DevelopMentor Connected Systems Roadshow - Day Two

So, on to day two of the Connected Systems Roadshow, when I did the 'Building Next-Generation Secure & Robust ASP.Net Applications'. This was mostly presented by Dominick Baier, with a section on WWF by Mike Taulty.

Dominick was a very knowledgeable speaker, his talk was based on his book, Developing More-Secure ASP.NET 2.0 Applications, but rather than simply repeat material out of his book he focussed on how the architecture of the upcoming version 7.0 release of IIS could make a lot of security techniques easier to implement. Whereas IIS 6.0 is a monolithic architecture with some pre-defined hooks where you can hook in your custom application code, IIS 7.0 is built from individual components and you're free to turn these components on and off as you desire, add extra ones, or even replace them with your own. This means you can add your code anywhere in the page execution pipeline, rather than as just ISAPI applications. This has a number of advantages for the security minded ASP.Net developer,the main one is that the security measures you build into your application can now apply to files other than your .aspx pages (such as static pages, images and so on). Far more of the server and application configuration is now available in the web.config (basically all of it, I think) and, as an ancillary benefit, the entire web server configuration is now in a text file which you can edit by hand.

There was also a lot of more general application security advice, all of which does appear to be in Dominick's book, and a load of example code. Unlike yesterday most of the examples worked without hitches and there were no projector issues to break the rhythm. Dominick's part of the day finished up with a demonstration of CardSpace, Microsoft's solution to the web identity problem. It is an interesting looking technology, but I don't think it's quite there yet - I'm not sure it'll really reduce the number of passwords you have to remember, as you still have to enter a password to get a managed card, I'm also waiting for the first virus which replaces the entire CardSpace application and steals all your cards.

The final part of the day was a presentation by Microsoft's Mike Taulty on WWF. This is the first time I've actually seen it in any detail, previously I've been happy with general overviews and hand waving. Of all the stuff I've seen across the two days this is probably the thing I'm most likely to be using in the next six months. Mike was an excellent speaker, I don't know if they have any special training for this sort of thing at Microsoft, but there was a conspicuous absence of 'erms' and 'errs' and empty pauses which usually mark developers giving presentations.

To top it all off nicely for me, I won a copy of Dominick's book in the prize draw at the end :) Overall then, an excellent two days. If this is indicative of the general quality of DevelopMentor's training courses then they're worth investigating, certainly if this 'roadshow' appears anywhere near you then I recommend checking it out.