Tag Archives: ADO.NET

Help make Microsoft developer technologies better!

Follow devkeydet on Twitter

Ron Jacobs just blogged about how .NET developers can provide feature feedback and vote on WCF/WF features.

http://blogs.msdn.com/b/rjacobs/archive/2011/04/14/how-you-can-make-wf-wcf-better.aspx

Many Microsoft product teams are doing this nowadays. It still surprises me how many .NET developers don’t realize these feature voting sites exist. In addition to WF/WCF, I am aware of these:

http://wpdev.uservoice.com/forums/110705-app-platform

https://windowsphone7community.uservoice.com/forums/84435-feature-feedback

http://data.uservoice.com/forums/72027-wcf-data-services-feature-suggestions

http://data.uservoice.com/forums/72025-ado-net-entity-framework-ef-feature-suggestions

http://dotnet.uservoice.com/forums/40583-wpf-feature-suggestions

http://dotnet.uservoice.com/forums/4325-silverlight-feature-suggestions

http://dotnet.uservoice.com/forums/87171-visual-basic-content-requests

http://dotnet.uservoice.com/forums/57026-wcf-ria-services

http://www.mygreatwindowsazureidea.com/pages/34192-windows-azure-feature-voting

http://www.mygreatwindowsazureidea.com/forums/35889-microsoft-codename-dallas-feature-voting

http://www.mygreatwindowsazureidea.com/forums/44459-sql-azure-data-sync-feature-voting

http://www.mygreatwindowsazureidea.com/forums/34685-sql-azure-feature-voting

http://www.mygreatwindowsazureidea.com/forums/100417-sql-azure-reporting-feature-voting

http://www.mygreatwindowsazureidea.com/forums/40626-windows-azure-appfabric-feature-voting

http://www.mygreatwindowsazureidea.com/forums/103009-windows-azure-code-samples-voting

http://www.mygreatwindowsazureidea.com/forums/103403-windows-azure-content-voting

http://aspnet.uservoice.com/forums/41199-general

http://aspnet.uservoice.com/forums/41201-asp-net-mvc

http://aspnet.uservoice.com/forums/41202-asp-net-webforms

http://aspnet.uservoice.com/forums/50615-orchard

http://aspnet.uservoice.com/forums/100405-performance

http://aspnet.uservoice.com/forums/41233-visual-studio-performance-feedback

Let me know in the comments if I’ve missed any.  I’ll add them.

Entity Framework 4.0 Sneak Previews

If you haven’t been keeping up on the ADO.NET team blog, but you want to get up to speed with what’s coming in the next release of the Entity Framework (.NET 4.0), then now is the time to start monitoring their blog.  Since 5/11, they’ve cranked out seven posts on new features.  I like what they are doing.  The post on 5/11 gives you a high level update.  Then, they have followed it up with “Sneak Previews” of specific improvements.  Definitely worth the time to read through these posts!

DevDinnerOnDemand: Overview of the .NET Framework 3.5 SP1

digg_url = “http://blogs.msdn.com/devkeydet/archive/2008/11/10/devdinnerondemand-overview-of-the-net-framework-3-5-sp1.aspx”;digg_title = “DevDinnerOnDemand: Overview of the .NET Framework 3.5 SP1”;digg_bgcolor = “#555555”;digg_skin = “normal”;http://digg.com/tools/diggthis.jsdigg_url = undefined;digg_title = undefined;digg_bgcolor = undefined;digg_skin = undefined;

With the .NET Framework 3.5 (the version native to Visual Studio 2008) coming up on its first anniversary, Microsoft is poised to release the first update to the framework in the form of Service Pack (SP1).  This Service Pack is unlike your standard Service Pack, in that it will introduce new features/capabilities to the .NET Framework.  Some of these features where originally planned to be in the initial release of the framework and others are features/capabilities added to enhance or further secure the core .NET Framework.  The August Developer Dinner is going to focus on some of the new features as well as a few of the new enhancements, to give you an introduction of the improved capabilities of the Microsoft Developer Platform.

What you will learn:

This evenings presentation will be a running stream of demonstration focusing on new features and functionality coming in the new Service Pack for several of the key areas of .NET Development today, including Web Development (ASP.NET), Database Development (ADO.NET), Web Services/SOA (Windows Communication Foundation) and User Experience (Windows Presentation Foundation).

You will see demonstrations that will include:

  • Making data access easier with the ADO.NET Entity Framework.
  • Exposing your data access layer using ADO.NET Data Services
  • Building “Data Entry” Web-based applications faster than ever using ASP.NET Dynamic Data.
  • Making AJAX Applications faster with script combining and easier with built in support for handling browser history (i.e. back/forward buttons).
  • How to achieve up to 40% faster startup performance for your WPF applications and further improve the startup experience using a splash screen.
  • Reducing the time it takes to deploy your WPF applications using the New .NET Framework Client Profile.
  • Build services faster using enhancements in WCF.

View Recording:

https://channel9.msdn.com/posts/keydet/US-Public-Sector-Developer-Dinner-for-Partners-NET-Framework-35-SP1/

The follow up post for this developer dinner is http://blogs.msdn.com/devkeydet/archive/2008/08/21/follow-up-developer-dinner-on-net-framework-3-5-sp1.aspx.

