• Bug: Refreshing schema of ObjectDataSource causes error

    I think I’ve found another bug in Visual Studio.NET :-(

    I’ve got some DataObject classes that return arrays of objects. These used to return collections (using the System.Collections.ObjectModel.Collection generic class). I updated them to return simple arrays as I thought that would be more efficient.

    Turns out that while ASP.NET seems to work fine with this, the design experience in Visual Studio isn’t so good. Clicking on the ‘Refresh Schema’ task on the ObjectDataSource control that references the data object method, causes a “The schema of type ‘Class1[]’ could not be retrieved. Operation is not valid due to the current state of the object” error to be displayed.

  • Microsoft Security Interchange notes

    Last night Gary, Chris and I attended the Adelaide edition of the Microsoft Security Interchange evenings that they are running around the country.

    It was a relaxed evening, but there were some good speakers. Most interesting and entertaining would have to be Steve Riley. I’ve heard Steve and Jesper talk at TechEd previously, and he is a very compelling presenter. I wish some of the ISTS guys had been there to hear him talk about how “account lockout” is just a great way to mount DoS attacks on user accounts. It’s also worth repeating the security tradeoff triangle diagram:

    Rocky Heckmen also did an interesting presentation where he showed a new tool that will be released soon from Microsoft that helps with Threat modeling.

    Dave Glover finished up with some demos of techniques to help improve code security. Sadly, encrypting web.config didn’t work for him on the night, but he did also mention the Anti-Cross Site Scripting Library that I blogged about last week. Turns out this includes security-conscious versions of the Server.HTMLEncode and Server.UrlEncode functions

  • Building a WaitScreen control for ASP.NET

    This is something we could use - a WaitScreen control for ASP.NET