A Secure Password Hashing Implementation for PCLs

Almost every software has to deal with some kind of user/identity management – be it desktop applications that usually should integrate with the operating system’s and/or business environment’s identity and authentication concepts or be it cloud based/mobile applications or web services that need to be able to control access on their own behalf.

The issue will even become more important in the near future, because the number of mobile users grows at a high rate, and at the same time we can read almost every day about stolen passwords and hacked websites. Also, the activities of Intelligence services around the world don’t really make one feel more secure…

So, with mobile application development and cross-platform compatibility in mind, I fired up my favorite search engine and was looking for a password hashing implementation that met the following requirements:

  • PCL – compatible
  • Easy to use
  • And, of course, being cryptographically as secure as possible

To my surprise, I found nothing that met all the above requirements and was usable out of the box. What I did find were various different components, that had to be re-combined into a new class (called PasswordHash).

Read More

Xamarin.Forms FormsGallery in XAML

This is a complete rework of the Xamarin.Forms FormsGallery sample, but this time using the XAML markup language instead of creating the UI elements directly in code as it is done in the original sample. The purpose of this sample is to showcase everything that’s available out of the box in Xamarin.Forms, or, in Xamarin’s own words:

This program displays all the views, cells, layouts, and pages available in Xamarin.Forms, one per page.

I did this as an exercise for becoming familiar with Xamarin.Forms and at the same time as a reference application to be able to quickly look up how Xamarin.Forms standard controls are used in XAML.

Read More

Starting Something New

A magic dwells in each beginning
Hermann Hesse, Steps

I’m a C# developer. I’m doing nothing but C# (except for some JavaScript/jQuery – you just can’t do web programming without it). On the one hand because it is simply the best, most modern, and most powerful programming language that exists these days, on the other hand because it is challenging enough to focus on one single thing at a time if you want to do it right.

Until some months ago, I never thought about taking a closer look at mobile programming. Learning Java, a language that is essentially outdated? Or Objective C, when I gave up C++ more than ten years ago because I considered C# a far better alternative? And not to mention the maintenance and organizational nightmare that comes with today’s mobile development.
Unacceptable, I would not even do that in my wildest dreams.

But then I stumbled upon the Xamarin platform which opens up mobile development for C# developers, and at the same time enables true cross-platform development: Sharing a large part of the code between the apps while preserving each platform’s individual capabilities. Xamarin wiped away all of my caveats at one blow, and so I was very curious to give it a try.

Initially, I was playing around with it for some weeks to see what I could do with it. But soon – almost immediately – I got seriously infected. So I bought myself a Mac Mini and began to dive into Xamarin programming more systematically, with the clear intent of incorporating it into my professional skill set.

There were various reasons that led me to that decision. Here are some of them…

Read More

Testing ASP.NET MVC Routes (Both Web and API)

Lately, I was working on an ASP.NET MVC web application, and one of the questions that came up to me was: How do you deal with the application’s routing table when it comes to Unit Testing and Test-driven Development?

Routing is one of the areas of your application that can easily be screwed up – and these errors then have a high likelihood to go unnoticed and make it into production. And because even small to mid-size web projects will have dozens or even of hundreds of possible URLs I find it important to have a quick and reliable strategy to deal with such a scenario (covering a bulk of URLs through tests).

Read More

A Handy IIS Express (Test) Helper Class

Oftentimes, when developing or integration-testing a piece of software that is web-based (for example a web site or a web service component such as an Azure Mobile Service), being able to start and stop a web server programmatically on an as-needed basis comes in very handy.

This is where IIS Express comes into play. IIS Express basically is a lightweight, self-contained version of his big sibling, the fully fledged Internet Information Server. Because it doesn’t run as a service and doesn’t require administrator rights, it is ideally suited for developing and testing web sites and services locally – just like Visual Studio starts an instance of IIS Express when you hit F5 on a web application/service.

This post presents a helper class to programmatically interact with the IIS Express web server.

Read More

Code Readability is soo Important…

Always write your code in a way that the next developer maintaining your code could be an axe swinging madman who knows where you live.
An unknown programmer (hopefully still alive and well…)

Clean code is simple and direct. Clean code reads like well-written prose. Clean code never obscures the designer’s intent but rather is full of crisp abstractions and straightforward lines of control.
Grady Booch

For almost ten years now, I’m a freelancer in the field of software development. Effectively, I’m something like a well-paid stand-by man who almost always is supposed to work with an already existing codebase that needs to be extended or treated in some other way (e.g. refactored or covered with tests). An important part of the job is to quickly get familiar with this codebase – it’s the single key factor for my professional success. And to succeed, I’m reliant on the code being carefully crafted and not holding any surprises. That’s why I’ve come to value well-written code really high over the years.

