Role-Based Security Stinks: How to Implement Better Authorization in ASP.NET WebAPI
Great introduction to claims-based authorization, which is apparently going to be the norm in the future. Is a lot more granular than traditional role-based authorization Roles are binary- a user is either in the role (and has its inherent rights) or they're not. With claims a user can be in a role, but only in certain circumstances. For example, a manager can see personnel information only for her employees, but not everyone in the organization. Need to learn about Windows Identity Foundation.
DI Why? Getting a Grip on Dependency Injection
Jeremy Clark is a great speaker and I highly recommend attending his sessions if you ever have the chance. This was a good into to Dependency Injection, which is a design pattern that lets you assign dependency objects at runtime. I don't really have my head around it, but I realize that I need to because it is very closely related to unit testing. Jeremy has a Pluralsight course on the subject that I plan on taking as soon as possible.
User Experience Case Studies - Good and Bad
In the past year or so Billy Hollis has really changed my attitude about UX. It had never really been my interest or forte- I've been a middleware and database guy most of my career. But reading/hearing Billy in blogs and podcasts, seeing the WPF applications he has built, and now seeing him live has been very inspirational. He gave a great overview of US design laws and principles where were new to me, like:
- Hicks Law- Increasing the number of choices will increase decision time
- Fits Law- The closer and bigger something is, the easier & faster it is to get to it.
Exceptional Development: Dealing with Exceptions in .NET
There were three great sessions in this time slot: this one, a Billy Hollis talk on building Windows 10 apps, and a Jeremy Clark talk on clean code. Unfortunately there's only one of me and I chose this one.
Very enlightening- the presenter's recommendations flew in the face of the way I've been handling exceptions most of my career. Basically, don't bother handling exceptions unless you can recover from them. For example, if the app needs to send an email but can't connect to the email server, put the email in a queue and try again later. Otherwise if the exception is bad enough for the app to die, let it die. However, when exceptions occur a much information about them needs to be captured and logged. The presenter discussed various ways to do this in WPF (Windows/UWP apps) and web apps.
Very enlightening- the presenter's recommendations flew in the face of the way I've been handling exceptions most of my career. Basically, don't bother handling exceptions unless you can recover from them. For example, if the app needs to send an email but can't connect to the email server, put the email in a queue and try again later. Otherwise if the exception is bad enough for the app to die, let it die. However, when exceptions occur a much information about them needs to be captured and logged. The presenter discussed various ways to do this in WPF (Windows/UWP apps) and web apps.
Windows 10 Design Guideline Essentials
Another case of multiple sessions I really wanted to attended in the same time slot. I wish some of these would have been Wednesday afternoon where there wouldn't have been as much of a conflict for me.
Most of what was discussed was probably common sense to anyone with a design background, but it as new and interesting to me-
Most of what was discussed was probably common sense to anyone with a design background, but it as new and interesting to me-
- group related things to gather visually
- rounded things look more pleasant
- larger buttons draw attention
- less clutter is calming, try to make layouts open and not as crowded
Overall thought about the conference
A massive amount of great information to take in in a short amount of time. I highly recommend attending if you're in the .NET space.
No comments:
Post a Comment