Skip to main content


Showing posts from December, 2012

WinForms, paging the DataGridView the right way

I know this may sound like old history, but in the enterprise world there is still a lot of WinForms development. Just a couple of days ago, I had to implement a custom DataGridView capable to work over a butt load of data (100K+ records) and keep responses times acceptables. I thought paging will be a good way to go, and as WinForms is pretty old nowadays, I supposed it will be easy to find a couple examples on the web. While in fact I found examples, all of them were incompletes and/or they wouldn't perform well in real world apps... So I decided to roll my own component and post it online. Hopefully, someone else will find it useful ;). The bread and butter of this solution relies on LINQ and deferred execution. As LINQ takes care of all complicated work, it was quite easy to implement. This component also supports conditional format, sorting and some search capabilities, but in this post I will concentrate on paging only (I'll cover the rest of the features in f

CSFR attacks, ASP.NET MVC 4

CSRF stands for Cross Site Request Forgery and is a technique employed to fooling a website by executing commands on behalf of a trusted (authenticated) user. How it works Commonly a malicious user sends a link to another user that maybe is authenticated on the target site and uses their session to execute commands like transfer money, change the email address and stuff like that. CSRF in action This time I’ll be working on a web site that allows authenticated users buy pastries at the online store. In this case, the goal of the attacker is to get a bunch of muffins on somebody else’s Mastercard. The target site has a couple of web pages that allow users to logon, buy products and see their orders history: Before going on, something to worth to mention is that after a user is successfully authenticated to a  website, the web browser will be sending the authentication cookie on every subsequent request to the server until the session expire (usually after 2

Roslyn shopping cart DSL – Part 4

Why Source to source translation? In order to answer that question, I wanna provide some background on what are the choices that we have when building a DSL on .NET (at least the most common that I’ve used). Prior to the “magic lambda” era, there were few choices, the one I've used the most, was a hand written parser that creates syntax trees and a code generator that traverses those trees generating MSIL code using Reflection.Emit. This solution was OK but it was also a lot of work, even for a simple "Hello World DSL". It’s definitely a path I wouldn't take nowadays. When .NET 3.5 saw the light, we had more options, back then it was possible to use linq expressions to represent our programs and traverse those expressions in order to emit target code. It wasn’t  the easyest thing, but at least the days were we have to build a bunch of classes to represent or compose expressions were gone. Then we had the lambda compiler and linq statements which allowed

Roslyn shopping cart DSL – Part 3

An effective way to create a DSL is by building a thin layer that runs on top of a façade that interacts with the domain objects. This is how those components looks in the sample app of this post. In this case, the DSL only talk to the façade and the façade is in charge of talking with domains objects (or services or whatever component that goes underneath). This makes things really easy to implement and fit perfectly to work with Roslyn, because if we use the façade as the Roslyn script engine’s host object, the engine will let us access directly from our DSL syntax to any member of the façade's public API. By looking at this unit test you will see how to wire up the components, execute the DSL script and modify the order state (the domain object) right from the DSL. * If this were a real app, the order will continue with the processing pipeline. So far so good, now how to go from our DSL syntax to façade calls? * Notice that the facade exposes the