Lightning Talk at Leeds Sharp

I’m doing a lightning talk at Leeds Sharp user group tomorrow. It’s going to be 10 to 15 minutes about how to write more robust SpecFlow tests – subtitle ‘how I stopped worrying about my Specflows and started living life to the full’. It’s only a quarter an hour so the damage I can do is probably quite limited. I’m up last – my daughter tells it’s always best till last. I’m more skeptical.

Anyway Leeds Sharp is always good and I sure I’ll learn a lot from the other lightning talkers. My PowerPoint for the talk is here, archived for future generations. They’ll thank me for it.

The Worst Thing About Microsoft Exams

Exam Upset I’ve long been a bit of a fan of Microsoft exams – shiny new exams that give the veneer of professionalism to a CV. Lovely. I did a fair number at the start of my career and a few thereafter. I’ve dined out on the knowledge gained for years. However there is a real risk being steered towards obsolete or just strange technology choices. From the last few exams I took here are just some examples of the odd/skewed/’never going to use’ technologies that the MS exam devotee might end up being steered towards.

Health Monitoring

web event hierarchyWith ASP.Net there is an extensive health monitoring architecture for your applications that you are never going to use. It’s got everything you need and much, much more – way too much more. I’ve never seen anyone use it and even the lead developer who implemented it admits it’s over-engineered.

Just 2 seconds looking at the above web event hierarchy makes my retinas ache. Every uses log4net, elmah or just rolls their own. Unfortunately it’s on every ASP.Net exam I’ve ever done (70-315, 70-551, 70-486) and you have to learn about it (sigh).

Lab Management

Lab management is a test environment provisioning architecture in Team Foundation Server. It forms a not insignificant portion of the TFS admin exam (70-496). It looks great and the books and videos are convincing. I was convinced it was a great idea and wanted to implement it and tried to convince others.

It turns out though this is not best practice for deployments at all. You should use the same method of promotion that you use into live. This is becoming more current with the advent of technologies such as Docker. Lab Management though is very particular and the deployment into lab management environments bears no relationship to deployment into production. None! It’s a pain to learn and it’s still on the exam (sigh).

App Fabric

A minor gripe now. In the MVC exam (70-486) the azure caching section steers you towards learning about App Fabric as a service bus for hybrid applications. Fine but turns out this technology is end of life and will be retired in 2017. But it’s still on the exam (sigh).

Windows Azure

 

azure vs aws

There is an entire exam track around Azure cloud computing and it’s a goodly portion of the MVC exam 70-486. Being a Microsoft exam devotee I imagined that Azure was THE cloud computing solution. I was surprised when I saw the above graph and realised that Amazon Web Services has way more implementations out there.

Azure is fine and interesting and good and healthy and I’m sure your mother approves of the use of it at the dinner table. But this is a textbook example of the MS exam narrowing your perspective and encouraging people (me) to ignore other potentially more viable alternatives. But it’s on the exams and you have to learn about it (sigh).

MSTest, Fakes and Shims

Unlike some of my other gripes, I do unit testing on a regular basis so it’s a drag to have to learn an alternative unit test framework for an exam that I’m unlikely to use. Maybe millions of developers use MSTest but I’ve never met them. I wish the exams were a bit more neutral with the choice of unit test technology but they predictably steer you towards Microsoft technologies. But it’s on the MVC exam so put on your big boy pants and learn about it (sigh).

But it’s all good really

Nothing is perfect. I’m not, the software I write isn’t and Microsoft exams aren’t. I still think they are great for developers at the start of a career – it gave me a boost and I still like to see them on developer CVs. It’s a good signal of career dedication. I’d much rather have a Microsoft exam than not. It just helps to be aware of their limitations.

10 tips for working with remote development teams

remote developer

I’ve been working closely with two remote teams for a couple of years.  It works well but it’s not without its challenges. No-one would decide to work with remote teams to make a developer’s life easier. It might make your developer’s lives more interesting, more varied or more frustrating but it won’t make it easier. Here are some general observations about working with remote teams and little tips that might make things easier for everyone involved – based round nothing more rigorous or scientific than my own experience.

1. What you measure, they will do

This is true for developers generally but it is doubly true for remote teams. What you measure, they will do. If you make a big thing about speed then your remote team will deliver quickly. It will be full or bugs but it will be quick. If you have daily calls with the remote team and tell them what an evil thing it is to have bugs reopened then they will make damn sure that they don’t cause bugs to be reopened. They will scour the bug list of easy bugs, take a lot time over medium ones and make every effort to get horribly, gnarly bugs back to the home team. Measure quality and you will get quality but your development might go at the speed of a particularly sluggish glacier.

So do measure but make sure you are measuring the things you really care about and understand the trade-offs that this might entail.

2. Mind your language

It is startlingly easy for the relationships between teams to become strained. You’re convinced the quality isn’t good, the communication is bad and the number of bugs is just ugly. Tensions rise and everyone in the home team is talking about how the ‘Romanian’s’ aren’t doing their job; how the ‘Indian’s’ haven’t got a clue; how the ‘Serbians’ clock watch and go home at the earliest opportunity. The home team is so much better than the rest of them.

