Today we had the first meeting of the Vermont Software Developers Alliance. There were 40 people there and we had an amazing array of business types represented. Not only across technologies (where Microsoft had about a 60% share) but everything from contractors to businesses to upwards of 60 employees. There were companies who do consulting and companies who have software products. There were companies who consult for any type of business and companies who have expertise in particular markets - very strongly represented in Vermont is Health Care software but there was also representation of folks who have expertise in software for accounting, manufacturing, insurance and other industries.

It was really exciting since nothing like this has happened in Vermont before, while there are many state or regional software business associations around the country.

I'm equally thrilled to be able to accomplish something I have been trying to find a way to do for a long time - which is to share my now extensive resources with my local community beyond just learning about .NET programming.We have formed a temporary board to replace the steering committee which I was on and I will be on this board as we really bring this organization into being a legal entity and after that, we will vote for a real board of directors.

If you are in Vermont and are in the business of software, definitely check out the website www.vtsda.org where there is already some info, a place to list your information and take a survey so we can continue to understand what types of needs we all have as a group!

Thea Burger is happy to discover that there will be a women's luncheon at the TechEd in South Africa at the end of October. I look forward to hearing what it is like!!

A number of things gelled together this morning that necessitated this post.

a) this post by Jeff Prosise of Wintellect about the conundrum he has when asked so many questions in an email that are already answered in one (or more) of his (and others') books. But he is concerned (from experience) that suggesting the book as a reply, that the person would think he is only attempting to promote book sales. However, if you saw the email Jeff recieved, it is full of incredibly basic questions and way beyond what is reasonable to ask in an email to a stranger. Jeff is very generous with his time, but this person was basically asking for a personal education by email from Jeff.

b) I asked a question on the WSE newsgroup that turned out to be not about WSE but my own lack of good debugging knowledge. I haven't read John Robbin's (what I know is an) excellent book on Debugging in .NET. John is another one of the 3 founding partners of Wintellect. Also thanks to Hervey Wilson for his patience in answering my many recent questions in the newsgroups!

c) In July I had a conversation with Jeffrey Richter who was curious about how I found the experience of trying to work in C# when my real knowledgebase if coding in VB. The things that I found confusing astonished Jeff who (very politely) asked if I had ever read his book on programming with .NET.  I know that this book (Applied .NET Programming in  C# or VB version) book is a bible. I have had it here and passed it on to a vtdotnet member and had looked at bits and pieces but not read it. I actually have re-ordered it and am still awaiting my new copy (which I won't give away this time). Jeff, of course is the 3rd of the Wintellect founding members.

So what am I getting at here? Clearly there is SO much excellent information out there. Clearly it is impossible to get to and digest it all. I wish I was able to find the time and energy (like the amazing devourer of .NET books, Jason Salas) to read all of these books that I have heard SO many wonderful things about. But I also wish I had time to take my dogs for longer and more fun walks, etc. etc.

I think it also gets back to the wonderful point made by Leon Bambrick that reminds me not to beat myself up that I am not an expert (or even 1/2 of an expert) at debugging in .NET. There are SO many things in .NET that are fascinating and important to know and leverage. I *do * know that in time, I focus on one thing after another and learn more and more and more -- just not all at once. It's been two years already! Eeek.

So I just suppose that this post is a reminder to myself and anyone else who could use it that you and I are not inadequate! <g>

Very exciting news!

Jonathan Goodyear, Doug Seven, Scott Watermasysk and Drew Robbins have just become part of the Microsoft Regional Director program.

My huge congrats to all. This is an excellent group of additions!!

Thanks to Mike G for an email about the coolest app we saw at PDC last year - the physics illustrator that was demo'd by Microsoft Research. Now anyone can get it (well anyone with a tablet...) here.

I downloaded it and played with the existing demos and look forward to more play time but back to WSE now.

But it's cool cool cool. Big Kudos to all involved.

Timberline Interactive, Inc.  is looking for a .NET contract development person for 4-8 weeks, full-time to work on a custom e-commerce platform.    Requires 1+ years experience with ASP.NET and VB.NET, as well as some experience with MS SQL2000 stored procedures.  Initially, the work would be on-site in Middlebury but the contractor could work off-site after the first week or so.  Assignment could start as soon as next week (10/4/04).

Please, no moonlighters.  The contractor needs to be fully available during normal working hours for the duration of the assignment.

