Tag Archives: ADO.NET

Help make Microsoft developer technologies better!

Follow devkeydet on Twitter

Ron Jacobs just blogged about how .NET developers can provide feature feedback and vote on WCF/WF features.


Many Microsoft product teams are doing this nowadays. It still surprises me how many .NET developers don’t realize these feature voting sites exist. In addition to WF/WCF, I am aware of these:























Let me know in the comments if I’ve missed any.  I’ll add them.

Entity Framework 4.0 Sneak Previews

If you haven’t been keeping up on the ADO.NET team blog, but you want to get up to speed with what’s coming in the next release of the Entity Framework (.NET 4.0), then now is the time to start monitoring their blog.  Since 5/11, they’ve cranked out seven posts on new features.  I like what they are doing.  The post on 5/11 gives you a high level update.  Then, they have followed it up with “Sneak Previews” of specific improvements.  Definitely worth the time to read through these posts!

DevDinnerOnDemand: Overview of the .NET Framework 3.5 SP1

digg_url = “http://blogs.msdn.com/devkeydet/archive/2008/11/10/devdinnerondemand-overview-of-the-net-framework-3-5-sp1.aspx”;digg_title = “DevDinnerOnDemand: Overview of the .NET Framework 3.5 SP1”;digg_bgcolor = “#555555”;digg_skin = “normal”;http://digg.com/tools/diggthis.jsdigg_url = undefined;digg_title = undefined;digg_bgcolor = undefined;digg_skin = undefined;

With the .NET Framework 3.5 (the version native to Visual Studio 2008) coming up on its first anniversary, Microsoft is poised to release the first update to the framework in the form of Service Pack (SP1).  This Service Pack is unlike your standard Service Pack, in that it will introduce new features/capabilities to the .NET Framework.  Some of these features where originally planned to be in the initial release of the framework and others are features/capabilities added to enhance or further secure the core .NET Framework.  The August Developer Dinner is going to focus on some of the new features as well as a few of the new enhancements, to give you an introduction of the improved capabilities of the Microsoft Developer Platform.

What you will learn:

This evenings presentation will be a running stream of demonstration focusing on new features and functionality coming in the new Service Pack for several of the key areas of .NET Development today, including Web Development (ASP.NET), Database Development (ADO.NET), Web Services/SOA (Windows Communication Foundation) and User Experience (Windows Presentation Foundation).

You will see demonstrations that will include:

  • Making data access easier with the ADO.NET Entity Framework.
  • Exposing your data access layer using ADO.NET Data Services
  • Building “Data Entry” Web-based applications faster than ever using ASP.NET Dynamic Data.
  • Making AJAX Applications faster with script combining and easier with built in support for handling browser history (i.e. back/forward buttons).
  • How to achieve up to 40% faster startup performance for your WPF applications and further improve the startup experience using a splash screen.
  • Reducing the time it takes to deploy your WPF applications using the New .NET Framework Client Profile.
  • Build services faster using enhancements in WCF.

View Recording:


The follow up post for this developer dinner is http://blogs.msdn.com/devkeydet/archive/2008/08/21/follow-up-developer-dinner-on-net-framework-3-5-sp1.aspx.

Preventing SQL Injection with the Entity Framework and Data Services

Yesterday, at the Developer Dinner, I answered a bunch of questions around SQL Injection in the various usage scenarios of the ADO.NET Entity Framework & ADO.NET Data Services.  For the most part, my responses were correct.  However, the last question asked was specific to Entity SQL queries.  I misspoke.  This post is to clear things up.

Because Entity SQL is string based, it is susceptible to SQL Injection.  From Security Considerations (Entity Framework):

"Entity SQL injection attacks:

SQL injection attacks can be performed in Entity SQL by supplying malicious input to values that are used in a query predicate and in parameter names. To avoid the risk of SQL injection, you should never combine user input with Entity SQL command text.

Entity SQL queries accept parameters everywhere that literals are accepted. You should use parameterized queries instead of injecting literals from an external agent directly into the query."

Therefore, if you decide to execute queries using Entity SQL, then will want to review How to: Execute a Parameterized Query (Entity Framework).  I will be sure to update my Entity SQL demos to use parameterized queries.