Listen to what you are saying. Are you talking about ‘the Serbs’, ‘the Indians’ and ‘the Romanians’? Are you speaking about the remote teams as one homogeneous mass of development unpleasantness?  It’s so easy to slip into but it might be a symptom of deteriorating relationship. It might even be a cause of it. It’s far better to address people by their names rather than their nationality.

3. Time zones matter

It seems obvious but time zones do matter. Obviously if there is 8 hours difference then working practices will have to be adapted to cope with that. But in my experience even an hours’ time difference has an effect. I have found myself skyping the remote team at 16.45 with complex demands, forgetting that for them it is 17.45 and home time. Better to show sensitivity and let them go home unless it is important and needs to be done.

4. Everyone does more than their fair share of work

It’s a psychological fact* that everyone thinks they do more than their fair share of work. Take any group of people and ask them what percentage they contribute to the collective whole, add up the answers and marvel when the combine contribution is well over 200%. Everyone thinks they do more than everyone else.

This is magnified with remote teams. The home team becomes convinced the remoters are not doing enough. The remote team suffers from increasing and hysterical demands and becomes increasing disillusioned as their phenomenal efforts are just not appreciated. Everyone loses.

Just remember that you will be utterly convinced that you are doing more than your fair share. In reality you are probably just doing your fair share and everyone is also doing their fair share too.

*(I didn’t even make up this psychological fact – it’s detailed in the book ‘Thinking Fast and Slow’ ).

5. Communication, communication, communication

Make sure that you have excellent lines of communication and the means to reliably do it. In practice this could mean

  • Everyone has a Skype account and is always logged in when they are in the office
  • Everyone has a working headset and knows how to use it.
  • There are spare headsets in the office. Many spare sets.
  • There is an established way to share screens (Skype, TeamViewer etc…). Everyone has accounts and knows how to use them. The IT department supports it and installs the software for all new developers/testers etc…
  • There is an established way for developers to control the machines of the home team – especially important for tester machines when trying to reproduce bugs
  • Everyone who has any cause at all to contact remote workers has all of the above. The remote team has all this as well.

It’s so obvious and so obviously not done by everyone. We certainly could do better at this.

6. Have one point of contact but everyone can talk to everyone

It’s so important to have one person who is your point of contact for everything that your remote team does and it is so important to know when to ignore this and go direct to the source. Sometimes a bug can only be resolved by a remote developer talking directly to the home team tester and working through it. Sometimes a full understanding can only happen with a direct developer to analyst call. Sometimes developers just need to talk to developers.

This does vary for us though. One of the remote teams I work with has very strict lines of communication. The other team also has strict lines of communication but that one has benefited from some direct communication.

7. Have great development infrastructure

It makes things much easier to have great tooling and great development infrastructure. Initially we had 3 source control systems, 2 project tracking systems and a bug tracking system that didn’t integrate with anything else. Our deployment process was based around 3 witches, a giant cauldron and a book of spells. No good for anyone and triply difficult with remote teams. We changed this to 1 source control system, 1 project tracking system and 1 click deployment.

Clearly any development team is going to benefit from this kind of infrastructure goodness but working with remote teams adds complexity so you want everything else to be as frictionless as possible.

8. Write better code

Of course we all write perfect code all the time – it’s just other people that write bad code. However even the best of us sometimes write complex code that is hard to understand. It’s not too much of a problem if you are sat among your fellow developers and can explain to them why the byzantine morass of code you’ve just written is in fact a work of great elegance and is the best way to solve this particular problem. It’s more of a problem if the team is remote.

They can and will be baffled by what you have just written. Much time will be spent on conference calls explaining what you have done. The remote team will desperately try to get you to do the work so they don’t have to look at the code at all. It’s ultimately far easier to write easy code in the first place.

9. Pay attention to the fixed costs of outsourcing

I think that any remote team has a fixed cost of outsourcing so 3 remote teams of 4 developers is going to be more time consuming to manage than 2 teams of 6 developers. It is obvious but we ended up with isolated individual developers working remotely which worked less well. So size does matter and it’s worth paying attention to the size and structure of the remote teams. We found individual remote workers to be problematic.

10. Go visit

Really this is tip number one and makes the other tips obvious. It’s great to go visit the remote team if you at all have the opportunity. Of course not everyone is going to be able to do this but if the opportunity is there then it’s great to do it. The benefits I found were

  • It’s suddenly really obvious what the communication problems are
  • Email addresses and Skype ids become real people
  • You realise that time zone do matter
  • It becomes apparent how hard these people do work and how much they care about what they do
  • You might spot other opportunities for outsourcing or what activities would be far better done by the home team
  • The remote team will have better ways of doing things that you can adopt and take home

And of course you get to visit another country which is always great.

