Galin Iliev's blog

Software Architecture & Development

VS2008 Web Setup Project and Win2008

I had interesting experience today. I tried to create a web setup project for one of my recent projects. As you know it is pretty straightforward: From Visual Studio 2008 File –> Add –> New Project –> Select Setup wizard.

image  

and just add output from existing project.
Then press Ctrl+Shift+B (Build ) and you’re ready… But not in Windows Server 2008. When I decided to test this newly made installation package I hit the ground with single dialog showing this message:

"The installer was interrupted before ApplicationName could be installed. You need to restart the installer to try again.

Click "Close" to exit."

 

Being experienced installer package developer I knew what I had to do: run the installer with verbose logging.

by executing this line:

   1: msiexec /i Installer.msi /lv detail.log

And I had nice 57 KB  file to read in wonderful notepad. And the problem action quickly appeared:

   1: Action start 16:22:53: WEBCA_SetTARGETSITE.
   2: MSI (c) (B4:4C) [16:22:53:082]: Note: 1: 2235 2:  3: ExtendedType 4: SELECT `Action`,`Type`,`Source`,`Target`, NULL, `ExtendedType` FROM `CustomAction` WHERE `Action` = 'WEBCA_SetTARGETSITE' 
   3: MSI (c) (B4:48) [16:22:53:082]: Invoking remote custom action. DLL: C:\Users\ADMINI~1\AppData\Local\Temp\MSIFB61.tmp, Entrypoint: SetTARGETSITE
   4: INFO   : [11/11/2008 16:22:53:097] [SetTARGETSITE                           ]: Custom Action is starting...
   5: INFO   : [11/11/2008 16:22:53:097] [SetTARGETSITE                           ]: CoInitializeEx - COM initialization Apartment Threaded...
   6: ERROR  : [11/11/2008 16:22:53:097] [SetTARGETSITE                           ]: FAILED:    -2147221164
   7: ERROR  : [11/11/2008 16:22:53:097] [SetTARGETSITE                           ]: Custom Action failed with code: '340'
   8: INFO   : [11/11/2008 16:22:53:097] [SetTARGETSITE                           ]: Custom Action completed with return code: '340'
   9: Action ended 16:22:53: WEBCA_SetTARGETSITE. Return value 3.
  10: MSI (c) (B4:4C) [16:22:53:097]: Doing action: FatalErrorForm
  11: Action start 16:22:53: FatalErrorForm.

Seeing WEBCA_SetTARGETSITE means that the installer was trying to set the destination. Having a web setup this means IIS was asked for “Default Web Site” and this call must be the one that fails. But why!? I have Web Server Role installed on the machine:

image

I and remembered from my MS DevDays 2008 IIS talk  – you still can use old (pre v7) IIS management tools with IIS7 as long as you have “IIS 6 Metabase Compatibility” role service installed.

image

I installed this role and … Voila!!! it works!!!

Virtual Machine's Network Adapter Hangs

I recently moved Galcho.com (and this blog) on a new Virtual Machine kindly provided by my friend Nanio Nanev and his system administration company PrimaNet Consult LTD.

The VM has Win2003 Web edition SP2 and it is very fast ( as it is hosted on monster hosting server ) but there is one nasty issue we are fighting with: The network adapter that is connected to WAN - external network and has real static IP address - hangs once in a while.

How is possible Intel 21140-Based PCI Fast Ethernet Adapter (Generic) Network adapter on Virtual machine to hangs?!?!

I was able to connect using internal network adapter and after disable and re-enable WAN it was fine for another 3-4 hours.

I've found a way to this by script - by using DevCon - command-line utility functions as an alternative to Device Manager (direct download link).

Using it this simple script does the job:

C:\Install\devcon disable PCI\VEN_1011&DEV_0009&SUBSYS_21140A00&REV_20\3&267A616A&0&50
C:\Install\devcon enable PCI\VEN_1011&DEV_0009&SUBSYS_21140A00&REV_20\3&267A616A&0&50


Note that device class can differ so the question "How did you get these?" comes naturally. Here is how you can list all devices from setup class:

c:\install\devcon listclass net


And here is the result in my case:

image

So doing this reset on certain period helps now but this is not the smartest solution. Does anyone have another idea?

Microsoft.com on IIS7 performance data

You know www.microsoft.com, right? :) This the corporate web site of the biggest software company and the very wanted target of every hacker (or wanna-be hacker). When this website (or some other Microsoft websites like www.msdn.com) is down or show an unexpected error there are screenshots on the web (and blog posts) and this become a news of the day in software world :) - or at least on web dev world.

