Those smart guys in Microsoft Patterns and Practices have released the BETA version of their WCF Security guide.  The guide, Improving Web Services Security: Scenarios and Implementation Guidance for WCF, is our Microsoft playbook for Windows Communication Foundation (WCF /"Indigo".)  It shows you how to build secure services using WCF.  It's a compendium of proven practices, product team recommendations, and insights from the field.  It includes end-to-end application scenarios (Web applications / Smart Clients), as well as step-by-step How Tos.  Most importantly it frames out the Web services security space and shows you how to be effective with WCF.

patterns & practices Improving Web Services Security: Scenarios and Implementation Guidance for WCF

(Forewords by Nicholas Allen and Rockford Lhotka.)

Download the Guide

· Guide Download: http://www.codeplex.com/WCFSecurityGuide

Contents at a Glance

· Part I - Security Fundamentals for Web Services gives you a quick overview of fundamental security concepts as they relate to services, service-oriented design, and Service-Oriented Architecture (SOA.)

· Part II - WCF Security Fundamentals gives you a firm foundation in key WCF security concepts, with special attention on authentication, authorization, and secure communication, as well as WCF binding configurations.

· Part III - Intranet Application Scenarios shows you a set of end-to-end Intranet application scenarios that you can use to jumpstart your application architecture designs with a focus on authentication, authorization, and communication from a WCF perspective for your intranet.

· Part IV - Internet Application Scenarios shows a set of end-to-end Internet application scenarios that you can use to jumpstart your application architecture design for the Internet.

Chapters

· Ch 01 - Security Fundamentals for Web Services

· Ch 02 - Threats and Countermeasures for Web Services

· Ch 03 - Security Design Guidelines for Web Services

· Ch 04 - WCF Security Fundamentals

· Ch 05 - Authentication, Authorization and Identities in WCF

· Ch 06 - Impersonation and Delegation in WCF

· Ch 07 - Message and Transport Security in WCF

· Ch 08 - WCF Bindings Fundamentals

· Ch 09 - Intranet – Web to Remote WCF Using Transport Security (Original Caller, TCP)

· Ch 10 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem,HTTP)

· Ch 11 - Intranet – Web to Remote WCF Using Transport Security (Trusted Subsystem TCP)

· Ch 12 - Intranet – Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP)

· Ch 13 - Internet – WCF and ASMX Client to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)

· Ch 14 - Internet – Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)

· Ch 15 - Internet – Windows Forms Client to Remote WCF Using Message Security (Original Caller, HTTP)

Reference

· WCF Security Checklist

· WCF Security Guidelines

· WCF Security Practices at a Glance

· WCF Questions and Answers (Q&A)

· How Tos

· WCF Security Resources

External Contributors/Reviewers

· Andy Eunson; Anil John; Anu Rajendra; Brandon Bohling; Chaitanya Bijwe; Daniel Root; David P. Romig, Sr.; Dennis Rea; Kevin Lam; Michele Bustamante; Parameswaran Vaideeswaran; Rockford Lotka; Rudolph Araujo; Santosh Bejugam

Microsoft Contributors / Reviewers

· Alik Levin; Brandon Blazer; Brent Schmaltz; Curt Smith; David Bradley; Dmitri Ossipov; Don Smith; Jan Alexander; Jason Hogg; Jason Pang; John Steer; Marc Goodner; Mark Fussell; Martin Gudgin; Martin Petersen-Frey; Mike de Libero; Mohammad Al-Sabt; Nobuyuki Akama; Ralph Squillace; Richard Lewis; Rick Saling; Rohit Sharma; Scott Mason; Sidd Shenoy; Sidney Higa; Stuart Kwan; Suwat Chitphakdibodin; T.R. Vishwanath; Todd Kutzke; Todd West; Vijay Gajjala; Vittorio Bertocci; Wenlong Dong; Yann Christensen; Yavor Georgiev

