Implement a custom authentication scheme by using the System.Security.Authentication classes. (Refer System.Security.Authentication namespace)

• Authentication algorithms and SSL protocols

Another new namespace.  Not much meat there.  I think they're trying to get you to look at the AuthenticatedStream class in System.Net.Security.  Keith Brown has a good example implementation in his "The .NET Developer's Guide to Windows Security"

The algorithms that are implemented appear to be:

NegotiateStream - "Uses the Negotiate security protocol to authenticate the client."  Is there such a thing as the "Negotiate security protocol"?  I'm not finding anything on it.  Sample uses of this class appear to communicating with a server authenticating via Kerberos.

SslStream - "Provides a stream used for client-server communication that uses the Secure Socket Layer (SSL) security protocol to authenticate the server and optionally the client. "  Dominick Baier has a nice simple example.

Next up ->  Cryptography

Implement access control by using the System.Security.AccessControl classes.

• DirectorySecurity class, FileSecurity class, FileSystemSecurity class, and RegistrySecurity class
• AccessRule class
• AuthorizationRule class and AuthorizationRuleCollection class
• CommonAce class, CommonAcl class, CompoundAce class, GeneralAce class, and GeneralAcl class
• AuditRule class
• MutexSecurity class, ObjectSecurity class, and SemaphoreSecurity class

This is a completely new namespace.  The .NET framework now has direct support for reading and maintaining ACLs (Access Control Lists, or NT Permissions).  This was difficult to do previously because you had to use unmanaged calls to the Win32 subsystem.

You should probably have some rudimentary understanding of how the access control works.  Wenfeng Yao has a nice post explaining the different terms.

Rich Strahl has a good simple example of how these classes work.  Like he says, it's not to hard once you see how it's done.  There's also an informative MSDN article (based on the beta) about the Access Control objects.

DirectorySecurity class - This embodies the access and audit information for a specific directory.  Create an instance by passing in the path in the constructor. 

FileSecurity class - Same thing, but for a specific file.

RegistrySecurity class - Same thing for a registry key. 

FileSystemSecurity class - base class for both DirectorySecurity and FileSecurity.

AccessRule class - To borrow a database metaphor, this is the many to many table for security.  It combines an Identity and an AccessControlType to represent a specific permission.

AuthorizationRule class - base class of AccessRule and AuditRule.

AuthorizationRuleCollection class - collection of AuthorizationRule instances.  Typical collection, no new methods.

CommonAce class - Represents an Access Control Entry(ACE).  These objects allow you to deal directly with ACE/ACLs, whereas the Security/Rule classes provide some abtraction and validation.  "The CommonAce class represents the eight most common ACE types".  But I can't find what the eight most common ACE types are.  I looked at the class in reflector, I think they're talking about AccessAllowed, AccessDenied, SystemAudit, SystemAlarm, AccessAllowedCallback, AccessDeniedCallback, SystemAuditCallback, SystemAlarmCallback... But I'm not sure.  There are a lot of opportunities for improvement in the documentation for these classes.

CommonAcl class - Represents an Access Control List(ACL).  Meaning either SACL or DACL.

CompoundAce class - Represents a Compound ACE.  As the only member of the CompoundAceType enum is Impersonation, I'm guessing that a compound ace has something to do with Impersonation.  Looking further using reflector, it appears a CompoundAce object is created in the GenericAce.CreateFromBinaryForm when the AceType = AccessAllowedCompound.  According to MSDN : "Defined but never used. Included here for completeness. "...

GeneralAce class - Represents a generic ACE.  Base class for all ACE classes.

GeneralAcl class - Represents a generic ACL.  Base class for all 4 ACL classes.

AuditRule class - This similiar to an AccessRule, but represents Audit information. 

MutexSecurity class - Similiar to FileSecurity, but for Named Mutexes.  For those of you unfamiliar with Named Mutexes (I was), look at King Ralph's blog entry.

ObjectSecurity class - Base class for all the xxxSecurity objects.

