Save objects in Visual Studio for reuse later

One easy way to save an object while debugging in Visual Studio so that you can use it later for troubleshooting, or maybe use in LINQPad is to serialize the object to disk.

All the libraries you need are built into .NET and can be done in the Immediate Prompt in Visual Studio.

Save the Object to disk

string json = new System.Web.Script.Serialization.JavaScriptSerializer().Serialize(myObject);
System.IO.File.WriteAllText($@"c:\dev\{nameof(myObject)}.json", json);

Read the Object from disk

string json = System.IO.File.ReadAllText(@"c:\dev\myObject.json");
           
var company = new System.Web.Script.Serialization.JavaScriptSerializer().Deserialize<MyClass>(json);

The caveat to this is that you will need the MyClass available when you bring it back to life.You can also pass Object instead of MyClass if you don't have it.

Blocking

Task.Delay()

If you are in an async method and you want to have it wait for a period of time before continuing your first thought might be to use Thread.Sleep(), but this would work the way you may think. Task.Delay() is what you want to use. Sleep just sleeps on the current thread which is the same as the thread that is calling the async method. Having an async method does NOT create threads unless the

Task.Run()

Task.Run() method is used to run a non-async method on another thread (from the thread pool by default). This is essentially just a background thread and has nothing to do with async. However since Task.Run() returns a Task you can await the result. This makes tracking the task and getting the result very easy.

Task.Run() is a good way to run a non-async method from an async method. There is overhead of spinning up an additional thread just to run this non-async code and then we would await the completion of the thread. This overhead is sometimes the only option if there is no async method available to call and all you have is a non-async method to call and you don't have access to change it.

Async in C#

Tips

A thread is a relatively heavy weight structure. 1 thread takes 1M of Stack Space. A task is NOT a thread. You can have multiple tasks running on a single thread (such as UI thread).

Task.Delay() is like Thread.Sleep(), but it is a Task that won't complete for a specified amount of time.

The keyword async is not part of the method signature. For example, it doesn't show up in interfaces. It is convention to add Async to the end of a method name though. This tell the reader it is async.

Return Task, not void.

await

Frees thread to do other things such as update UI, etc. Before await is called the stack trace is in the method you called it from which makes sense. The potentially surprising thing is that the line after the await does NOT have the same stack trace. It is now in the same thread, but clearly not in the same calling method anymore. This is because the compiler creates a state machine when the code is complied. It's building what would have been done by hand before we had the keyword await in C#.

• await frees a thread while we wait for an operation to complete. For example, handle another request in web scenario, update UI thread in desktop scenario. 
• It does NOT block the thread, it actually frees the thread to do something else. 
• The execution is stopped until the task is complete. 
• When the task is complete the thread gets focus and execution continues. This is similar in concept to a callback after something is complete.

Exception Handling

If there is an exception in an async method it will be thrown and can be caught as if it was not an async method. For example, a simple try-catch.

Free resources for Parallel Programming

Below is a list of free resources for parallel programming with .NET.

Microsoft's main site for all things parallel

• http://msdn.microsoft.com/concurrency

Parallel Programming in the .NET Framework

• https://docs.microsoft.com/en-us/dotnet/standard/parallel-programming/index

Parallel Programming with Microsoft .NET: Design Patterns for Decomposition and Coordination on Multicore Architectures.

• https://msdn.microsoft.com/en-us/library/ff963553.aspx
• Highly recommended, easy to read FREE ebook.

Passing data to a Task using parameter to avoid race condition

Requirements

Consider the scenario where you want to pass the current value of i to a new task that gets created in a for loop. We want each task to have a unique value of i (0...9).

The wrong approach (closures)

In general, it is a bad idea do use closures to pass data to a task when the value will change before the task starts. Below is a classic race condition such that the value of i is not read until the task starts, but before most of the tasks start all the tasks have been created. This will result in gotParamNow being equal to 10 (or any value really, but not what we intended).

for (int i=0; i<10; i++)

{

Task.Factory.StartNew( () =>

{

int gotParamNow = i;

}

);

}

The right approach (parameter)

If you want to pass data when the Task is CREATED (not when started as it would do when using closures) then you can pass the data to the StartNew method as shown below.

for (int i=0; i<10; i++)
{
Task.Factory.StartNew( (arg) =>
{
int gotParamNow = (int)arg;
},
i
);
}

In the code above the value i changes over time, so we want to pass it to the StartNew method so that when the task starts the data has the value that was passed to it and will result in each task having a unique value of i passed to it and thus gotParamNow will be unique as well.