More Information

· Guide site: http://www.codeplex.com/WCFSecurityGuide

· Project Site (Online KB): http://www.codeplex.com/WCFSecurity

· Project updates at J.D. Meier’s blog: http://blogs.msdn.com/jmeier

Silverlight, AJAX and PDF Invoices Cement SplendidCRM as the Ideal CRM Platform for Companies that have Standardized on the Microsoft Technology Stack

RALEIGH, N.C.--(BUSINESS WIRE)--SplendidCRM Software, Inc., a pioneering provider of Microsoft-centric Customer Relationship Management (CRM) solutions for open-source use, today announced the launch of Version 2.1 of its flagship platform SplendidCRM. The new Silverlight graphs provide SplendidCRM developers with unprecedented ability to create and customize graphs. Extended AJAX support provides the CRM user with a more natural experience.

"Integration of the latest Microsoft technologies into SplendidCRM continue to make it the ideal back-office platform," said Paul Rony, President of SplendidCRM. "Our decision to standardize on the Microsoft Report Definition Language (RDL) allowed us to create an Invoice using Microsoft's Report Designer and import it into SplendidCRM. The end result is the ability to generate PDF invoices at the click of a button."

New Features

In addition to the technology enhancements, the SplendidCRM query system has been optimized to focus on retrieving active fields. This optimization dramatically increases the performance of SplendidCRM when managing tables with more than 100,000 records.

User Interface Enhancements

Credit Card management and processing using the popular .netCHARGE component (licensed separately) allows SplendidCRM to become your primary order-management system.

PayPal Instant Payment Notification is now supported, thereby ensuring that sales are automatically and instantly tracked by the CRM.

Built-in Language Support has been added for 24 languages, including English, French, Italian, German, Spanish, Japanese, Arabic, Bulgarian, Czech, Danish, Greek, Finnish, Hindi, Croatian, Korean, Norwegian, Dutch, Polish, Portuguese, Romanian, Russian, Swedish, Simplified Chinese and Traditional Chinese.

Incorporation of AJAX into sub panels enables the list to be sorted and paginated without the full page refresh.

Developer Enhancements

SplendidCRM continues to be the ideal platform for .NET back-office applications with the deep penetration of Microsoft technologies. When put together, these technologies help developers achieve Rapid Application Development (RAD).

PDF Generation of Invoices, Orders and Quotes is enabled via a combination of Dynamic Buttons, imported RDL reports and the Microsoft Report View.

Dynamic Buttons further extend the data-driven foundation of SplendidCRM. By dynamically rendering the buttons, you get to add field data to the buttons. This is important because it allows you to add a Print Invoice button that references a specific report.

Silverlight graphs replace the old flash-based graphs and allow you to customize the XAML output in the same way that you customize an ASP.NET page to produce HTML. This approach also allows you to embed more business logic into a graph.

Regular Expression Validation of the EditViews give your users immediate feedback when they type an invalid email address or phone number

Migration to ASP.NET themes and skins simplifies the code and makes it easier for developers to create their own themes and skins.

Administration

SplendidCRM introduces new administrative features for tracking usage and problems.

Persistent System Log helps you track the overall health of the system. Administrators can view warnings and errors with sufficient information to help developers pinpoint the problem.

User Login tracking helps administrators track the usage of the system.

In-place migration of a SugarCRM MS SQL database dramatically reduces the effort to migrate to SplendidCRM.

To see this new functionality, please visit http://demo.splendidcrm.com. To sign-up for a free trail of SplendidCRM 2.1, please visit http://eval.splendidcrm.com.

About SplendidCRM Software, Inc.

Founded in 2005, SplendidCRM Software provides a Microsoft-centric open-source Customer Relationship Management (CRM) application that, unlike most open-source solutions built for a Linux environment, enables users to leverage their existing Microsoft infrastructure. The company is located in the Research Triangle of Raleigh, North Carolina, and is privately held.

