**Raymond Lewallen: http://codebetter.com/blogs/raymond.lewallen** **Building strongly-typed session objects, cache objects, and viewstate.** If you aren't using a session management object you must. Do a search for session[] and make your developers give a justifiable business reason they need to use something outside of the project's session object management class. Use code reviews to enforce it. Why is it that developers can have the confidence to say definitively "this is how it should be done" and are more than willing to follow standards. In fact, by my experience as of late, they are really the ones pushing for it. It makes their jobs easier. Yet, management and managers can't even agree upon and finalize the simplest decisions? We want the background color blue, no red, okay how about green?
We want this field here and this field there.

Cos Callis: Custom User Objects in ASP.NET A lot of developers create their own object and store it in Session. Such as Email address, etc. Since this is typically tied to the CurrentUser, you might as well have the additional properties you need there.

Page.User is based off IPrinicipal and all you need to do to add to it is create you own class that implements the IPrinicipal interface. IPrincipal is the important part. Attaching it to the LoggedOnUser make it so that only the current user can see their data. This data is stored in HttpContext instead of Session, making it even more secure.

(* Note: the following is Pseudo Code:)

Turn on forms authentication in web.config You build your User Object inside Global.asax sub Application_AuthenticationRequest  try   if not request.cookies(Formsauthenticaion.FormCookieName) is  nothing then    context.user = new ccuser()
  else
   context.user = new ccanonymoususer
  end if  catch ex as exception
  context.user = new ccanonymouser
 end try
end sub

Login btn click .  httpcontext.current.user = new ccuser(textbox1.text, textbox2.text)
 formsauthention.redirectfromloginpage(textbox1.text, true) end sub public class CCUser  inherits System.Data.DatasSet  implements System.Security.Prinicipal.IIdentity, System.Security.Prinicipal.IPrincipal public readonly property identity() as identity implements..
 get
  return me
 end get
end property _email _firstname _lastname _roles _menuOptions _CSS _webparts datatable (data repeater to display the webparts) Page.CSS = User.CSS Me.StyleSheetTheme  = User.CSS 3 constructors blank new () public sub new(byval email as string, byval password as string)
 validateuser(email, password)
 loadcooke(email, password)
end sub public sub new(byval Cookie as HttpCookie)
 dim exttickit formsauthen.decrypt(tkt)
 validateuser(ctkt.Name, ctkt.UserData)
 HttpContect.Current.User = new System.Security.Principal.GenericPrincipal(id, MyRoles)
end sub pub sub validateduser(byval email as string, password as string)
 'It doesn't matter type of authentication type you use,
 'you can use mixed, try ActiveDirectory first, and if it fails,
 'then do your custom db user login.
 'IsInternal T/F whether they're in AD.
end sub public sub LoadCookie(email as string, pwd as string
 Dim tkt as New FormsAuthenticationTicket(1, "CodeCampUser", Now, Now.AddHours(1)), True, "Hello Wichita",
 dim exttickit formsauthen.encrypt(tkt)
 httpcontext.current.response.appendcooke(n httpcookie(forma.formcookiename, ... )
end sub then login sql stored proc:
select * from menus where userid=##
select * from users where userid=##

public Class InvalidLogonException
 inherits System.Exception end class

public Class CCAnonymousUser
 inherits CCUser  public overrides ReadOnly Property IsAuthenticated() As Boolean
  get
   return false
  end get
 end property

 public overrides readonyl property name() as string
  get
   return ""
  end get
 end property
 
 function isinrole
end class

public overrides reado
end sub class ccbasepage
 inherits System.Web.UI.Page

 public shadows Property User as CCUser
  Get
   return directcast(mybase.user, ccuser)
   'ctype tries to valid first
   'what is full explanation why directcast is better
  End Get
 end property

Great Job! On why it's needed, how useful it is, and why it's best to inherit and implement from the Current.User 'only argument people have voiced: it creates too much bloat, but you're going to do it somewhere (session, application, etc) - why not here - the most logical choice.

Raymond Lewallen - Continuous Integration
www.codebetter.com/blogs/raymond.lewallen/downloads/ci.zip
Continuous information - if you only talked to your customer once a month your project would be in trouble. So why do you wait until deployment to really audit your code? FxCop - All methods should be Pascal case. )
Only thing that doesn't work with 2.0 is nCover report - it runs but produces empty xml report. Yours Truly - Introduction to Programming Windows Communication Foundation (WCF)
The presentation went well, it was obvious that everyone understood how easy it is to create services, as well as, how much easier WCF makes it.

