TechEd NA 2014 – Building Rich Apps with AngularJS on ASP.NET

TechEd North America 2014, Houston
Building Rich Apps with AngularJS on ASP.NET – John Papa

Day 4, 15 May 2014, 8:30AM-9:45AM (DEV-B420)

Disclaimer: This post contains my own thoughts and notes based on attending TechEd North America 2014 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of either Microsoft, the presenters or the speakers.

Executive Summary—Sean’s takeaways

  • Some great tips for organizing AngularJS projects
    • Organized based on modules
    • Keep Controller code separate from View
    • “Above the fold”—show interface for code at the top, without implementation
  • HotTowel is good template for creating a new project
  • SideWaffle.com also has a bunch of template for AngularJS objects
  • Use design tools in Chrome to look at Javascript, data on wire, etc.
  • Use BreezeJS to do more involved CRUD apps
    • Change management
    • Dirty bit
    • Work in Progress, persisting local data
  • Persisting data locally really improves user experience

Full video

John PapaTech Evangelist, formerly of Microsoft
@john_papa
www.johnpapa.net

Why AngularJS works

  • Results quickly
  • But then you hit walls
  • This session is—about getting past these walls
  • 10 tips

Emotional roller coaster ride

  • Not a smooth ride, need to get past bumps

Building large scale apps requires some planning

Demos can be found at

Agenda

  • How components fit (basics)
  • HotTowel
  • Coding patterns
  • Structuring your project
  • Modularity
  • Tracing data
  • Exception Handling
  • Rich Data
  • Validation
  • Local Storage / WIP

Important to know which thing you need

Tip 1 – Component hierarchy

  • Module – sort of like namespace in .NET
  • Routes to get to various views
  • Views / binding ($scope) / Controller
    • $scope – data binding
  • In View, use Directives
    • 3rd party widgets
    • Like HTML tag in View
  • Controllers can have Factories
    • Features to share across controllers
    • Factory aka Service
    • SOLID principles

View

  • HTML
  • Built-in AngularJS directives

Controller

  • Goes in module
  • Handles View’s needs
  • Contains logic for the view (presentation)

$scope

  • Data binding

Modules

  • Create module
  • Way to inject features into your application
  • Bring in modules from other places
  • Containers of related features
  • Inject functionality into your app

Routes

  • Wire up URLs to Views
  • Defines app navigation

Directives

  • ng-xxxx – angular directive
  • Callbacks
  • Extends HTML
  • Javascript can stay in controller
  • Encapsulate reusable widgets

Factories

  • Basically, services
  • Singleton instance, share code across controllers
  • A controller’s best friend
  • Controller, always get instance (new)
  • Ideal for abstracting things like logger, local storage, etc.


Tip 2 – Jump-Start with HotTowel

  • Easy way to get started, rather than looking at blank screen

Project template

  • Layout – CSS and fonts should be there
  • Angular in project
  • Other commonly used scripts
  • Starter Files – Controllers, Views, Services

HotTowel-Angular

Demo – HotTowel

  • File|New ASP.NET Web, empty
  • NuGet package manager
  • HotTowel.Angular
  • Gets dependent stuff
  • Moment – date library
  • FontAwesome – fonts

Tip 3 – Coding Patterns

Each component has one Job

  • Shorter .js files
  • Code always has interface and details
  • Name of service at top
  • Public portion with just list of functions
  • “Above the fold”

AngularJS File Templates

Demo – SideWaffle

  • Lots of great things in Add New Item


Tip 4 – Structuring Your Project

Guidelines for Organizing AngularJS

  • L – Locating code is easy
  • I – Identify code at a glance
    • E.g. Not “Factories.js”
  • F – Flat structure as long as we can
    • Lot easier to find something in flat structure
    • After 7-10 files in folder, create sub-folder
  • T – Try to stay DRY
    • Don’t Repeat Yourself

Typical – folders by type, e.g. controllers, services, etc.

  • But when project gets big, this gets unwieldy
  • Better to do it by Feature
    • E.g. Dashboard, Person, etc.
    • Easier to split out on multiple-person team
  • If someone says you’re doing it wrong—they’re wrong
  • Browser doesn’t care how you organize your code

Options for structuring your file

  • By Type
  • By Feature
  • Combination

But be consistent

Tip 5 – Modularity

Modularity

  • Iterative development
  • Reusable components
  • E.g. add new module, plug into main module
  • Reusable components to assemble an app

Modules

  • Containers of related features
  • Modules can depend on other modules

Modules are Containers

  • <html ng-app=”moduleName”>
  • Module contains all of the supporting members for the associated feature

Categories of Dependencies

  • Angular modules – e.g. routing
  • Custom modules – things that you write
  • 3rd party – e.g. bootstrap, Kendo

Example for a modular app

  • Modules: Layout, Dashboard, widgets
  • Share core configuration—put this in a Core module
  • Drawing dependency chart for modules

Demo – Modularity

  • app.module.js – just lists the modules at the top that you need
    • E.g. Dashboard, layout, widgets
  • E.g. avengers module
    • avengers.module.js – defines angular.module and lists dependencies
  • On GitHub, johnpapa/ng-demos
  • Each module has its own routes
    • Use routehelper.configureRoutes
    • Each module defines its own routes
  • Core module
    • core.module.js – lists Angular and custom modules that it depends on
    • config.js – general configuration stuff, like app name, etc.
    • In core because all modules use this
  • Common module
    • Defines module that is end of the chain, no dependencies, empty array []

Tip 6 – Tracing Data

Tracing the data calls ** slide **

  • View – button press “Get Avengers”
  • $scope – binds to Controller
  • Controller calls Data Factory
  • $http – Ajax
  • Hits web service
  • Note: Application is asynchronous, i.e. responsive while data is being retrieved
  • Data Factory handles async response
  • When data comes back, you need to tell Angular that you got the data
    • Angular digest cycle sees the data
    • With $http, Angular knows when data returns, automatically triggers digest cycle

Demo – Tracing Data in the Browser

  • avengers.js – gets data, uses .then for promise, indicating what to do when data comes back
  • Using debugger in Chrome

Tip 7 – Exception handler

  • One place to handle all exceptions
  • Use toast to show errors

Catch and Handle all Exceptions

  • Local and Remote logging
  • Dev vs. Debug modes
  • Consistency

Decorate the $exceptionHandler Service

  • You add to built-in exception handling features

Demo – Exception Handling

  • Look at exceptionHandler.js


Tip 8 – Rich Data: BreezeJS

  • When you need more than just simple data

Why Use Rich Data?

  • $http gives you basic access to data
  • After that, Breeze lets you
    • Track changes, etc.
  • Multiple views of the same object
  • Change data in one place, change flows to other places
    • Propagate changes

Dirty entities

  • Can do stuff like setting Enabled for widgets, based on dirty bit

Demo – BreezeJS

  • Breeze can hit against various things, e.g. Mobile Service, EF
  • Breeze keeps track of changeset – added, modified, deleted
    • Data not yet sync’d to database
  • Breeze then saves data back to cloud, but only the stuff that’s changed
  • Explicit sync

Tip 9 – Validation

  • Do you validate changes on client for better user experience?
  • When validation error occurs, show the user immediately

Model Validation

  • Where does presentation logic belong?
  • Validating in HTML
    • Appears in every view
  • Push validation down into Model
  • How do we validate?

