map is only supported for code visualization for C# and VB code, we wouldn't be able to navigate the code graphically to understand it better.



The Autos window seems to be broken in Visual Studio 2012.2 Ultimate. Please notice that it is empty even though the control has already passed through some variable declarations. It should have included document variable on the window to display its value.



The template editor still doesn't provide any refactoring support. So if you change a variable name, make sure that you propagate the changes to all the places in the code where it is being used. Although we see the error messages as reported by Error utility method in Errors List window but double clicking the error message wouldn't open the editor and navigate to the line where the error came from. It still shows the line number and template document name name in the errors list window, which is also not very useful as the line numbers are not from template document itself.





Anyhow, we realize that it needs the application settings to be defined in App.Config settings. Please notice the empty collection here.



We must remember that any error while running the custom tool on the template would not stop it at the line where the error is found but it continues and report all errors and warnings in the template. So the C# code file is still generated for application properties. Any error in the document also wouldn't fail the project build.



Let's update the App.Config to include some application setting entries. Here we are adding three properties AppTitle, ReleaseType and ReleaseVersion. They are assigned with their respective values.

As soon as we add these settings and run the custom tool from the context menu for T4 template from solution explorer, we can see the new properties being added to the generated class in solution explorer. We can also notice that the errors list is empty now.



The generated ApplicationProperties static class is also updated to include the new properties. Now as we add or update a setting in App.Config, a new property is automatically added to the generated class as the tool is run.

We can also run Custom tool from Project Menu. The following menu is available if we have a template selected in Solution Explorer.



We don't need to run each template individually. We can run the custom tools for all the templates in a solution. We need to add build toolbar in Visual Studio 2012 and use the following toolbar button to run these transformations.



There used to be this option in Visual Studio 2010 which is added when there is a T4 template added to a project in the solution opened in the Visual Studio editor. I can't seem to find the option in Visual Studio 2012.



Let's update our example Application's Main window to use the properties generated from the class generated from T4 template. Here we are using AppTitle, ReleaseType and ReleaseVersion as included in App.Config.

The application builds fine. The MainWindow appears on the screen being the startup window for the application. We can verify that all the values match as we declared them in App.Config.



Download Code