I was lucky in the week to get a day at DevWeek. On the Wednesday I got to attend 4 sessions with a choice of 8 tracks across a very wide range of topics.
Cool graphics, hot code: ten visual effects to make you the envy of your peers by Jeff Prosise
This was really interesting stuff. I’ve never used WPF or Silverlight for real, but have read quite a lot about both of these technologies. The presenter showed a number of interesting visual effects and then explained how they could be implemented in Silverlight.
The first technique was to use WriteableBitmap. This class can be used to capture the image generated by the rendering of a number of XAML objects, and this image can then be used for implementing a number of effects, such as zooming, magnifiers and reflections. The next technique was behaviours, wrapping up pieces of code so that they can be attached to objects, notably by drag and drop inside Expression Blend. He then moved on to Pixel Shaders and how it was fairly easy to write code in the HLSL language for doing effects like blurs, compile this code and then get it installed into the rendering pipeline of Silverlight. Dynamic Deep Zoom was covered next, followed by some graphical effects for page turning.
Web Forms vs ASP.NET MVC by Dino Esposito
An introduction to the ASP.NET MVC framework with a discussion of the comparisons against the standard WebForms platform. The summary was basically that WebForms was really good at the time it was invented as it wrapped up a number of techniques that were being applied by hand in many ASP applications, but for new development, the MVC approach is far better.
Dependency Properties: the critical technology by Dave Wheeler
This talk gave a brief introduction to Dependency Properties and then covered a number of common mistakes that happen when people use them. These issues involved validation, coercion, and priority, and looked at how these things interact with layout and animation.
Security in .NET 4 by Dominic Baier
This was the most interesting talk of the day, though there wasn’t much in terms of new APIs in this area in CLR 4.
The first half presentation covered the major change. Whereas the existing version 2 Code Access Security covers both security policy and enforcement, in CLR 4 the policy is being left up to the hosting application, rather than having it be the responsibility of the CLR. The existing policy API is hard to configure and modifying it is hard as it is tricky to predict the effects of a small policy change. Hosting applications will now be expected to use the sandboxing APIs (which were introduced in CLR 2) to configure a number of assemblies to run in full trust and another set of assemblies that will run with a given permission set active. Of course, there now needs to be a means for allowing calls between untrusted and fully trusted code – by default such calls are disallowed. This is achieved by putting code into three sets – Critical (full trust), Transparent (limited trust) and a middle layer of SafeCritical code. Critical code can only be called via this third layer which acts as the gateway into the full trust area, and it is this gateway code that needs to be audited for security. This post covers more of the details.
The second part of the talk covered WIF, WIndows Identity Foundation, the new claims based authorisation system. From the perspective of the CLR, this involves the introduction of two new types IClaimsPrincipal and IClaimsIdentity which have IIdentiyy and and IPrincipal as supertypes. Microsoft have recently published a free book on claims based identity and access control here.
All things considered, this was a really interesting day of talks and well worth attending.