Category Archives: Technology

iPhone and iPad Security

Thanks to everyone that attended my April WebCast on iPhone and iPad Security. 

“Your organization is starting to rely on iPhone and iPad devices to do business.  But how secure are these devices, especially in an enterprise setting?  How do you apply policy to the device?  What security considerations should you be thinking about in your own applications?  And what happens when people in your organization "jailbreak" a device?”

This was a fun presentation to put together, covering many aspects of security from policy, data protection, network, and application security.

You can view the recording here, or browse through the slides on slideshare below. 

Targeting iPhone, iPad, and Android – WebCast Recording

Thanks to all that attended the Neudesic Mobility Webcast this morning on “Building solutions on the Microsoft platform that target iPhone, iPad, and Android devices”.  It was fun to put together, and even though we went over time, the feedback was great.

For those that couldn’t make it, we’ve posted the recording of the session, together with the slides below.  Hope you enjoy the material!

Getting Authentication Working with WCF and WP7

Although Windows Phone 7 (WP7) has support for a Windows Communication Foundation (WCF) client, connecting to Web services that require authentication can be a little quirky. 

After working on a project over the holidays putting together a WP7 client to connect to a Web service requiring authentication, this is what I found:

1.  NTLM/Kerberos is a no go…

As of today, the WCF client on WP7 does not support NTLM or Kerberos authentication.  If you are accessing Web services from a device, you’ll want to make sure that the your server  is setup to handle Basic authentication (preferably over SSL).

2.  And even Basic authentication needs a helping hand…

Even with Basic authentication enabled on the server, I was noticing that the client was still not sending the right HTTP headers – even when setting the ClientCredentials property on the client and playing with the config file.  No matter what I tried, I couldn’t get it to work.

To overcome this however, you can force the Basic authentication details to be written as part of the request header.  To do this, first create a method that generates a UTF8 encoded string for your domain, username, and password:

public static string GetCredentials(string domain, string username, string password)

return Convert.ToBase64String(Encoding.UTF8.GetBytes(String.Format(@"{0}{1}:{2}",domain,username,password)));      

Then, you’ll need to create a new property with your credentials:

HttpRequestMessageProperty request = new HttpRequestMessageProperty(); request.Headers[System.Net.HttpRequestHeader.Authorization] = "Basic " + GetCredentials;

Finally, add the header to your outgoing request:

OperationContextScope clientScope = new OperationContextScope(client.InnerChannel); OperationContext.Current.OutgoingMessageProperties.Add(HttpRequestMessageProperty.Name, request);

(in the above client is your service reference)

And voila!  You should now have Basic authentication headers as part of your client requests, and you can access username/password protected Web services from your WP7 device!

One final tip – during all of this you will likely need to use a tool like Fiddler to trace your requests and responses from the device.  If you are having troubles getting Fiddler working with the WP7 emulator, here is a great post that outlines what to do.

Feeling the Pulse at Neudesic!

I’ve just passed the two week mark here at Neudesic. As anyone who has changed companies knows, getting up to speed with the internal workings of a new organization can be like drinking from a firehose!

One of the most interesting things I’ve come across to date is an application called Pulse.


In essence, Pulse is Facebook for the enterprise. If you’ve ever used Facebook or another social networking site, the feeds, profiles, walls, likes, follows, etc. will all feel very similar.

One of the main differences however is that because the social network is inside the walls of an enterprise, the possibilities for extending become so much more interesting. Not only can you “friend” other colleagues, but you can also “friend” systems. Like to know when business is won or lost? “Friend” the CRM system, and if someone updates an opportunity, you get a pulse notification. Similarly, if someone joins or leaves the company, the HR system “pulses” about the change. Are the IT Systems going down for routine maintenance? You’ve guessed it… another pulse! I’m sure there are many additional directions that this could be taken – just think of the countless internal systems that we habitually visit every day. What if each of them could send push notifications into a central social network?

