Web acceleration protocol nears completion

I got lucky and got waved through the PreCheck (I refuse to type it with the cute check mark) line when it was first starting. You can leave your shoes on, your laptop can stay in your bag, and I think liquids can stay in your bag too, but I could be wrong on that one as I make it a point to not have any liquids in my carry on. It was nice, but I wouldn't pay for it. Maybe if I travelled every week and it was more widespread.

I will second this. I have only submitted one article and when I did I went through what seemed like heavy moderation. I really didn't know what I was doing, so it came back more than once with suggestions which I was happy to implement as they made the article not only look better, but higher quality. Since then though I have seen multiple articles that are worse than my first draft ever was, but still somehow made it through. Consistent rules and moderation are really needed for everyone, whether it is your first article or you 1,000th. As for ads. I'm with the people who said "CP has ads?". I can't say I noticed them at all. I'm not on here a ton, I log on every morning check the Insider News and read through the article headlines, but that's about it unless I'm researching something. Keep up the good work, Chris and team! The site is great.

I clearly need more sleep. I read that headline as "Usng sweater to create jet fuel" :sigh: That would certainly have been magic.

Is anyone here signing up for Progvember? The idea, for those who don't know, is to challenge yourself in November to complete a project you've been putting off forever. http://progvember.com/[^] Also, what is it with November being the month for weird things? Movember, National Novel Writing Month, now Progvember?

I am missing something with these frameworks. They seem pretty cool for some things, but how do you secure the REST service? With these frameworks you have the URLs for your REST service sitting in JavaScript code on the client, in theory anyone could check the URL for your call to, say, change your password. How do you secure the service so that I can't check the URL and just try to call the REST service directly and affect other users? A GUID user ID that is passed in might help, but is this the best/only method for securing your REST service from a client?

I have a jQuery script that is listening for keydown on a textbox, like so:

$(document).ready(function () {
$("#result").on('keypress', function (e) {
...
});
});

My problem is that I have written this for a site architected and hosted by a 3rd party. This site allows you to move modules around the page if you wish. When my module is moved (sometimes! not all the the time) it appears as if the page creates more instances of my code. As a result the code in the keydown function fires multiple times. A few things: 1. I put an alert in the document.ready and can see it pop up multiple times, so I know the page it loading more instances of my javasvript. 2. When looking in the debugger in IE or Firefox I can't find more than one instance of the script, but a breakpoint on the one I can find will be caught only once. Whereas the code does run multiple time. Again and alert in the function can be seen multiple times. I've tried unbinding events from my textbox before binding, but it doesn't work. Does anyone have any ideas of how I can prevent my code from being instantiated or triggered multiple times?

The cnt is because this was inside a for loop. Perhaps whoever coded it thought the code could lie the first two times you ask if a value is empty, but not a third. Looking at the HTML I think they meant to find two other controls and add them to the IF statement, but never got around to it. *sigh*

I just found this wonderful tidbit in a .NET app I'm supporting.

TextBox tbRoute = (TextBox)FindControl("ChkRoute" + cnt.ToString());

if ((tbRoute.Text != "") && (tbRoute.Text != "") && (tbRoute.Text != "")) {

...

}

I agree that any given law will never 100% solve a problem. But either you think laws help when dealing with a problem, or you think all laws should be thrown out. In general when this type of argument comes up it tends to be because the person doesn't want that law because it will impact their life or apply to them in some way. For (ridiculous) example, a person might be fine with a law restricting the purchase of high end sports cars, but that's fine because they don't own nor want one. That person might completely rebel against a law saying you can't put a sweater on your dog, and it turns out they own 3 dogs and 300 dog sweaters. By and large we're a society of laws. They don't solve crime, but they do outline what we think is acceptable as a society. That's the real purpose of laws isn't it? Defining the currently acceptable norms and moral boundaries of a culture. The criminals will break them, and in theory, get punished for doing so. But it amounts to "do we think it is ok for a drunk person to drive?" No? Then make it against the law.

Quote:

Banning guns is like saying do not fart, if someone wants to, it will happen.

Gun control arguments aside, this kind of logic in any argument always baffles me. Speed limits are dumb, if someone wants to speed they will. There's no reason for a law against drinking and driving, if someone wants to do it they will. Murder shouldn't be illegal, if someone wants to kill another person they will. It's pointless to make littering against the law, I see people throw stuff out of their car all the time. Just because people are willing to break a law doesn't negate the reason for, or the validity of, the law.

I'm doing a post to a WebAPI that passes a JSON object. Here's how the Post is set up:

var jsonContent = new JavaScriptSerializer().Serialize(myObject);
var request = (HttpWebRequest)WebRequest.Create(apiUrl);
request.Date = dateOffset.DateTime;
request.Method = method;
using (var streamWriter = new StreamWriter request.GetRequestStream()))
{
streamWriter.Write(jsonContent)
streamWriter.Flush();
streamWriter.Close();
}
}

In my WebAPI I have an attribute on my controller that inherits from ActionFilterAttribute. This serves to do some authentication and security checks before the controller is called. Ideally I'd like to retrieve the JSON string from the Request, but I can't figure out how. I tried this, but it didn't work:

var contentTask = actionContext.Request.Content.ReadAsStringAsync();
contentTask.Wait();
var jsonContent = contentTask.Result;

However, the content is always empty. What am I doing wrong? EDIT: For what it is worth, if I comment out this problematic code and let the call go on to my controller, the object is passed in and deserialized just fine.