Submit summary of experience, resume, three references, and compensation requirements to:

Rick Fitzsimmons
President, Timberline Interactive, Inc.
36 Main Street, P.O. Box 992
Middlebury, VT  05753
rfitz@tli2.com

This is from the policy tracing file created by my client where I am fiddling around and trying to use policy to sign with a use usernametoken. Here's a screenshot and then just a copy/paste so you can read the actual message. My point here is not to get help ,but to show you the level of detailed information that is output by WSE2 so that if you need to do some problem solving, you've got gobs of info. Pretty educational stuff.

<wset:message action="http://tempuri.org/GetUserInfoInit" messageId="uuid:ef64131b-543d-4df6-a50e-ec90cd6a6e5d" appDomain="FieldApplication_TESTS_UI.exe" time="2004-09-28T11:21:45.7968275-04:00">

<wset:compile qname="wsp:Policy" wsu:Id="#Sign-Username-1" usage="Required" canEnforce="true">

<wset:compile qname="wsp:MessagePredicate" usage="Required" canEnforce="true" />

<wset:compile qname="wssp:Integrity" usage="Required" canEnforce="true">

<wset:annotation>Looking for a satisfactory token in the current message's token collection...</wset:annotation>

<wset:annotation>Looking for a satisfactory token in policy enforcement token cache...</wset:annotation>

<wset:annotation>DerivedKeyTokenAssertion will never be satisfied with existing tokens during compilation or enforcement. Not satisfied with this token: Id=SecurityToken-8e8a551b-5120-4506-902b-8e3abd171fef, Type=UsernameToken</wset:annotation>

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching is set to false in the token manager registered for this token type. We will assume this assertion is enforceable. Failures will be revealed during enforcement.</wset:annotation>

</wset:compile>

</wset:compile>

<wset:enforce qname="wsp:MessagePredicate" usage="Required" satisfied="true" enforced="false" />

<wset:enforce qname="wssp:Integrity" usage="Required" satisfied="false" enforced="true">

<wset:annotation>Looking for a satisfactory token in the current message's token collection...</wset:annotation>

<wset:annotation>Looking for a satisfactory token in policy enforcement token cache...</wset:annotation>

<wset:annotation>DerivedKeyTokenAssertion will never be satisfied with existing tokens during compilation or enforcement. Not satisfied with this token: Id=SecurityToken-8e8a551b-5120-4506-902b-8e3abd171fef, Type=UsernameToken</wset:annotation>

<wset:annotation>Invoking ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token manager registered for this token type.</wset:annotation>

<wset:annotation>ISecurityTokenManager.PermitsPolicyEnforcementTokenCaching is set to true in the token manager registered for this token type. A token will be loaded from the token manager and cached for subsequent message enforcement.</wset:annotation>

<wset:annotation>Invoking ISecurityTokenManager.LoadTokenFromSecurityTokenAssertion from the token manager registered for this token type.</wset:annotation>

<wset:annotation>Could not find a security token.</wset:annotation>

<wset:annotation>Looking for a satisfactory token in the current message's token collection...</wset:annotation>

<wset:annotation>Looking for a satisfactory token in policy enforcement token cache...</wset:annotation>

<wset:annotation>Found a token: Id=SecurityToken-0090e2a4-7f5e-4279-8292-6fcdc78a78f2, Type=UsernameToken</wset:annotation>

<wset:annotation>Found a token: Id=SecurityToken-2013f98e-5994-4a8b-87ed-2b80ade897f6, Type=DerivedKeyToken</wset:annotation>

</wset:enforce>

</wset:message>

(slaps herself in the forehead!)

I have been dancing circles around the fact that my client side policy was being totally ignored and I couldn't get a trace file generated from WSE2 either.

Doh! I was configuring the component that was doing the web service call, but the configuration info needs to be with the main app!

I know this, but I suppose I have been too determined that I was doing something wrong in my WSE2 setup to have thought of it. So it's here for future googlers.

When it is due to the fact that my web service and client application really ARE reading my policy files!

"Microsoft.Web.Services2.Policy.PolicyVerificationException: WSE464: No policy could be found for this message.”

I'm still in the middle of wiring this up. I have to say that the refactoring process is definitely time consuming (and very educational). It is MUCH easier of course to implement WSE2 when you are working with new projects.