SemaphoreSecurity class - Similiar to MutexSecurity, but for Named Semaphores. 

Next post - Authentication

On this week's MSDN flash, they released promo codes (meaning you can register for free) for 4 other beta exams:

Between now and March 10, I'm scheduled to take 5 exams...  There go my weekends.

Compress or decompress stream information in a .NET Framework application (refer System.IO.Compression namespace), and improve the security of application data by using isolated storage. (Refer System.IO.IsolatedStorage namespace)

• IsolatedStorageFile class
• IsolatedStorageFileStream class
• DeflateStream class
• GZipStream class

IsolatedStorageFile class - The main feature that's been added is that there is a new scope - Application.  The .NET Security blog has more info on this feature.  There are a few static methods that have been added making it easier to get an IsolatedStoreFile instance:  GetMachineStoreForApplication, GetMachineStoreForAssembly, GetMachineStoreForDomain, GetUserStoreForApplication, GetUserStoreForAssembly, GetUserStoreForDomain.

IsolatedStorageFileStream class - Not much changed here.  There is a SafeFileHandle property, which returns a Win32 handle of the actual file.  By virtue of this class being based on FileStream, GetAccessControl / SetAccessControl methods are available.

DeflateStream class - This is a brand new class.  It implements the Deflate algorithm.  It can't handle files more than 4 gigs (uncompressed). 

GZipStream class - This is also a brand new class.  It implements the GZip algorithm.  Same as deflate but has CRC.  It is also limited to dealing 4 gig files. 

There is a blog entry about the capabilities of the compression classes here . 

Next up AccessControl classes

UPGRADE: MCAD Skills to MCPD Web Developer by Using the Microsoft .NET Framework
UPGRADE: MCAD Skills to MCPD Windows Developer by Using the Microsoft .NET Framework
UPGRADE: MCSD Microsoft .NET Skills to MCPD Enterprise Application Developer by Using the Microsoft .NET Framework: Part 1

Access files and folders by using the File System classes. (Refer System.IO namespace)

• File class and FileInfo class
• Directory class and DirectoryInfo class
• DriveInfo class and DriveType enumeration
• FileSystemInfo class and FileSystemWatcher class
• Path class
• ErrorEventArgs class and ErrorEventHandler delegate
• RenamedEventArgs class and RenamedEventHandler delegate

File class - Static class used for moving/renaming files.  They've added quite a few methods for convience and better exposed the feature set of NTFS.  Look at AppendAllText, Decrypt, Encrypt, GetAccessControl, ReadAllBytes, ReadAllLines, ReadAllText, Replace, SetAccessControl, WriteAllBytes, WriteAllLines, WriteAllText

FileInfo class - Each instance of this class represents a file.  Members are similiar to the File class.  Doesn't have some of the convenience methods like ReadAllText, WriteAllText...

Directory class - Static class used to manipulate file directories.  Doesn't appear to have changed except GetAccessControl and SetAccessControl methods have been added.

DirectoryInfo class - Each instance of this class represents a directory.  Members are similiar to the File class.  Also has GetAccessControl and SetAccessControl methods.

DriveInfo class - New class that allows you to query to see what drives (logical) are attached to a system.  Each instance represents a drive.  You can get the capacity, volume label, free space, and the type of drive.

DriveType enum - enum that specifies the type of drive represented by the DriveInfo class. CDROM, Fixed, Network, RAM, Removeable (USB or floppy), unknown.  There is also a NoRootDirectory member.  I don't know what that is for.  The enum is not decorated with the FlagsAttribute, so a DriveType can't be Fixed AND NoRootDirectory.

FileSystemInfo class - base class for both FileInfo and DirectoryInfo

FileSystemWatcher class - I hate this component.  I used it in an project and kept missing files because the buffer would overflow and the error event wasn't consistently raised.  Read the class description and understand the limitations of the component.  It doesn't look like it has been changed(meaning new methods and properties).