Unit Testing internal methods in c#

Sometimes you want to unit test private or protected methods on a class in one of your assemblies (MyAssembly). The problem is the unit test assembly (MyAssembly.Tests) is just another assembly and has to respect the access modifiers such as private, protected, public, internal, etc.

I generally subscribe to the notion that if you have a private method there is a good chance you should be moving that functionality to another class and using dependency injection to make that logic public and testable.

There are however exceptions to this such as when overriding a protected or protected method for example. While the same principle could be applied, it may or may not be the best choice. For cases where you deem it to not the best choice there is a solution.

In your assembly (of the class you are testing) you can add the following to the AssemblyInfo.cs file to grant special rights to any class (our unit test assembly in this case) such that it has access to internal (sorry private, protected, etc still can't) methods and thus allowing you to test them.

[assembly: InternalsVisibleTo("MyAssembly.Tests")]

If you really need to test private methods you can use PrivateObject to invoke the private method in your unit test. This feels a bit dirty though.

Securing your ASP.NET MVC website Checklist

First, let me start by saying this is not a comprehensive list, but it is a good start.

Add headers for all requests

Add this to your web.config

<system.webServer>

    <httpProtocol>

      <customHeaders>

        <clear />

<remove name="X-AspNet-Version" />
<remove name="X-AspNetMvc-Version" />
<remove name="X-Powered-By" />
<remove name="Server" />

        <add name="X-XSS-Protection" value="1; mode=block"/>

        <add name="X-Content-Type-Options" value="nosniff"/>

        <add name="Strict-Transport-Security" value="max-age=31536000"/>
<add name="X-Frame-Options" value="DENY" />
<add name="Referrer-Policy" value="no-referrer" />

      </customHeaders>

    </httpProtocol>

  </system.webServer>

This does a good job of explaining what some of the header options are

Require Strong Passwords

Go to your AccountController and find the code that creates the PasswordValidator and change it to something like this. Length is the most important thing to consider from a cryptographic complexity. 

NOTE: 12 is the minimum required, but 16 is better to make it sufficiently time consuming to hack.

manager.PasswordValidator = new PasswordValidator

            {

                RequiredLength = 12,

                RequireNonLetterOrDigit = true,

                RequireDigit = true,

                RequireLowercase = true,

                RequireUppercase = true

            };

Remove ASP.NET Technology Headers

In Global.asax add the following to the Application_Start() event.

MvcHandler.DisableMvcResponseHeader = true;

You will also need to add the following to the web.config

<system.web>
<httpRuntime targetFramework="4.5.2" enableVersionHeader="false" />
</system.web>

Remove Server Info from headers

Add the following to Global.asax.cs

protected void Application_PreSendRequestHeaders()

        {

            if (HttpContext.Current != null)

            {

                HttpContext.Current.Response.Headers.Remove("Server");

            }

        }

Also read through security issues that require reviewing your code and maybe some knowledge of how your application is written.

Restrict origin of anything loaded

To be extra safe look at adding creating a white list of what stylesheets, scripts, etc can be loaded. This will take some digging on your site, but is probably worth the effort.

There is a nuget package that does some of this. This looks to be a better choice as it is per controller, etc and explains how to use it.

X-Frame-Options

MVC5 will add in the X-Frame-Option by default. If you want to remove it and make it DENY you will need to add the following line to your Application_Start() method in the Global.asax.cs.

System.Web.Helpers.AntiForgeryConfig.SuppressXFrameOptionsHeader = true;




Code Contracts

Ever want an common way to do a null parameter check or that an integer is positive, etc. If so, you may find MS Code Contracts useful. The downside is that all your files then have a dependency on this assembly. The upside is they are available in the System.Diagnostics.Contracts namespace which is part of the mscorlib.dll assembly so it should always be available.

Code Contracts provide a way to specify preconditions, postconditions, and object invariants in your code. Preconditions are requirements that must be met when entering a method or property. Postconditions describe expectations at the time the method or property code exits. Object invariants describe the expected state for a class that is in a good state.

