Entries for 'Mitchel Sellers'

August 03, 2017

DNN Upgrades & Security Roundup August 2017

It is hard to believe that it has been a month already since my last post about DNN/Evoq Security. A lot has transpired since that last release. Some additional security releases and patches have come out. In the end, we are at a time where I believe we are past the storm, but I thought it would be good to revisit the recommended actions for users. (For those non-DNN/Evoq followers of this blog, hang tight, next week will be the start of lots of fun Entity Framework, .NET Core and similar content!)

June 30, 2017

June 2017 DNN/Evoq and Module Security Summary

The past week has been a bit hectic in the DotNetNuke/Evoq space. Four confirmed security vulnerabilities were identified that could impact existing installations, one last week and three this week. Sadly, many sites have already been exploited by these vulnerabilities, adding a bit more urgency to the situation. Although many people are aware of the situation we have found that not everyone knows what is going on, so we thought it would be prudent to share what we know about the situation. This information is being shared both on Mitchel's Technical Blog as well as our corporate website.

May 23, 2017

Creating Effective, Repeatable, & Usable Code Demos

Over the years I have given more than 350 talks at various conferences, code camps, user groups, and other events. There are two things that I have always been very cautious about; demonstrations requiring an internet connection and those that require "live coding." Solutions for internet connectivity are relatively straightforward. I have historically tried many things to work through the "live coding" issues as well. But until recently I hadn't stumbled across the "right" solution. I think I might have the solution now!.

May 10, 2017

Updated ASP.NET Core 2.0 & Full .NET Framework

This week is the week of Microsoft's BUILD developer conference where lots of new announcements are typically made. Yesterday it was revealed that the next version of ASP.NET Core, version 2.0, will no longer support running on the full, existing .NET Framework. (.NET 4.7 for example). There has been a lot of various feedback on this topic, and I thought I'd chime in a bit with my opinion as well, as with all posts I welcome conversation and alternative viewpoints in the comments.

May 10, 2017

Adding WebApi & OAuth Authentication to an Existing Project

There are many tutorials out there that discuss the ease of setting up a new project, and checking all of the magic boxes to add Identity, WebApi controllers, and more. However while these may be helpful, in the real world situations are often not as simple. We might have existing projects that at the start didn’t need WebAPI - or maybe we used WebApi controllers in our code - but all in all, we didn’t get the proper security architecture in place.

In this post, we will walk through how to enhance an existing project to be able to create WebApi controllers and properly secure them using OAuth.

April 27, 2017

Publishing ASP.NET Core Applications to Azure Action Pack Hosting

The more I work with ASP.NET Core, the more I love the new way of doing things. We have far better language features to help make life easier, however, with all good, there is some bad. Compilation and deployment are something that still is just a bit more complicated than it should be. In the past few weeks, I've been working on getting a practical, full featured application deployed under ASP.NET Core. One of the hardest parts was getting the application published to my hosting environment. Everything would run locally just fine, but for one reason or another, I would not be able to get things working as expected on the hosting provider. Compile & Publish would finish in my automated environment without error, yet files were missing. Finally, I managed to figure out what was going wrong, so I thought I'd share.  

March 09, 2017

FireFox and Insecure Password Notifications

Passwords are something we talk about as developers a lot when working with custom systems. We talk about the logistics of how to reset them, how to store them, and related back-end options. It is often simply assumed that we will be using SSL when we submit these passwords to our websites. This assumption, however, is often a big oversight and exposes a potential point of risk to websites. I'm blogging about this today, because FireFox, starting with Version 52 introduces a feature that calls all of us developers on any oversight in this situation.

February 24, 2017

Take Control of Code Coverage Analysis with Exclusions

As developers Unit Testing makes our jobs easier, we have consistent tests to validate our work, change management becomes easier, and we can prove the functionality remains the same. In collaboration with various companies, however, I find that often the tooling gets in the way of developers understanding exactly how much of their important code is covered by unit tests. Visual Studio provides unit test coverage tools for reporting, yet often the tool ends up discouraging users due to a lower than expected rate of coverage. In this post, we will investigate a few common areas that can impact your unit test coverage, and how to prevent certain items from changing the reported coverage percentage.