Demo – validation

  • data-z-validate in <input> or <select>
  • If using EF, stuff like max length of field is in metadata
  • Metadata, but also custom rules

Validation on the server is mandatory

  • Always do it on the server
  • But also do it on the client

Demo – Model Validation

  • Validation rules free, out of the box
  • Also maintaining a full list of all of the validation errors
  • On New item, don’t yet show validation errors for unfilled fields

Tip 10 – Work in Progress with Local Storage

  • Why risk losing changes?

Options for saving changes

  • When user leaves page, you lose changes
  • You can’t leave (popups)
  • Auto-save as user types
    • Send to database
    • Tons of network traffic
    • Incomplete object?
  • Use local storage

Demo – Work in Progress with Local Storage

  • Note: “Updated WIP” (in Breeze)
  • Start indicates dirty bit
  • Data survives navigate to another page and back again
  • Even survives browser restart

How it Works

  • Export/Import

 

Sean Questions

  • How would Angular fit in with MVC? Can they be used together? Does that make sense?
Advertisements

TechEd NA 2014 – Announcing Hybrid Connections

TechEd North America 2014, Houston
Announcing Hybrid Connections: Building Amazing Hybrid Web Sites and Mobile Apps in Minutes – Santosh Chandwani

Day 4, 15 May 2014, 1:00PM-2:15PM (DEV-B307)

Disclaimer: This post contains my own thoughts and notes based on attending TechEd North America 2014 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of either Microsoft, the presenters or the speakers.

Executive Summary—Sean’s takeaways

  • Hybrid connection is a simple way to access on-premise resource from Azure
    • When you don’t want to do something more complex, like VPN / ExpressRoute
  • Connection Manager allows connecting to an on-premise TCP or HTTP service
  • Can connect to Azure web site or Mobile Service

Full video

Santosh Chandwani, Senior Program Manager, Azure, Microsoft
@santoshc1
santoshc@microsoft.com

Evolving Enterprise Infrastructure

  • Traditionally, have put everything on a corporate network
  • Azure also has its own network
    • Makes sense to move stuff into the cloud
  • But common to want to keep some critical data on-premise
  • One way to connect these networks
    • VPN, ExpressRoutes
    • Some limits
  • But sometimes you just a simple connection to an asset running on-premise
    • Simple

Objective

  • Reinforce ability to do hybrid applications on Azure
  • Extend hybrid capabilities to all Azure services (e.g. PaaS)
  • Don’t want custom code or infrastructure on-premise
  • Secure access without changing network configuration
  • Enterprise admins continue to have control and visibility

Introducing Hybrid Connections

  • Feature of Azure BizTalk Services
    • But don’t require using all of BizTalk
  • Fast, easy way to build Hybrid Apps in preview
  • Connect Mobile Services to on-premises resources

BizTalk Services FREE Edition (Preview)

  • Preview this week
  • Use Hybrid Connections at no charge
  • Hybrid Connections and Data Transfer now included w/all BizTalk Services tiers

Key Features

  • Access to on-premises resources
    • SQL Server, or resources that use TCP or HTTP
  • Works with most frameworks
    • Support for .NET, .NET for Mobile Services
    • No mention of Web API
  • No need to alter network perimeter
    • No VPN gateway or firewall changes to allow incoming traffic
    • Applications have access only to the resource that they require
  • Maintains IT control over resources
    • Group Policy controls, so enterprise admins can control

Hybrid Connections

  • Hybrid Connection Manager
    • Can discover resources on premise
  • From Web Sites or Mobile Services

Demonstration – Web sites

  • Shows web site talking to SQL Server, both on corporate network
  • Then publish web site up to Azure
  • Talking to SQL Azure database
  • Now, set up hybrid connection
    • From Azure Portal, add
    • Name
    • Hostname – on local network, also port name
    • Hostname—could it be IP?
    • Create or use BizTalk Service
  • At this point, it’s just existing on Azure—doesn’t actually connect to anything
  • Set it up from web site, so it knows that web site wants to connect to it
  • Then Remote into desktop
  • IP address could be any device
  • Manager must run on Windows
  • Listener Setup (thru portal)
    • Connected through the portal’s same account
    • They could also do manual setup, with MSI & connection string
  • Where in connection manager did we specify IP address to expose?
    Or was it because we installed it directly on the node that we want to connect to?
  • Now change conn string on web site
    • Replace connection string
  • Refresh web site, now talking to SQL Server on-premises

Lift and Shift

  • Lift web site up into Azure
  • Shift connection to point back to on-premise database
  • No code changes

Flow

  • Identify application by host name and port
  • Gave hostname and port to hybrid connection
    • Note: name could only be resolved on corporate network
  • Hybrid Connection Manager
    • Has gone through all security and threat models from Microsoft
  • Arrow directions—how is connection initiated
    • HCM initiates connection to both local resource and up to cloud
  • HCM pushes data
  • Once we spin up hybrid connection, we can use it from multiple services

Demo – Mobile Services

  • Mobile Services – .NET back-end
  • Can now launch and debug Mobile Service locally
  • Creating hybrid connection for Mobile Service from BizTalk Services portal
  • From Mobile Services part of portal, then pick existing Hybrid Connection (and BizTalk service)
  • Then set conn string to point to local database
  • Change code in Mobile Service to use the new connection string
  • Now running local app that goes to Mobile Server to get data
    • Mobile Service in turn is connected to hybrid connection
  • Remote to PC and install hybrid connection manager

Constraints

  • Supports resources using TCP and HTTP for connectivity
    • Only static TCP ports
    • Need to know ahead of time what the port is
    • Also static IP address, presumably ?
    • Maybe dynamic ports in the future
  • Hybrid Connections don’t buffer or inspect traffic
    • TLS can be negotiated end-to-end between application and on-premises resource
    • Dynamic port redirection, e.g. FTP passive mode – doesn’t work (not supported)

Security

  • Uses Shared Access Signature Authorization
    • Secure, Simple, Familiar
  • Separate roles for on-premises connector and application
  • Application authorization is independent
    • Between web site and on-premise resource

Walkthrough

  • Max 5 connections to start with
  • On-premise setup
    • Link to download MSI will be available soon
    • Can use Powershell and MSI to create connection
  • When you get the on-premise installer, the set of connection strings for the connection
  • Mobile Services not yet in new Azure portal

Resiliency & Scale

  • On-Premises Resources can be scaled out as usual
    • Clustering, availability for SQL
  • Applications can be scaled out on Azure
    • Each instance of Website or Mobile Service will connect to Hybrid Connection
    • Don’t have to do anything special
  • Multiple instances of Hybrid Connection Manager supported
    • But going to same IP address
    • Gives us scale

Enterprise IT in control

  • Manage resource access for Hybrid applications
    • Group Policy controls for allowing access
    • Admins can designate resources to which Hybrid Applications have access
  • Event and Audit Logging
    • IT has insight into resources being accessed
    • IT can use existing infrastructure investments for monitoring and control
  • Dashboard on Azure portal
    • Access to connection health, status
    • Will provide insights on usage and metrics (future)

Pricing

Summary

  • Fastest way to build hybrid applications
  • List and Shift web workloads to Azure web sites whilst connecting to on-premises data
  • On-premises data just clicks away from Azure Websites & Mobile Services

TechEd NA 2014 – Microsoft Azure Resource Manager

TechEd North America 2014, Houston
Microsoft Azure Resource Manager – Kevin Lam

Day 4, 15 May 2014, 2:45PM-4:00PM (DEV-B224)

Disclaimer: This post contains my own thoughts and notes based on attending TechEd North America 2014 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of either Microsoft, the presenters or the speakers.