So now imagine of you are decision maker for hosting platform!? or hardware behind it?! or setting a bandwidth :)?! There is very little room for mistakes, huh?

And still www.microsoft.com is hosted on IIS7 .. since Beta3 (post is from June 15th, 2007). When Microsoft trust enough on IIS7 and host such important site on it, why you can't?

There is no doubt that the configuration behind Microsoft.com is interesting so here is it:

=============== Microsoft.com configuration ====================

Hardware:

  Model: HP DL585 G1 (4 dual-core CPUs)

  RAM: 32GB 

OS:

  Windows Server 2008 RTM (Build: 6.0.6001.18000) Enterprise version x6

Cluster:
  Number of clusters: 4 (in multiple datacenters)
  Machines in each cluster: 20
  Total machines: 80
Load Balancing:
  Hardware load balancing solution is used. The load balancing algorithm we are using is based on “Least Current Client Connections” to each load balanced member server of the cluster (not round robin, or other any other load balancing algorithms). The hardware load balancer will maintain the same number of current client connections to each member of the cluster. So if a W2K8 server is completing web requests faster than a W2K3 server, the load balancer will send more traffic to the server W2K8 RTM server.

======================================================

Recently some performance data has been released on TechNet and here is what it says:

  • Win2008/IIS7 process more Requests per second(RPS) than Win2003/IIS6.
  • Due to #1 Win2008's CPU is more utilized.
  • As Win2008/IIS7 is performing better the load balancer send more requests to it.

IIS7-vs-IIS6

Server Efficiency (RPS/ CPU %) – Efficiency of serving live web platform traffic

W2K3 SP2 4.36 “requests per CPU cycle”

W2K8 RTM 4.84 ~ 10.9% increased efficiency

CPU Utilization (%)

W2K3 SP2 44.8%

W2K8 RTM 52.8% ~ 17.9% degradation (This is impacted by the increased RPS the W2K8 servers are handling)

Web Service – Total Methods Requests/Sec (RPS)

W2K3 SP2 194

W2K8 RTM 255 ~ 31.4% more traffic is being sent to the W2K8 RTM servers

Web Service – Current Connections

W2K3 SP2 280

W2K8 RTM 294 ~ 5% increase

Load Balancing – Current Client Connections

W2K3 SP2 116

W2K8 RTM 116 Equal – as the hardware load balancer maintains the same amount of outstanding open client connections.

.NET CLR Memory – % Time in GC

W2K3 SP2 1.1%

W2K8 RTM 2.5% No significant degradation in “Time in GC

 

Source: Microsoft.com Operations blog post on TechNet.

IIS7 is really next generation web platform...

Visual Studio 2008 SP1 is here

Well. The wait is over. Visual Studio 2008 SP1 is here.

Visual Studio 2008 SP1 delivers:

  • Improved WPF designers
  • SQL Server 2008 support
  • ADO.NET Entity Designer
  • Visual Basic and Visual C++ components and tools (including an MFC-based Office 2007 style ‘Ribbon’)
  • Visual Studio Team System Team Foundation Server (TFS) addresses customer feedback on version control usability and performance, email integration with work item tracking and full support for hosting on SQL Server 2008
  • Richer JavaScript support, enhanced AJAX and data tools, and Web site deployment improvements

The .NET Framework 3.5 SP1 delivers:

  • Performance increases between 20-45% for WPF-based applications – without having to change any code
  • WCF improvements that give developers more control over the way they access data and services
  • Streamlined installation experience for client applications
  • Improvements in the area of data platform, such as the ADO.NET Entity Framework, ADO.NET Data Services and support for SQL Server 2008’s new features

and more... Read more on what's included in VS 2008 SP1.

Download install .exe.
Download .iso version.

ASP.NET Configuration @ Microsoft.com

I came across an article which covers some details of how ASP.NET web sites hosted by Microsoft are configured:

Key things are:

  1. Set the Compilation Switch Appropriately
  2. Use Medium Trust in ASP.NET 2.0
  3. Restrict Download of Specified File Types
  4. Be Careful When Adding Assembly References
  5. Remove Manually Set MaxConnection Values
  6. Beware of Unhandled Exceptions
  7. Ensure Proper Proxy Server Configuration
  8. Do Not Display Custom Errors to Everyone
  9. Know When to Enable Tracing
  10. Disable Session State Web Farms

Read full article for detailed explanations.

