Category Archives: Performance

Programming performance related topics including compile time, database level and run time related issues.

Exchange Web Services Notifications

Something that I have always enjoyed working with is the exchange web services notifications engine.  This process not only allows you to jump in and fetch information from exchange through the exchange web services but it also gives you a nice subscriber model for responding to any exchange events.  This includes things like emails being received in a specified folder, or calendar entry changes, etc.  What I would like to show you is a quick overview of how the exchange notifications can be grabbed and utilized for whatever you so desire.  In my specific example I am grabbing email notifications and handling them with some business logic to assign them to cases in a help desk system.

Exchange Web Services Notifications – Fetching an event

Our first step is to create an exchange web service object that holds the URL to our service:

Dim excExchangeService As New ExchangeService(ExchangeVersion.Exchange2010)
excExchangeService = New ExchangeService(ExchangeVersion.Exchange2010)
excExchangeService.Url = New Uri(_mExchangeURL)

At this point we subscribe to the event that we awant to grab, and run a loop to hit it until we have events:

While True
    gerResult = plsSubscription.GetEvents()
    For Each ntfEvent As NotificationEvent In gerResult.AllEvents
      If TypeOf ntfEvent Is ItemEvent Then
        ..Handle notification event
      End If
  Loop While plsSubscription.MoreEventsAvailable
End While

Exchange Web Services Notifications – What do I do with an item once I have it?

Each event will be typed as either an item type specific to the folder or location that you setup your pull to pull from. In my specific example I setup a few timers to listen to email boxes and waited for the events to come in. When they come in I get an email item so I call the EmailMessage.Bind method to bind an Email object and read some information about the email.

A big push in .NET and software development in general is to move away from a service based process that reads every 5 minutes and sends updates and move into more of a reactionary event driven approach.  This is the best of both worlds, as you do not have to have an event driven model but at the same time your timer is not reading every certain time period and pulling in information.  By providing a real-time system that reacts to events we can tightly integrate our applications with the exchange processes.

Exchange Web Services Notifications provides not only a place for you to hook into great events from the exchange process, but an excellent object model for retrieving any information you need about exchange.

.NET Applications on Linux

Well, what a touchy subject this might be to some people.  I have always seen the battle go back and forth between Windows, Macintosh and Linux.  Windows being a middle-tier price range which excellent performance, Macintosh being the high end simply from marketing and Linux being the low end cost point which the most potential.  The problem I have always seen is that Microsoft holds the middle share which is always the most used share.   I have been a Microsoft developer for my entire career and I love it to death, but the power behind a Linux machine is starting to become hard to ignore.  Recently I ran into a project that was faced with spending 100 hours developing a communication platform for a piece of software or somehow getting .NET hooked into a Linux server.

Of course we went both routes as with any project whichever option is the best is the choice, but something has to work.  I came across this plugin for Apache and Linux called Mono.  Mono is a plugin/server application that lets you run ASP.NET applications on your Linux server native.  You do not have to get pushed to another server or lose your performance, you simply install the package and configure it in Apache and you are up and running.  To start, here is the mono website for you to check out and hopefully spread out through all of your Linux servers:

Hopefully you all install it and configure it so when I come through I can install my applications on your server and be just fine and dandy, if you don’t I will no doubt make you do it :)  There is a set of install instructions for each server type including Mac servers as well as CentOS, Ubuntu, Debian, etc.  Mostly it seems to just be a package installation through w-get or whatever your package flavor is.  After configuration you can use this site to configure virtual directories:

The nice thing about this configuration generator is that you can create a separate config file for each virtual directory and include them in your base httpd config file under each virtual host settings section.  It is almost exactly like creating virtual applications in IIS and the performance is for the most part the same.  From what I have seen this far, .NET 4.0 is supported as well as AJAX, and I am hoping to see some more stuff go into the project to make it a viable option for hosting .NET applications.  Cheers!

Drawing with the Canvas object in Android

When writing an Android game one of the first things I had to start looking at is the methods provided for drawing. Being that I had no real purpose for developing a 3D game, I decided to go 2D. There are many things that a bitmap can do for you in regards to saving you development time, but the game platform that I am pursuing next did much better with mathematical drawing.