Executive Summary—Sean’s takeaways

  • Now group all resources in Azure portal into resource groups
  • Resource group should be based on whatever grouping makes sense to you
  • Can use Powershell and REST-based API to create/destroy resources
  • Resource templates can be used or modified
    • Start with templates used to create resources listed in gallery

Full video

Kevin Lam, Principal Program Manager, Azure, Microsoft


Today’s Challenge

  • Tough to
    • Deploy or update group of resources
    • Manage permissions on group of resources
    • Visualize group of resources in logical view

We have various Singletons

  • E.g. SQL Database, web site, etc.
  • Deploy is harder
  • Proper use of resources is more abstract
  • Isolation makes communication a challenge

Resource Centric Views

  • (old portal)
  • Big flat list, long list at left

Introducing Resource Manager

  • Application Lifecycle Container
  • Declarative solution for Deployment and Configuration
  • Consistent Management Layer

Resource Groups

  • Tightly coupled containers of a collection of resources
  • Can be same type or different
  • Every resource lives in exactly one resource group
  • Resource groups can span regions
    • E.g. web site located in multiple regions

Coupling for Resources

  • Resource Group is a unit of management
    • Lifecycle – deployment, update, delete, status
    • Grouping: metering, billing, quota – applied, rolled up to entire resource group

Q: Link resource groups together?

  • Not yet. But soon. Will be different ways to view resources

Resource Group Lifecycle

  • How do you decide where to put resources?
  • Hint – do they have common lifecycle and management?
  • Answer – up to you

Power of Repeatability

  • Azure templates can
    • Ensure idempotency –
    • Simplify orchestration
    • Provide cross-resource configuration and update support
  • Azure templates are:
    • Source file, checked-in
    • JSON file
    • Specifies resources and dependencies and connections
    • Parameterized input/output
  • Template drives execution list, based on dependencies

Add Your Own Power

  • Some resources can be extended by allowing more code or data inside resource
    • E.g. AV agent inside VM
    • WordPress web-deploy package on a Website
  • Allow for Scripting or Imperative configuration of resources
  • Extensible solution (Windows/Linux)
    • Chef, Puppet, etc.

Consistent Management Layer

  • Service Management API
    • Portal uses same API that is available to devs
  • Routing to appropriate resource provider
    • Resource providers adhere to resource provider contract

What Does This All Mean?

  • Application Lifecycle Container
    • Deploy/manage application as you see fit
  • Declarative solution for Deployment and Configuration
    • Single-click deployment of multiple instantiations of your application
  • Consistent Management Layer
    • Same experience of deployment and management, from wherever

Demo – Implementation

  • Postman hooked up to REST API
  • Hit API, get JSON data back
  • Examples
    • Get resource groups
    • PUT SQL Server (create)
  • Creating SQL Server node takes a bit of time
  • Then PUT SQL Database on that server
  • Anything that you PUT, you can also GET
  • Can get list of resources
    • Then index by number

Demo – New Portal

  • Gallery – curated list of resources that you can create
    • Microsoft and 3rd party
    • All creation is done by templates
    • You can get these templates and pull them down (PowerShell)
    • Can modify and use these default templates

New JSON editor in Visual Studio

  • With intellisense

TechEd NA 2014 – Async Best Practices for C# and VB

TechEd North America 2014, Houston
Async Best Practices for C# and VB – Mads Torgersen

Day 4, 15 May 2014, 10:15AM-11:30AM (DEV-B362)

Disclaimer: This post contains my own thoughts and notes based on attending TechEd North America 2014 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of either Microsoft, the presenters or the speakers.

Executive Summary—Sean’s takeaways

  • Avoid async void
  • Don’t use parallel threads for I/O bound code
    • Don’t want to waste threads in thread pool by having them waiting on I/O
  • Avoid event handler mess by using async/await
    • Use TaskCompletionSource to hook event to lambda that sets result of task
  • Don’t wrap synchronous code in async method
  • Don’t block UI thread to wait for completion of asynchronous code

Full video

Mads Torgersen– Program Manager, C# Language, Microsoft
One of the people responsible for the async feature

Key takeaways

  • Async void is only for top-level event handlers
  • Use threadpool for CPU-bound code, but not IO-bound
  • Use TaskCompletionSource to wrap Tasks around events
  • Libraries shouldn’t lie, and should be chunky

Async void is only for event handlers

  • User: if user clicks Print button too quickly, stuff not ready

Stop using async void

  • Unless you absolutely have to

Async void only for event handlers

  • Event handlers are async void
  • In your handler, you might call your own async void method
    • Then in 2nd method, you hit await
    • That method returns
  • Event handler then also awaits
  • ** slide – with arrows **
  • Can’t predict which order the methods will resume in

Variant #2 – Exception in GetResponseAsync

  • Exception doesn’t come back to original caller
  • async void method has no Task to put exception in
  • Then UI thread crashes, because no handler

How to fix

  • Make 2nd function Task return, then await it

Example 3 – virtual methods returning void

  • E.g. override of OnNavigatedTo, LoadState
  • The override calls base
  • But OnNavigated base calls overridden LoadState
  • Again, a race condition because we hit awaits and exit methods
  • Solution
    • Can’t return Task
    • Still hand off Task from caller to callee
    • Stick result of 2nd call in variable, after calling async Task helper method
    • Then in 1st method, can await on the variable!
    • Brilliant
  • Tasks always the best way to communicate completion

Example 4 – Can’t always see when you’re doing async void

  • Lambda
  • Lambdas may map to delegate that returns void
  • If both overloads offered, it picks Task-returning
  • E.g. If you Dispatcher.RunAsync with async lambda
    • When lambda returns, the caller thinks that work is done
  • Sol’n: find another way to communicate completion
    • Factor it out into async method that returns Task
  • Search for async (), check it

Async void only for event handlers

  • Principles
    • Fire-and-forget mechanism—almost never what you want
    • Caller unable to know when async void has finished
    • Caller unable to catch exceptions
  • Guidance
    • Use only for top-level event handlers
    • Use async Task-returning methods everywhere else
    • If you need fire-and-forget, be explicit
    • When you see async lambda, verify it

Threadpool

  • User: how should I parallelize my code
    • Loading list of housing data
    • Use Threadpool, task parallel library, parallel for?
  • Diagnose/Fix
    • Users code was not CPU-bound

Threadpool – sequential

  • Sequentially, you have to wait

Threadpool – Try #1

  • Parallel.For
    • Deserialize and add to list
    • Runs on parallel cores
  • Now down to 300ms, from 500ms
  • But is it really taking 100 ms per house?
    • Nope, it’s actually I/O bound
    • Deserialize is actually blocking on I/O

Is it CPU-bound or I/O-bound?