VS2008 seminars in New Horizons Bulgaria

Yesterday was last seminar from VS2008 series held in the New Horizons Bulgaria office with Microsoft Bulgaria support.

The seminars was very interesting (not only from my perspective of trainer) but also from audience perspective we see in their feedback. During high demand I am publishing presentations and demo scripts where available. It is always good to write code in live (although not very easy - try it ;) ) and this is why I cannot provide working demos - I have only my own cheat lists which I use in cse I am stuck somewhere.

Deep Dive in LINQ - Here I talked about new features in C# in details and how they are build internally(also described in my Introduction in LINQ and C# 3.0 (In Bulgarian) ). Also I covered LINQ to SQL, LINQ to XML.  In demos we took a look at C# syntax sugar, new ways to work with XML as well as some problems stated in Project Euler and solved with C# 3.0. Slides + Demo scripts (PPTX+DOCX - 1.22MB)

Develop Dynamic Web Sites with ASP.NET 3.5 - This session was focused on web development. Here I show new controls to work with LINQ to SQL data source declaratively. We took a look at ASP.NET Extensions (aka Futures): ASP.NET MVC, ASP.NET Dynamic Data, ASP.NET AJAX Integration, ADO.NET Data Services. All features was shown in code except ADO.NET Data Services. For ASP.NET AJAX was shown how to control Browser's Back Button from both server-side and client-side. Slides+Demo Scripts (PPTX+DOCX - 3.23 MB).

Overview of WCF, WF, WPF - Although these technologies are not new there is still some improvements in .NET 3.5. These components are very useful but their adoption is not very fast. We talked about the architectural decisions and challenges behind them. The demos show how to work with WCF in VS2008, How to create REST Service and how to expose JSON as result. WF demos show how to create simple sequential workflow. WPF demo presented project structure, generated code, XAML (of course) and WPF data binding basics. Slides+Demo Scripts (PPTX+DOCS - 10.8 MB).

Hope you'll find it useful.
As always any comments and feedback are very welcome.

Visual Studio 2008 and .NET Framework 3.5 Service Pack 1 Beta

There is no doubt that VS 2008 and .NET 3.5  totally rocks! ScottGu's division keeps pushing these products and constantly improving developer's productivity and shortening development cycle.

This time MS is preparing to release .NET 3.5 SP1 and VS 2008 SP1 releases.

In short here are improvements:

Improvements for Client Development
  • ASP.NET Data Scaffolding Support (ASP.NET Dynamic Data)
  • SP.NET Routing Engine (System.Web.Routing)
  • ASP.NET AJAX Back/Forward Button History Support
  • ASP.NET AJAX Script Combining Support - Omar Al Zabir wrote an extensive article about this approach.
  • Visual Studio 2008 Performance Improvements HTML Designer and HTML Source Editor
  • Visual Studio 2008 JavaScript Script Formatting and Code Preferences
  • Better Visual Studio Javascript Intellisense for Multiple Javascript/AJAX Frameworks - who can blame MS that force us to use their JS framework now?!
  • Visual Studio Refactoring Support for WCF Services in ASP.NET Projects
  • Visual Studio Support for Classic ASP Intellisense and Debugging - I am wondering when this technology will be declared dead :) (This is what I used in my first web apps too :))
Improvements for Client Development
  • Application Startup and Working Set Performance Improvements
  • New .NET Framework Client Profile Setup Package
  • New .NET Framework Setup Bootstrapper for Client Applications
  • ClickOnce Client Application Deployment Improvements
  • Windows Forms Controls
  • WPF Performance Improvements
  • WPF Data Improvements
  • WPF Extensible Shader Effects
  • WPF Interoperability with Direct3D
VS 2008 for WPF Improvements
  • Several performance improvements
  • Events tab support within the property browser
  • Ability to sort properties alphabetically in the property browser
  • Margin snaplines which makes form layout much quicker
  • Better designer support for TabControl, Expander, and Grid
  • Code initiated refactoring now updates your XAML (including both control declarations and event declarations in XAML)
  • Go to Definition and Find All References now support things declared in XAML
Data Development Improvements
  • SQL 2008 Support
  • ADO.NET Entity Framework and LINQ to Entities
  • ADO.NET Data Services
WCF Development Improvements
  • Significant scalability improvements (5-10x) in Web-hosted application scenarios
  • Support for using ADO.NET Entity Framework entities in WCF contracts
  • API usability improvements with DataContract Serializers, and with the UriTemplate and WCF web programming models
  • Enhanced TestClient support within VS 2008 SP1
  • New Hosting Wizard in VS 2008 SP1 for WCF Service Projects
  • Improved debugging support in partial trust scenarios
VB and C# Improvements !!!
Team Foundation Server Improvements

Pretty impressive...