January 30, 2017

Finding Performance Settings in DNN 9.x

With the recent release of DNN Platform version 9.0.0 & 9.0.1 I have been an increase in the requests for updates to my prior guides on locating the important performance settings since everything has moved to different locations. A major overhaul of my Performance Whitepaper is underway, however, I wanted to take a little bit of time to run through key settings for those new to 9.x. Consider this a high-level walkthrough of key concern areas.

January 25, 2017

Using Entity Framework with Legacy Databases

I find more people are interested in getting started with Entity Framework within their organizations. However, the various documentation and examples that exist don't necessarily give the best overall implementation solutions. I have worked with many people that have thought "we have a legacy database setup, we can't use entity framework" or "we cannot use migrations, so we can't use code first." Both are very common misconceptions, but something that isn't the case. It just takes a bit of work. In this post, we will dive into the specifics of implementing Entity Framework to a legacy database, where we cannot rename tables and other objects without substantial effort. A link to full code will be provided at the bottom.

January 24, 2017

Development Tools: NDepend & Quality

I often get asked which tools I use for development or reviewing of existing codebases. This question is often hard to answer directly, as every situation is a bit different. However, I thought it would be worth trying to revisit the tooling topics to help others possibly improve their environments by knowing the tools I find helpful. This post will be the first of a limited number of occasional posts on tooling. With the primary focus of my topics still being with ASP.NET, MVC, and performance. If you find these helpful, though, I'd love to get some feedback.

November 11, 2016

Applying A Methodical Approach to Website Performance Issues

Last week the folks at PostSharp where kind enough to host me for a webinar on website performance.  For those that have attended my various performance talks over the years I'm a firm believer in following a process every time to resolve issues.  In this webinar, I discuss the beginning portions of approaching website performance issues, tips that are helpful for those with existing applications, or even those that are starting fresh.  

November 09, 2016

Be Part of the Future: Test/Review DNN 9.x

Exciting times are upon us as users within the DNN ecosystem, regardless of if we are users of the OpenSource DNN Platform product, or if we are users of the commercial Evoq product lines.  The next release of DNN 9 will include some of the most significant changes to functionality that we have seen in many years.  With the coming change, we are at a crossroad, where community involvement is critical to ensure that the next version of the product is as good as possible.

September 24, 2016

Properly Using DNN's Custom 404 Page

Recent issues with a few clients I have encountered some "unusual" behaviors.  Either a situation where we had an unusual redirect situation, or we had pages that were showing HTTP 200 (success) status responses when in all reality the page truly didn't exist.  In the end, we had an IIS customization configured to handle certain types of 404's that DNN wouldn't handle, such as those for missing images, javascript files, and more.  Nothing that we haven't done for quite a while.
September 07, 2016

Date Fields, ASP.NET MVC, HTML5, and Web Browsers

Life as a developer with our current tools is quite amazing.  Even those of us without any real "creative" side can build applications that look nice, that accept user inputs nicely and provide a decent user experience.  The one downside to these features is the different times where we can be tricked by the tools and trying to track an issue down will result in needing to dig deep to find the "right" solution for the situation at hand.  In this case I'll share a quick tip with dates & MVC and HTML5.

July 15, 2016

Being a Good DNN Citizen: Referencing Database Tables

For quite a while now I have written about development best practices, methods to improve the performance of developed solutions, and a little about how to be a good citizen with other portions of the application.  In this post I will take a look at a few standard situations that I have encountered when working with developers new to the DNN Platform.  