  • CPU-bound – should parallelize
  • I/O-bound – maybe not

How it works

  • Doing two threads, two cores
  • Gradually spins up threads, as it sees first thread waiting on I/O
  • So we created more threads than we need

How to code it right

  • Parallelize I/O bound code
  • List of tasks
  • LoadFromDatabaseAsync
  • Then: await Task.WhenAll(tasks)
  • No threadpool
  • Thread should not be waiting on I/O

Threadpool – may get another bottleneck?

  • Moving off threadpool, but doing I/O in parallel may lead to I/O bottleneck if you have a large number of tasks
  • So use a queue and workers
  • Use WorkerAsync
  • Create three workers

Threadpool

  • Principles
    • CPU-bound okay on threads
    • Parallel.ForEach and Task.Run are good way to put CPU-bound work onto thread pool
    • E.g. LINQ-over-objects, computational
    • Use of threads won’t increase throughput on machine that’s under load
  • Guidelines
    • For IO-bound work, use await, rather than background threads
    • For CPU-bound work, use background threads via Parallel.ForEach or Task.Run, unless you’re writing library or scalable server-side code

Async over events

  • User
    • UI code looks like spaghetti
  • Diagnose/Fix
    • Events are the problem
    • Consider wrapping them as Tasks

Apple picking game

  • Multiple levels of events
  • Sequence of things all listed as nested lambdas
  • Ick !
  • Callback hell
  • Solution
    • State machine
    • Becomes complicated in a new way
  • Now we have everything as global events

The problem is events—they’re not going away

Solution

  • await async events
  • Trick – how to turn helper methods into async

Async over events – async helper methods

  • Use TaskCompletionSource<object>
  • Guy who creates TCS controls how task completes
  • Make your own task, rather than letting async create a task for you
  • Lambda just tells task that things are done
  • Then wire this lambda into Completed event
  • Then you await this tcs.Task
  • So—it’s about converted synchronous work with Completed handler into Task-based paradigm
  • Fantastic!

Async keyword is for creating logic around methods that are already async

  • When you want to create your own Task, use TaskCompletionSource

Wow, this is great. Learning async tricks from Mads..

Async over events

  • Principles
    • Callback-based programming, as with events, is hard
  • Guidance
    • If event handlers are largely independent, leave them as events
    • If they look like state machine, then await is maybe easier
    • To turn event into awaitable tasks, use TaskCompletionSource

Library methods shouldn’t lie

  • Signature hints at whether a method is synchronous or asynchronous

Library methods shouldn’t lie

  • Honest about synchronous
    • Some methods do actual work, occupy work
    • You should say so, synchronous
  • Synchronous methods
    • Do work
    • You’re not wasting your time waiting for me
  • Asynchronous methods
    • I’ll initiate something, but return immediately

Library methods shouldn’t lie – Example

  • Synchronous
    • PausePrint – burns CPU
  • Asynchronous
    • PausePrintAsync – await Task.Delay(10000)
    • Honest, because it returns immediately, spawns task
  • Don’t: wrap synchronous code in async method
    • Returns Task.Run (return it)
    • This method lies—it’s not really async
  • Never: wrap asynchronous code in synchronous
    • Async method that returns synchronously
    • Synchronous wrappers for asynchronous work – NO !

Dangers of wrapping synchronous in asynchronous method

  • Wrap synchronous in async
    • You’re still doing work
    • Hiding from app dev where work is being done
  • Threadpool is app-global resource
    • Scalability hurt
  • On server, spinning up threads hurts scalability
  • App is the best position to manage its threads
    • Don’t use threads in secret

Dangers of blocking – wrap asynchronous in synchronous

  • LoadAsync
  • Then wait on this in button click handler
  • And then update view
  • Rather than doing await so that handler returns immediately
  • LoadAsync works fine—creates thread
  • Blocks UI thread—bad !
  • Then LoadAsync does await and it leads to deadlock
  • Because the resumption of LoadAsync, after await, wants UI thread
  • But you’ve blocked UI thread—crap
  • A bit better in thread pool

Library methods shouldn’t lie

  • Principles
    • Threadpool is app-global resource
    • Poor use of threadpool hurts scalability
  • Guidance
    • Help callers understand how your method behaves
    • Libraries shouldn’t use threadpool in secret
    • Use async signature only for truly async methods

Async – not spinning on threads

Sync – not blocking threads

Libraries should expose chunky async APIs

  • We all know sync methods are “cheap”
    • Years of optimizations around sync methods
    • Enables refactoring at will
  • E.g. synchronous string out
    • IL is simple
  • Async method that outputs string (but doesn’t wait)
    • Body of method is 3x longer
    • Has to initialize state machine
    • Lots of plumbing
  • Important mental model
    • How many allocations are required for async state machine?
    • Allocation will eventually require GC
    • Garbage collection is what’s costly

Fast Path in awaits

  • Each async method has to allocate
    • State machine class holding method’s local variables
    • Delegate
    • Returned Task object
  • If code path doesn’t hit any awaits
    • Optimized so that state machine and delegate aren’t allocated. Just Task
  • If awaited Task has already completed, then skip actual wait
  • If you don’t have any awaits fired and you have common result (e.g. 0, 1, true, false, null, “”)
    • Compiler just grabs these pre-gen’d task and just returns it
  • You can follow this same pattern, for common return values in Tasks
    • Create wrapper

Libraries should expose chunky async APIs

  • Principles
    • Heap is an app-global resource
  • Guidance
    • Libraries should expose chunky async APIs, not chatty
    • If library has to be chatty, and GC perf is problem, and heap has lots of async allocations
      • Then optimize the fast-path
    • Generally, use async to your heart’s content and don’t worry about it
    • But just be aware of what’s going on under the hood

Consider .ConfigureAwait(false) in libraries

  • Sync context represents a “target for work”
    • E.g. DispatcherSynchronizationContext, whose .Post() does Dispatcher.BeginInvoke()
    • Sort of “where do I live”
    • When await resumes execution, it has to look at sync context to figure out what thread to run code on. E.g. On UI thread
    • Goal: after await, you should be where you were before (e.g. I’m still on the UI thread)
    • Extra level of bookkeeping can be expensive
  • Library code often doesn’t care where it’s running
    • You can ask await to not go find original context after await, but just keep running in whatever context is current
  • “Await task” uses the sync context
    • await task.ConfigureAwait(false)
    • Suppresses SyncContext.Post()

Consider .ConfigureAwait(false)

  • Principles
    • UI message-queue is app-global resource
    • Too much use will hurt UI responsiveness
  • Guidance
    • If you call chatty async APIs but doesn’t touch the UI, use ConfigureAwait(false)

Resources for async Best Practices

TechEd NA 2014 – Industrial Strength Entity Framework

TechEd North America 2014, Houston
Industrial-Strength Entity Framework – John Mason, Robert Vettor

Day 3, 14 May 2014, 5:00PM-6:15PM (DEV-B356)

Disclaimer: This post contains my own thoughts and notes based on attending TechEd North America 2014 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of either Microsoft, the presenters or the speakers.