Path class - Allows you do deal with filename strings in a controlled fashion.  If you want to change the extension, call the ChangeExtension method, rather than doing the string parsing yourself.  Has some interesting members that I didn't know about, such as GetTempFilename.  There is a new method called GetRandomFilename.  It returns a random temp filename, but doesn't create it.  GetInvalidFileNameChars and GetInvalidPathChars are also new.

ErrorEventArgs - object that is supplied to the error event in the FileSystemWatcher when something goes wrong.  GetException returns the exception object for the error.  Like I said, I had problems with the FileSystemWatcher.  Know it for the test, but don't use it in a real project.

RenamedEventArgs - object that is supplied to the rename event in the FileSystemWatcher.  Has OldFullPath and OldName properties.  Derived from FileSystemEventArgs

Next up - System.IO.Compression

I don't usually put personal stuff into this blog, but I think today can be an exception.  We finalized the adoption of our daughter Sara today!  She's officially a Denoncourt!  If you haven't heard her story and can put up with a little preaching, you can hear it here.

I wish that more people would consider adoption.  It's really a great chance to change the world.  One of the things that I hear is that that people have the impression that there is a shortage of children available to be adopted.  While it is true that there are not a lot of infants to be adopted, there are a lot of older children waiting for homes.  Another consideration is that people think that it costs a lot to adopt a child.  The costs of adopting an infant can be towards $50k for domestic, and between 10-30k for international infant.  If you're willing to adopt a child through the state, you are eligible for a $10,000 tax credit (that's basically adding $10,000 to your tax return) and you might receive a monthly stipend as well.  An excellent resource on the Internet is adoption.com.  If you call your state's family protection department, you can find when they hold informational meetings.

Adoption is an amazing experience.  Ours was an open adoption, which means that the birth parents can still visit Sara and know her as she grows up.. But we are her parents.  I think this takes a lot of the tension out of the process and is more healthy for everyone - baby, us, and the birth parents.

I'll get back to the study guide tomorrow.

UPGRADE: MCAD Skills to MCPD Web Developer by Using the Microsoft .NET Framework
UPGRADE: MCAD Skills to MCPD Windows Developer by Using the Microsoft .NET Framework
UPGRADE: MCSD Microsoft .NET Skills to MCPD Enterprise Application Developer by Using the Microsoft .NET Framework: Part 1

Control the serialization of an object into XML format by using the System.Xml.Serialization namespace.

• Serialize and deserialize objects into XML format by using the XmlSerializer class.
• Control serialization by using serialization attributes.
• Implement XML Serialization interfaces to provide custom formatting for XML serialization.
• Delegates and event handlers provided by the System.Xml.Serialization namespace

So the basics of using the XmlSerializer hasn't changed.  Create an XmlSerializer telling it to expect a particular type.  Note that the type could be a Generic - typeof(SortedList<int>) .  Know that you can supply override to the XML Attributes.  See my post here.  Know how to control namespaces using XmlSerializerNamespaces class.

Remember the performance problems with XML Serializer?  Creating a new dynamic assembly each time the app was restarted for XML Serialization?  There is a new tool, SGen.exe that creates the temporary serialization assemblies for you. 

Here are the XML Attributes used to control serialization:

XmlRoot – Controls the XML root.  ElementName, namespace..

XmlElementAttribute – Serialize the field/property as an element in the XML document.

XmlAttributeAttribute – Aside from being the victim of strict naming conventions, it tells the XML serializer to serialize field/prop as an attribute in the XML document

XmlIgnoreAttribute – Tells the XML Serializer to omit the field/property.

XmlEnumAttribute – Controls the name of an enumeration member (Not the enum name, a member of the enum)

 

XmlTextAttribute - Tells the XML Serializer that the member contains raw XML text.

XmlTypeAttribute - Controls the XML Schema (XSD) that is generated by the XmlSerializer.  Used to specify other namespaces and types when serializing.