Another feature of Pulse is the ability to converse on external feeds. Pulse can monitor external feeds (anything exposed through RSS or ATOM) and bring them within the walls of the company. The beauty here is not the ability just to subscribe to this external information, but the ability to comment on these within the organization. For example, last week, a few colleagues and I were chatting about a post on Engadget. Rather than the “old way” where someone forwards the link via email to a closed group of people, we were discussing this via a thread in Pulse. Not only does this allow the topic to be shared with others, but it also makes it available for future subscribers to find. If someone new joins the company and subscribes to the Engadget feed via Pulse, they can discover the exact internal conversation that happened around that post. This is something that would be near impossible to do with email.

Of course, my favorite feature of Pulse has to be the mobile client. Our product team has done a phenomenal job publishing clients for iOS, Android, Blackberry, and will have a WP7 version available very soon.


Finally, you may be interested to know that Pulse is not only an internal system here at Neudesic, but is a commercial product that can be used for organizations of all sizes – from a few users to tens of thousands.

If you are interested in learning more, I would recommend going to this site – alternatively just drop me a line, and I’ll connect you with the right people!

Test Driven Development (TDD) and Windows Phone 7

Kylen, my 6 year old son, is really into world flags. At home we have a sheet of around 200 flags from across the globe, and he’s pretty close at reciting all of them (and certainly much better than Mom and Dad!).

Spending a couple of hours over labor day last month, I set myself a task of building a “Flag Matching” application for Windows Phone 7 (WP7). My goal was twofold: Build a simple application that he can use (and that I can offer on the marketplace), and at the same time, look into some of the TDD best practices for developing a WP7 application.

imageThe application itself is simple enough. As shown above, the player gets presented with a picture of a flag, and four possible countries (of which only one is correct). A game consists of 20 flags, and the application maintains a high score table.

During development of the application, this is what I found:

1. Setting up TDD for Windows Phone 7

As a new developer for Windows Phone 7, one of the first things you’ll quickly discover is that there is no option for a test project within the IDE. After creating a WP7 solution, I searched for the “WP7 Test Project” template, but to no avail…

imageA quick search on the Web will offer up a few alternatives and chances are, you’ll quickly reach Jeff Wilcox’s session on Unit Testing Silverlight & Windows Phone Applications from MIX10. This is a really good session, however the recommended approach (using a Silverlight-based unit test framework) can be somewhat limited.

In my opinion, although it works well for small numbers of tests, not having unit tests outside the emulator makes it difficult for large test suites, using any continuous integration, and integrating with the IDE.

If unit tests in the emulator don’t work for you either, here’s a workaround:

In your solution, create a new project of type Windows Phone Class Library.

imageName it appropriately (I called mine FlagMatch.Test) and include a reference to the original Windows Phone project (FlagMatch). Add the NUnit unit test framework library as a reference (I’m using v2.0.50727) and write your tests as you normally would (of course, specific to the NUnit syntax).

public class FlagModelTests
    public void TestFourRandomFlags_AllUnique()
        Assert.AreEqual(4, Flag.FourRandom.GroupBy(f => f.Name).Select(f => f).Count());

Once you have a set of tests, you can then integrate these within Visual Studio. I’ve had reasonable luck with Visual NUnit, a free IDE plug in that works well with many versions of Visual Studio.

imageAlternatively, if you use ReSharper, you’ll find that their IDE integration works great also.

imageMy preference is to use ReSharper as it works well with with another JetBrains product called dotCover – for which you can use to analyze test code coverage in your Windows Phone application.

Although you’ll find the majority of your unit tests will work great, you may well come across some strange errors. Most of these will be related to operations on the phone that cannot be replicated outside the emulator. For example, accessing isolated storage or referring to embedded resources/images as part of the project works well within the emulator, but not so much from a class library.

To get around this, you’ll need to create some mock objects to handle these operations. In my test project, I have a MockStorageProvider that I use in place of calls to isolated storage:

public void TestResumeButton_NotVisibleOnStartup()
    MainViewModel viewModel = new MainViewModel(new MockStorageProvider());
    Assert.AreEqual(Visibility.Collapsed, viewModel.ResumeGameButtonVisibility);

As you can see, I pass the mock object to the view model (more on this in the next section) as an optional constructor parameter. All storage operations then use this MockStorageProvider instead of writing to isolated storage (which would have generated an exception during the tests). This also has the advantage that I can add additional tests within the mock object to ensure that the storage provider is being called correctly from the application.