Executive Summary—Sean’s takeaways

  • Entity Data Model doesn’t have to be 1-1 mapping to database tables
    • EDM represents model that the developer works with
  • Segregate models, based on functional context
    • Complex system would typically have several models
    • Data linking accomplished by bringing in only what’s needed from another model
    • E.g. Order EDM has Customer info, but only some basic read-only Customer attributes
  • Transactions
    • EF does implicit transaction on SaveChanges
    • You can now do explicit transactions
  • Concurrency
    • You need to be thinking about it
    • Catch concurrency exceptions and do something about them (e.g. merge)
  • Performance
    • Measure performance of queries with Profiler and Query Analyzer
    • Some good tricks for using Profiler
    • Stored Procedures are fine—first-class citizens in EF
    • Use async—prevalent in EF now
    • Query caching in EF—huge gains
  • For best performance, use EF 6 and .NET 4.5+
    • Query caching requires EF 5, .NET 4.5

Full video

John Mason – Senior Developer Consultant, Microsoft Premier Services

Rob Vettor – Senior Developer Consultant, Microsoft Premier Services


Simple Layered (Multitier) Model

  • People sometimes don’t understand what’s in each box

More Complex Layered (Multitier) Model

  • Service Layer blown out
    • KPIs – business (transactions), devs (perfmon)
    • Unit of Work – how to talk to Data Layer

Complex Layered Multitier Model

  • This is more typical of modern multi-tiered system
  • Data Tier
    • Data Sources might be database or something else
    • EF will at some point be able to talk to non-relational data sources
    • “Critically important” that we accept NoSQL model
  • This is where Entity Framework fits into the large picture

Enterprise Apps are Data Aware

What is a Model?

  • EF exposes Entity Data Model
  • On the left side are database tables
  • On the right side, classes
    • Code against data model that might not map 1-1 to database
    • This is the object model
  • Default behavior is 1-1 mapping between database table and a class
  • Dev’s shape of the data vs. DBA shape of the data
  • If DBA changes schema, only the mapping (arrows in middle) has to change

Model Simplifies the Data

  • Model simplifies data
    • Validates your understanding
    • Stakeholders can more easily understand
    • Reduces complexity
  • Defining the model
    • Sketch data model for enterprise
    • Create initial mappings
    • Identify functional groupings
  • Abstraction has cost
    • Overhead of models
    • Overloading with entire entity graph might not make sense
    • Good idea to work with subset of entities

Model Segregation

  • Break model up into smaller functional context
    • Can have several different models (EDMs) that segment the business domain
    • Call these “functional contexts”
  • Benefits
    • Each functional context targets specific area of business domain
    • Reduces complexity
    • Functionality can evolve and refactor can occur on separate timelines

Improve Model by Refactoring

  • Customer vs. Order contexts
  • Customer context – might be where you actually change customer
  • In Order context, just needs read-only reference to customer
    • So you just pull in subset of tables/fields, read-only
  • Helps ensure that devs use the context properly
    • Avoid architectural erosion—if you don’t understand architecture, you make changes that don’t match the original vision
  • Also enables teams to work separately

Enterprise Apps are Transactional

  • Typically

Transaction

  • Are
    • Related operations, single unit of work
    • Either succeeds or fails (Commit or Rollback)
    • Guarantees data consistency / integrity
  • Basic types
    • Local
      • Single-phased (1 database) handled directly by database provider
    • Distributed
      • Affects multiple resources
      • Coordinated by 3rd party transaction manager component
      • Implement two-phased commit—present candidate changes, then go ahead and do it

Local Transactions

  • Implicit
    • Built into EFs internal architecture – automatic
    • SaveChanges invokes implicit transaction
      • EF automatically either commits or rolls back
  • Explicit – Two Types
    • BeginTransaction
    • UseTransaction

Demo – Transactions

  • Default behavior
    • Profiler running in background, shows SQL being used
    • After SaveChanges, do raw SQL Command—gets its own transaction
    • Another set of changes and then SaveChanges—another BEGIN TRANSATION / COMMIT TRANSACTION
    • Doing smaller transactions is good practice for highly transactional database
  • BeginTransaction (new in EF 6)
    • ctx.Database.BeginTransaction
    • trans.Commit
    • Now we get everything within one transaction
  • UseTransaction
    • Create new connection, outside of EF
    • On Connection, BeginTransaction
    • Create EF context, pass in conn, which has transaction
    • ctx.Database.UseTransaction(trans)
    • Still assumes single database

Best Practices – Transactions

  • Favor implicit local transactions
    • All you need, usually
    • Automatic when calling SaveChanges()
    • Implements Unit of Work pattern
  • Explicit local transaction
    • BeginTransaction, UseTransaction
  • Distributed transactions
    • Favor TransactionScope

Enterprise Apps are Concurrent

Concurrency

  • When multiple users modify data at the same time
  • Two models
    • Optimistic concurrency
      • Pro: Rows not locked between initial query and update
      • Con: Database value can be overwritten
    • Pessimistic concurrency
      • Pro: Row locked until operation complete
      • Con: Not scalable, excessive locking, lock escalation
      • Con: No out-of-box support in ADO.NET and EF

Concurrency in EF

  • Out-of-box, EF has optimistic concurrency – last in wins
  • Can detect concurrency conflicts by adding concurrency token
  • EF, on update, delete, automatically adds concurrency check to where clause
  • If concurrency conflict, EF throws DbUpdateConcurrencyException

Resolve Concurrency Conflicts

  • Client Wins
    • Out-of-box behavior
  • Server wins
    • First in stays – your changes discarded
  • Notify user of conflicts
  • Code custom algorithm
    • Let business decide
    • EF has: 1) original data; 2) your changed data; 3) data currently in database

Demo – Concurrency

  • When you catch DbUpdateConcurrencException, good place to have strategy pattern
  • E.g. custom merge
  • GetDatabaseValues, OriginalValues, CurrentValues
  • Merge is sometimes possible (if we’re not changing the same thing)
  • On merge failure (true conflict), we log it

“Programming to DBContext” – Rowan Miller

Enterprise Apps are Performant

Performance in Apps

  • Defining performance
    • Emergent property, blends latency and underlying infrastructure
  • Measuring performance
    • Can’t improve what you don’t measure
    • Business KPIs and application KPIs
    • Use application KPIs to keep track of application metrics that are meaningful to you
    • Who falls over first: business tier, database, etc.
  • Performance impactors
    • Can buy your way out of bandwidth issues
    • Can’t buy fix for latency
    • Must be considered up front

Performance rules

  • Choose right architecture
  • Test early/often
  • Whenever you make a change, re-test

Performance Pillar – Efficient Queries

Default Query Behavior

  • LINQ query eventually transformed into SQL query
  • EF materializes untyped SQL result set into strongly-typed entities

Query Performance

  • Is Your SQL Efficient?
    • Customers assume that LINQ is smarter than it actually is
    • Looks like SQL but doesn’t necessarily act like SQL
    • EF may not be efficient
  • Must Profile LINQ Queries
    • Structure of LINQ expressions can have tremendous impact on query performance
    • EF can’t determine query efficiency from LINQ expression
  • The Truth is in the SQL execution plan
    • Actual, not estimated

