-
Looking Forward and Back (Editorial)
In this editorial, Rod Paddock reflects on the pivotal technological developments of 2002, highlighting the significance of Visual Studio .NET, the rise of web services, and the expanding influence of SQL Server and Microsoft’s acquisition of Great Plains. He emphasizes the growing importance of security and notes Microsoft’s strategic retreat from My .NET Services. Additionally, Rod points to emerging technologies like Tablet PCs and the Compact .NET Framework as promising opportunities for developers, ultimately encouraging readers to embrace these innovations as they look ahead to the future.
-
Dynamically Executing Code in .NET
In this article, Rick Strahl explains how to execute dynamic code within the .NET Framework, demonstrating techniques to compile and run code on the fly using .NET’s CodeDom and Reflection capabilities. He addresses challenges such as managing assemblies in application domains and unloading code by leveraging separate AppDomains and proxy interfaces. Rick also introduces helper classes like wwScripting and wwASPScripting that simplify dynamic code execution and script parsing, enabling developers to extend applications flexibly with minimal code. The article provides practical examples and insights into the underlying .NET mechanisms for runtime code compilation and execution.
-
Threat Modeling
Michael Howard argues that threat modeling is an essential, practical design discipline for building secure systems: assemble a cross‑discipline team, decompose the application (e.g., DFDs), use STRIDE to categorize threats, build threat trees, rank risks, and choose responses (do nothing, warn, remove, or fix). Howard emphasizes that maintaining up‑to‑date threat models uncovers many design bugs and multi‑step attacks, guides appropriate mitigations, and should be required for design sign‑off.
-
Interview with Microsoft's Steve Lipner
In this interview by David Stevenson, Microsoft security leader Steve Lipner describes the company-wide security push—training some 8,500 developers under the Secure Windows Initiative and Trustworthy Computing—detailing threat modeling, code reviews, and process changes (secure-by-design/default/deployment) that reduced vulnerabilities, influenced Windows XP SP1 and .NET Server, introduced mitigations like the GS compiler flag and DLL search-order changes, and created tools and practices to bake security into development and deployment.
-
Stateful Network-Deployable .NET Components Use Isolated Storage
Leonardo Esposito explains how .NET Code Access Security limits network-deployed and ASP.NET applications from using the file system and presents isolated storage as a secure, assembly- and user-scoped virtual filesystem that lets partially trusted code persist data safely; the article describes permissions, store scopes, API usage (IsolatedStorageFile/IsolatedStorageFileStream), quotas and practical patterns for reading, writing and managing isolated stores.
-
Securing Your SQL Server
SQL Server, like most complex databases, has potential security holes. This article discusses these security holes and how to close them.
-
Microsoft Exception Management Application Blocks
In this article, Paul Sheriff explains the Microsoft Exception Management Application Block (EAAB), a flexible, configurable framework that simplifies and standardizes exception handling in .NET applications. By using a single line of code, developers can publish exceptions to multiple destinations such as event logs, databases, or email without recompiling their applications. Sheriff details how to install, configure, and extend EAAB with custom publishers, emphasizing its benefits for centralized error logging and improved post-deployment diagnostics. The article highlights the ease of integrating EAAB to enhance error tracking and streamline application maintenance.
-
Threading Support in the .NET Framework
In this article, Markus Egger explains how the .NET Framework simplifies the creation and management of multi-threaded applications, enabling developers to improve responsiveness by running tasks concurrently. He discusses fundamental concepts of multi-threading, illustrates implementation in VB.NET and C#, and addresses challenges like thread synchronization, thread safety, and updating Windows Forms controls from secondary threads. Egger emphasizes careful use of threads to avoid issues such as deadlocks and race conditions, and highlights the importance of thread synchronization mechanisms like locks and delegates to ensure safe and efficient multi-threaded programming within the .NET environment.
-
PerlINET Part 2
In this follow-up to their earlier introduction of PerlNET, Yevgeny Menaker and Srinivasan Manickam demonstrate how to build advanced .NET applications in Perl, focusing on database integration via ADO.NET in both connected and disconnected modes, and extending to ASP.NET development with PerlASPX. They illustrate practical techniques for data access, Web Forms, server controls, event handling, and code-behind separation, as well as creating and consuming ASP.NET Web Services in PerlNET. The article emphasizes Perl’s versatility within the .NET framework, showing how it can seamlessly handle data, web applications, and service-oriented architectures.
-
Reflection Part 1: Discovery and Execution
In this first article of a two-part series, Mike Snell demystifies .NET reflection by explaining how assemblies self-describe via metadata and showing practical techniques to load assemblies, inspect types and members, filter and search with BindingFlags or custom delegates, and instantiate and invoke discovered types and methods at runtime; he demonstrates these concepts with code (including a simple type browser) and positions reflection as a powerful albeit specialized tool, with Reflection.Emit to be covered in Part 2.
-
Doc Detective - Nov/Dec 2002
In this installment, Doc Detective guides readers through the labyrinth of Visual Studio .NET and .NET documentation, answering real-time questions from developers and offering practical tips to accelerate discovery. Through a Q&A format, the column clarifies equivalents between VB6 and .NET (such as Shell vs ShellExecute), points to deployment and accessibility resources, and demonstrates how to tailor help views with custom filters. By demystifying documentation navigation and linking to targeted topics, Doc Detective helps practitioners deploy, interoperate with COM, and build accessible .NET applications more efficiently.