The key benefits of code contracts include the following:

• Improved testing: Code contracts provide static contract verification, runtime checking, and documentation generation.
• Automatic testing tools: You can use code contracts to generate more meaningful unit tests by filtering out meaningless test arguments that do not satisfy preconditions.
• Static verification: The static checker can decide whether there are any contract violations without running the program. It checks for implicit contracts, such as null dereferences and array bounds, and explicit contracts.

How to configure ASP.NET Custom Errors Correctly

If you are deploying your site you should make sure you have custom errors on so you don't leak information that a hacker could use to attack your site.

Enable Custom Errors

Setting customErrors to On will keep exception details from user, but shows the YSOD which is a 500. Hackers look for pages with 500 error codes as potential targets.

<configuration>
      <system.web>
            <customErrors mode="On">

Add a user friendly error page 

The downside of this is that pattern of the url still indicates that there was an internal server error. Again, highlights a potential target for hackers

<configuration>
      <system.web>
            <customErrors mode="On" defaultRedirect="Error.aspx">

Get rid of the error page pattern in url 

The response is returning a 200 which looks like a successful page. There is no 302 redirect to detect the error either. The only way to tell there is an error is to read the message on the page and can't be determined by a pattern or status code.

<configuration>
      <system.web>
            <customErrors mode="On" defaultRedirect="Error.aspx" redirectMode="Rewrite">

Search and Replace in a MS Word document

I reviewed options for editing MS Word files in DOCX format and decided that the free and one that has the greatest chance of existing in 10 years is just using the Open XML Word Processing SDK (see my review for details).

For complex stuff maybe a different choice would make sense. However, my requirements are simple much like a mail merge:

1. Taking an existing MS Word file (DOCX format) as input. (Use it as a template)
2. Search the MS Word file for some placeholders / tags and replace with real data, but don't save any changes to the original file since it is my template.
3. Be able to write changes to a new file or stream file to browser for download

As it turns out this can be done in very few lines of code and for FREE. Below is my solution.

// Sample command line application
static void Main(string[] args)
{
    string filename = "Test.docx";
    var oldNewValues = new Dictionary<string, string>();
    oldNewValues.Add("pear", "banana");
    oldNewValues.Add("love", "like");
    byte[] returnedBytes = SearchAndReplace(filename, oldNewValues);
    File.WriteAllBytes("Changed" + filename, returnedBytes);

}


// Does a search and replace in the content (body) of a MS Word DOCX file using only the DocumentFormat.OpenXml.Packaging namespace.
// Reference: http://justgeeks.blogspot.co.uk/2016/03/how-to-do-search-and-replace-in.html
public static byte[] SearchAndReplace(string filename, Dictionary<string, string> oldNewValues)
{
    // make a copy of the Word document and put it in memory.
    // The code below operates on this in memory copy, not the file itself.
    // When the OpenXml SDK Auto saves the changes (that is why we don't call save explicitly)
    // the in memory copy is updated, not the original file.
    byte[] byteArray = File.ReadAllBytes(filename);
    using (MemoryStream copyOfWordFile = new MemoryStream())
    {
        copyOfWordFile.Write(byteArray, 0, (int)byteArray.Length);

        // Open the Word document for editing
        using (WordprocessingDocument wordDoc = WordprocessingDocument.Open(copyOfWordFile, true))
        {

            // Get the Main Document Part. It is really just XML.
            // NOTE: There are other parts in the Word document that we are not changing
            string bodyAsXml = null;
            using (StreamReader sr = new StreamReader(wordDoc.MainDocumentPart.GetStream()))
            {
                bodyAsXml = sr.ReadToEnd();
            }

            foreach (var keyValue in oldNewValues)
            {
                string oldValueRegex = keyValue.Key;
                string newValue = keyValue.Value;

                // Do the search and replace. Here we are implementing the logic using REGEX replace.
                Regex regexText = new Regex(oldValueRegex);
                bodyAsXml = regexText.Replace(bodyAsXml, newValue);
            }

            // After making the changes to the string we need to write the updated XML string back to
            // the Word doc (remember it is in memory, not the original file itself)
            using (StreamWriter sw = new StreamWriter(wordDoc.MainDocumentPart.GetStream(FileMode.Create)))
            {
                sw.Write(bodyAsXml);
            }
        }

        // Convert the in memory stream to a byte array (binary data)
        // NOTE: These bytes can be written to a physical file or streamed back to the browser for download, etc.
        byte[] bytesOfEntireWordFile = copyOfWordFile.ToArray();

        return bytesOfEntireWordFile;
    }
}


After calling the SearchAndReplace method you have the bytes that make up the MS Word file. It is up to you what you want to do with it. You can save it a file or stream it to the browser when a user clicks a link to download a file.