I am working with a client app that has MANY components and many different web services. Even though it is working already, and seems foolish to attempt to tackle this, I know that if I can get this working with wse2 then I have accomplished and learned a lot.

Senior Programmer Analyst
Burlington, VT
6 months Contract  

This position is responsible for design, development and implementation duties for a web based aircraft finance tracking application.   This position will work closely with business personnel, as well as other IS and IT personnel to gather business and technical requirements needed to successfully design and develop new system features, enhancements to current functionality and defect fixes.  This position reports to the Manager, Structured Finance Business Systems.

Requirements
5+ years systems development experience with a concentration in mission critical web based applications. Expertise in VB.Net, ASP.NET, VB6, ASP, XML, XSL, XSLT, HTML, VSS and JavaScript. In depth knowledge of Microsoft SQL 2000, database design, programming and architecture.
MCSD or MCAD required. MCDBA and other certifications a plus
4 year degree in Computer Science or MIS or equivalent industry experience
Background in Structured Finance or other financial industry experience a plus.

Contact:
Kishore Khandavalli
iTech US, Inc.
Tel: 802 383 1500
Fax: 802 383 1501
www.iTechUS.com

This isn't lookin' good. It seems I may have to hand code my policies after all since my web service is not on localhost. When you click okay on this message you get a second one and finally enable policy flag gets unchecked. I've been trying to trick it, by creating the PolicyCache.Config file, by editing the web.config and more, but to no avail.

update ..and if I manually create a policy file, whether I name it with the extention config or xml, if I do anything in the wse2 settings config tool and save them (even if they have nothing to do with policy), the <cache name=“myconfigfile.xml“/> gets removed from the <policy> tags in my web.config. This can't be right. I must be doing something wrong.

okay- I seem to have picked up this “jig” thing from Ted Neward, but I just noticed something - that is MUCH more obvious when working with code you know well, rather than fiddling little samples.

With WSE1.0, you have to modify your client's proxy to the web service so that it inherits from Microsoft.Web.Services.WebServicesClientProtocol instead of the default System.Web.Services.Protocols.SoapHttpClientProtocol. Every time you update the web reference, you have to remember to go back into the proxy and make that change. I have gotten into the habit, but really it's just one more thing I need to remember, cluttering up my brain.

I have just modified the client component that has been working with WSE1 to use WSE2. When I updated the web reference in that project, the inherited class was automatically changed to Microsoft.Web.Services2.WebServicesClientProtocol.

This makes me very happy. I can free up that little space in my brain now for more important things! And it is one less barrier to getting regular programmers to use this stuff. Thanks WSE folks!

(I should point out that you get TWO proxy classes and this happens to the WSE2 version...)

I am finally converting my web service login and authentication procedures for one of my big production apps. Currently it is using straight web services, with a combination of soap headers and a System.Web.Security.FormsAuthentication ticket which is returned to the client as an encrypted string to be sent back with future requests as well as cached on the server. Lastly, I have a little user class that stores some details about the user that are used for authorization on the client end.

It's somewhat similar to a secure conversation model because my token also times out every two minutes and has to be regenerated, but I don't have to authenticate on every single message.

But an interesting difference is that I am explicitly authenticating at the user login (like we always have done, right?) whereas with the ws-security model, I will authenticate along with my actual requests. So if I were CODING all of this (which I'm not sure if I choose between hand coding in order to drill the stuff in to my brain better, or if I will just use the config tool and let that and policies do the grunt work for me -- and if you saw what a GORGEOUS day it is out - you'd probably vote for the latter, too! ) ...where was that sentence? Oh yeah, I will basically strip out the authentication that happens at login.

Thereare some cases where I am doing application updating and I require authentication at login for that process also. But for the other apps, I get to just rip out SO MUCH CODE - yippee - on both the client side and the ws side. Currently, on the client side, I am stuffing the token in the header of every ws call, so I won't have to do that any longer. On the ws side, every method takes that token and checks against the cache to see if it's still valid. So I get to take that code out. If it's not valid, I was returning nothing to my client and the client has to send back the login/pw (which is still available to the app) and get another token. So all *that* code can go, too.

Rip rip rip, delete delete delete.

Stay by that phone! Your parents/friends/aunts/neighbors are bound to be calling soon!

My friend and neighbor, Sarah Jane Williamson, is going to rent her fabulous property out for the year 2005.