July 14, 2016

Avoiding Unexpected Bundling Issues with ASP.NET MVC

One of the most commonly overlooked tasks that I find when working with development groups is the act of Bundling and Minification of CSS and JS resources. There are many solutions to accomplish this task and various developers will have their own preferred frameworks.  I personally find that the features provided by ASP.NET meet many of my needs quite well, however, there is one common gotcha that can impact production deployments that might not get fully tested.  This post is not specifically about HOW to bundle with ASP.NET, but is more around how to prevent unexpected issues in production.

May 26, 2016

Resolving Issues with Security Compromised DNN Sites

Yesterday I published a blog posting about a recently re-surfaced security vulnerability within the DNN/Evoq platform.  In that post, I provided the steps necessary to mitigate the risks associated with the exploit.  If you have not yet taken the steps listed in that posting, please be sure to take those steps immediately.  This posting is geared towards the proper auditing, review, and resolution of any issues that might be present on a compromised site.  Please note, even if you do not believe you were compromised PLEASE review the first section of this post to be sure.
May 11, 2016

Update to DNN/Evoq Url Redirect Provider for Multi-Portal Installations

One often overlooked free utility for DNN/Evoq are the open-source DNN Extension Url Providers. These providers are there to help with social URL's and URL redirects. The URL Redirect provider is a must-have solution for those migrating from other platforms into DNN as it provides a method to easily add complex URL redirects into your system for old URLS. Even for those that are working under the Evoq URL provider. I was made an administrator of this particular product more than 2 years ago, however, we haven't had much of a need to add features until today.
April 05, 2016

When Memory Caching Doesn't Mean Memory

For a number of years I have been providing guidance on how to get the best performance from DNN. One of my key recommendations is to change the caching mode to "Memory" from the default setting of "File." The setting change itself is quick and harmless, simply change the value in Host Settings are you are done. Well, come to find out it isn't exactly that easy.
January 16, 2016

Preparing for Load Balancing Diagnostics a Retrospective

As web application become more complex, or as individuals demand better performance or reliability, the addition of more web nodes is very common.  For those with a technical background we can easily see the complexity that is introduced as we load balance our applications.  Simple tasks such as writing a file to the local file system have now become far more complicated tasks.  How are the servers getting their content?  Shared file system?  File Replication? (DFS, RoboCopy, etc.)  When things work beautifully, it is great, but when they don't it can be a nightmare.  In this post I want to share a few "lessons learned" as it relates to load balancing diagnostics.  The information contained in this post is specifically related to working within a DNN Installation, however, the same principals will apply regardless of the platform.

December 30, 2015

DNN/Evoq Scheduler: Setting Expectations

One of the fundamental features of the DNN/Evoq platform is the the internal "Scheduler" system.  Creating a Scheduled Job is an easy process, and something I have blogged about in the past.  However, I have been seeing more questions recently around what exactly is meant by the "5 Minute" Interval or other settings regarding the scheduler jobs.  The root cause is the differences in expectations versus what is possible.
December 29, 2015

Debugging & Managing NuGet Packages A Lesson Learned

Over the past few years those of us in the .NET development space have been forced to jump on the NuGet bandwagon as it relates to adding certain dependencies to our own projects.  No matter what our individual thoughts are with regards to NuGet we must learn to live with the tool, and use it to the best of our abilities.  Most of the time the packages that we use will be well-formed and managed in a responsive manner.  However, as I recently learned, that isn't always the case.  When things start to go awry it can make your standard diagnostic processes less than successful.  Given these experiences I wanted to share two recent experiences with NuGet, not in an effort to shame any of the involved parties, but to help illustrate the importance of looking at solutions & packages in a different light than your standard development processes.

November 23, 2015

St. Louis Days of .NET / DevUp Followup

On Saturday November 14th, 2015 I gave three presentations at the St. Louis Days of .NET / DevUp conference. For those in attendance, or for those interested in the topics discussed the presentation materials are all here.

November 20, 2015

Check Your DNN Configuration for Performance!