To write the file to another file (leaving the original unchanged), use the following line:

File.WriteAllBytes(newFilename, returnedBytes);


To stream the bytes back to a browser via a Action method in a ASP.NET MVC controller, use the following:

return File(returnedBytes, "application/msword", "Filename to download as here.docx");


NOTE: Original code inspired by this MSDN example and additional a post or other page I can't remember (sorry).

Review of some products for working with MS Word documents using .NET / C#

I didn't want to use MS Automation because it is slow and not server friendly, so I am not covering that here. The solutions below do NOT require MS Word to be installed and they are server friendly.

Open XML Word Processing SDK
This is my first choice for completely free solutions because is relatively easy for basic things and it will likely always be supported by Microsoft. This is the Microsoft SDK (released as Open Source as of version 2.5) for creating and editing MS Word documents in DOCX format. It takes a bit to get used since it mirrors the internal DOCX format. The advantage is that pretty much everything you need to be done here. The disadvantage is that it may take more code than using other packages. The link above has sample code on how to do many common tasks. Here is a good place to start to familiarize yourself with the file formats, what resources are available, etc. To understand the DOCX file format, check this out. The DOCX format is much simpler than the XLSX format. I recommend giving it a try. The learning curve is pretty small for the DOCX file format and there is a lot of examples available. In the end it isn't so different than NPOI (see section below) for DOCX. Here is a list of how to do's.

It is unofficially distributed on NuGet as DocumentFormat.OpenXml, but it is unofficially distributed by someone other than Microsoft (even though it shows the author as Microsoft). If you want the official binaries they can be downloaded here. If you want the source code you can get it on GitHub. This video shows how to build the source code if you want to go that route. If you want to use 2.6 it has been released on NuGet as OpenXMLSDK-MOT. This is the same as official binaries and source code in GitHub (from what I can tell). All options install an assembly called DocumentFormat.OpenXml and if done through NuGet it is added a reference to your project.

If you want to validate that the document you create is valid, check out this code example.

Here is an example of how to do a search and replace in a DOCX file.

Here is the link to the Open Xml Developer website.

There are also tons of example on the Open Xml Power Tools project on GitHub and from NuGet.

Open-Xml-Power-Tools - DocumentAssembler
This is an Open Source module in Open Xml Power Tools that allows you to create templates using .DOCX files as templates, a xml data source, and generating a well formatted DOCX file with the data merged in to the template. The template allows such things as tables, conditions, etc using XPATH-like syntax. Here is a video on how it works, but not a step by step tutorial. Here is a getting started video / tutorial that walks you through using the product. It is important to watch the ending where he talks using <# #> instead of Content Controls in Word as the placeholders. It works similar to most reporting tools, but using MS Word as report definition (template) file and the output being a MS Word document as well. You can download the entire Open-Xml-Power-Tools suite that includes DocumentAssembler from here. It is not meant to be used to create DOCX documents from scratch. It always uses a template file to generate new DOCX files. However, Open-Xml-Power-Tools suite does have the ability to help work with DOCX files. NOTE: It is built on top of (requires it) the Open XML Word Processing  SDK (above).

DOCX
If you really don't want to learn anything about the DOCX format and want a more inuitive way to interact with the DOCX files then this may be a good option if you are okay with alpha software. A simple Open Source project available from codeplex.com or NuGet. It let's you interact with the Word document in an intuitive manor without understanding how Word documents internally work. The examples on his blog are good and good examples in source code. It is easy to use. It is still alpha, but has been around since 2009. It has growing popularity.

Free Spire.Doc
This is a free version with limitations for a professional package called Spire.Doc. It is quite powerful and also does conversions to PDF and many other formats. It does mail merges, etc. Is is nice for small projects that are below the limitations. The API is well thought out and works nicely.

NPOI
This is the .NET implementation of the popular POI Java Project. It is Open Source and totally free and also does MS Excel. The API is a bit low level at time, but works well. I recommend downloaded from github to work with examples. Also, you can install binaries via NuGet. The documentation and examples for XDOC are not really there yet though. Look for XWPF if you want to use DOCX file format. The problem is that it is not the exact same API as the POI Java Project, but it is similar. It is also not as mature and is thus missing some features. It is a bit more abstract that just using the Microsoft packages, but still quite a bit of DOCX format knowledge is needed. In general I found the experience a bit frustrating because of how the project is organized and the poor documentation and very few DOCX examples.