The house is furnished and it is one groovy place. Sarah Jane has a very unique style. The house was completely renovated in 1986 and the barn from 1995-1997. Sarah Jane is an organic farmer and the perennial beds around the house are incredible. We spend a lot of time on Friday evenings there, in the summer and fall on her porch and in the winter, cozied up to the fire place. The house is on a paved country road and about 35 min. to Burlington. Huntington is a very cool community with a lot of entrepreneurs and artists living here as well as many old-time Vermonters which makes for an interesting mix. There are two small country stores and gasoline about 1 mile away and some cool small towns about 15 minutes in different directions. And she has DSL! It is really heavenly here. If you like winter stuff, you've got 30 acres of great cross country skiing and you are 10 miles from Mad River Glen for skiing in the winter and right near Camel's Hump for hiking year round. And of course, to top it off, you can attend meetings at Vermont.NET and VTSQL if you happen to be a geek. Burlington is one of the very cool small cities in the country with lots of great food, music and art. And well, Vermont is...just Vermont. Heaven.  We are also about 4 hours from Boston, 2 hours from Montreal and a quick cheap trip on Jet Blue to NYC. A little further to Seattle . Burlington has an int'l airport served by five major airlines as well as JetBlue and Independent which makes quick hops to D.C. This is what we call “having your cake and eating it, too!”

Here are pictures from Sept 23rd

I took these just now 10am Sept 26th as the clouds were on their way out.

VSLive lucked out when the hurricane diverted and missed Orlando. Now PASS, in Orlando next week, is dealing with Hurricane Jeanne. Watch PASS track chair Roman Rehak's blog for updates. The SQLPass site also has information and links regarding the Hurricane.

There is an AP article that has been picked up by a lot of papers around the world and I'll link to it on msnbc's site. The article is about using quantum physics for encryption via photons (light particles) - rather than the keys (strings of random numbers) we use today. It's pretty far out but not even totally new. There are a few companies already offering solutions (eg MagiQ Technologies) and Harvard is working on the availability on the web. Pretty amazing stuff. I guess in __ years from now, it will be as common as sliced bread.

I love doing this! I have to refactor some pieces of a big production application for a client. This also means stripping some functionality of the application and turning it into individual components which I have wanted to do, but could not justify billing my client for. But now I must do this in order to incorporate some new functionality that will also need access to this logic. Sometimes, working with “old code” is a huge bore, but this is fun because I'm making my code smarter and that makes me feel a little smarter.

When I first started looking at .NET, one of the new concepts that I kept running into was the “delegate” thingies. I kept seeing things written about them, but never walked away really understanding what they were. So it becamse my mission and the first time I really had a “DING!” go off in my head was an explanation in The Book of VB.NET by Matthew MacDonald. Unfortunately, I have long since passed this book on to someone in the user group so I can't quote it.

Anyway, I thought of this because Avonelle mentioned delegates and the difficulty that she has had getting her head around them and pointed to this article on KnowdotNET that gave her the “aha!” moment.

I actually had a more interesting realization about delegates this summer at TechEd when I was doing a TabletPC Hands on Lab that was all in C#. I couldn't understand why I had to keep writing so many delegates and then I realized that the delegates were creating event handlers! And THIS is why us VB background people have such a hard time grokking delegates. IN VB (past and .NET), event handlers come free. They are already there. If you drop a control onto a page, then you automatically have access to that controls list of events in your code. If you instantiate a class in your code, the class's events are available in the dropdown. So we never had to use delegates (not even available to use before .NET anyway) and therefore they didn't come naturally.

So you C++ and C# developers, next time your walking down the street and you see someone who is scratching their head muttering “delegates...I just don't get it”, and you are kind enough to attempt to explain and they STILL don't get it, don't just shake your head and walk away. You need to relate them to something that already IS in VB so that they have a bridge. Event Handlers are that bridge.

update with just a little more goo: Just an FYI for you VB'ers. I'm working on converting a login form from VB to C# ...oh the drudgery of solving casing problems!   Anyway, I thought I would point out that when you double click on a control to get it's default event, C# automatically codes up the delegate in the InitializeComponent method. So I clicked on an OK button and not only did I get my event code but it's delegate was auto generated as well (that's backwards - because the delegate makes the event handler possible)
  this.btnOK.Click += new System.EventHandler(this.btnOK_Click);

So if you just consider the relationship between this delegate and the familiar event handler

it might help a bit...