 

XmlIncludeAttribute - Allows the XmlSerializer to recognize a type when it serializes or deserializes an object.  Used when deserializing custom types.

XmlChoiceIdentifierAttribute - Tells the XML Serializer that the type should be XSI:Choice.  Used in conjuction with an enum field/prop in the class to tell the serializer where to get its info from.

 

XmlArrayAttribute Class  - Specifies that the XmlSerializer must serialize a particular class member as an array of XML elements.

XmlArrayItemAttribute – Specifies the types that are contained in an XmlArray.  This is used when you are serializing polymorphic classes .

 

XmlAnyAttributeAttribute – Any attributes that are not matched up during deserialization is placed in the field decorated with this attribute.  Field must be an array of XmlAttribute.

         XmlAnyElementAttribute – Any elements that are not matched up during deserialization is placed in the field decorated with this attribute.  Field must be an array of XmlElement.

 

 

XmlNamespaceDeclarationsAttribute – Decorates a field that returns XmlSerializerNamespaces.  That field will be use to get namespace prefixes during serialization.

XmlSchemaProviderAttribute – "When applied to a type, stores the name of a static method of the type that returns an XML schema and a XmlQualifiedName that controls the serialization of the type. "  Used by WSDL.exe to return the schema for the class.  Target class must implement IXmlSerializable.  New to 2.0.

 

XmlSerializerAssemblyAttribute – Specifies the name of an assembly that the Xml Serializer can use.  If specified, the Xml Serializer doesn’t need to create a temporary assembly.  New to 2.0

XmlSerializerVersionAttribute – Signifies that the code was generated by the serialization infrastructure and can be reused for increased performance, when this attribute is applied to an assembly.  I’m not sure I should use this attribute.  I think this is used by code produced by sgen.

 

To completely control the XML Serialization of an object, you need to implement IXmlSerializable.  This is not a new interface.  In 1.1, the instructions where as follows:  "not intended to be used directly from your code.  Basically, you implement the ReadXML and WriteXML methods and you're done.

 

Here are the delegates and events:

UnknownAttribute event - thrown when the serializer encounters an unknown attribute.  By default the Xml serializer ignores unknown attributes. 

UnknownElement event - thrown when the serializer encounters an unknown element.  By default the Xml serializer ignores unknown elements. 

UnknownNode event -thrown when the serializer encounters an unknown node.  By default the Xml serializer ignores unknown node. 

UnreferencedObject event - section 5 of the SOAP document at w3c.  Basically you can reference other object within the same Xml document.  This event is thrown when it can't find the referenced object.

XmlSerializationCollectionFixupCallback delegate

XmlSerializationFixupCallback delegate

XmlSerializationReadCallback delegate

XmlSerializationWriteCallback delegate - All four of these delegates: "This delegate supports the .NET Framework infrastructure and is not intended to be used directly from your code."

 

Next post -> System.IO namespace

 

UPGRADE: MCAD Skills to MCPD Web Developer by Using the Microsoft .NET Framework
UPGRADE: MCAD Skills to MCPD Windows Developer by Using the Microsoft .NET Framework
UPGRADE: MCSD Microsoft .NET Skills to MCPD Enterprise Application Developer by Using the Microsoft .NET Framework: Part 1

Serialize or deserialize an object or an object graph by using runtime serialization techniques. (Refer System.Runtime.Serialization namespace)

• Serialization interfaces
• Serilization attributes
• SerializationEntry structure and SerializationInfo class
• ObjectManager class
• Formatter class, FormatterConverter class, and FormatterServices class
• StreamingContext structure

Here's an old article by Jeffery Richter that explains most of the stuff about serialization pertaining to this test.  It's 1.1, but you'll find that there isn't a lot that has changed.

 

Serialization Interfaces (System.Runtime.Serialization)

            IDeserializationCallback – Provides a method that is called when deserialization is complete – useful for setting internal state after a deserialization.