This brought me to searching out the object that I would use to display colorful shapes that I chose at specific window positions. The first object I have come across to do this is the Canvas. A Canvas can be accessed by overriding the OnDraw method of the Android View object. A View is an object that you place in your layout to indicate UI functionality. While there are many methods in the Canvas that work well for drawing, I focused in on two of them which were drawLine and drawRectangle.

In my example I went through a few iterations to figure out screen width and what I should do with it, but ultimately I started focusing in on using a percentage of the screen with as opposed to using hard coded numbers, as it scales better on landscape mode if you go back and forth between portrait. Ultimately I came up with a method that looks like this to draw a block on my game:

GamePieceBlock block = m_BoardBlocks.get(i);
blockLeftSide = leftSide + (width / m_PiecesWide) * block.getXPosition();
blockRightSide = blockLeftSide + (width / m_PiecesWide);
Paint pnt = new Paint();

blockBottomSide = bottomSide - (height / m_PiecesTall) * block.getYPosition();
blockTopSide = blockBottomSide - (height / m_PiecesTall);

m_Canvas.drawRect(blockLeftSide, blockTopSide, blockRightSide, blockBottomSide, pnt);

This method draws a solid block of color at the position that I calculated.  To get the m_Canvas instance I set it in my onDraw method and then call down to my game methods to draw the object on the canvas.  The other method that I use is the drawLine method which looks like this:

m_Canvas.drawLine(rightSide, bottomSide, rightSide, topSide, boardPaint);
m_Canvas.drawLine(rightSide + 1, bottomSide, rightSide + 1, topSide, boardPaint);

Prevent SQL Injection Attack With .NET

There has been a large stir recently with how to prevent SQL injection attacks with .NET.  Huge rumors are flying about viruses because of the nuclear incident that happened in Iran.  Just to be clear, regardless of how secure any site is there is a likelihood that you can be hacked.  The best we can do is prevent as much as possible so that it takes someone who is really good to do it.  At that point you are dealing with a security expert and likely they will just want you to pay them for the information.  Back on to the subject, to solve our security problem we must first ask ourselves, what is a SQL injection?  SQL injections are a trick that hackers use to execute malicious SQL scripts on your server.

Our main goal is not to take away functionality, but to prevent SQL injection attacks

Let’s say you have a login form, and you ask for a username and password.  You have a text box bound to both fields and when they hit a Login button your form code selects from the user table where user name is equal to the User text box.  The SQL might look something like this:

SELECT UserId, UserName,Password FROM Users
WHERE UserName = '" + txtUserName.Text + "'

prevent sql injection attacks
This is where a hacker can come in and where we need to prevent SQL injection attacks.  The user name a hacker would fill out would be something like this:

'; DROP DATABASE myWebApp --

When your code executes it will send a drop database command to your server destroying all of your data.  This is likely not the intent of the hacker as they would much rather send a command to validate their password or fetch data but the goal here is to prevent SQL injection.  Here are the three big steps to prevent SQL injection attacks:

Three methods to prevent SQL injection attacks with .NET

Validate your data

The first step in a SQL injection attack is to know what the developer is expecting to happen with a field and exploit it.  In reverse, the first step to prevent SQL injection attacks is to know what a hacker intends to do with a field and prevent it.  This will involve checking that your text received is the right length, scrubbing for invalid characters and make a decent attempt at stripping out dangerous SQL commands or throwing back errors if you find anything.

Use SQL Stored Procedures

Stored procedures are the next great .NET tool, because a parameter passed through a stored procedure command is sent as literal text as opposed to executed with a command.  While converting your commands to a stored procedure does not prevent SQL injection attacks it does give you an additional security layer in case the injection makes it through and is targeting specific commands.

Use Parameters with Dynamic SQL

Another way to prevent SQL injection attacks is to embed your input from forms as parameters as opposed to injecting them directly into the statement.  This can be done simply by using an @ sign as a parameter in your statement and appending a parameter to your command object.  This looks something like this:

SqlDataAdapter saoSqlAdapter = new SqlDataAdapter(
         "SELECT UserName, UserId, Password FROM Users WHERE UserName = @userName",
  myCommand.SelectCommand.Parameters.Add("@userName", SqlDbType.VarChar, 50);
  myCommand.SelectCommand.Parameters["@userName"].Value = txtUserName.Text;

Other methods to prevent SQL injection attacks

After working these three methods you should be able to prevent SQL injection attacks from mostly all attackers, if you need more information on how to prevent SQL injection attacks check out how to prevent sql injection attacks on MSN.