And if you disagree with all this

These are just from my own experiencing working with 2 remote teams. I’m sure every situation is different but I really do think there are common problems. If you are in a furious rage and disagree with all this then it’s all good. Just have a lovely cup of tea and calm down by reading outsourcing tips courtesy of Scott Adams and Dilbert.

70-486 Developing ASP.NET MVC Web Applications – Study Notes Part 2

I’ve previously posted about preparing for 70-486 and some of the general materials that are available. Now I’m going to go through the syllabus a section at a time and highlight additional resources that I found useful. As I said before a lot of the syllabus is well covered in these two books.

Professional ASP.NET MVC 5
By Jon Galloway, Brad Wilson, K. Scott Allen, David Matson

Professional ASP.NET MVC 5
Professional ASP.NET MVC 5

And

Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications
by William Penberthy

Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications
Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications

The links below are a supplement to reading these. Sometime the books coverage is all you need – I’ve indicated where this is the case.

Syllabus

The syllabus is at

https://www.microsoft.com/en-us/learning/exam-70-486.aspx

I’ll go through each section and comment and provide links.

Syllabus part 1: Design the application architecture

Plan the application layers

Plan data access; plan for separation of concerns; appropriate use of models, views and controllers; choose between client-side and server side processing; design for scalability

Fairly nebulous content that is covered well by Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications.

Using an Asynchronous Controller in ASP.NET MVC
https://msdn.microsoft.com/en-gb/library/ee728598(v=vs.100).aspx

Task Cancellation
https://msdn.microsoft.com/en-us/library/dd997396(v=vs.110).aspx

Wait Handles
http://stackoverflow.com/questions/2538065/what-is-the-basic-concept-behind-waithandle

Unit of work and repository pattern
http://www.asp.net/mvc/overview/older-versions/getting-started-with-ef-5-using-mvc-4/implementing-the-repository-and-unit-of-work-patterns-in-an-asp-net-mvc-application

More on repository pattern
http://www.codeproject.com/Articles/526874/Repository-pattern-done-right

Design a distributed application

Design a hybrid application (on-premises versus off-premises, including Azure), plan for session management in a distributed environment, plan web farms

Vague content that has variable coverage in the books. Content focused around azure, web farms and web service (SOA) based architectures. Professional ASP.NET MVC 5 has an excellent section on WebAPI but you will need to look elsewhere for alternative web service technology.

WCF attributes
http://stackoverflow.com/questions/4836683/when-to-use-datacontract-and-datamember-attributes

Consuming WCF
https://chsakell.com/2013/07/12/create-and-consume-wcf-restful-service-using-an-httpclient/

HttpClient
https://msdn.microsoft.com/en-us/library/system.net.http.httpclient(v=vs.118).aspx

Hybrid Applications
https://msdn.microsoft.com/en-gb/library/hh871440.aspx

Azure AppFabric
http://stackoverflow.com/questions/5143983/what-is-exactly-an-appfabric-in-windows-azure

Design and implement the Azure role life cycle

Identify and implement Start, Run, and Stop events; identify startup tasks (IIS configuration [app pool], registry configuration, third-party tools)

Well covered by Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications but it was unfamiliar to me so I needed extra reading.

General introduction to cloud services
https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-choose-me/

Startup Tasks
https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-startup-tasks/

https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-startup-tasks-common/

Security
https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-certs-create/

https://azure.microsoft.com/en-gb/documentation/articles/cloud-services-configure-ssl-certificate/

Configure state management

Choose a state management mechanism (in-process and out of process state management), plan for scalability, use cookies or local storage to maintain state, apply configuration settings in web.config file, implement sessionless state (for example, QueryString)

A lot of this content hasn’t changed much since web forms so shouldn’t be much of a problem however there are additional considerations to bear in mind when dealing with Azure.

State management overview
https://msdn.microsoft.com/en-us/library/75x4ha6s(v=vs.100).aspx

Session State
http://stackoverflow.com/questions/2714288/pros-and-cons-of-using-asp-net-session-state-server-instead-of-inproc

State server vs SQL Server
http://stackoverflow.com/questions/1447175/sqlserver-vs-stateserver-for-asp-net-session-state-performance

Application State
https://msdn.microsoft.com/en-us/library/ms178594.aspx

Profile vs Session state
http://stackoverflow.com/questions/5088771/regarding-profile-and-session-in-asp-net

View Bag vs View Data
http://www.codeproject.com/Articles/476967/WhatplusisplusViewData-2cplusViewBagplusandplusTem

Windows Azure state management
https://www.simple-talk.com/cloud/platform-as-a-service/managing-session-state-in-windows-azure-what-are-the-options/

Design a caching strategy

Implement page output caching (performance oriented), implement data caching, implement HTTP caching, implement Azure caching

Again, a lot of this is content that hasn’t changed that much since the old web form days. I needed extra reading about caching with Azure sites however.