More than six years ago I created the first version of my  DNN Performance Best Practices guide.  This guide has been downloaded by thousands of people looking to get the best performance out of their DNN installations.  The guide has been the training tool I've used for new members of my staff, and it serves as the baseline for any new DNN installation that we work with.  However, in this post I want to draw attention to what has recently become a silent killer with regards to DNN performance.  

October 08, 2015

Handing Namespace and Class Changes in Entity Framework

Entity Framework is an amazing set of tooling that helps to manage data access in an efficient manner, however, it seems that when things start to go "funny" it can be a major time-suck.  A recent issue that I experienced that I thought would be worth sharing was an issue related to applying migrations.  Adding migrations is something that has become trivial, yet one day my project reported Unable to generate an explicit migration because the following explicit migrations are pending:.... With every single one of my existing migrations listed.  This was highly curious, as the application has been in use, in production, for the better part of a few months.

September 23, 2015

Fixing Failing DNN Scheduler DNN 7.3.x Issues

In the past few months I have had to work with various issues with DNN/Evoq sites not executing scheduler jobs.  A number of various blog posts as well as forum posts have been started on the issue, and all point to a similar issue with regards to case-sensitivity with the scheduler and the web server name.  I had a recent situation though where I had fixed all of the issues outlined but was still seeing an error.

September 17, 2015

Don't Fear the Cache

Over the past three to four years I have spent extensive time working with customers to improve performance.  As part of this endeavor I have had the pleasure of working with numerous internal, external and third-party development teams for these companies and the experiences have provided a great deal of insight to how people look at performance with software development.  This experience transcends platforms as the specific concern with this post has been experienced with ASP.NET MVC Projects, DNN Projects, WPF projects, and even those on mobile devices.  Although each platform or process will have different rules and requirements for performance and methods to manage it, there are a few constants. This post is going to be the first of many posts around performance optimization and development. best practices. 

September 08, 2015

Avoiding Issues with DNN EncryptParameter

Working with DNN extension development we often need to share information from page-to-page or other locations within our application and we want to do so in a secure manner.  For the longest time DNN has contained a handy set of methods in the UrlUtils namespace, EncryptParameter and DecryptParameter.  They are easy to use, but just recently I have uncovered a very unusual situation that resulted in an error.  Funnily enough, this code has been running in production for more than 5 years!

August 25, 2015

ASP.NET MVC 5 & Bootstrap 3 Validation Usage

There have been many posts out there that show various solutions to use ASP.NET MVC 5 with Bootstrap 3 style input validation.  Some of the solutions are far better than others, and others looked perfectly elegant, yet they didn't necessarily result in changes working the way that one would expect.   After trying multiple solutions I found that I was able to take one of the more elegant solutions and it was working for "success" but wasn't working for error states, so I decided to dive in an fix it for my situation.

August 11, 2015

Determining Database & Table Sizes in SQL Azure

As the popularity of Microsoft's Azure platform continues to rise, I find myself constantly adding new scripts to my library.  As technology continues to evolve we need to find different solutions to meet technology needs.  SQL Azure has introduced a number of changes to processes and protocols as it relates to development & support.  One of the most viewed topics on this blog is my Determining SQL Server Table Size, a quick post from 2007 after helping a co-worker solve a problem.  Fast forward 8 years and this post still sees more than 1,000 views in a month.  However, try to run that on SQL Azure and you will have an issue.  SP_SpaceUsed is not available to us on that platform!  In this post I will provide a few helpful queries to get around this limitation.

July 20, 2015

Visual Studio 2015 RTM - My Favorite Features

It seems like just yesterday that we were anxiously awaiting the release of Visual Studio 2013, now we are on the brink of yet another round of amazing .NET changes.  The evolution of the development tools as well as the underlying languages and platform can be daunting to keep track of.  Having been using Visual Studio 2015 for a while under the various Microsoft Release Candidate releases I have had a good amount of time to play with the IDE as well as the new language features.  So I thought what better way to help celebrate the RTM (Release to Manufacturing) of VS 2015 than to share my favorite features and improvements.  This is only a mere subset of the features that I enjoy.  i will have future blog postings going into more detail on a number of these!