The good news is that if you are using LINQ to Entities, then you are covered:

"LINQ to Entities injection attacks:

Although query composition is possible in LINQ to Entities, it is performed through the object model API. Unlike Entity SQL queries, LINQ to Entities queries are not composed by using string manipulation or concatenation, and they are not susceptible to traditional SQL injection attacks. "

If I remember correctly, the originating question starting the series of SQL Injection questions was about introducing SQL Injection into an ADO.NET Data Services query.  ADO.NET Data Services queries go through a translation layer from the http request to the actual query execution.  Although this translation is not exactly the same, it is conceptually similar to what happens when you create LINQ to Entities queries in code.  Because of this translation layer you get the same protection from SQL Injection.

FOLLOW UP: Developer Dinner on .NET Framework 3.5 SP1

Thanks to everyone who attended!  You can download the deck and links to the code here:


Normally, I make my actual demo code available for download.  However, this time around, my demo code was based on the .NET 3.5 Enhancements Training Kit.  I blogged about it here:


The kit has everything I showed in my demos and more!  I also promised to link to a bunch of good content out there on the various topics.


MSDN -> Data Platform Development

“How Do I?” Videos — Data Platform Development

ADO.NET Entity Framework

MSDN Library -> ADO.NET Entity Framework

ADO.NET Team Blog

Entity Framework Design Blog

Sample provider for Oracle

Third Party Provider Support for the Entity Framework RTM

Updated Entity Framework Samples for RTM

ADO.NET Data Services

MSDN Library -> ADO.NET Data Services Framework

MSDN -> ADO.NET Data Services

ADO.NET Data Services Team Blog

https://channel9.msdn.com/tags/UK/ Has a bunch of GREAT screencasts from Mike Taulty.

ASP.NET Dynamic Data

MSDN Library -> ASP.NET Dynamic Data


David Ebbo’s blog (Dynamic Data and other ASP.NET topics)



What’s New in .NET Framework 3.5 Service Pack 1 (for WPF)

WPF DataGrid CTP Preview (Video)

cheat-sheet to some of the WPF 3.5 SP1 features..

WPF Control Toolkit (DataGrid CTP)


New WCF Features in 3.5 SP1

WCF Tools in VS2008 SP1: Introducing the new features and enhancements

Free training on .NET Framework 3.5 SP1 and ASP.NET MVC

Looking for free introductory training on the .NET 3.5 SP1 & ASP.NET MVC?  Head over to Jonathan Carter’s blog to get all the details on the .NET 3.5 Enhancements Training Kit RTM.  What will you find?  Information and links to download a kit that has presentations, demos, and labs covering what’s new in ASP.NET AJAX, ASP.NET Routing, ASP.NET MVC, ASP.NET Dynamic Data, ADO.NET Data Services, ADO.NET Entity Framework, WCF, and Visual Studio 2008 SP1.  If you’ve seen any of my 3.5 SP1 or my older "ASP.NET Futures" presentations, then you are already familiar with some of the content in the kit.  I used an early release of the kit as the foundation for some of my demos.  The kit has come a long way since I used it.  I skimmed through everything last week.  There is lots of good content in here!

FOLLOW UP: Public Sector Developer Conference (Nashville, TN)

Thanks to everyone who attended.  Sorry about the overflow into the hallways.  There was much less dropoff between registration and attendance than we normally see.  Some of the content isn’t published yet.  Once it is, we’ll make sure to update this post with the appropriate links.

Building Rich Internet Applications Using Microsoft Silverlight 2

Building WPF Applications in Visual Studio 2008 and Expression Blenddeck, code

Data Access with Language Integrated Query

Overview of the .NET Framework 3.5 SP1 & ASP.NET MVC – deck, code

We also mentioned some downloadable tools that folks were interested in using.  Here are the ones I remember:

Visual LINQ (to SQL) Query Builder


If I forgot one, please let me know by posting a comment and I will update the post.  Thanks!


FOLLOW UP: Public Sector Developer Conference (Downers Grove, IL)

Thanks to everyone who attended!  Here are the links to the decks and code for the sessions.  I don’t have the content from the LINQ & VSTO sessions yet, but will update this post when I get them.  However, I did promise to have a post up this morning.