 

            IFormatter – Exposes methods for serializing/deserializing an object.  Used for controlling the format output of the serialization.  BinaryFormatter, SoapFormatter are two examples of objects that implement this interface.  Note that IFormatter and IFormattable are two different interfaces that do two different things.

 

            IFormatterConverter – Converts objects to different types.  Appears functionally identical to IConvertible.  Not sure what the difference is aside from IFormatterConverter is called during serialization.

 

            IObjectReference – Used for objects that are “reference” objects – Singletons for example.  You wouldn’t want to deserialize a new instance of a singleton.  GetRealObject is called in the Fixup stage and should return a reference to the object.

 

ISerializable – Tells the framework that the developer has provided their own serialization implementation.

 

ISerializationSurrogate – Allows one object to serialize another.

            http://www.codeproject.com/dotnet/Surrogate_Serialization.asp

 

ISurrogateSelector – Assists the serializer in deciding which Surrogate to use for a particular type.  Used in ISerializationSurrogate SetObjectData method.  It’s not clear why I would ever need to implement this interface.  SurrogateSelector seems to do a pretty good job.

 

Serialization Attributes

            These four are new to 2.0:

            OnDeserializingAttribute – decorates a method that is called before object is actually deserialized. 

            OnDeserializedAttribute – called after class is deserialized.  Seems functionally identical to IDeserializationCallback to me.

            OnSerializingAttribute – called before an object is serialized.

            OnSerializedAttribute – called after an object is serialized.

            **Methods decorated with these 4 attributes are expected to have one parameter that is a StreamingContext object. 

 

            OptionalFieldAttribute – marks a field as optional, as far as serialization is concerned.  This prevents the serializer from freaking if it is not in the stream.  New in 2.0

            System.Serializable – marks a object as able to be serialized

            System.NonSerialized – tells the serializer to ignore the field when serializing

 

SerializationInfo class

            Stores information needed to serialize/deserialize an object.  Mostly a collection of serializationEntry structures.  Method is AddValue, not Add. 

 

SerializationEntry structure

            Contains the Name, Type, and a reference to an object that should be serialized.  Used when enumerating through SerializationInfo object.

           

ObjectManager class

            Keeps track of objects as they are deserialized to prevent reserialization (creating the same object twice in memory).

 

Formatter class

            Provides base functions for serialization formatters.  Abstract class.  BinaryFormatter and SoapFormatter inherit from Formatter.

 

FormatterConverter class

            Base implementation of IFormatterConverter.  Not clear where I would use it.

 

FormatterServices class

            Helper object for serialization.  GetObjectData, GetSerializableMembers and PopulateObjectMembers are interesting methods that I didn't know existed.

 

StreamingContext

            Describes the source and destination of a given serialized stream, and provides an additional caller-defined context.  Can figure out if the object is being serialized CrossProcess, CrossMachine…

Next up - XML Serialization

UPGRADE: MCAD Skills to MCPD Web Developer by Using the Microsoft .NET Framework
UPGRADE: MCAD Skills to MCPD Windows Developer by Using the Microsoft .NET Framework
UPGRADE: MCSD Microsoft .NET Skills to MCPD Enterprise Application Developer by Using the Microsoft .NET Framework: Part 1

Debug and trace a .NET Framework application by using the System.Diagnostics namespace.

• Debug class and Debugger class
• Trace class, CorrelationManager class, TraceListener class, TraceSource class, TraceSwitch class, XmlWriterTraceListener class, DelimitedListTraceListener class, and EventlogTraceListener class
• Debugger attributes

Krzysztof Cwaline has a good writeup of these features on MSDN.

Debug class - Pretty much the same as it was before.  Debug.Assert, Debug.WriteLine.... However they did add a Debug.Print which appears functionally identical to Debug.WriteLine.  Maybe it makes VB 6.0 upgrades easier.

Debugger class - Nothing new here, either.  Embodies the debugger – is a process attached, break into a debugger, launch a debugger.

Trace class - There are some new methods here.  My impression is that they added some of the stuff from the Enterprise Instrumentation Framework.  TraceError, TraceWarning, CorrelationManager, UseGlobalLock are some of the new members. 

