MongoDB vs. SQL Server 2008: A .NET Developer’s Perspective

One of the first projects I put together this year was Captain Obvious, a nifty little application that runs off of AppHarbor and ASP.NET MVC3. What made Captain Obvious special for me was that it was my first time using something other than a relational database[footnote: typically I’ve only used SQL Server / MySQL in the past] in production – I chose MongoDB because it stands out to me as a lightweight, easy-to-work with store that’s easier to use for most CRUD applications. Since then I’ve gone on to build other projects which depend on Mongo.

What I’ve learned since is that MongoDB and SQL Server are tools that aren’t 100% interchangeable and are more situational than dogmatists make them out to be.

My goal in writing this is to help inform you on how you should decide to judge these two technologies as options for...

Read More

How to Securely Verify and Validate Image Uploads in ASP.NET and ASP.NET MVC

One of the more interesting things I had to do as part of building XAPFest was handle bulk image uploads for screenshots for applications and user / app icons. Most of the challenges here are UI-centric ones (which I resolved using jQuery File-Upload) but the one security challenge that remains outstanding is ensuring that the content uploaded to your servers is safe for your users to consume.

Fortunately this problem isn't too hard to solve and doesn't require much code in C#.

Flawed Approaches to Verifying Image Uploads

Here's what I usually see when developers try to allow only web-friendly image uploads:

  1. File extension validation (i.e. only allow images with .png, .jp[e]g, and .gif to be uploaded) and
  2. MIME type validation.

So what's wrong with these techniques? The issue is that both the file extension and MIME type can be spoofed, so there's no guarantee that...

Read More

How I Built CaptainObvio.us

Captain Obvio.us - a place to share ideasI made a tiny splash on Hacker News a month ago when I asked for feedback on my newest side project, CaptainObvio.us – a simple portal for sharing ideas and soliciting feedback from a community of peers. The idea was popular and I’ve received a ton of feedback – I’ve implemented most of the Hacker News community’s suggestions but haven’t had the chance to do another round of customer development.

What I wanted to share in this blog post was some of the secret sauce I used for creating CaptainObvio.us – I originally created it mostly to learn MongoDB, and learned way more than that along the way.

Webstack: ASP.NET MVC3 on AppHarbor

I used ASP.NET MVC3 as my webstack of...

Read More

Announcing XAPFest – A Massive Windows Phone 7 Hackathon in Santa Monica, CA on June 4th 2011

xapfest_black_logoI am pleased to announce something very exciting that Microsoft is doing in my neighborhood of Santa Monica, California: we’re putting together XAPFest, a massive Windows Phone 7 hackathon aimed to bring together startups and mobile developers of all skill levels for a day of creativity and competition.

XAPFest is going down on Saturday, June 4th at the Loews Santa Monica Beach Hotel (directions) – doors open at 9:00am and will close at approximately 10:00pm. There will be opportunities for individuals and teams of developers to win prizes, eat great food, and have fun hacking down by the beach.

XAPFest is free to attend, and anyone can register for XAPFest if they wish to participate.

...

Read More

Geolocation Services and Bing Maps in Windows Phone 7

Tonight I gave a brief talk to WinMo LA about using Geolocation Services and Bing Maps on Windows Phone 7. I mostly covered the APIs and controls that developers can use in the current Windows Phone SDK, the steps developers need to take in order to protect a user's data, and some of the future things that are changing in Mango for Windows Phone 7 developers.

Source Code for Demos:

  1. Bing Maps WP7 Demo [Github]
  2. Geolocation WP7...

    Read More

Having Network Connectivity Issues with the Windows Phone 7 Emulator?

I spent about three hours banging my head against the wall trying to figure out why my browser could connect to the Internet but the Windows Phone 7 emulator couldn’t, and if you find yourself in the same boat as me I thought I would spare you the trouble.

Are you seeing something like this when you try to pull up a web page in IE on the emulator?

image

If that’s the case, then you’re having network connectivity issues specific to the Windows Phone 7 emulator. There’s a guide to troubleshooting Windows Phone 7 emulator issues on MSDN, and it speaks to the root of the issue: your HTTP proxy settings.

If you’re like me, you like using Fiddler for testing network I/O when you’re trying to connect...

Read More

How to Create a Twitter @Anywhere ActionFilter in ASP.NET MVC

My newest project, Captain Obvious, got a fair amount of attention this week when it landed on the front page of Hacker News – one of the key features that makes the first version of Captain Obvious tick is Twitter @Anywhere integration.

Twitter @Anywhere is brand new and there isn’t much developer documentation for it – the way to think about Twitter @Anywhere is as a Javascript platform that allows you to outsource user authentication and registration to Twitter’s servers, and in exchange you get less hassle but also less intimate access to your user’s accounts.

One of the key features to integrating Twitter @Anywhere users with your ASP.NET MVC site is reading the cookie that Twitter sets after users have authenticated – this cookie contains two parts:

  1. The Twitter user’s unique ID, an integer representing their unique account (because remember – Twitter users can change their...

    Read More

8 Lessons Learned from Startup Weekend

I imagewanted to post this the morning after Startup Weekend Los Angeles concluded in late February, but due to the fact that I along with half my team (Minboxed) came down with the flu the following morning, I postponed this for long than I would have liked.

Startup Weekend Los Angeles stands out among other Startup Weekends in that each one of these events have produced real companies like Vol.ly, Foodme, Ming.ly, and Zaarly – who took first place in this very Startup Weekend and recently closed a $1m dollar round of funding and soft-launched at SXSW (great job, guys!)

The quality bar for talent is high and the judges are terrific – this year we...

Read More

ASP.NET MVC3 / Razor: How to Get Just the Uri for an Action Method

I normally wouldn’t post something this small to my blog, but this issue bothered me so much when I was working on some Twitter @Anywhere + jQuery integration in ASP.NET MVC3 that I couldn’t help but share it.

Issue: You’re using ASP.NET MVC3 and want to be able to place a relative Uri for one of your ASP.NET MVC controller’s action methods in a block of JavaScript or anywhere else, and you want to be able to do it without having to parse it out of an Html.ActionLink output or anything else. What built-in helper method do you use?

Solution: The answer is that you use the Url.Action method, which yields a relative Uri, as you’d expect.

Observe the code below:

Quick and Dirty Feed Parser 1.0 Released!

Without further adieu, it’s my pleasure to announce that the full 1.0 release of Quick and Dirty Feed Parser is now available to download on Codeplex.

Here are the main reasons why you should care about Quick and Dirty Feed Parser 1.01:

  1. Works on Windows Phone 7 and Silverlight 4;
  2. All IFeed objects now consume substantially less memory on average;
  3. All IFeed objects are now serializable;
  4. All IFeedFactory objects now support DI for injecting your own feed parsers; and
  5. Added an IsolatedStorageFeedFactory for working with RSS / Atom feeds in IS for all Silverlight and Windows Phone 7 developers.

Making QD Feed Parser run on Windows Phone 7 took some work – I had to rewrite the entire parsing library using LINQ-to-XML instead of XPath, but it was well worth it. The LINQ parser is now used by default in all IFeedFactory instances, but you can inject...

Read More

P.S. Get the latest from Aaronontheweb

Have my most recent essays and articles delivered directly to your mailbox.