Read More

An introductory presentation about testing with MSTest, Visual Studio, and Team Foundation Server 2010

I originally wrote this post back in February 2011 over at my old blog at geekswithblogs.net. Because it still receives some hits, I decided to take it with me and copied it to my new blog. With the exception of some necessary HTML polishing, this article is unchanged compared to its previous version.

While it was very quiet here on my blog during the last months, this was not at all true for the rest of my professional life. The simple story is that I was too busy to find the time for authoring blog posts (and you might see from my previous ones that they’re usually not of the ‘Hey, I’m currently reading X’ or ‘I’m currently thinking about Y’ kind…).

Anyway. Among the things I did during the last months were setting up a TFS environment (2010) and introducing a development team to the MSTest framework (aka. Visual Studio Unit Testing), some additional tools (e.g. Moq, Moles, White), how this is supported in Visual Studio, and how it integrates into the broader context of the then new TFS environment.

Read More

It’s the maintenance, stupid! (or: Something is rotten in developerland.)

I originally wrote this post back in January 2010 over at my old blog at geekswithblogs.net. Because it still receives some hits, I decided to take it with me and copied it to my new blog. With the exception of some necessary HTML polishing, this article is unchanged compared to its previous version. – And why would I change it, anyway? I still agree with every single sentence – except the last one, for obvious reasons :-)…

Most people – even the overwhelming majority of programmers – would say that the main activity of a software developer is “writing source code”. But this is a (though quite understandable) misconception – and if you take a look at the available figures on the issue or if you – as a software professional – are honest to yourself, the misconception immediately turns out to be an enormous one.

The world is full of software systems that are already in operation, and they have to be maintained – writing a new software system from scratch is a rare highlight for most software developers. On the other hand, the importance and especially the business value of maintenance is greatly underestimated,  as well as the amount of actual working time spent on it. I think the main reason for this misperception lies in the fact that maintenance activities are spread over a much longer time span compared to the far more intense development period. Also, maintenance costs per year are relatively lower than the initial development costs.

Read More

TDD is not about testing, it’s about how we develop software

I originally wrote this post back in November 2009 over at my old blog at geekswithblogs.net. Because it still receives some hits, I decided to take it with me and copied it to my new blog. With the exception of some necessary HTML polishing, this article is unchanged compared to its previous version.

I am practicing Test Driven Development (TDD) now for some two years or so, and soon this technique of writing software felt so natural, that I hardly could imagine doing it another way or even imagine a reason why I should do so. But on the other hand, I know that not questioning something anymore and not being self-critical from time to time is a certain recipe for running into a disaster sooner or later. So I asked myself: What makes TDD such a natural way of writing software? and What are your main conceptions about TDD? This post is the result of my reflections.

Read More

Unit testing StyleCop rules

I originally wrote this post back in November 2009 over at my old blog at geekswithblogs.net. Because it still receives some hits, I decided to take it with me and copied it to my new blog. With the exception of some necessary HTML polishing, this article is unchanged compared to its previous version.
The Gallio testing framework (which essentially is MbUnit) that I was using at this time, is no longer available. But it’s very similar to NUnit and you can easily read the code samples if you’re familiar with NUnit. I updated the accompanying sample solution to use NUnit (but not the code excerpts in this post). Also, I updated it to VS 2013 and NuGet and gave it a new home on Github.)

One of the single most influential cost factors for software projects is code readability and understandability – and the most important factor for readability in turn lies in the adherence to Coding Style Guidelines. To enforce such guidelines, Microsoft has provided a free tool which checks a given set of source code files against a given set of style and consistency rules: MS StyleCop. The tool comes with quite a lot of predefined rules – however, they mirror the coding practice at MS and not all of them may be appropriate or sufficient for others. Therefore, StyleCop allows for authoring custom rules to extend or modify the original set of rules. How this can be done, is well covered elsewhere on the web (e.g. herehere, or here).

But in contrary to the rules authoring issue, very little – almost nothing – can be found that deals with testing issues. All I found was this post, which gave me a first insight into the issue and inspired me to write a custom Gallio/MbUnit test fixture that lets you write tests against StyleCop rules as simple as this:

Read More