CorrelationManager - Denny Mitch has a excellent writeup on this class (It's written for the beta release, but the information still applies).  The idea is to provide some way to differentiate tracing information when more then one request could be executing at the same time or to get some context when you are calling a method recursively.

TraceListener - Abtract class that serves as the base for all TraceListeners.  It appears you can now control the "verbosity" of the trace output with the TraceOutputOptions property.  You can also filter what gets send to a listener using the filter property.  Denny Mitch has another great post about that feature.

TraceSource - Abtract class that serves as the base for all TraceSources.  They've added three new TraceSources in 2.0: ConsoleTraceListener, DelimitedListTraceListener and XmlWriterTraceListener.  Again, Denny Mitch has some good stuff on them.

TraceSwitch - An object that limits what events get reported to a trace listener.  Another method of filtering.  This allows you to control what level of messages the TraceSource is interested in.  Tradionally specified in your app's config file.

There is a good MSDN mag article by John Robbins that discusses the details of the new tracing features.

Debugger Attributes - This task was vague to me.  I took it to mean:  understand all the attributes in the System.Diagnostics namespace.  There is a good article on MSDN about these attributes.

            DebuggerDisplayAttibute tells which field/property should be shown in the watch window for a class.

 

            DebuggerTypeProxyAttribute  tells debugger to use a different class when representing it in the debug window.  Recommended practice is that the TypeProxy is an internal class of the intended class.  TypeProxy must contain a constructor with the intended class as a parameter.

 

            DebuggerBrowseableAttribute specifies if/how a member is displayed in the debug window : Never (Hidden), Collapsed (Displayed when expanded – default), RootHidden – Display members of the collection, not the collection properties if collection class.

Next post - Runtime Serialization

UPGRADE: MCAD Skills to MCPD Web Developer by Using the Microsoft .NET Framework
UPGRADE: MCAD Skills to MCPD Windows Developer by Using the Microsoft .NET Framework
UPGRADE: MCSD Microsoft .NET Skills to MCPD Enterprise Application Developer by Using the Microsoft .NET Framework: Part 1

Embed configuration management functionality into a .NET Framework application. (Refer System.Configuration namespace)

• Configuration class and ConfigurationManager class
  
• ConfigurationSettings class, ConfigurationElement class, ConfigurationElementCollection class, and ConfigurationElementProperty class
  
• Implement IConfigurationSectionHandler interface
  
• ConfigurationSection class, ConfigurationSectionCollection class, ConfigurationSectionGroup class, and ConfigurationSectionGroupCollection class
  
• Implement ISettingsProviderService interface
  
• Implement IApplicationSettingsProvider interface
  
• ConfigurationValidationBase class
  
• Implement IConfigurationSystem interface

This is the framework for reading/writing Configuration information. This has been overhauled in the 2.0 framework. Here's an article that gives an overview. Beware that it is referencing beta builds.

Paulo Reichert has a good blog entry on creating your own configuration file. Reading into the way the Microsoft has grouped these tasks together, I think that's what they want you to know.

Configuration class - A merged view of all configuration information. Meaning it merges all information from various web.config, machine.config and other config files to give you a look at all the config information for your current context.

ConfigurationManager - Static class that provides access to specific areas of config files - AppSettings, ConnectionStrings. Allows access to the standard config file, machine.config. Openning a config file returns a Configuration object.

ConfigurationSettings class - Doesn't look like it has changed much since 1.1.  Gets a readonly version of the config file.

ConfigurationElement - Represents an XML element in a config file.  Abstract class.  If you're writting your own config handler, you're probably going to start with a class based on ConfigurationElement.  See Paulo's blog entry mentioned above.

ConfigurationElementCollection - Collection of said ConfigurationElements.  Inherit from this when your config file has multiple elements of the same type.

ConfigurationElementProperty - Accessed as a property of the ConfigurationEleme