In a perfect world, you’d profile all of your queries

Profiling Check List

  • Set Application Name Attribute in conn string
    • Allows filtering just SQL from your application
  • Run SQL Trace
  • Run Query Analyzer
  • SET STATISTICS TIME ON/OFF
  • Review Actual Execution Plan

Demo – Profiling

  • Profile slow or complicated query
  • Tools | SQL Server Profiler
  • Start trace
  • Events Selection
    • No Audit, ExistingConnection,
    • Only show RPC Completed, SQL BatchCompleted
  • Column Filters
    • Application Name like “EF” (or whatever you put in conn string)
  • Run
  • Run simple query
  • In Profiler, you see full SQL query
    • Tells us what application is doing—just the query
  • Copy out of Profiler
  • New Query window
  • Paste in
  • SET STATISTICS TIME ON
    • (and OFF at bottom)
  • Select database
  • Query | Include Actual Execution Plan
  • Get rows back, took 94 ms, then 35 ms
    • SQL caching
  • Look at Execution plan
    • Favor Seeks over Scans
    • Clustered Index Scan
    • Given structure of database, we can’t improve on it
  • Look at how we’d write query
    • Query plan is the same on your own query
  • You really don’t know how query works until you look at Query Execution Plan
  • If you know of a better way to get to the data, you can use a Stored Proc

Can change underlying LINQ statement

  • Sometimes can find better way

What About Stored Procedures?

  • EF Loves to Generate SQL
    • Default behavior – devs do LINQ, EF gens SQL
  • Sprocs always option
    • Simple to map select/update ops to stored procs
    • EF generates method from which to invoke
  • Consistency across EF
    • Same experience
    • Full change tracking
  • Right tool for the Job

“Don’t fear the SPROC”

Performance Best Practices

  • Profile early/often
    • Slow operations of complex queries
  • Must Haves…
    • Application Name conn string attribute
    • Set Statistics Time On/Off
    • Actual vs. Estimated Executed Plan
  • Don’t fear the Sproc
    • Stored procs are first-class citizens in EF
    • Customers often blend both EF queries and stored procedures in hybrid approach
    • Common customer usage pattern for large application

80/20

  • 80% CRUD simple queries
  • 20% more complex
    • Good place for stored procedure

Performance Pillar Asynchronous Operations

Async

  • EF 6 Exposes Asynchronous Operations
    • Most IQueryable<T> methods now async-enabled
    • Leverages recent Async/Await pattern
  • Fast and Fluid Experience
    • Increase client responsiveness, server scalability
    • Prevents blocking of main thread
    • *** more ***

Demo – Async

  • Method that does async call, do await
  • In async function, return Task
  • await ctx.SaveChangesAsync()
  • FirstOrDefaultAsync

Performance Pillar: Caching

Performance Enhancements

  • Overall Query Construction
  • Performance Improvements
    • EF 5 and EF 6 has big perf improvements
    • And need .NET Framework 4.5+

Query Caching

  • Earlier
    • Linq query
    • Compiler builds expression tree
    • EF parses tree and builds SQL query
    • Repeated each time query executed
  • Now, Autocompiled Queries
    • EF 5+, SQL query constructed once, stored in EF query cache and reused
    • Parameterized – same query/different parameter values
    • For your application, all user share this cache (App Domain)
    • Supports up to 800 queries
    • Uses MRU algorithm to decide which queries to drop
  • This is (obviously) different from SQL caching

Closing Thoughts

Step 0 – Learn the Framework

  • Framework is complex
  • Allocated time to learn
    • Understand LINQ and subtle nuances of each
    • Understand immediate vs. deferred execution
  • For Microsoft Premier customers, Premier EF training

Books

  • Programming Entity Framework
  • DbContext
  • Code First
  • Entity Framework 4.1: Expert’s Cookbook

http://msdn.com/

Entity Framework 6 Recipes – Rob Vettor

TechEd NA 2014 – Public Cloud Security

TechEd North America 2014, Houston
Public Cloud Security: Surviving in a Hostile Multitenant Environment – Mark Russinovich

Day 3, 14 May 2014, 3:15PM-4:30PM (DCIM-B306)

Disclaimer: This post contains my own thoughts and notes based on attending TechEd North America 2014 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of either Microsoft, the presenters or the speakers.

Executive Summary—Sean’s takeaways

  • To move to cloud, customers must trust us
  • Need to follow best practices to make things secure
    • At least as good as what your customers are doing
  • Makes sense to look at top threats and think about mitigating risk in each case
  • Azure does a lot of work to mitigate risk in many areas
    • Often far more than you’d do in your own organization
  • Top three threats
    • Data breach
    • Data loss
    • Account or service hijacking
  • Encryption at rest not a panacea

Full video

Mark Russinovich – Technical Fellow, Azure, Microsoft

“There is no cloud without trust”

  • Security, Availability, Reliability

Misconceptions about what it means to be secure in cloud

  • Will dispel some of the myths
  • Look at what’s behind some of the risks
  • Mitigation of risks

The Third Computing Era

  • 1st – Mainframes
  • 2nd – PCs and Servers
  • 3rd – Cloud + Mobile
  • (Lack of) Security could ruin everything

Security

  • Study after study, CIOs say looking at cloud, but worried about security
  • Other concerns
    • Security
    • Compliance
    • Loss of control

Goals of this Session

  • Identify threats
  • Discuss risk
  • Mitigate

Cloud Architecture

  • Canonical reference architecture
  • Virtualized structure
  • Datacenter facility
  • Microsoft—deployment people and DevOps
  • Customers of cloud—Enterprise, Consumer
  • Attacker

Cloud Security Alliance

  • Microsoft is a member

The Cloud Security Alliance “Notorious Nine” (what are threats to data in cloud?)

  • Periodically surveys industry
  • 2010 – Seven top threats
  • 2013 – Nine top threats
  • Mark adds 10th threat

#10 – Shared Technology Issues: Exposed Software

  • Shared code defines surface area exposed to customers
    • In public cloud, servers are homogeneous—exact same firmware
    • Hypervisor
    • Web server
    • API support libraries
  • What if there’s a vulnerability?
  • Stability and security are balanced against each other
    • Patching might bring down servers
  • Assumes infrastructure is accessible only by trusted actors
  • Corporate and legal mechanisms for dealing with attackers
  • This is: Enterprise Multi-tenancy

#10 – Shared Technology Issues: The Cloud Risk

  • A vulnerability in publically accessible software enables attached to puncture the cloud
    • Exposes data of other customers
    • Single incident—catastrophic loss of customer confidence
    • Potential attackers are anonymous and in diverse jurisdictions
  • “Are you doing as good a job as I’d be doing if I had the data in the house”?
  • Important (vs. Critical) – data not at risk, but confidence in Azure is critical
    • “Cloud critical”
  • “Hostile Multi-tenancy”
  • We do whatever it takes to patch immediately

