UK Hosting Directory

When you allow your application to run arbitrary code through an add-in, you may expose users to unknown code, running the risk that malicious code will use your application as an entry point into the user’s data. There are several techniques you can use to reduce the attack surface of your application, which Shawn Farkas discusses here. Shawn Farkas MSDN Magazine November 2005

Go here to see the original:
Do You Trust It?: Discover Techniques for Safely Hosting Untrusted Add-Ins with the .NET Framework 2.0

Ensuring the security of a Web application is critical and requires careful planning throughout the design, development, deployment, and operation phases. It is not something that can be slapped onto an existing application. In this article, Mike Volodarsky outlines best practices that allow you to take advantage of the security features of ASP.NET 2.0 and IIS 6.0 to build and deploy more secure Web applications

View post:
Are You Protected?: Design and Deploy Secure Web Apps with ASP.NET 2.0 and IIS 6.0

Here Dino Esposito and Andrea Saltarello cover the plumbing of the Membership API and its inherently extensible nature, based on pluggable providers. To demonstrate the features, they take an existing ASP.NET 1.x authentication mechanism and port it to ASP.NET 2.0, exposing the legacy authentication mechanism through the new Membership API. Dino Esposito and Andrea Saltarello MSDN Magazine November 2005

More:
Who Goes There?: Upgrade Your Site’s Authentication with the New ASP.NET 2.0 Membership API

Because the use of low-lock techniques in your application significantly increases the likelihood of introducing hard-to-find bugs, it is best to use them only when absolutely necessary. Here Vance Morrison demonstrates the limitations and subtleties low-lock techniques so that if you are forced to use them you have a better chance of using them correctly. Vance Morrison MSDN Magazine October 2005

View original post here:
Memory Models: Understand the Impact of Low-Lock Techniques in Multithreaded Apps

Reliability requires the capacity to execute a sequence of operations in a deterministic way, even under exceptional conditions. This allows you to ensure that resources are not leaked and that you can maintain state consistency without relying on application domain unloading (or worse, process restarts) to fix any corrupted state. Unfortunately, in the.NET Framework, not all exceptions are deterministic and synchronous, which makes it difficult to write code that is always deterministic in its ability to execute a predetermined sequence of operations.

Excerpt from:
High Availability: Keep Your Code Running with the Reliability Features of the .NET Framework

In today’s security-conscious environments, a reliable audit trail is a valuable forensic tool The Windows Server 2003 operating system provides features that let you enable a wide range of applications to make use of auditing functionality. This article looks at auditing from the operating system perspective and describes a sample managed code implementation that will allow you to add auditing to your own server applications. Mark Novak MSDN Magazine October 2005

More:
Stay Alert: Use Managed Code To Generate A Secure Audit Trail

ASP.NET provides a number of ways to maintain user state, the most powerful of which is session state. This article takes an in-depth look at designing and deploying high-performance, scalable, secure session solutions, and presents best practices for both existing and new ASP.NET session state features straight from the ASP.NET feature team. Mike Volodarsky MSDN Magazine September 2005

Read more here:
Best Practices: Fast, Scalable, and Secure Session State Management for Your Web Applications

The Win32 Windows Sockets library (Winsock) provides mechanisms to improve the performance of programs that use sockets, and the Microsoft .NET Framework provides a layer over Winsock so that managed applications can communicate over sockets. To use all these layers to write a truly high-performance socket-based application requires a little background information, as Daryn Kiely explains here. Daryn Kiely MSDN Magazine August 2005

Read more here:
Winsock: Get Closer to the Wire with High-Performance Sockets in .NET

Starting in Visual Studio 2005, XML documentation support will become available in Visual Basic and C++ as it has been for C#. However, making full use of the many comment tags will take a little extra work In this article, the author shows how Visual Studio macros can be used to automate the creation of XML documentation and creates macros that write large sections of comments with just a keystroke.

Excerpt from:
XML Comments: Document Your Code in No Time At All with Macros in Visual Studio

Underlying the My namespace’s APIs is a fully extensible architecture you can leverage to customize the behavior of My and to add new services to its hierarchy to adapt to specific application needs. the My namespace is optimized to provide simple solutions to common problems. But if your requirements are different, you can use the My namespace’s customization model to modify the behavior of individual My namespace members to meet specific application requirements.