2. Using MVVM with WP7

For anyone with experience of testing Silverlight projects, you’ll know that although XAML provides a code separation layer, testing parts of the UI (e.g. actions when a button is pressed) can still be difficult. This can be overcome by using a pattern called MVVM (Model View ViewModel). I’m not going to go into the details of MVVM here (there are plenty of other resources that do a great job) other than to say it can be used for WP7 applications with a little tweaking. The core reason is that WP7 is based largely on the SL3 codebase, which does not contain a complete commanding event model.

There are a couple of approaches in order to get MVVM working on WP7. The first would be to reuse one of the existing samples/libraries available today. Your mileage may vary (as I found some were designed for pre-RTM versions), although I’ve heard good reviews about Laurent Bugnion’s MVVMLite project.

If instead you’d like to learn how implement this yourself, here is how I achieved it:

First, you should create a view model base. Assuming you are going to have multiple view models (I ended up with one per page), it’s a good idea.

public class ViewModelBase : INotifyPropertyChanged
    public event PropertyChangedEventHandler PropertyChanged;

    public void NotifyPropertyChanged(String propertyName)
        if (PropertyChanged != null)
            PropertyChanged(this, new PropertyChangedEventArgs(propertyName));

Next, create your view model, inheriting from ViewModelBase.

public class MainViewModel : ViewModelBase
    public string NewGameButtonTitle
        get { return AppResources.NewGameButtonTitle; }

    public NewGameCommand NewGameButton
            return new NewGameCommand();

For the purposes of this sample code, let’s imagine that we have a single page with a “New Game” button. As you can see above, the view model contains two properties – one for the title of the button, the second for the command that this button will be bound to.

In order to implement the commands, you’ll need a couple of things. The first is a command service:

public static class CommandService
    private static readonly DependencyProperty _commandProperty;

    static CommandService()
        _commandProperty = DependencyProperty.RegisterAttached("Command", typeof(ICommand), typeof(CommandService),
        new PropertyMetadata(OnCommandChanged));

    public static ICommand GetCommand(DependencyObject dependencyObject)
        return (ICommand)dependencyObject.GetValue(_commandProperty);

    public static void SetCommand(DependencyObject dependencyObject, ICommand value)
        dependencyObject.SetValue(_commandProperty, value);

    private static void OnCommandChanged(DependencyObject dependencyObject, DependencyPropertyChangedEventArgs dpceArgs)
        if (dependencyObject is Button)
            string parameter = dependencyObject.GetValue(_commandProperty).ToString();
            Button button = (Button)dependencyObject;
            ICommand command = (ICommand)dpceArgs.NewValue;
            button.Click += delegate(object sender, RoutedEventArgs arg) { command.Execute(parameter); };

There are a good number of examples of this around (just search for MVVM) – this one I found in a great post from the Coding Solutions blog.

After this, you’ll need to create event handlers. Here’s a simple handler for when the new button is pressed.

public class CommandEvents
    public static EventHandler NewGameButtonPressed;

Your command itself simply implements the ICommand interface:

public class NewGameCommand : ICommand
    public NewGameCommand()

    public bool CanExecute(object parameter)
        return true;

    public event EventHandler CanExecuteChanged;

    public void Execute(object parameter)
        if (this.CanExecute(null))
            if (CommandEvents.NewGameButtonPressed != null)
                CommandEvents.NewGameButtonPressed(this, new EventArgs());

With all these in place, you can now bind the command to the actual button in your XAML file. On your XAML page, you’ll need to add the following namespace:


And on the button itself, simply bind to the command using the following:

button name="button1" margin="134,505,0,0" verticalalignment="Top" commands:commandservice.command="{Binding Path=NewGameButton}" content="{Binding NewGameButtonTitle}" height="72" horizontalalignment="Left" width="227"

Notice how the content of the button is bound to the NewGameButtonTitle in the view model, and the command is bound to the NewGameButton command. More importantly, notice also how there are no traditional event handlers needed here.