I had one question by the most inquisitive of the group:
Can Services or Clients be used to attach as an "EventHandler" to a Service? After much thought, I realized, the solution to the architecture that he is really looking for would involve a multiple service situation. Trying to use a Client as an EventHandler would logically be the opposite message communication that is typical from Client to Service, so in my opinion, the real solution to what he was asking, would be for the Client to have a Service of it's own (and/or the "EventHandler" Service would be running somewhere), and the Service that is needing to communicate the event would then send it to this Service for any additional handling. I had one comment afterwards in summation was: "it's hard to get excited about WCF, because Services have been around for several years, and it's so easy to create a service, but I've never done it and I don't see the need in my environment".

After spending a little bit of time thinking about it, the first thing that comes to mind is how developers are always more confused by the things that are simple. As developers, we are so inbreed to think everything is complex. So, when we encounter something that is simple, it really baffles us and we keep thinking there must be something more that I'm missing. Well, as services go, it is really simple. WCF only makes it even more simplified, which is good. As far as not needing services in any environment, I can see that thinking today, but really the ability to make your business functionality and processes available easily to multiple applications in-house and to your external clients and business partners, it's only a matter of time. Why not be prepared, since it is so easy? Web Application Security
This was a introductory presentation on all the various aspects security.

All various methods in IIS that are security related: SSL, etc. Self Certificate Generator w/IIS 6 Resource Kit SQL 2005 - Native Encryption - 127bits
US.gov & credit card industries, etc. must be encrypted at least 128 bits.

iis vs dba's vs developers (security needs to be implemented by all) sql injection attacks

sql server security versus windows authentication versus local db security.

aspnet_regsql to install ASP.NET 2.0 user management

'' or '=' and '' or '=' in password select * from login where user='' or '=' and password='' or '=' select * from login where user='' or 1=1 and password='' or 1=1 select * from login where user='' or delete * from % and password='' or = '=' select * from login where user='' or delete * from % and password='' or = 1=1 use stored procs. **Summary** The thing that stood out the most is that even though a lot of the topics were things we already new, we all still walked away surprisingly learning more than we had ever expected. Great Job WichitaDevelopers.NET .NETGeneralPersonalMy first real presentation: Intro. to Programming Windows Communication Foundation (WCF) ... and challenges!http://aspadvice.com/blogs/davidwalker/archive/2006/06/01/18285.aspxFri, 02 Jun 2006 03:40:00 GMTe709ad4c-0c15-48eb-915e-c462c6e85445:18285dwalker2http://aspadvice.com/blogs/davidwalker/comments/18285.aspxhttp://aspadvice.com/blogs/davidwalker/commentrss.aspx?PostID=18285Just a few more days until my June 3rd presentation Introduction to Programming Windows Communication Foundation (WCF) at the WichitaDevelopers.NET Code Camp! I am ready to go, except WCF is being a pain in the butt trying to get a few things to work for my code demo pieces right now. So I am in the middle of rebuilding my Virtual PC from scratch again, hoping installing the components in the exact recommended order will help. If not, I'll be trying an older CTP release of the tools. Thanks to Ami Vora for her presentations and hard work on the WindowsCommunication.net site and the slides! As well as Paul Fallon for the excellent advise on what to focus on when presenting WCF and all the other great advise and tips!

Finally, Code-Magazine.com for publishing Juval Lowy's article "WCF Essentials - A Developer's Primer". I had been trying to decide for quite some time what I wanted to be able to present on and this article brought WCF back to my attention and a light bulb went off that I have yet to see or hear of any one giving a presentation on WCF in my neck of the woods. I've seen presentations on the other components of WinFX. Paul Ballard gave a great presention on Windows Workflow Foundation back in Oct 2005 for the Tulsa .NET Users Group and Markus Egger gave an excellent presentation on Windows Presentation Foundation in Feb 2006 at the Little Rock Tech Expo. Since it's something I have some familiarity with, having had past web services and windows services with remoting projects, I realized this would be the most logical topic! I could help spread the word and hopefully share my excitement for this awesome new Framework Feature. I'll post more specifics about WCF and my presentation later.