Read full novel by Scott Guthrie here :)

My Sessions at Microsoft Days 2008 in Sofia, Bulgaria

MS Days 2008 in Bulgaria is in history now and I could say I had a nice two days. There were many lecturers (about 50) and 72 sessions in 6 tracks.

For those who missed my talks or are interested in slides here are summary of the sessions:

LINQ to XML - Data Access Technologies

This session was focused on the new API from XML team for .NET languages. I gave a side by side comparison between traditional DOM vs. LINQ to XML regarding those most common actions:

  • Create XML
  • Traverse XML
  • Transform XML

I covered also VB9 Literals. At the moment I started talking about VB I was thinking people would throw rocks at me (and some really considered that option:) ). But at the moment when repeated some of demos with VB9 code the audience was very impressed and they forgot about those rocks in their pockets. Even there were initial brainstorming whether same things can be implemented in C# with custom code.(Unfortunately this is a compiler feature and we cannot do it very easily).

Another thing I mentioned was LINQ to XSD.

I've decided that people will understand my points better if I write code in front of them instead of just explaining it. This is also more challenging :). I think it went well...

Here are the downloads:

IIS7 for IT Pros

IIS7 is the most interesting feature in Windows Server 2008 and I already had some talks about it. In this talk I covered (from administration perspective) following key topics:

  • What is missing in IIS 6.0
  • IIS7 module architecture and it's benefits
  • New .NET-like configuration files and metadata
  • Delegated Administration
  • Shared Configuration
  • Tracing and Diagnostics

The things I've demonstrated are:

  1. New tools - new management console as well as APPCMD command-line tool
  2. Richness of new error pages and generated trace file - it is whole HTML+JS application built with XML & XSLT with incredible amount of information.
  3. WCAT stress test with view of live requests on the server.
  4. Analyze server and site load using IIS7 Admin Pack features.

And here is the presentation: MS PowerPoint 2007 format (0.98 MB)

Any feedback is very welcome.

How bad is SQL Injection

I have been presenting IIS (Internet Information Services) for a while and there is one slide in my deck which says that there is No critical security patch since RTM for IIS6.

Recently there was some news about 500k web pages was exploited with SQL Injection hack(more info here and here).

Although this could put some shadow on IIS security it has to be clear that this is not an IIS exploit. This is application exploit. Any application could suffer SQL Injection (video: Length: 6:01 - Size: 6.37 MB ).

It is not like uploading harmful file on the server and execute it, isn't it?

So it has to be clear: Do not use such code:

public bool Login(string userName, string password)
{
    string command = string.Format("SELECT COUNT(*) FROM User WHERE UserName='{0}' AND Password='{1}'",
        userName, password);

    using (conn)
    {
        SqlCommand cmdLogin = new SqlCommand(command, conn);
        conn.Open();
        int res = cmdLogin.ExecuteScalar();
        return res == 1;
    }
}

Do you know why?!

Because if you get as password the following string ' OR 1=1 '; drop table Users; you will drop the table from DB and apparently the application will stop working.

Do it this way:

public bool Login(string userName, string password)
{
    string command = string.Format("SELECT COUNT(*) FROM User WHERE UserName=@UserName AND Password=@Password",
        userName, password);

    using (conn)
    {
        SqlCommand cmdLogin = new SqlCommand(command, conn);
        cmdLogin.Parameters.AddWithValue("@UserName", userName);
        cmdLogin.Parameters.AddWithValue("@Password", password);

        conn.Open();
        int res = cmdLogin.ExecuteScalar();
        return res == 1;
    }
}

It is much safer...

Hope this helps!

VS2008 and .NET 3.5 (WCF, WPF, WF) Training Kit

Microsoft released a nice training kit for the latest technologies that will help you to become a real hero very quickly.

This package is a real treasure because it covers a bunch of technologies:

  • C# 3.0
  • VB 9.0
  • LINQ
  • WPF
  • WCF
  • WF
  • Silverlight
  • ASP.NET
  • AJAX
  • CardSpace
  • Mobile
  • Visual Studio Tools for Office
  • Visual Studio Team System
  • Application Lifecycle Management
image

And the materials are of the different types:

  • Presentation - will be very helpful to prepare talks for community
  • Demos
  • Labs - very helpful to walk through new technologies in deep.

Go grab it!