Good overview of non-Azure caching
http://www.codeproject.com/Articles/757201/A-Beginners-Tutorial-for-Understanding-and-Imple

Data caching
http://stackoverflow.com/questions/32382743/what-is-difference-between-normal-cache-class-and-memorycache-class

Page Output Caching
http://www.asp.net/mvc/overview/older-versions-1/controllers-and-routing/improving-performance-with-output-caching-cs

Output Cache Attribute
https://msdn.microsoft.com/en-us/library/system.web.mvc.outputcacheattribute(v=vs.118).aspx

Output Cache Attribute Location
https://msdn.microsoft.com/en-us/library/system.web.ui.outputcachelocation(v=vs.110).aspx

Azure Caching
https://azure.microsoft.com/en-gb/documentation/articles/cache-dotnet-how-to-use-service/

Design and implement a WebSocket strategy

Read and write string and binary data asynchronously (long-running data transfers), choose a connection loss strategy, decide a strategy for when to use WebSockets, implement SignalR

Unlike the last two sections, this is very much new stuff. It would be easy to spend a long time on this but it’s only a small part of the exam. An overview and understanding of when to use these techniques is probably about the right level. The exam ref book gives a good overview.

Web socket API
https://msdn.microsoft.com/en-us/library/hh673567(v=vs.85).aspx

Web socket client
https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_client_applications

Web socket server
https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API/Writing_WebSocket_server

Signal R
http://www.asp.net/signalr

Signal R example
http://www.asp.net/signalr/overview/getting-started/tutorial-getting-started-with-signalr

Design HTTP modules and handlers

Implement synchronous and asynchronous modules and handlers, choose between modules and handlers in IIS

Not too difficult. This content hasn’t changed much in recent versions of MVC which makes things a lot easier. Know the difference between modules and handlers and in what situations each should be used.

Overview
http://www.codeproject.com/Articles/335968/Implementing-HTTPHandler-and-HTTPModule-in-ASP-NET

Order of Http Module calls
https://support.microsoft.com/en-us/kb/307985

Syllabus part 2: Design the User Experience

Apply the user interface design for a web application

Create and apply styles by using CSS, structure and lay out the user interface by using HTML, implement dynamic page content based on a design

I don’t spend an awful lot of my time creating beautiful UIs for web front ends so this content was less familiar to me. A solid understanding is required – a bit more than just an overview.

CSS
http://www.cssbasics.com/introduction-to-css/

CSS Selectors
http://www.w3schools.com/cssref/css_selectors.asp

HTML5 tutorial
http://www.html5andcss3.org/html5history.php

HTML5 Canvas element
http://www.w3schools.com/html/html5_canvas.asp

HTML5 Canvas element fallback
https://www.sitepoint.com/html5-canvas-fallback/

HTML5 Video element
http://www.html5rocks.com/en/tutorials/video/basics/

HTML5 Video element fallback
https://css-tricks.com/snippets/html/video-for-everybody-html5-video-with-flash-fallback/

Design and implement UI behaviour

Implement client validation, use JavaScript and the DOM to control application behavior, extend objects by using prototypal inheritance, use AJAX to make partial page updates, implement the UI by using JQuery

Like the previous section but this time your JavaScript and JQuery skills are under scrutiny. There is a lot of content out there – I’ve just put links to the content where I personally had gaps.

JavaScript Prototypal Inheritance
http://www.bloggedbychris.com/2012/11/06/microsoft-exam-70-486-study-guide/

AJAX
https://blogs.msdn.microsoft.com/stuartleeks/2011/04/13/asp-net-mvc-partial-rendering-and-ajaxattribute/

Ajax Helper
http://www.codeguru.com/csharp/.net/working-with-ajax-helper-in-asp.net-mvc.htm

JQuery
https://learn.jquery.com/ajax/jquery-ajax-methods/

Compose the UI layout of an application

Implement partials for reuse in different areas of the application, design and implement pages by using Razor templates (Razor view engine), design layouts to provide visual structure, implement master/application pages

Standard MVC stuff focussed around Views and Razor engine. Professional ASP.NET MVC 5 is very good and covers this off well so probably no need to look any further. I’ve provided a few links just in case.

MVC Views
https://docs.asp.net/en/latest/mvc/views/overview.html

Layouts
http://weblogs.asp.net/scottgu/asp-net-mvc-3-layouts

https://docs.asp.net/en/latest/mvc/views/layout.html#

Partials
https://docs.asp.net/en/latest/mvc/views/partial.html

Razor view engine
https://docs.asp.net/en/latest/mvc/views/razor.html

Enhance application behaviour and style based on browser feature detection

Detect browser features and capabilities; create a web application that runs across multiple browsers and mobile devices; enhance application behavior and style by using vendor-specific extensions, for example, CSS

The exam ref book was good enough for me for this one. There isn’t a huge amount of content as compared to some of the other sections.