Good Articles on MVC and .NET

Getting Started

Implementing Basic CRUD Functionality with the Entity Framework in ASP.NET MVC Application - Good step by step tutorial for MVC 5 (not MVC 6). It also shows how to use TryUpdateModel to specify what can be bound to each object. This is a bit cleaner and more object specific, but does require a bit of code.

Binding 

ASP.NET MVC - The Features and Foibles of ASP.NET MVC Model Binding - a great post that gives an in-depth explanation of  how the binder works and how it can be extended.

Prefixing Input Elements Of Partial Views With ASP.NET MVC - Explains how to make a partial view generate html with references that the Binder can understand properly. Also shows a generic method for passing the prefix to the Partial View. It doesn't say it, but creating Edit Templates and EditorFor() instead of Partial Views will also solve this problem.

Model Binding To A List - Explains how to set the Name html form property so that the binder will create the collection.

Mass Assignment / Over-posting

6 Ways To Avoid Mass Assignment in ASP.NET MVC - If you use the Include or Exclude parameters with the Bind attribute it doesn't seem so say it anywhere, but the names of the fields are the same as what show up in Request.Form. So, things like Person.Address.Name, Person.Address.ID, and Person.Address would all need to be added to the Include parameter in order for fields bound to related objects to be allowed through the Include() list and be added to the Request.Form colletion.

Sharing Create / Edit Screens

 ASP.NET MVC - using the same form to both create and edit - forum on how this could be implemented

View Model

How to Use ViewModel with ASP.NET MVC - shows how to implement the repository pattern, how to organize your project, and how to use a View Model.

Videos

Building Applications in ASP.NET MVC 4  - very in depth video on how to build MVC applications. Most of it still applies to MVC 6. It has details on certain topics that are not covered in the MVC 5 version of the video.

Building Applications in ASP.NET MVC 5 - very good video and in depth video on how to build MVC applications.

Best Practices

Best Practices for ASP.NET MVC  - this is a bit old, from 2010, but still has some good advise.
 

Dependency Injection

Dependency Injection and Unit Of Work using Castle Windsor and NHibernate - good example of how to use DI and UOW in MVC application. It shows NHibernate, but it can be used for Entity Framework. It also shows how to use in the context of the different layers of an application.

Castle Windsor Tutorial 1 - I highly recommend reviewing this tutorial. It shows how to create a Castle Windsor container application. It is complex enough to see how a whole application can be done with only calling the container 3 times. It also found it useful to modify the code such that it does NOT use IoC (i.e. not using Castle Windsor). This involves instantiating objects by hand. Then a line at a time, I removed the code I added to hardcode the creation of an object and added the appropriate line in the Installer for that object. Run the application between changes to see how the container actually instantiates the objects automatically once they are registered (in the installer).

Castle Windsor Tutorial 2 - In the case where you do need to create your own instances of an object and still use IoC, you should use TypedFactoryFacility.

Krzysztof Koźmic on software - talks about IoC concepts in depth.

What's New

Top 10 Changes in ASP.NET 5 and MVC 6

Entity Framework

Configuring Relationships with the Fluent API i.e. configuring Cascade delete and one-to-one relationships.

Unit Testing

Testing Entity Framework with a MOQ - step by step instructions on how to test the EF6+ using MOQ. I am using the latest EF6 and did NOT have to change the class the inherits from DbContext such that the DbSets are virtual because they are already that way in the T4 templates.Also, if you need to access the .Set method of the DbContext then you will need to tell the mock what it should be returning using something like: mockContext.Setup(m => m.Set()).Returns(mockSet.Object); See here for more details.

Attributes for MSTesting - includes samples of attributes for setup and cleanup methods that apply to tests, classes, assemblies, etc depending on the scope you need. A class can be created that has assembly specific setup and cleanup and doesn't need to have any tests actually in the class itself. Teh class does need to be marked as TestClass() though.

Unit Testing Good Patterns #3 - Know Your Moq Argument Matchers - this is an excellent read to understand how to use the It and Verify classes.

Keeping up

Code Magazine

Entity Framework Team Blog