The final piece of the puzzle is to register the view model and the button event handler in the XAML code behind. To do this, in the code behind, we create an instance of the view model:

private readonly MainViewModel _mainViewModel = new MainViewModel();

Then in the constructor, bind the view model to the datacontext and register the button event handler.

LayoutRoot.DataContext = _mainViewModel;

CommandEvents.NewGameButtonPressed += new EventHandler(StartGame);

The StartGame method simply performs a navigate action for us. This is something that just can’t be moved into the view model.

private void StartGame(object sender, EventArgs e)
    NavigationService.Navigate(new Uri("/GamePage.xaml", UriKind.Relative));

Other than that, there is no additional UI logic required in code behind – which means for a slightly more complex implementation, but one that provides great test coverage.

A final point worth noting is designer support. As you start building out controls using the MVVM paradigm, you’ll likely find that the designer ends up being difficult to use.

imageBecause we are binding content directly to the view model, the designer doesn’t know where to pick up values to be shown at design time. Fortunately, there is a way around this. Simply add a reference to the view model in your App.xaml file:

Rebuild the project, and you’ll see that the designer picks up the default values from a instance of the view model class:

image3. Localization and MVVM

Finally, I wanted to make sure that my MVVM model could be used for multiple languages.

You may have noticed that in the previous code sample, the title of the button is returned as AppResources.NewGameButtonTitle (instead of returning “New Game”).

public string NewGameButtonTitle
    get { return AppResources.NewGameButtonTitle; }

This is to make localization easy (well… easier!). Under my Locales namespace there are two files:

imageAppResources.resx is a resource file that contains default (in my case English) string values. In there, you’ll find that NewGameButtonTitle refers to a string called “New Game”.

As you may have guessed, is the Spanish version of this resource file. In there, you’ll find that NewGameButtonTitle refers to a string called “Nuevo Juego”

In order to enable the Spanish localized version, we need to do a few things:

Firstly, create separate resource files for all your languages, using the AppResources.[lang].resx format as stated above.

Next, in the .resx file, ensure that the access modifier is set to public.

image(Otherwise, you’ll find that it just doesn’t offer the localized version).

Them edit your .csproj file outside Visual Studio (using Notepad or similar). Add the supported country code in the SupportedCultures tag.


Save the file and reload the project in Visual Studio.

Once this is done, deploy the application to the emulator, and set the language of the emulator appropriately (Settings / Region and Language / Display Language). The emulator will restart.

Finally, test your application. You should find that the new language strings are now used:

image(My Spanish isn’t that good, so apologies for any mistakes above!).

One word of caution: The testing process on the Windows Phone Marketplace is strict when it comes to supporting multiple languages. If you submit an application that supports multiple languages, you really need to make sure that all strings are localized (and you provide localized screenshots and product descriptions) in order to pass the testing certification.

*** Update: I’ve recently moved the source code for the project – you can now find it on ***

Speaking at JavaOne 2010!

I recently found out that I will be speaking at JavaOne again this year!  I’ll be participating on a quick-fire demo panel called Taking Java to the Sky:  Cloud Computing 2010 Expert Panel together with representatives from Oracle, Salesforce, and Amazon.  Raghavan Srinivas will again be doing a wonderful job by moderating the session, and you can find the details by looking up code S313962 – it will be on Monday 20th at 11.30am.

JavaOne is one of my favorite conferences, so I’m really looking forward to returning this year.  Although I spoke last year, my favorite JavaOne was in 2005, where my session on Advanced Web Services Interoperability (co-presented with Raghavan) was one of the top ten of the conference!  I have a beautiful glass trophy with a Java logo in my office – quite a rarity on the Microsoft campus!

File:Duke Wave.png

Cloud Computing Interoperability

Over the past few weeks I’ve been working with Jean Paoli’s team at Microsoft to create an application that runs across multiple cloud vendors.  Jean’s team has been working on a number of SDKs for PHP and Java, and I wanted to create a sample that demonstrated all of them working together.

