Posts

Showing posts from September, 2008

Unit testing security

Following on from my previous post about using(Tricks) here is an example which makes writing test cases easier rather than just for making your code nicely formatted. Take a look at the following test which ensures Article.Publish sets the PublishedDate correctly: [TestMethod] public void PublishedDateIsSet() {   //Create the EcoSpace, set its PMapper to a memory mapper   var ecoSpace = TestHelper.EcoSpace.Create();   //Creat an article   var article = new Article(ecoSpace);   //Create our Rhino Mocks repository   var mocks = new MockRepository();   //Mock the date/time to give us a predictable value   var mockDateTimeService = mocks.StrictMock<IDateTimeService>();   ecoSpace.RegisterEcoService(typeof(IDateTimeService), mockDateTimeService);   //Get a date/time to return from the mock DateTimeService   var now = DateTime.Now;   using (mocks.Record())   {     //When asked, return the value we recorded earlier     Expect.Call(mockDateTimeService.Now).Return(now);   }   //Check mo

Single instance application - revisited

Not so long ago I posted a solution to having a single-instance application. Rather than just preventing secondary instances from running the requirement was to have the 2nd instance pass its runtime parameters onto the 1st instance so that it can process them. My solution used remoting on the local machine. This appeared to work very well until recently when I needed an OpenFileDialog. Attempting to show the dialog resulted in an error about COM thread apartments. So, it wasn't THE solution. After a bit of research I decided to use named pipes instead. This meant I had to upgrade my app from .NET 2 to 3.5, but I think it is worth it. To implement the feature in an app you need to do 2 things. First you need to realize the interface ISingleInstanceApplicationMainForm on your app's main form in order to accept command line arguments from any subsequently started instances. Next you need to change your Program.Main method like so: [STAThread] static void Main(string[] ar

using(TricksToFormatYourCodeNicely)

I've been writing a data importer which takes a specific data input format and outputs XML, this XML is then imported within my application. What annoyed me was the way in which the source code was formatted.... writer.WriteStartElement("data"); writer.WriteAttributeString("1", "1"); writer.WriteAttributeString("2", "2"); writer.WriteAttributeString("3", "3"); writer.WriteStartElement("systemData"); writer.WriteAttributeString("a", "a"); writer.WriteAttributeString("b", "b"); writer.WriteEndElement();//systemData writer.WriteEndElement();//data It just didn't look nice. I thought about splitting it into separate methods, but most of the time this would have been overkill as the methods would have been very short. Instead I wrote an extension method on XmlWriter: public static class XmlWriterHelper {   public static IDisposable StartElement(this XmlWriter wr

Parameterised queries in ECO

Whenever I generate OCL queries in code I find myself having to escape user input in order to avoid making the query invalid, or allowing malicious input. I've decided instead to use the ECO equivalent of parameterised queries (variables in ECO) and here is the result. public static string CreateParameterisedQuery(   this IEcoServiceProvider serviceProvider,   string query,   out IModifiableVariableList vars,   params object[] args) {   vars = serviceProvider.GetEcoService<IVariableFactoryService>().CreateVariableList();   for (int varIndex = 0; varIndex < args.Length; varIndex++)   {     string variableName = "autoVar_" + varIndex.ToString();     query = query.Replace("{" + varIndex.ToString() + "}", variableName);     vars.AddConstant(variableName, args[varIndex]);   }   return query; } To use this code you would do something like this //1: Create the OCL with string.format style parameters string query = "Person.allInstances" +   

User authentication in SilverLight

I wanted to know how to authenticate users in a SilverLight app using their Windows login info. 01: Set the authentication mode to Windows and <deny users="?"/> in <system.web> within web.config 02: Move the silverlight control to Default.aspx and set that as your start page 03: Add the following Page_Load code protected void Page_Load(object sender, EventArgs e) { IPrincipal p = HttpContext.Current.User; if (p == null) throw new SecurityException("No current user"); if (!(p is WindowsPrincipal)) throw new SecurityException("Not a windows user"); if (!p.Identity.IsAuthenticated) throw new SecurityException("Not authenticated"); Xaml1.InitParameters = string.Format("user={0},session={1}", p.Identity.Name, Session.SessionID); } 04: In app.xaml.cs you can now read the InitParameters using e.InitParameters in the Application_Startup method.