#10 – Shared Technology Issues: Bottom Line

  • Enterprises and clouds exposed to this risk
  • Clouds at higher risk
    • Data from lots of customers
    • API surface is easy to get to
  • Clouds are generally better at response
    • Azure has about 1,000,000 servers
    • Can do critical patch in just a couple hours, all servers
    • Breach detection/mitigation
  • Risk matrix
    • Perceived risk—bit below average
    • Actual risk – Fairly high (Mark’s assessment)

#9 – Insufficient Due Diligence

  • Moving to cloud, but side-stepping IT processes
    • Shadow IT
    • BYOIT – Bring your own IT—non-IT going to cloud
    • IT management, etc. are designed for on-premises servers
  • Bottom line
    • IT must lead responsible action

#9 – Insufficient Due Diligence – Azure

  • Azure API Discovery
    • Monitors access to cloud from each device
  • SDL
  • Cloud SDL (under development)

#8 – Abuse of Cloud Services

  • Agility and scale of cloud is attractive to users
  • Use of Compute as malware platform
  • Use of storage to store and distributes illegal content
  • Use of compute to mine digital currency
    • VMs shut down per month, due to illegal activity: 50,000-70,000
    • Bulk of it is for generating crypto currency
    • Top 3 countries that are doing this: Russia, Nigeria, Vietnam
    • Password for Vietnamese pirate: mauth123 (password123)
    • Harvard supercomputer was mining bitcoin

#8 – Abuse of Cloud Services: It’s Happening

  • Attackers can use cloud and remain anonymous
  • Bottom line
    • Mostly cloud provider problem
    • Hurts bottom line, drives up prices
  • Using machine learning to learn how attackers are working

#7 – Malicious Insiders

  • Many cloud service provider employees have access to cloud
  • Malicious check-in, immediately rolls out to everybody
  • Operators that deploy code
  • Datacenter operations personnel
  • Mitigations
    • Employee background checks
    • Limited as-needed access to production
      • No standing admin privileges
    • Controlled/monitored access to production services
  • Bottom line
    • Real risk is better understood by third-party audits

Compliance is #1 concern for companies already doing stuff in cloud

#7 – Malicious Insiders – Compliance

#6 – Denial of Service

  • Public cloud is public
  • Amazon was at one point brought down by DDOS
  • Your own app could get DDOS’d
  • Cloud outage – a form of DDOS
  • Redundant power from two different locations to each data center
  • Blipping power to data center results in major outage—several hours
  • Mitigations
    • Cloud providers invest heavily in DDOS prevention
    • Third party appliances that detect and divert traffic
    • We do this for our clients too
    • Large-scale DDOS, doesn’t catch smaller things
  • Geo-available cloud providers can provide resiliency
  • Azure
    • DDOS prevention
    • Geo-regions for failover

#5 – Insecure Interfaces and APIs

  • Cloud is new and rapidly evolving, so lots of new API surface
  • CSA – one of the biggest risks
  • Examples
    • Weak TLS crypto – DiagnosticMonitor.AllowInsecure….
    • Incomplete verification of encrypted content
  • Bottom line
    • Cloud providers must follow SDL
    • Customers should validate API behavior

#4 – Account or Service Traffic Hijacking

  • Account hijacking: unauthorized access to an account
  • Possible vectors
    • Weak passwords
    • Stolen passwords (e.g. Target breach)
    • Then you find that people use same password everywhere; so attacker can use on other services
  • Not specific to cloud
    • Cloud use may result in unmanaged credentials
    • Developers are provisioning apps, hard-coding passwords, publishing them
    • Lockboxes, “secret stores”
    • Back door—someone in DevOps gets phished, then brute force
  • Mitigations
    • Turned off unneeded endpoints
    • Strong passwords
    • Multifactor authentication
      • Entire world moving to multifactor
    • Breach detection
  • Azure
    • Anti-malware
    • IP ACLs (with static IP addresses)
    • Point-to-Site, Site-to-Site, ExpressRoute
    • Azure Active Directory MFA

#3 – Data Loss

  • Ways to lose data
    • Customer accidentally deletes data
    • Attacker deletes or modifies it
    • Cloud provider accidentally deletes or modifies it
    • Natural disaster
  • Mitigations
    • Customer: do point-in-time backups
    • Customer: geo-redundant storage
    • Cloud provider: deleted resource tombstoning
      • Can’t permanently delete
      • 90 days
  • Azure
    • Globally Replicated Storage
    • VM Capture
    • Storage snapshots
    • Azure Site Replica

#2 – Data Breaches

  • Represents collection of threats
  • Most important asset of company is the data

#2 – Data Breaches: Physical Attacks on Media

  • Threat: Attacker has physical access to data/disk
  • Mitigation: cloud provider physical controls
    • To get in data center, gate with guards
    • To get into room with servers, biometric controls
    • Disk leaving data center—very strict controls
    • Data scrubbing and certificate
    • SSDs never leave data center, because it’s so hard to scrub it
    • HDDs are scrubbed
  • Enhanced mitigations
    • Third-party certifications (e.g. FedRamp)
    • Encryption at rest
  • Azure: third-party encryption

Encryption at rest

  • Two types
    • Cloud provider has keys
    • Customer has keys
  • When you have keys, you’re also giving keys to cloud to decrypt

#2 – Data Breaches: Physical Attacks on Data Transfer

  • Man-in-the-middle
  • Mitigation
    • Encrypt data between data centers
    • APIs use TLS
    • Customer uses TLS
    • Customer encrypts outside of cloud

#2 – Data Breaches: Side-Channel Attacks

  • Threat: Collocated attacker can infer secrets from processor side-effects
  • Snooping on processor that they’re co-located on
  • Researcher assumptions (but unlikely)
    • Attacker knows crypto code customer is using and key strength
    • Attacker can collocate on same server
    • Attacker shares same core as you
    • Customer VM continuously executes crypto code
  • Not very likely
  • Bottom line
    • Not currently a risk, in practice

#2 – Data Breaches: Logical Attack on Storage

  • Threat: attacker gains logical access to data
  • Mitigations
    • Defense-in-depth prevention
    • Monitoring/auditing
  • Encryption-at-rest not a significant mitigation
    • If they can breach logical access, they can maybe get keys too
    • The keys are there in the cloud
    • Encrypt-at-rest isn’t based on real threat modeling

#2 – Data Breaches: Bottom Line

  • Media breach not significant risk
  • Network breach is risk
  • Logical breach is a risk
    • Encrypt-at-rest doesn’t buy much

#1 – Self—Awareness

  • E.g. Skynet
  • People are actually worried about this

TechEd NA 2014 – Windows Desktop Development – Panel Discussion

TechEd North America 2014, Houston
Windows Desktop Development – A Panel Discussion – Dmitry Lyalin, Tim Heuer, Habib Heydarian, Chipalo Street, Eric Battalio, Jay Schmelzer

Day 3, 14 May 2014, 1:30PM-2:45PM (DEV-B327)

Disclaimer: This post contains my own thoughts and notes based on attending TechEd North America 2014 presentations. Some content maps directly to what was originally presented. Other content is paraphrased or represents my own thoughts and opinions and should not be construed as reflecting the opinion of either Microsoft, the presenters or the speakers.