Overview
https://msdn.microsoft.com/en-us/library/jj149688.aspx?f=255&MSPPError=-2147217396

Modernizer
https://modernizr.com/docs/#what-is-modernizr

Plan an adaptive UI layout

Plan for running applications in browsers on multiple devices (screen resolution, CSS, HTML), plan for mobile web applications

More mobile adaptation content. A bit meatier than the previous section but nothing to worry about. Professional ASP.NET MVC 5 has some good content on this.

CSS Media Queries
http://www.w3schools.com/cssref/css3_pr_mediaquery.asp

JQuery Mobile
http://www.w3schools.com/jquerymobile

MVC Mobile Features
http://www.asp.net/mvc/overview/older-versions/aspnet-mvc-4-mobile-features

Designing for mobiles
https://msdn.microsoft.com/en-us/magazine/hh288079.aspx

Syllabus part 3: Develop the user experience

Plan for search engine optimization and accessibility

Use analytical tools to parse HTML, view and evaluate conceptual structure by using plugs-in for browsers, write semantic markup (HTML5 and ARIA) for accessibility (for example, screen readers)

I remember Dilbert cartoon when he refers to SEO consultants as pantless weasels. That’s unlikely to come up on the exam. I really don’t think there is much to this really – the exam ref book is perfectly adequate. There is a bit more meat in the accessibility content but again the exam ref book is fine. No additional links this time.

Plan and implement globalisation and localisation

Plan a localization strategy; create and apply resources to UI, including JavaScript resources; set cultures; create satellite resource assemblies

Globalisation hasn’t changed a huge amount over the years so anyone with general MVC experience should be OK. The exam ref book is good here particularly going through globalisation with JavaScript which I was personally not that familiar with.

Good overview
http://www.codeproject.com/Articles/778040/Beginners-Tutorial-on-Globalization-and-Localizati

Resx Files
http://stackoverflow.com/questions/3964942/how-to-access-resource-file-in-c

Design and implement MVC controllers and actions

Apply authorization attributes, global filters, and authentication filters; specify an override filter; implement action behaviors; implement action results; implement model binding

A lot of content here and one to definitely be familiar with. The book Professional ASP.NET MVC 5 is excellent here so no extra reading is required.

Design and implement routes

Define a route to handle a URL pattern, apply route constraints, ignore URL patterns, add custom route parameters, define areas

Again Professional ASP.NET MVC 5 is excellent with a comprehensive chapter dedicated to this. However this has changed with attribute routing so make sure you are covering the most up-to-date material.

Routing overview
http://www.asp.net/mvc/overview/controllers-and-routing

Attribute routing
https://blogs.msdn.microsoft.com/webdev/2013/10/17/attribute-routing-in-asp-net-mvc-5/

Control application behaviour by using MVC extensibility points

Implement MVC filters and controller factories; control application behavior by using action results, viewengines, model binders, and route handlers.

A complex area that is again well covered in Professional ASP.NET MVC 5 however you may find additional material useful in this area.

Routing Extension
https://www.simple-talk.com/dotnet/.net-framework/asp.net-mvc-routing-extensibility/

Custom Action Result Http Headers
http://stackoverflow.com/questions/1012437/uses-of-content-disposition-in-an-http-response-header

Filter Extensions Action Filters
http://www.asp.net/mvc/overview/older-versions/hands-on-labs/aspnet-mvc-4-custom-action-filters

Custom Authorisation
http://www.c-sharpcorner.com/UploadFile/56fb14/custom-authorization-in-mvc/

Custom Exception Filter
http://stackoverflow.com/questions/8144695/asp-net-mvc-custom-handleerror-filter-specify-view-based-on-exception-type

Reduce network bandwidth

Bundle and minify scripts (CSS and JavaScript), compress and decompress data (using gzip/deflate; storage), plan a content delivery network (CDN) strategy (for example, Azure CDN)

Not much content in this one. The exam ref book gives a perfectly adequate coverage.

Compression
http://www.dotnetperls.com/gzipstream

http://stackoverflow.com/questions/2599080/gzipstream-or-deflatestream-class

Syllabus part 4: Troubleshoot and debug web applications

Prevent and troubleshoot runtime issues

Troubleshoot performance, security, and errors; implement tracing, logging (including using attributes for logging), and debugging (including IntelliTrace); enforce conditions by using code contracts; enable and configure health monitoring (including Performance Monitor)

I found this surprisingly hard going. Health monitoring is a drag to learn particularly as I don’t believe people actually use it. IntelliTrace feels a slog as well. Code contracts are interesting though and do come up on the exam. One to know.

IntelliTrace
https://msdn.microsoft.com/en-GB/library/mt243851.aspx

Using IntelliTrace to debug live issues
https://msdn.microsoft.com/en-us/library/dn449058.aspx

Code Contracts
http://blog.stephencleary.com/2011/01/simple-and-easy-code-contracts.html

Health Monitoring
http://www.codeproject.com/Articles/420540/ASP-NET-Health-Monitoring

Interestingly Health Monitoring broken in MVC (2.0)
http://weblogs.asp.net/awilinsk/handleerrorattribute-and-health-monitoring

Does anyone actually use Health Monitoring?
http://mvolo.com/asp-net-health-monitoring-8-years-later/

Design an exception handling strategy

Handle exceptions across multiple layers, display custom error pages using global.asax or creating your own HTTPHandler or set web.config attributes, handle first chance exceptions

Definitely one to be familiar with but standard stuff with few surprises. Professional ASP.NET MVC 5 has good coverage once again.