To learn more about SplendidCRM, email sales@splendidcrm.com or visit www.splendidcrm.com.

This spring I did a series of 4 videos on File Uploading in ASP.NET.

Here is the series .....

How Do I: Simple File Uploads in ASP.NET 17 minutes, 17 seconds	How Do I: Multiple File Uploads in ASP.NET Version 2 16 minutes, 9 seconds
How Do I: Multiple File Uploads in ASP.NET Version 1 15 minutes, 41 seconds	How Do I: File Uploads with an AJAX Style Interface 27 minutes, 33 seconds

In one of the videos I suggested combining techniques of a couple of the videos.

Well, Frank Walker from the National Library of Medicine decided to take the challenge.

Frank has shared his code with us. THANKS FRANK.

[ Click HERE to download the cool, combined uploader from Frank. ]

I installed Yahoo's Browser Plus and run it though it's paces today (few passes as they are in the current preview.)

This download is a quick 4 Megs and it installs the  VC++ 2005 Redistributeable.

Due to what are primarily described as security concerns the use of BrowserPlus is currently restricted so that it will only run of Yahoo's own web properties.

There are 2 demos.....

1. A File Uploader
2. An IRC client
3. A JSON Inspector.

Clearly we, as web developers, have a growing understanding that we need more than what the browser offers, at least in specific scenarios.

But why Yahoo Browser Plus.

Yahoo more or less describes the effort as a philanthropic one, built and offered up for the good of the rich web, but I wonder is there some value I'm missing.

Silverlight and even Flash seem to me far more feature rich and, for that matter Google Gears and JavaFX also seem more promising.

It's the new web so I'm always interested in what it will take to build the next great ASP.NET application.

Check out and let me know what I'm missing.

http://browserplus.yahoo.com/

In a piece in eWeek's June 2, 2008 issue, Darryl K. Taft writes about Microsoft making an offer to Grady Booch in the pre Ray Ozzie days. He goes on to suggest that while he personally is not criticizing Ray and he has "much respect" for the guy, some of his colleagues say he is "not the guy".

Note to the press (who, in all honesty, I most frequently hold in contempt)......

Give Ozzie his go before you start judging what he may or may not accomplish after Gates steps away from Microsoft's day-to-day.

In my opinion, Ray Ozzie is better choice to assume the role of technical strategist at Microsoft anyway.

Ray Ozzie's record includes great, innovative technical ideas which were realized in the form of successful software PRODUCTS.

Lotus Notes, like it or hate it, was THE thing in it's day and is still well used. One could argue that it's decline came only after IBM acquired Notes and failed to evolve it as it's user base required.

Groove was also a visionary product that filled a gap not only in the "technology industry" but in Microsoft's product portfolio.

Ray has had suitable time to adapt to the culture at Microsoft  and be advised by BillG prior to his pending Microsoft status change.

On the inside, it seems that Ray is more and more coming into his own as a technical thought leader inside the company.

I henceforth put a one year moratorium on all Ray Ozzie second guessing by any writer who has not himself (or herself) conceived a technologic innovation who's gross sales do not stand today in excess of $100,000

I LOVE component suites !

I regularly use web components from Infragistics, Telerik, ComponentOne, Dundas, eXceed, and others.

I recently tool PureComponents Ultimate Suite for a Spin !

The first thing that struck me ........

The Price = $79

Need the source code ? It's only another $60 !

It includes controls for Calendars, Lists, Navigators, a Ribbon UI, and about every input control you can think of.

For the price, you really can't beat it.

[ Click HERE for more info. ]

Last year we held a Web Cast series for aspiring architects that was attended by over 1200 individuals and covered a number of strategies that can help developers and IT professionals to transition to the architect roles.

The Aspiring Architect Series 2008 builds on last year’s content and covers a number of topics that are important for architects to understand.

Please make sure that you have gone through the 2007 series which can be found at http://blogs.msdn.com/mohammadakif/archive/tags/Aspiring+Architects/default.aspx .

