Sample code from my ASP.NET SignalR talk at Campus Days 2014

No Comments »

You can download the ASP.NET SignalR code I wrote at my recent talk at Microsoft’s Campus Days 2014 conference.










Sample code from my SignalR talk at DDC 2014

No Comments »

Several people have asked me for the code that I wrote during the session. You can download the full VS2013 solution here.

I would appreciate it if you would take the time to provide some feedback to Microsoft and myself.




Talking SignalR at Danish Developer Conference 2014

No Comments »

I will be giving a talk on building real-time web applications with Microsoft’s ASP.NET SignalR at Danish Developer Conference 2014 in Århus, Denmark, on the 30th of April 2014.

When I am not on stage, you will likely find me at the Copenhagen Software booth. You are more than welcome to come by for a chat or just to check out my booth-babe outfit.

I will be giving the same talk in Copenhagen sometime later this year. So, if you are unable to attend on the 30th in Århus then let me know and I will keep you posted on the event in Copenhagen.

A different approach to dependency injection with ASP.NET MVC

No Comments »

If you read about dependency injection and ASP.NET MVC, what people are usually describing is constructor injection: all the dependencies of an ASP.NET MVC controller are provided through the constructor.

This has been bugging me for a while.  The problem is that, when you do traditional constructor injection, you end up with something like this:

public class HomeController : Controller
  public HomeController(IServiceA serviceA, IServiceB serviceB, IServiceC serviceC)
    /* … */

  public ActionResult ActionA()

    /* uses serviceA */

  public ActionResult ActionB()
    /* uses serviceB */


  public ActionResult ActionC()

    /* uses serviceC */

Notice how you end up having to pass all dependencies for all actions to the controller’s constructor. As the list of dependencies grows longer, and all these dependencies have to be instantiated every time ASP.NET MVC invokes an action, performance can suffer. Moreover, all those dependencies make writing unit tests tiresome, hurting developer productivity and code quality.

One way to mitigate the problem is to pass null or a dumb stub for the dependencies not used by a particular action under test. In other words, when testing ActionA(), just pass null or a stub for depencies serviceB and serviceC when instantiating the controller.

However, you can only do this because you are using implicit knowledge about the inner workings of ActionA(). If you change the implementation of the action, the dependencies might also change. In that case, everything will look the same from the outside, but unit tests will start failing.

So, ideally, what we want when testing an action method is to

  • only have to provide the dependencies actually used by the action method
  • have the dependencies of each action method be explicitly stated

Looking at this, it looks like what we want is to be able to write something like this:

public class HomeController : Controller
  public ActionResult ActionA(IServiceA serviceA)
    /* uses serviceA */

  public ActionResult ActionB(IServiceB serviceB)
    /* uses serviceB */

  public ActionResult ActionC(IServiceC serviceC)
    /* uses serviceC */



  • the dependencies  of each action are very explicitly stated.
  • when unit testing an action method, we only have to provide the actual dependencies of that method.
  • as ASP.NET MVC has fewer dependencies to instantiate, performance is improved.

However, actions are invoked by the ASP.NET MVC framework, which knows nothing of our services, so how do we make this work?

As you probably know, ASP.NET MVC has a mechanism for providing arguments to action methods: model binding. In the default setup, model binding is used to turn HTTP data like query parameter values and form input into action method arguments. Fortunately, the model binding architecture is extensible. Thus, we can create our own model binder to provide the service dependencies:

public class DependencyResolvingModelBinder : DefaultModelBinder
  public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
    return ShouldBeResolvedFromIOCContainer(bindingContext)
        ? DependencyResolver.Current.GetService(bindingContext.ModelType)
        : base.BindModel(controllerContext, bindingContext);

  private static bool ShouldBeResolvedFromIOCContainer(ModelBindingContext bindingContext)
    return bindingContext.ModelType.IsInterface;

When this model binder is asked to provide a value for an action method argument that is an interface, it asks the IOC container to provide the value. In all other cases, it just falls back to the default ASP.NET MVC behaviour.

Configure ASP.NET MVC to use the new model binder by calling

ModelBinders.Binders.DefaultBinder = new DependencyResolvingModelBinder();

at the start of your application and presto! With just the few lines of code above, you can now write nice, clean action methods with well defined dependencies.

Enjoy writing those tests!

CLR Inside Out

No Comments »

My favourite column in MSDN Magazine was “CLR Inside Out”. Although it is a bit dated now, it is still a treasure trove of interesting information and geeky subtleties. If you haven’t done so already, you should check it out! I have compiled a table of contents for your convenience:






Book review: Microsoft Windows Azure Development Cookbook

1 Comment »

About a week ago PACKT published “Microsoft Windows Azure Development Cookbook” by Neil Mackenzie. I got it from Amazon on Thursday and have been reading it these last couple of days. I’ll share my thoughts below.



Cookbooks are rarely meant to be read cover-to-cover, so doing just that has been quite a dry read. Had this been a regular, educational book on Windows Azure I would say that it is missing a bit of spice; some war stories, some personal opinions or a pinch of humour would have done wonders for the reading experience. Thus, this isn’t the type of book you bring with you on vacation or read while commuting. It is meant to sit on a shelf next to your work station and to be consulted when you encounter a specific problem.


