Sunday, August 20, 2006

Day 4 of training

The last day of training was great. Not so much for the training, but for what happened aftewards. Let me start with the training.

We discussed handling state and how it's better to hold state in the database rather than in a business object, which is pretty standard.

We discussed Security. I would have liked to spend more time on this topic, but it could have taken 2 full days to get a good understanding of what can be done with security. I've not spent any time working with the .Net security in the past. By default any application that is running from a local network or the internet is considered partially trusted. Anything that is marked for Fully Trusted only cannot be uesd by an application that is marked as partially trusted. This means that a lot of the framework itself cannot be used by something that is running on the network. Testing how something will run in a partially trusted state is very easy when you have a network to work with. Copy the program to the network and run it from there.

Click once deployment is used by creating a download page. Then the application itself will check for updates from the web page. We didn't get into enough detail about this. It looked like it was tied to IIS, but maybe it could be made to work with something else. The downside with
click once deployment is that it is running in a partially trusted environment. That means the security will need to be changed on each desktop that is going to use it in order to have fully trusted capabilities. For some this may be a big problem. For us it may be less of a problem, because those security settings can be exported to an .msi. Where I work we deploy using Active Directory and .msi's can be installed as part of the policy on the PC.

we also discussed some other best practices.
FxCop. - this is written and supported by Microsoft and can be downloaded from
Custom Attributes - A very interesting concept. Mr. Adams has not had any good uses for them, but there are a lot of standard attributes in the framework, and NUnit makes excellent use of attributes. My company has several different places we have used attributes, and Mr. Adams was very impressed withour use of them.
Reflections - A great way to introduce plugins to an application and a way to deploy different versions of the same application.
Encryption. - We discussed using some of the built in encryption to store data and ran a small sample.
Role based security - We only discussesd role based security, but an application can know that a certain windows or active directory role is required for some functionality of the application and check that the current user has this.

Finally class was over and I had to take a quick 40 question test, no problem.

But then, Mr. Adams came over to me and says "Thank you for hanging in there this week, you are really advanced. I don't say this to students very often, but......Learning Tree is looking very hard for new teachers, especially with C# experience. If you are interested, I think you are capable of teaching this class now."

I am completely floored. I love what I do for a living, but I've been throwing out into the cosmos the question, is there anything else I can do to make more money or additoinal money without having to quit my job. Over the past few weeks I've now had 2 opportunities present themselves. First, someone asked me to setup a web page for their business. Second, I have been presented the opportunity to teach.

This teaching thing is something that I'm curious about. I'm not sure how well I would do with it, and I'm not really sure if I want to do it. I am trying to use the program presented in the book "Yes or No" that I just finished reading to help me decide.