The result is a small application that calculates every prime number between 1 and 10,000,000 in a minute or less, with the calculation performed by a set of PHP pages running on Windows Azure, a Java Servlet running on Google AppEngine, and an ASP.NET application running on Amazon EC2.  All of the results are stored in a central SQL Azure database, and I used the .NET Service Bus to coordinate messages across the three cloud applications.

I presented this for the first time at TechEd Europe last week in Berlin and this week at QCon in San Francisco.  Both presentations seemed to strike a chord with the audience, especially the attendees looking for how interoperability works in the cloud.

For those that weren’t able to make it to my sessions, I’ve recorded a short screencast of the demo in action – you can find it here

If you are after more information, here you can find a longer (50 minute) screencast that goes into the details of how this works.

Online Talks from TechEd 2009

Just before heading home from TechEd 2009 in LA, I recorded a couple of online interviews, which are now available:

Patterns for Moving to the Cloud:  Recorded with Denny Boynton, host of ARCast, we chat about where applications live, and what applications make sense for the cloud.  We also cover a set of patterns that was shown in my previous session.

Demystifying the Cloud:  In this talk, I chat with Kevin Remde on what cloud computing means for IT managers, and some of the considerations for moving applications to the cloud.

These were fun to put together; hope you find them useful. 

Slides from TechEd 2009

Today is my last day at TechEd 2009 in LA, and as promised, I’ve uploaded the presentations from the three talks that I’ve given this week.  Thanks again to everyone that attended my talks, and I really enjoyed speaking with many of you after the presentations. 

PRC02 – Demystifying the Cloud

This is the presentation that I gave as part of the architecture preconference on Sunday 10th.  It’s a high level look at cloud computing and covers the definition of running applications on premise, in a hosted environment, and in the cloud, together with many of the considerations for doing so. 


Click here to view the presentation on SlideShare.

Click here to download the presentation.

ISB204 – Impact of the Cloud for IT Managers

This presentation was delivered on Monday at 4.30pm and covers much of the pre-conference material from PRC02, but through the eyes of an IT Manager.  When I was putting the decks together I realized that there were many common concerns shared between the IT Manager (from an operations perspective) and the IT Architect (from a design perspective), in which I try to surface in this deck.


Click here to view the presentation on SlideShare.

Click here to download the presentation.

ARC308 – Patterns for Moving to the Cloud

This is my presentation from Tuesday at 8.30am that covered a series of patterns for moving to the cloud.  In this presentation I look at the differences between on premise, hosted, and the cloud, describe some applications that you may find running on premise in a large organization, and then cover five patterns for running these applications in the cloud.  The patterns I cover are:  Transference – moving applications from on premise to the cloud, Scalable Web / Multi Tenancy – cloud application that can scale on the web front end, Burst Compute – cloud applications that have the ability to dial up / dial down compute resources as necessary, Elastic Storage – looking at how the cloud can provide for storage that can grow on demand, and Inter-Org Communications – sharing how part of the cloud can be used to connect multiple organizations through a service bus and workflow.

As you can imagine, with the space being so new, these are not a definitive or exhaustive list of all patterns for cloud computing, but I hope they were useful in introducing the different types of applications running in the cloud.


Click here to view the presentation on SlideShare.

Click here to download the presentation.

I believe two of the three sessions (ISB204 and ARC308) were also recorded and will be online soon.  Once I get hold of them, I’ll update with the link.

Using SketchFlow to Create Better Prototypes

I recently put together this article for InfoQ on using SketchFlow to create better prototypes. 

In case you haven’t run across it yet, SketchFlow is a feature of Microsoft Expression 3, announced during the MIX09 conference in March this year.  In this article I cover the importance of prototyping (I’ve often said that we don’t do enough prototyping in IT), and take the reader on a walkthrough of using SketchFlow to build a prototype shopping store for InfoQ.

Hope you enjoy the article – feedback always welcomed!