Then - Sign up for these !

June 16th, 2008 – 12:00 p.m. to 1:00 p.m. – Introduction to the aspiring architect Web Cast series
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032380836&Culture=en-CA

June 17th, 2008 – 12:00 p.m. to 1:00 p.m. – Services Oriented Architecture and Enterprise Service Bus – Beyond the hype
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032380838&Culture=en-CA

June 18th, 2008 – 12:00 p.m. to 1:00 p.m. – TOGAF and Zachman, a real-world perspective
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032380840&Culture=en-CA

June 19th, 2008 – 12:00 p.m. to 1:00 p.m. – Services Oriented Architecture (Web Cast in French)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032380842&Culture=en-CA

June 20th, 2008 – 12:00 p.m. to 1:00 p.m. – Interoperability (Web Cast in French)
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032380844&Culture=fr-CA

June 23rd , 2008 – 12:00 p.m. to 1:00 p.m. – Realizing dynamic systems
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032380846&Culture=en-CA

June 24th, 2008 – 12:00 p.m. to 1:00 p.m. – Web 2.0, beyond the hype
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032380848&Culture=en-CA

June 25th, 2008 – 12:00 p.m. to 1:00 p.m. – Architecting for the user experience
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032380850&Culture=en-CA

June 26th, 2008 – 12:00 p.m. to 1:00 p.m. – Conclusion and next steps
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032380852&Culture=en-CA

The folks at DevExpress are releasing a FREE DataGrid for Silverlight.

Here are come of the features.....

• Data Grouping against multiple Silverlight Grid columns
• Data Sorting against multiple Silverlight Grid columns
• Comprehensive Summary Computation support against multiple Silverlight Grid columns
• Column Movement
• Column Resizing
• Column Auto-Width
• Row Editing
• Row Preview (with animation)
• Template Support (for cell content, cell editing, row preview and headers)
• Auto Height Support for cells, headers, and totals.
• Virtual StackPanel Row Container (simply means we are able to handle an unlimited number of rows)
• Focused Row and Focused Cell
• Multi-Row Selection Cell Text Wrapping
• Vertical/Horizontal Lines
• Multiple column types/editors

[ Click HERE for more info. ]

Is your site powered by ASP.NET 3.5 ??

Grab a button and show your pride !

http://www.asp.net/images/pow_by_aspnet3.5a.png

http://www.asp.net/images/pow_by_aspnet3.5b.png

http://www.asp.net/images/pow_by_aspnet3.5c.png

The IIS team has released the Beta 1 (Go Live) release of the Microsoft Web Deployment Tool! The tool provides deployment and migration support for IIS 6.0 and 7.0. It incorporates many features that enable web server administrators to deploy, sync and migrate sites, including configuration, content, SSL certificates and other types of content associated with a Web server.

This tool can be used on Windows Server 2008 and IIS 7.0 as well as Windows Server 2003 and IIS 6.0. Please note that this is a Beta release, support is available on the forums.

How to Get Started

Download the x86 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1602

Download the x64 version: http://www.iis.net/downloads/default.aspx?tabid=34&g=6&i=1603

Read the walkthroughs: http://go.microsoft.com/?linkid=8100895

Web Deployment Tool forum: http://forums.iis.net/1144.aspx

Web Deployment Team blog: http://blogs.iis.net/msdeploy/

Features

• PowerShell Support - We have PowerShell cmdlets so that you can integrate MS Deploy commands with PowerShell directly.
• Enhanced Dependency Checking - We have IIS7 dependency information listed, plus the ability to see where a dependency is being triggered from. For example, if you have a dependency on Windows Authentication, you can now determine where this is set in the configuration.
• Detailed Help File - We have a Help chm file included in the tool so that you can browse through all the functionality and flexibility offered by the tool, instead of looking through online walkthroughs.