The book contains 80 or so recipes for solving various concrete tasks related to Windows Azure development. They are grouped into chapters on blobs, tables, queues, hosted services, diagnostics, the management API, SQL Azure and AppFabric. Within each chapter recipes are roughly sorted in order of increasing level of complexity and each recipe follows the same pattern:

  • An introduction to the problem / scenario
  • A list of prerequisites for the sample solution
  • Step-by-step instructions on building the sample solution
  • A summary of how the sample solution works

This feels like a sound approach and it works quite well.


In the preface of the book it says “If you are an experienced Windows Azure developer or architect who wants to understand advanced development techniques when building highly scalable services using the Windows Azure platform, then this book is for you.” However, if you are just starting starting out with Windows Azure, you shouldn’t let this put you off. There are quite a number of recipes in the book which will be of value to newcomers to the platform, and if you are just starting your first Azure project, you will find many recipes that are immediately applicable and very valuable.

I think this may be the book’s strongest point as well as its Achilles’ heel: If you have taken an introductory course to Windows Azure and been through the Windows Azure Platform Training Kit, you will, at least in theory, know much of the material in this book. That being said, for some recipes Mackenzie adds a “There’s more…” section which puts the material just covered into perspective or relates it to other parts of the Windows Azure Platform. This is my favourite section and is where even seasoned Windows Azure developers may find some valuable nuggets.


All-in-all I would highly recommend this book if you have had a general introduction to Windows Azure and is getting ready to get your hands dirty.

On the other hand, if you are an experienced Azure developer it won’t take you to the next level.

Presenting at Miracle Open World 2011

No Comments »


I will be giving a talk on .NET and Windows Azure at Miracle Open World 2011 in Billund on 15th of April.

Security is your responsibility


I recently read a story that made me contemplate the relationship between website developers and the visitors to these sites. I’ll share my most obvious conclusion here.

The social implicit contract

When building a website that you expect people to use, you are implicitly entering into a mutual agreement with that website’s users: You expect the users to use your site, and they in turn expect you to take them seriously. In particular, they expect you to store their personal information reliably and inaccessible to others. This holds true even if your website doesn’t actually contain any confidential information per se. As soon as you have users, you have logins and passwords that need to be protected.

But if my site doesn’t contain confidential information, it matters little if a user’s account is compromised

you may say. However, that is just plain wrong. Users will most likely use the same username and password in multiple places. Thus, if a user’s password is compromised because of a flaw in your software, who knows what other systems you may inadvertently have compromised.

But best practices recommend that users never reuse a password. If they do, it is their own fault and they alone must face the consequences.

Not so fast, sailor. The fact of the matter is that the average person has a multitude of online accounts with various services and that it is utterly impossible for him/her to keep track of a similar number of unique passwords (let alone of which passwords goes with what service). To this day no one has really solved this problem.

Thus, you should expect people to reuse passwords and protect these passwords accordingly. Having a laissez-faire attitude to users’ passwords means you’re not doing your job properly. Period.

I’ll say it again:


You, yes you, need to store passwords securely


A compromised password in one system, no matter how insignificant, may have dire consequences for other and much more critical systems. Since Internet users invariably reuse passwords, web developers collectively need to protect these.

I realize that being a security specialist is a full-time job and that most developers don’t have the time to become experts in this area. However, I think every web developer who is worth his salt should at the very minimum

  • understand the most basic attack vectors like SQL injection attacks and cross-site scripting attacks and how to mitigate these
  • know how to properly store a password (or, better yet, avoid building a password system but use someone else’s)

I’ll end this post with the illustrative tale that inspired me to write it.

The HBGary attack

There was once a security firm called HBGary (at the time of writing there still is). This was a reputable company providing training and malware protection software to Fortune 500 companies and high profile organizations.

In its quest to rid the world of Internet scumbags, it one day happened upon a group of anonymous scoundrels and threatened to expose them. HBGary barely lived to regret it.

The scoundrels exploited a basic SQL injection chink in HBGary’s armor and leveraged this weakness to open a floodgate for attacks on the organization: HBGary’s emails were publicized, their data, including backups, were destroyed, and their website and twitter profiles were defaced.

For the unabridged story, read the inside version.

What do you think? Which implicit responsibilities do we as web developers take upon us when we deliver a product?

Microsoft is making Cloud Power mainstream

No Comments »

Well, the headline may be a bit presumptuous, but at least they are trying.

Cloud Power - LHRI was pretty impressed when I saw the extent of the Cloud Power advertisement campaign in major Danish newspapers a few weeks back. However, if you live in Denmark, you may not realize just how much marketing muscle Microsoft is putting into this campaign.

I recently travelled to the United Kingdom and found that Cloud Power is everywhere: In the subway, on train stations and in the airport. I took these pictures with a slightly shaking HTC Desire (I was probably shaking from an overdose of bangers and mash).

It will be exiting to see where this will take Microsoft on the Cloud scene. I’ve never seen any of the other players in this space do advertisement like that.

Cloud Power - Waterloo Station

Windows Azure Platform Acceleration Workshop

No Comments »

I will be teaching a 3-day training session on the Windows Azure Platform starting on the 8th of February. Last time I facilitated a similar event was back in December 2010, when 30 Microsoft partners showed up. It was great fun, so I am very much looking forward to repeating the exercise.

This particular event is by invitation only, but if you are interested in a similar training course or just an introductory session on Cloud Computing in general and Windows Azure in particular, please contact my company, Copenhagen Software.