Overview
http://www.codeproject.com/Articles/731913/Exception-Handling-in-MVC

HandleErrorAttribute
http://stackoverflow.com/questions/19025999/using-of-handleerrorattribute-in-asp-net-mvc-application

Test a web application

Create and run unit tests (for example, use the Assert class), create mocks; create and run web tests, including using Browser Link; debug a web application in multiple browsers and mobile emulators

A frustrating section. The exam is focussed around Microsoft testing technologies (Shims, MSTest etc..) but I personally don’t use these and I doubt they are in wide use. That said, knowledge of NUnit or similar is useful here but specific knowledge about MS technologies is sadly required.

Browser Link
https://www.asp.net/visual-studio/overview/2013/using-browser-link

Shims
https://msdn.microsoft.com/en-us/library/hh549176.aspx

Stubs
https://social.msdn.microsoft.com/Forums/vstudio/en-US/0fbed336-aaf7-49aa-b477-369cfdcf87e5/mocksstubsshims-differences?forum=vsunittest

Debug an Azure application

Collect diagnostic information by using Azure Diagnostics API and appropriately implement on demand versus scheduled; choose log types (for example, event logs, performance counters, and crash dumps); debug an Azure application by using IntelliTrace, Remote Desktop Protocol (RDP), and remote debugging; interact directly with remote Azure websites using Server Explorer.

One of those subjects that it’s really difficult to get practical experience of unless you happen to be using it on a day to day basis. Realistically it’s not a good use of time to set up an entire Azure solution just to you can practice debugging it. Do your best with the reading materials available. The exam ref book has some coverage and here are a few more links.

Overview
https://azure.microsoft.com/en-gb/documentation/articles/vs-azure-tools-debugging-cloud-services-overview/

Enabling debugging in Azure
https://azure.microsoft.com/en-us/documentation/articles/cloud-services-dotnet-diagnostics/

Performance counters
https://azure.microsoft.com/en-us/documentation/articles/cloud-services-dotnet-diagnostics-performance-counters/

Syllabus part 5: Design and Implement security

Configure authentication

Authenticate users; enforce authentication settings; choose between Windows, Forms, and custom authentication; manage user session by using cookies; configure membership providers; create custom membership providers; configure ASP.NET Identity

Authorisation and authentication have been changed quite a bit over the years in ASP.Net so this is quite a big subject. Try to ensure you are current. Lots of links here to help out.

IIS Authentication
https://www.iis.net/configreference/system.webserver/security/authentication/windowsauthentication

Difference between digest and basic authentication
http://stackoverflow.com/questions/9534602/what-is-the-difference-between-digest-and-basic-authentication

Windows authentication
https://en.wikipedia.org/wiki/Integrated_Windows_Authentication

.Net Authorisation History
https://brockallen.com/2012/09/02/think-twice-about-using-membershipprovider-and-simplemembership/

SQL Membership Provider
https://msdn.microsoft.com/en-us/library/yh26yfzy.aspx

https://msdn.microsoft.com/en-us/library/ms731049(v=vs.110).aspx

SimpleMembershipProvider
http://weblogs.asp.net/jongalloway/simplemembership-membership-providers-universal-providers-and-the-new-asp-net-4-5-web-forms-and-asp-net-mvc-4-templates

ASP.Net Identity
http://benfoster.io/blog/aspnet-identity-stripped-bare-mvc-part-1

http://benfoster.io/blog/aspnet-identity-stripped-bare-mvc-part-2

Advantages and disadvantages of .net identity
http://stackoverflow.com/questions/21207246/asp-net-identity-vs-simple-membership-pros-and-cons

https://brockallen.com/2013/10/20/the-good-the-bad-and-the-ugly-of-asp-net-identity/

Encrypting Credentials in web.config
http://stackoverflow.com/questions/3538870/what-does-aspnet-regiis-exe-do

Configure and apply authorisation

Create roles, authorize roles by using configuration, authorize roles programmatically, create custom role providers, implement WCF service authorization

I do realise that there is a difference between authorisation and authentication (really I do) but there is overlap in the materials so many of the links in the previous section cover this material as well. Watch out for the WCF material here though.