How Visual Studio Team System 2008 will benefit your organization?deck

Language Integrated Query (LINQ)

Overview of the .NET Framework 3.5 SP1 & ASP.NET MVCdeck, resources, code (links to a post explaining how to get the code I based me demos on)

Office Development with VSTO  and Office Open XML Format

If you are interested in other content, I have a list of recorded webcasts in My Recorded Webcasts list.  There is a session similar to Joel’s LINQ session that covers LINQ to SQL in a little more detail as well as other topics which might interest you.  You might want to check out My Screencasts as well. 

Free training on .NET 3.5 SP1

I just came across this update to the .NET 3.5 Enhancements Training Kit from Jonathan Carter.  If you’ve seen my ASP.NET 3.5 Extensions Preview webcast and are looking for the code, then you will want to download the kit.  I used the kit as the starting point for my demos.  I do a few things differently here and there, but most of it is because I didn’t have time to show everything in 90 minutes.  As far as I can tell, everything that was in the extensions preview is in 3.5 SP1 except ASP.NET MVC which will be shipped separately.  The training kit offers a great way to get your hands dirty with the new stuff in 3.5 SP1.  Go get it!  Oh yea, I have also updated the deck from my webcast to reflect the changes.  I have also added a couple slides about what’s new in WPF & WCF.  You can download my new 3.5 SP1 deck here.

WPF for Line of Business applications

I’m a big believer that WPF is a great UI technology for LOB applications.  Yes, there are some shortcomings in the designer experience if you compare the WPF designer to the Windows Forms designer in Visual Studio 2008.  Yes, WPF is missing some controls that people expect like a DataGrid and DatePicker, but there are solutions.  For example:

I’ve updated my WPF Resources list with these links and more.

Personally, I think the benefits of the WPF programming model outweigh the shortcomings of the WPF designer in Visual Studio 2008.   Some of the customers I have worked with have told me that once they get over the initial "shock" around the designer (compared to Windows Forms) and the lack of certain controls, they quickly find that they are more productive overall because they are using WPF.  This will get better as the Cider team continues to improve the WPF Designer in Visual Studio.  Remember that the Windows Forms designer has been around since the release of .NET 1.0!  They’ve had a little more time to get all those feature in:).

One of the things I have been chatting about with some of my teammates is that there aren’t enough good samples demonstrating the use of WPF for LOB apps.  I’ve been doing some research to see what’s out there.  One example is the WPF sample that ships with the CSLA framework from Rockford Lhotka.  I used CSLA back in the days of my life as a VB6 developer.  Over the years, Rocky has evolved his framework as the .NET Framework has evolved.  CSLA is primarily a Business Object framework, but it ships with example user interfaces (including Windows Forms, ASP.NET, and now WPF).   The latest version has a WPF sample LOB app.  I also came across Karl Shifflet.  Karl’s blog has a ton of great info in it about WPF LOB apps including an 11 part series he’s started on the topic:

WPF Business Application Series Part 1 of n – Application Structure, Skinning & Custom ToolBar Button Control

WPF Business Application Series Part 2 – Form Notification Control That Binds To IDataErrorInfo.Error Property

WPF Business Application Series Part 3 of n – Business Object Declarative Programming; How To Implement Object Validation & Logging

I’ve yet to see a sample app that does everything Karl is planning on doing plus show online/offline capability using:

  • Client Application Services for Authentication / Authorization (which supports offline scenarios)
  • Data Access via a local SQL Compact Edition database using LINQ to SQL or LINQ to Entities
  • ADO.NET Sync Services communicating across the wire using WCF to synchronizes with the server database
    • Caches lookup data and a necessary subset of the server database relative to the user in the local SQLCE database
    • Allows the user to continue working offline, syncing/reconciling changes when they reconnect

I have a bunch of samples that show many of these scenarios, but I have yet to come across a complete solution bringing all of this together in a single app.  Have you seen such an example?  Are you aware of any other work like Karl & Rocky’s for building LOB WPF apps?  Please let me know in the comments section.  Thanks!

Technorati Tags: ,,,