January 27, 2015

Adopting a Performance Focus With Software Development

Over the past few years I have given a number of talks and written multiple blog posts on the topic of performance optimization as it relates to software development.  These postings have been very technical in nature and focus greatly on the problem solving aspects of application performance.  However as I review my presentations one of the most critical aspects of application performance is actually business organization and dedication to application performance.  In this post I would like to review the common approaches that I see within development teams and easy ways for management to encourage positive change to focus more on development.

January 19, 2015

Developers & Recruiters: Managing the Relationship

For one reason or another in my entire career I have helped to mentor others in professional development and educational topics.  I think this comes from getting involved in educational environments within a few years of starting the "real job."  Over the years I have shared a lot of information with others that over time I have been able to see the benefits.  A recent situation locally got me thinking about some of these topics and I decided to create a new category here on the blog around "Professional Development" to help share some of these tips and tricks.  In this first post I'm going to talk about something that can be create very sticky situations and that is the relationship between developers and recruiters.  Although applicable to other industries, my thoughts and experiences are based on working with IT recruiters which seem to have a few different needs/styles than others.
December 15, 2014

DNN Quick Tip: Ajax Postback Controls

In an effort to get more regular content out here to the blog I am going to try and resume my "Quick Tips" posts.  These are much shorter posts than some of the more involved ones that I do, but cover common questions and tips that I get via email.  A very common request that I get from developers after they have set the "SupportsPartialRendering" flag within their module manifest is how can they set a control to force a postback quickly & easily.  Lets investigate!
December 15, 2014

Vendor API Integrations: Developer Beware

Since I started IowaComputerGurus in early 2006 I have worked on more than 100 different vendor API integrations.  Now two integrations have been the same, even if they are both going to the same vendor API.  Each integration project is a unique beast, the business requirements however similar are exactly that, similar.  The small changes, the small tweaks that you might have from one client to another on the same platform can be catastrophic.  Having done so many of these, I thought I had seen it all, from poor API's, to poor support, and everything in-between I could go on for days with the things I've experienced over the years.  However, after two recent experiences, by far the most horrible I've ever experienced I thought I'd share a few lessons learned to help others out there learn from my experience over the last 4-6 months.
November 17, 2014

Keeping Your DNN Website Clean: The Web.config

In the past 6 months I have been working on a large number of migrations from older versions of DNN to newer.  This blog post is going to be a first post in a series of posts around various activities that site administrators can do that will make future site administration easier.   Over time websites will have modules installed, modules removed, upgrades performed and other activities that can often leave lasting marks that only add confusion to things in the future.  Lets look at one area that can/should be cleaned on a regular basis and that is your web.config.
November 17, 2014

2014 St. Louis Days of .NET Presentations

This past week I had the pleasure of giving 4 different talks at the fantastic St. Louis Days of .NET event.  This event has become one of my favorite events to attend each and every year.  Well attended, great sessions, and engaged attendees makes for a truly spectacular event.  In this post I'll provide relevant links for materials from each of the talks!
November 03, 2014

Back to the Basics: LINQ and You

This past weekend I was a presenter at IowaCodeCamp, my favorite local .NET event each spring/fall.  My session this year was "Back to the Basics: LINQ and You" and it was much more popular than anticipated!  After spending a lot of time training development teams over the past year I found that although LINQ has been available since 2008 many individuals have either not yet had the chance to use it yet in their projects or those that are using it still didn't fully understand how/why it works the way that it does, and thus my session was born!
October 08, 2014

Performance Testing Success Story: An Active Third-Party Vendor

I often talk about the importance of having well performing applications.  The reasons for my focus on performance are vast and range from the user experience, ability to handle load, Search Engine Optimization (SEO), and everything in between.  One of the most common issues that I will encounter with client sites when optimizing is that the root of their performance problem might reside with a third-party component that they have used.  Sometimes this was a component they selected, other times it was a component another consultant recommended, and even other times it was an item that was part of the framework that they were using and they did not have a choice.