Authorise filters
http://www.codeproject.com/Articles/650240/A-Simple-Action-Filter-Overview

AllowAnonymous attribute
https://blogs.msdn.microsoft.com/rickandy/2012/03/23/securing-your-asp-net-mvc-4-app-and-the-new-allowanonymous-attribute/

WCF authorisation
http://www.codeproject.com/Articles/698862/Custom-Authentication-and-Authorization-in-WCF

Design and implement claims-based authentication across federated identity stores

Implement federated authentication by using Azure Access Control Service; create a custom security token by using Windows Identity Foundation; handle token formats (for example, oAuth, OpenID, Microsoft Account, Google, Twitter, and Facebook) for SAML and SWT tokens

I personally found this the hardest topic by far. Very technical, almost academic content. It’s hard to find resources that give a ‘jump start’ to this topic. These links are the most useful of what I found.

WS-Trust
https://en.wikipedia.org/wiki/WS-Trust

WS-Federation
https://en.wikipedia.org/wiki/WS-Federation

Windows Identity Foundation
https://msdn.microsoft.com/en-us/library/hh291066.aspx

SAML Tokens
https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

https://msdn.microsoft.com/en-us/library/system.identitymodel.tokens.samlsecuritytoken(v=vs.110).aspx

https://msdn.microsoft.com/en-us/library/ms733083(v=vs.110).aspx

SWT Tokens
https://msdn.microsoft.com/en-us/library/azure/hh781551.aspx

JWT Tokens
https://jwt.io/introduction/

Systems.IdentitiyModel.Tokens
https://msdn.microsoft.com/en-us/library/system.identitymodel.tokens(v=vs.110).aspx

Creating a Security Token Service
https://msdn.microsoft.com/en-us/library/ms733095(v=vs.110).aspx

Claims with WIF
https://msdn.microsoft.com/en-us/library/hh291061.aspx

Security Token Handlers
https://msdn.microsoft.com/en-gb/library/ee517288.aspx

https://msdn.microsoft.com/en-us/library/ee517261.aspx

Azure Access Control Service
https://en.wikipedia.org/wiki/Access_Control_Service

Azure Access Control Service Road Map
https://blogs.technet.microsoft.com/enterprisemobility/2015/02/12/the-future-of-azure-acs-is-azure-active-directory/

Manage data integrity

Apply encryption to application data, apply encryption to the configuration sections of an application, sign application data to prevent tampering

Good coverage in  Professional ASP.NET MVC 5. Here are a couple of extra links to fill out that content

SHA1 is stronger than MD5
http://stackoverflow.com/questions/1756188/how-to-use-sha1-or-md5-in-cwhich-one-is-better-in-performance-and-security-fo

MD5 is not considered secure
http://stackoverflow.com/questions/13756697/is-md5-still-considered-secure-for-single-use-authentications?rq=1

Implement a secure site with ASP.NET

Secure communication by applying SSL certificates; salt and hash passwords for storage; use HTML encoding to prevent cross-site scripting attacks (ANTI-XSS Library); implement deferred validation and handle unvalidated requests, for example, form, querystring, and URL; prevent SQL injection attacks by parameterizing queries; prevent cross-site request forgeries (XSRF)

High fives and celebratory backslaps all round. You’re nearly at the end. And happily this is some of the best and most interesting content. Professional ASP.NET MVC 5 has the best content that I have ever read in this area so there really is no need to go elsewhere. No extra links this time. None needed

Good Luck

So best of luck everyone. Microsoft exams aren’t perfect but when I’m looking at CVs for potential hires it always gives me a warm glow when someone has a couple of current MS exams under their belt. Hope it goes well for you.

70-486 Developing ASP.NET MVC Web Applications – Study Notes

I recently studied and passed the Microsoft exam Developing ASP.NET MVC Web Applications. Hooray. I thought it was a fair exam covering mostly helpful content – not something I can say for all the exams (70-551 I’m looking at you). I wrote quite extensive notes on the exam so I thought I would tidying them up and post them for general use. I’ve posted general tips here and a more detailed breakdown of the syllabus in the next post.

Overall impression

If you use ASP.Net MVC in your day to day job that’s really going to help but it’s not enough. Generally be familiar with

  1. MVC ASP.Net (obviously)
  2. HTML5 and CSS3 – you don’t need to be an expert but a good grounding is helpful
  3. Azure platform as a service – there is a goodly amount of content on this
  4. Security – this has evolved in MVC 5 so a current understanding is needed
  5. Good understanding of HTTP and how the web works generally

So, just because you use MVC doesn’t mean you know enough. Things like security are something no-one does on a day to day basis. Typically, someone has set this up year ago in your organisation and no-one has gone near it since. Not good enough – you need to know about it.

Programme of study

I always make heavy weather over studying and do too much but this was my general pattern

  1. Watch an overview video – just to get into the mood. Take a bath, light some candles and whet the development appetite.
  2. Read the syllabus
  3. Buy a couple of MVC books. Read them but cross reference against the syllabus. Unless you are desperately interested, focus on exam content.
  4. Read syllabus again. Get onto Internet and fill in the gaps. Make copious notes
  5. Read syllabus again. Buy so practice exam questions (but see warning below)
  6. Take exam – pass hopefully
  7. (Optional) write a blog post about it all

Use the syallabus

Sounds obviously but the key with these exams is go through the syallbus and ensure you have covered it off. It’s easy to lull yourself into a false sense of security by reading some MVC books and watching some videos and feel that all is well and you’ve covered it. Read the syllabus again and make sure that you have.