Executive Summary—Sean’s takeaways

  • Universal App platform really pervades everything that dev teams are doing
  • .NET Native – for faster Windows Store apps
  • Worth looking at PRISM—good way to build apps
  • If using C++, make sure you’re using modern C++, i.e. C++11

Full video

Dmitry Lyalin, Product Manager, Visual Studio, Microsoft

Panel members are all Engineering team members from the Visual Studio team.

Agenda

  • What’s new for WPF devs
  • Panel discussion

On the panel:

  • Tim Heuer – Program Manager, XAML UI
  • Habib Heydarian – Principal Group Manager, .NET Team
  • Chipalo Street – Program Manager, XAML
  • Eric Battalio – Senior Program Manager, C++
  • Jay Schmelzer – Partner Director, .NET Team

VS 2013 XAML improvements

  • Intellisense for data binding & resources
  • Go to definition (F12)
  • Nesting comments in markup
  • Renaming start tag renames end tag
  • New XAML code snippets

PRISM v5 (WPF & .NET 4.5)

  • PCL version of Prism library
  • Separate features into separate assemblies
  • Address high priority items

Debugging and Diagnostics

  • Memory analysis
    • New managed memory analyzer
  • Debugging improvements (4.5.1)
    • 64-bit edit and continue
    • Improved async debugging

Q: Deploy 4.5 app in 4.0 environment?

  • 4.5 is in-place update, so you can upgrade
  • ASP.NET vNext – new model
  • To get new functionality, you do need to install .NET 4.5

.NET Native vs. Traditional

  • Framework displayed as one single unit
  • .NET Native not yet available for desktop apps

Q: Problem when View tries to load other DLLs and they get called when I go into design surface

  • See Hari, try to repro this

On the radar – new deployment models for desktop apps

  • Maybe sort of Windows Store model for company apps within the enterprise

Q: Do you recommend always working in x86 mode in designer?

  • Yes

Q: If you put custom controls in shared UI library, seems like they never show up in the designer.

  • Take this offline

Q: Can you auto format when you change tag?

  • It’s either everything on one line, or one line per property

Q: XAML verbosity – anything planned to make XAML more concise? E.g. Data bindings, Setters, Converters, etc. Improvements to XAML syntax coming?

  • Point to tools, Intellisense / Auto Completion, code snippets
  • Language evolving – has evolved just a bit, simplifying
  • Tough to change XAML itself, because it’s a public language spec
  • Thought about inline scripting, but thinking about ways to do less markup and have XAML compiler generate stuff
  • “More of a compiled approach” in tools

Q: 4.53 coming? 5.0? Compatibility?

  • For 4.5.1, did around 300 compatibility fixes
  • 4.5.2, 120+ compatibility fixes
  • So 4.5.2 more compatible than 4.5 was
  • Cadence is going to continue to be quick—new framework every few months
  • Can no longer just release stuff every 3 years

Q: WPF dev doing LOB apps that will never be touch-based. Screens too busy. Any chance of writing desktop apps, but using Windows RT

  • When Win 8 came out, it was really focused on mobile. But now more focused on desktop
  • Now, with Universal Apps, spacing that is nice for both desktop usage but also okay for touch
  • E.g. For Outlook, Microsoft will try to have one single GUI that works on both Win RT and desktop

Q: WPF pain point – implicit styles for windows in user controls. Couldn’t define implicit style that applies to all user controls.

  • No plans, but follow-up with us

Q: For cross-platform, we still have to do View on specific platforms. But is there any way to use XAML solution for other platforms?

  • Third party doing this
  • We’re not thinking about this right now
  • If you need a cross-platform UI language, HTML is the way to go
  • Shared projects in Visual Studio
  • UI abstraction layers are tough. Not sure that it’s something that would work for users
  • Goal is to provide best native for Windows and also best web for cross-platform UI

Q: In 2012, we used Blend. Now, in VS 2013, about 90% of the stuff that was in Blend is now in Visual Studio. What’s the future of Blend and Visual Studio?

  • Purely design-oriented things like states will stay in Blend

Q: Can I do Roslyn plug-ins?

  • Yes, can do little plug-ins. E.g. Diagnostics, distribute in your team, flag violations of coding standards
  • Yes, you can do that on top of Microsoft’s copy of Roslyn

Q: What are the C++ guys working on?

  • See the VC blog
  • We hear a lot about performance and MFC
  • Talk at BUILD about C++ performance
  • MFC – no definite plans
  • MSDN guys are focused on scenarios, rather than on purely API documentation

Q: Future planning for Windows, e.g. Minority Report or 3D UI experience

  • Contact lenses? Tongue-in-cheek comment—makes Oculus Rift look like child’s play
  • Kinect for Windows, continued work
  • Nothing for augmented reality at the moment

Q: What does .NET Native mean for C++?

  • “Productivity of C# and performance of C++”
  • Recommend: continue developing in whatever paradigm you’re comfortable with
  • .NET Native still has garbage collector, so C++ might be preferable to some who want to do their only memory management
  • .NET Native v1 targeted just at Windows Store apps
  • In modern C++, you’re not typically doing new/delete explicitly
  • Should be using C++11
  • “It’s not like it used to be”

Q: Why is .NET Native limited to Windows Store apps and not desktop?

  • Win Phone, “compiler in the cloud”, you upload IL and it compiles down
  • Started with phone, no technological hurdles to do it on the desktop

Q: What is the next thing for which support will drop off (like XP)?

  • The .NET Framework versions support is matched to the corresponding OS version
  • Lifecycle Policy for out of band releases
    • E.g. Framework 4.0, we do something like 2-4 yrs
  • So when next version of Windows is deprecated, associated .NET Framework for that OS will also be deprecated/expired

Q: Moving from 2.0 to 4.0, customers still on XP. Can we go directly to 4.5 and run on XP?

  • As of 4.5, we no longer support XP

Q: Universal Apps – WPF ?

  • “Head” projects in solution – Windows Store, Phone 8, WPF
  • Don’t expect everything to work with shared projects
  • But can do partial classes

Q: Apps don’t scale well on different resolution devices (pre-WPF). Some controls scale, some don’t. Will you revise scalability for older apps? Win Forms. Or Wizard to convert from Win Forms to WPF

  • There are people thinking about multi-resolutions. Starting with immersive (phones), then WPF now.
  • Not sure how much they’ve thought about Win32 / Win Forms stuff, though
  • Some new lower-level APIs in Windows 8 to help app get more info about DPI stuff. Could call directly from your app
  • .NET 4.5.2, some fixes in Win Forms stack to make control a tiny bit more DPI aware
  • Jay: No silver bullet. There’s stuff that just won’t automatically scale
  • Maybe something in the future, but will have to go back and touch your apps to fix things

Q: OpenGL support on Win Phone 8.1?

  • Unknown

Q: When is next update to DirectX that will get pulled into WPF?

  • Newer features on older platforms..
  • DirectX – struggle with value of just updating to DX11. What does it give you?
  • Maybe just D3Dimage improvement?
  • Not sure what ROI is, just going to DX11

Q: Recommendation for native application that does graphics?

  • Eric: No answer.
  • Universal App, includes support for Native C++ / XAML
  • Office internally, tablet apps are using Native XAML
    • So we’ll have to give them something for native desktop apps