See more here:
Visual Basic: Simplify Common Tasks by Customizing the My Namespace

Before the Microsoft .NET Framework, creating a distributed cluster of computers to perform scientific analysis was expensive in terms of hardware, programming and debugging time, and maintenance. You had to purchase expensive servers, spend time debugging network communication, design a distributed system completely different from a system deployed locally, and maintain a melting pot of error handling, data acquisition, networking, and analysis code.

Visit link:
Around the Horn: Engineer a Distributed System Using .NET Remoting for Process Intensive Analysis

In this article, the winning Windows Forms duo of Chris Sells and Michael Weinhardt team up again to explore lots of new features and additions to Windows Forms 2.0 that will let you build more flexible, feature-rich controls, get better resource management, more powerful data-binding abilities, and make your development life a whole lot more fun. Michael Weinhardt and Chris Sells MSDN Magazine May 2005

See the rest here:
Draft a Rich UI: Ground Rules for Building Enhanced Windows Forms Support into Your .NET App

DLL Hell that results from versioning conflicts is generally not a problem in .NET because components do not require registration, and are either totally isolated to an application or are managed in a well-defined side-by-side way with the help of the Global Assembly Cache. But if you’re still using COM, wouldn’t it be great if you could deploy your existing COM components using a model similar to the .NET Framework?

See the article here:
Escape DLL Hell: Simplify App Deployment with ClickOnce and Registration-Free COM

Managed applications rely on the garbage collector in the .NET Framework to allocate and clean up memory. The little CPU time spent performing garbage collection (GC) is usually a fair trade-off for not having to worry about memory management. But for applications in which CPU time and memory are precious resources, minimizing the time spent garbage collecting can greatly improve application performance and robustness

See the rest here:
Memory Lane: Rediscover the Lost Art of Memory Optimization in Your Managed Code

This article examines seven characteristics of statics that will help you in your development. The discussion will touch on static constructors and how the C# and Visual Basic compilers work together with the runtime to implement additional safety behind the scenes. By the end of the article, you will come away with best practices for the use of static members and static classes in your apps

View original post here:
All About Statics: Get a Charge From Statics with Seven Essential Programming Tips

Find out how the .NET Framework, a team of programmers, and a bunch of people from Carnegie Mellon University built an automated car to compete in the DARPA Grand Challenge. Along the way you get some inside tips on building an extensible real-time control architecture based on a whiteboard metaphor and implementing an accurate GPS-synchronized timer component for .NET. John Hind MSDN Magazine December 2004

Read this article:
Vrooooom: How .NET and C# Drove an Entry in the DARPA Grand Challenge

The design-time architecture of Windows Forms in the .NET Framework has made development much more flexible than it had been with MFC. With Windows Forms, you can drag one of your custom controls from the toolbox and drop it onto the Visual Studio design surface and even though Windows Forms knows nothing about the control, it’s able to host it and let you manipulate its properties—not possible in MFC.

Read the original:
.NET Internals: Tailor Your Application by Building a Custom Forms Designer with .NET

Because the common language runtime (CLR) is a black box, it’s pretty hard to divine what’s going on when you want to track down performance problems. Microsoft will be delivering a brand new profiler, the Enterprise Performance Tool (EPT), as part of Visual Studio 2005 Team Developer Edition that’s ideal for use on a production system because it offers some very lightweight means of collecting performance data. Here John Robbins takes you on a tour

Read the original:
.NET Code Tuning: Make Your Apps Fly with the New Enterprise Performance Tool

In this article, Microsoft security expert Michael Howard discusses the cardinal rules of attack surface reduction. His rules – reduce the amount of code executing by default, reduce the volume of code that is accessible to untrusted users by default, and limit the damage if the code is exploited – are explained along with the techniques to apply the rules to your code

Read the original:
Attack Surface: Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users

When storing sensitive data, you need to be able to identify threats, determine how these threats interact with each other, and how issues can combine to constitute a vulnerability that will leave your data exposed. With a good understanding of the various cryptographic algorithms, salt, hashes, ACLs, and other available techniques, you’ll be in a better position to protect your critical data. Michael Stuart and J Sawyer MSDN Magazine November 2004

Continue reading here:
Cryptography: Employ Strong Encryption in Your Apps with Our CryptoUtility Component