I owe you a beer! Thank you!

Unfortunately I don't always know which node the password will be in which is why I went with treating it as a string.

I just ran into a real headscratcher. I have code that does the following:

var textReader = new StreamReader(path + "\\\\web.config");
var fileContents = textReader.ReadToEnd();
if (fileContents.IndexOf(oldPwd, StringComparison.Ordinal) == -1)
{
    Log("Old Password Not Found.", 0);
}
else
{
    Log("Replacing old password", 1);
    fileContents = fileContents.Replace(oldPwd, newPwd);
}

What I've found is that if the oldPwd contains ^ then things get weird. 1. If the old password ends in a ^, e.g. 123^ then the IndexOf works, but the Replace does will keep the ^ intact. So, with oldPwd = 123^ and newPwd = 456 then Replace will leave the file looking like 456^ 2. If the old password has a ^ in the middle of it then IndexOf will return a -1. I'm baffled to be honest and not sure if it has to do with how I'm reading the file in or what. But I tried this on an online compiler and it worked just fine. So it has to be me, right? EDIT: I also tried it in my code with hard coded strings and it behaves just fine:

var mystring = "this is a password 123^ yeah";
Console.WriteLine("Did it find it: " + mystring.IndexOf("123^", StringComparison.Ordinal).ToString());
Console.WriteLine("Did it replace it: " + mystring.Replace("123^", "456"));
mystring = "this is a password 123^456 yeah";
Console.WriteLine("Did it find it: " + mystring.IndexOf("123^456", StringComparison.Ordinal).ToString());
Console.WriteLine("Did it replace it: " + mystring.Replace("123^456", "abcdefg"));

FURTHER EDIT: Apparently if I run this through Visual Studio and step through the code it works fine. When I compile the code and run it from the command prompt it exhibits the behavior I outlined above.

JSON won't talk to SQL for you. JSON isn't a language it is just a serialized JavaScript object. If you're using Knockout you will need a webservice you can call (coded in something like .NET perhaps) that will return a JSON object.

I am a little hypocritical when it comes to Federation. Like a lot of the commenters on that article I will more often than not refuse to use a federated login when signing up for websites. If the only way in is through FaceBook or Google then I'm not signing up for your site. However, here's where the hypocrisy comes in, I'm working on a website for my own fun and because I'm lazy and don't want to deal with passwords and security right out of the gate, I'll probably make the only registration options go through Google/Facebook/Twitter. Eventually I'll probably roll my own, but initially I'd rather spend my time coding the core of the site, not registration.

That makes sense. I guess I was trying to be able to test the private methods individually and separately from the public method that calls them. It sounds like you're saying I could just test them through tests on the public method. This feels cleaner to me, I really didn't like the idea of elevating them just for tests. I made them private for a reason, changing that just for a test felt wrong. Thanks for the feedback, Pete.

I'm fairly new to writing unit tests and I've run into something of a design/architecture question. I'm operating under the belied that any given method should not be overly large, and any that is should be refactored into smaller methods. As a result I end up with this:

public MyClass : IMyClass
{
public string MyMainMethod()
{
Method1();
Method2();
return "somestring";
}

private void Method1()
{
    // some code
}

private void Method2()
{
    // some other code
}

}

Obviously this is grossly simplified, but it serves my purposes for this question. I have my classes loosly couples so when writing a unit test I can stub any interface that is injected into MyClass and isolate the code under test. How do I go about stubbing Method1 and Method2? I'm using Moles (and can't change because of company restrictions), but I suspect/hope this is a testing platform independent question. Should I be desiging this different? Not using private methods, but public virtual would allow me more flexibility, but doesn't feel like the right approach. Any advice or pointers would be greatly appreciated. - Andrew

I am catching the top level exception in a large chunk of my current application. I have two reasons for this, but I'm willing to listen to anyone who thinks this is "wrong" and learn a better development practice if I can: 1. I rely heavily on a third party webservice that is very fickle and unpredictable. I have exception handling in here when making calls to this so I can gracefully handle errors from this application for the user. However, even I as I typed this I realized I should be throwing specific exception and not general ones, so I'll be refactoring that code. 2. In general I prefer to capture exceptions and log them so when my users (these are internal applications) call and say they had a problem I can check the log file to help resolve the issue. WIth CustomErrors on the end user normally can't provide me with much in the way of useful information so I rely on my logs for production troubleshooting.

What you say is what should have been done. The code should check the session variable, if it is null then go to the database and 3rd party API and calculate the value needed, and store it in the session variable for later use. In this way it's basically using the session variable for caching a value that is expensive to calculate and doesn't change often. I posted this because what the person who actually wrote this did was kind of a face-palm moment. They write the value into the session variable and then never read from the session variable again. Every time this value was needed they calculated it, then wrote the calculated value into the session variable only to never retreive it and do anything with it.