Books

I read two books for this – both of which were very good.

Professional ASP.NET MVC 5
By Jon Galloway, Brad Wilson, K. Scott Allen, David Matson

Professional ASP.NET MVC 5
Professional ASP.NET MVC 5

A good book and recommended. It is excellent for general MVC, security and extending MVC. Security is particularly good. Nothing on Azure though, so reading this book isn’t going to be enough. I would recommend reading it whether you are taking the exam or not. I enjoyed it.

Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications
by William Penberthy

Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications
Exam Ref 70-486: Developing ASP.NET MVC 4 Web Applications

Good again. Its makes a good job of covering the syllabus and focuses the mind on the exam. I read this through and read some parts twice or three times. Not a particularly enjoyable ready though and I wouldn’t recommend this as general reading. It is high level and you will need to research the unfamiliar parts yourself to bolster understanding.

Videos

I personally don’t learn well from videos but I did watch some for this. I know other people find videos the best way to learn.

Microsoft Virtual Academy

Free good quality videos presented by chirpy Americans. What’s not to like. I watched Developing ASP.NET MVC 4 Web Applications Jump Start which was excellent (though not that much help for the exam ironically). The updated one is Introduction to ASP.NET Core (formerly ASP.NET 5). Don’t expect great exam coverage but unless you are a ‘manic exam crammer who only wants to pass and nothing else’ then I would definitely watch it.

Pluralsight

There is an extensive learning path for 70-486 on Pluralsight. I didn’t watch any of it. 60 hours of videos is too much for me and as I’ve said I don’t learn well from videos. But for those that do then this is a good option. I have watch many Pluralsight vids over the years and they are excellent so I’m going to make an uninformed recommendation on this content on that shaky basis.

General internet resources

These are general resources or general web stuff that is good to know but isn’t explicitly on the syllabus so is easy to miss. For a detailed breakdown of the syllabus see the next post.

ASP.Net site

http://www.asp.net/mvc

Good general resource. Good start and fills you in on lesser known subjects.

Web lifecycle

Two good general resources on web application life cycle are

Http request response cycle
Life cycle of an MVC application 

The exam expects you to understand this. It assumes you do so if you don’t – well learn it. Also know about HttpRequest and HttpResponse headers. This stuff comes up time and time again.

What’s new in MVC 5

One of the hard things about MS exams is that a lot of the resources aren’t quite current enough and will be focused on the wrong techniques. This excellent code project post highlights the new stuff in MVC 5. Just so you know, the new stuff is around …

  1. Attribute based routing
  2. Filter overrides
  3. ASP.Net Identity
  4. Scaffolding

The security features particularly are a big change and aren’t that well documented.

http://benfoster.io/blog/aspnet-identity-stripped-bare-mvc-part-1
http://benfoster.io/blog/aspnet-identity-stripped-bare-mvc-part-2

are the bests posts I found around this area. There are more comprehensive posts but they tend to be baffling.

Exams questions

Who doesn’t like to use exam questions for revision? It’s like a giant security blanket of exam goodness wrapped around you.

Transcender

https://www.transcender.com/practice-exam/microsoft/70-486.kap

There are several legitimate sellers of exam material. On this one I used Transcender as I have happy memories of the quality of the questions from a few years ago. I was shocked.  The product is of an extremely low quality. Questions were missing great chunks of information and didn’t make sense, the topics covered were all wrong (questions about webforms on an MVC exam), correct answers were clearly wrong etc.. etc.. etc… I spent my company’s money on this (much appreciated) and even then I wanted my money back. If I had spent my own money then I would have felt even more abused and exploited. The exams questions were written by someone who hadn’t read the exam or even knew anything about the subject. I think they plundered the old web forms exam (70-315) for material. Poor show guys.

Certkiller

http://www.certkiller.com/exam-70-486.htm

The Microsoft recommended seller of questions. I didn’t use this for 70-486, however I recently used it for another Microsoft exam.  It was significantly better than Transcender but far away from perfect. You can buy them in a package that includes resits as detailed next …..

Second Shot

https://www.microsoft.com/en-us/learning/offers.aspx

The best thing is probably to use the exam itself as its own practice. For not very much more money you can get 4 resits so a few goes at your local test centre will stand you in good stead. It is time limited but every year Microsoft have some kind of free retake offer that lasts 6 months or more and can include exam questions.

I bought 4 resits but I can’t go into an exam unprepared so psychologically this didn’t work for me. I meant to just ‘give it a go’ but instead I spent hour after hour preparing for the exam anyway even though I had free resits in the bag. But mental quirks aside, this is a good option for exam prep.

Next Steps

So now you’ve done the general reading it’s time to bite your lip and dive deep into the syllabus. The next post holds your hand while you are swimming about in the murky depths of the syllabus.