Preventing SQL Injection with the Entity Framework and Data Services

Yesterday, at the Developer Dinner, I answered a bunch of questions around SQL Injection in the various usage scenarios of the ADO.NET Entity Framework & ADO.NET Data Services.  For the most part, my responses were correct.  However, the last question asked was specific to Entity SQL queries.  I misspoke.  This post is to clear things up.

Because Entity SQL is string based, it is susceptible to SQL Injection.  From Security Considerations (Entity Framework):

"Entity SQL injection attacks:

SQL injection attacks can be performed in Entity SQL by supplying malicious input to values that are used in a query predicate and in parameter names. To avoid the risk of SQL injection, you should never combine user input with Entity SQL command text.

Entity SQL queries accept parameters everywhere that literals are accepted. You should use parameterized queries instead of injecting literals from an external agent directly into the query."

Therefore, if you decide to execute queries using Entity SQL, then will want to review How to: Execute a Parameterized Query (Entity Framework).  I will be sure to update my Entity SQL demos to use parameterized queries.

The good news is that if you are using LINQ to Entities, then you are covered:

"LINQ to Entities injection attacks:

Although query composition is possible in LINQ to Entities, it is performed through the object model API. Unlike Entity SQL queries, LINQ to Entities queries are not composed by using string manipulation or concatenation, and they are not susceptible to traditional SQL injection attacks. "

If I remember correctly, the originating question starting the series of SQL Injection questions was about introducing SQL Injection into an ADO.NET Data Services query.  ADO.NET Data Services queries go through a translation layer from the http request to the actual query execution.  Although this translation is not exactly the same, it is conceptually similar to what happens when you create LINQ to Entities queries in code.  Because of this translation layer you get the same protection from SQL Injection.

FOLLOW UP: Developer Dinner on .NET Framework 3.5 SP1

Thanks to everyone who attended!  You can download the deck and links to the code here:

http://cid-1f72da7294089597.skydrive.live.com/embedrow.aspx/Public/NETFX3.5SP1

Normally, I make my actual demo code available for download.  However, this time around, my demo code was based on the .NET 3.5 Enhancements Training Kit.  I blogged about it here:

http://blogs.msdn.com/devkeydet/archive/2008/08/18/free-training-on-net-framework-3-5-sp1-and-asp-net-mvc.aspx

The kit has everything I showed in my demos and more!  I also promised to link to a bunch of good content out there on the various topics.

General

MSDN -> Data Platform Development

“How Do I?” Videos — Data Platform Development

ADO.NET Entity Framework

MSDN Library -> ADO.NET Entity Framework

ADO.NET Team Blog

Entity Framework Design Blog

Sample provider for Oracle

Third Party Provider Support for the Entity Framework RTM

Updated Entity Framework Samples for RTM

ADO.NET Data Services

MSDN Library -> ADO.NET Data Services Framework

MSDN -> ADO.NET Data Services

ADO.NET Data Services Team Blog

https://channel9.msdn.com/tags/UK/ Has a bunch of GREAT screencasts from Mike Taulty.

ASP.NET Dynamic Data

MSDN Library -> ASP.NET Dynamic Data

http://www.asp.net/DynamicData/

David Ebbo’s blog (Dynamic Data and other ASP.NET topics)

WPF

http://windowsclient.net/wpf/default.aspx

What’s New in .NET Framework 3.5 Service Pack 1 (for WPF)

WPF DataGrid CTP Preview (Video)

cheat-sheet to some of the WPF 3.5 SP1 features..

WPF Control Toolkit (DataGrid CTP)

WCF

New WCF Features in 3.5 SP1

WCF Tools in VS2008 SP1: Introducing the new features and enhancements

Free training on .NET Framework 3.5 SP1 and ASP.NET MVC

Looking for free introductory training on the .NET 3.5 SP1 & ASP.NET MVC?  Head over to Jonathan Carter’s blog to get all the details on the .NET 3.5 Enhancements Training Kit RTM.  What will you find?  Information and links to download a kit that has presentations, demos, and labs covering what’s new in ASP.NET AJAX, ASP.NET Routing, ASP.NET MVC, ASP.NET Dynamic Data, ADO.NET Data Services, ADO.NET Entity Framework, WCF, and Visual Studio 2008 SP1.  If you’ve seen any of my 3.5 SP1 or my older "ASP.NET Futures" presentations, then you are already familiar with some of the content in the kit.  I used an early release of the kit as the foundation for some of my demos.  The kit has come a long way since I used it.  I skimmed through everything last week.  There is lots of good content in here!

FOLLOW UP: Public Sector Developer Conference (Nashville, TN)

Thanks to everyone who attended.  Sorry about the overflow into the hallways.  There was much less dropoff between registration and attendance than we normally see.  Some of the content isn’t published yet.  Once it is, we’ll make sure to update this post with the appropriate links.

Building Rich Internet Applications Using Microsoft Silverlight 2

Building WPF Applications in Visual Studio 2008 and Expression Blenddeck, code

Data Access with Language Integrated Query

Overview of the .NET Framework 3.5 SP1 & ASP.NET MVC – deck, code

We also mentioned some downloadable tools that folks were interested in using.  Here are the ones I remember:

Visual LINQ (to SQL) Query Builder

LINQPad

If I forgot one, please let me know by posting a comment and I will update the post.  Thanks!

Marc