I'm home from TechEd Developer 2008 (for a few days anyway.) I have to admin, I've been on the road more than every other week since early March and I'm feeling very burned out.

I arrived at TechEd a bit less enthusiastic than I usually do, but it ended up being a great trip.

I arrived Monday afternoon and headed down to the convention center where I immediately started running into old teammates, partners, and friends.

The conference sessions started Tuesday morning with a keynote by non other than Bill Gates (his last as a full time  Microsoft employee.)

Check out the BillG's last day video HERE.

Then Soma joined him to show off the latest from DevDiv !

John Galloway has an interesting summary of the Keynote HERE.

Though I spent much of the week meeting with partners and various DevDiv team members, I did get to see some GREAT talks.

David Chappell did a session entitled  - Choosing Communication Styles: SOAP/WS-* vs. REST

I've seen David present many times over the years and he is absolutely one of the best speakers in Technology. His talks are not only full of facts and useful opinions as well as very entertaining, but he's the kinds of speaker that you hear and then spend days brain storming about what you heard.

Read more about David HERE.

Jeff Prosise did great talks on ASP.NET Asynchronous Programming and ASP.NET AJAX internals. (Though after seeing his talk I had to come up with new demos for my AJAX talk :( 

Tom Gallagher (co-author of the super Developer Security Book, Hunting Security Bugs [ Click HERE ] ) gave an awesome talk - Making Security Testing Part of Everyday Development.

All I can say is - keep this guy away from your network :)

On Thursday I gave a talk on developing applications with the Microsoft AJAX stack. I had 360 attendees, which was great since Jeff did his MS AJAX talk earlier in the same day, and many folks stayed around for over an hour of Q&A after the talk.

On Friday I did a FishBowl session on Developer Security with Georgeo Pulikkathara (it will be available on line is a week or so and I'll post the link on SecureDeveloper.com)

Later Friday I did a talk on PHP on the Windows / IIS 7 Platform !

I arrived home EXHAUSTED - home for a week and then off to South Africa for Re-Mix in Johannesburg and Cape Town.

THEN - I'm home to CODE FOR THE SUMMER !

Click on my Technorati Profile ?

Thanks to the awesome folks at Microsoft Japan....

My blog will now be available in Japanese.

http://blogs.msdn.com/JoeInJapanese/

Thanks to Seiichi Sato for taking the lead !!

WUX315 - PHP on Windows: Not an Oxymoron!
Session Day/Time: 6/6/2008 10:15AM-11:30AM
Room: S230 A

Is it a well kept secret? From Microsoft Internet Information Services, to AJAX, to Microsoft .NET, Windows is a viable platform for your existing PHP based applications. In this session, see how to configure PHP on Windows for performance and reliability and how you can take PHP applications to the next level by leveraging .NET and Windows.

WUX314 - AJAX Programming with the Microsoft AJAX Technologies
Session Day/Time: 6/5/2008 4:30PM-5:45PM
Room: S320 C

Microsoft AJAX Developer technologies are a collection of offerings that make AJAX programming slick and productive, but have you wrapped your head around all the pieces? This session provides a soup-to-nuts explanation of the Microsoft AJAX Technology Stack and demonstrates how to use Microsoft Visual Studio for AJAX, The ASP.NET Extension for AJAX, The AJAX Control Toolkit, and non-Microsoft third-party AJAX Libraries to develop true RIAs.

ASP.NET 3.5 AJAX Pocket Guide by Matthew Ellis Read more about this book...

Ok readers. Check out this little nugget.

Matthew Ellis and Magma Interactive just released the ASP.NET 3.5 AJAX Pocket Guide.

It contains concise chapters packed with useful info for the ASP.NET AJAX Developer including a Client Side Reference, a Server Side Reference, Web Services, Extender Controls, The Control Toolkit and more.

At $1.26 per chapter - It's almost FREE !

Just click on the book image above to get the details over at Amazon.com