This post is dedicated to a "happy story" with regards to performance optimization and experiences with third-party vendors.

September 12, 2014

Load Testing Your Application: Art or Science?

Earlier this year I blogged about this importing of understanding and knowing how your application will perform under load.  (See it here).  After receiving a lot of questions from individuals wanting to learn more about "how" they can load test their applications and the tools that I use when testing applications I thought it would be good to follow up with a post to shed a bit of light on the process.  
September 12, 2014

Understanding the Logistics of Moving Websites

Recently for a number of reasons I've been working with individuals that are taking a website and moving them from one hosting provider to another.  Sometimes these moves are taking the existing site as is, other times it is migrating to a "new site" at the same time.  However, after doing at least 10-12 of these in the past few months a few common points of "confusion" have come to light.  As such, due to popular request I'll lay out the basics of how to move a website from one hosting provider to another and discuss the component parts that are involved in such a move. Although a bit "off" from my normal development or performance topics this is still a very real thing for many people!

August 01, 2014

DNN Spam Registrations & You!

Recently there has been a lot of discussion in the community around DNN Spam registrations and methods and processes to prevent or fix the issues that are associated with them.  I've been debating on if/when I should actually write about this given that there is an Official DNN Software response on the issue, as well as many other community comments.  Well, tonight, while on vacation I had a server go down and guess what it was because of this very issue so I think its time to give my quick perspective and recommended action points for those of you that are running a DNN site.  These recommendations apply for ALL DNN versions!
July 06, 2014

Module Performance; Set Yourself Apart

With a plethora of modules on the market today, it is often hard for users to select the "right one" for their solution. Help yourself, and help your customers by setting your modules apart in one of the most important ways, performance. Not all DNN sites are large, not all DNN sites are small, that's the beauty of the platform. However, many modules & vendors ignore this major difference. Lets look as some simple tips & tricks to help us set our modules apart.

May 30, 2014

Improving Web Application Performance - Part Three Client Side Considerations

In the first two parts of this blog series we introduced the importance of defining metrics prior to starting any performance optimization activities and the importance of identifying any user or role based issues.  In this part of the series we start to dive into the actual optimization part of the process.  I will start by introducing key concepts to look for, and then we will review the tools of the trade that can be used to help identify trouble points.  It is important to note that the information contained in this post is 100% applicable to ALL server side languages, regardless of .NET, PHP, Java, or anything else you might select to use.
May 29, 2014

Improving Web Application Performance - Part Two Users & Environment

Now that we have a set of metrics to use to validate the performance of our web application we can now start to dive deeply into resolving issues.  The first step in this journey is actually a step often overlooked by those that I encounter.  Professionally speaking 3 in 5 performance consultations that I am involved with are actually resolved by taking the points in this post into consideration.  So lets get started looking at users & environment.
May 27, 2014

Improving Web Application Performance - Part One Metrics!

For the last four or five years I have given a number of presentations on improving the performance of web applications, sometimes specifically focusing on DNN other times taking more broadly on ASP.NET.  However, the most popular of all presentations that I have given on Web Application performance was a session that took a broad look at application performance not only from a server side but also a client side application.  This talk was actually tailored to users that came from many application development backgrounds.  In this blog series I will share the information that was contained in that talk as well as a few more items of consideration that I have learned along the way.

Content provided in this blog is provided "AS-IS" and the information should be used at your own discretion.  The thoughts and opinions expressed are the personal thoughts of Mitchel Sellers and do not reflect the opinions of his employer.

Content Copyright

Content in this blog is copyright protected.  Re-publishing on other websites is allowed as long as proper credit and backlink to the article is provided.  Any other re-publishing or distribution of this content is prohibited without written permission from Mitchel Sellers.