Dear reader,

Ok, the image above is pretty… and pretty hilarious as well. I must say that some of these time lines are true though. No, I don’t hate 100% IE, I still think it was the first browser that introduced the XmlHttpRequest as part of JScript in a very early version (maybe IE4) during the Netscape vs IE war. Somehow IE prevailed and also enabled the Ajaxian websites we see today. If you remember how bad it was to make a site work in Netscape, you’ll understand why I’m glad it died in 2002 :-p

That being said, the time lines are  somehow accurate. Unfortunately web development with HTML rendering on a browser has many places where things can go wrong, and prototyping is just a smaller time, even if the prototype looks real and very cool and I’m referring to either a pure HTML prototype or a set of images created with a prototyping tool)

If you inherit an existing CSS and a certain master page or left navigation, things can get complicated if you don’t keep your styles pruned out, and if you use pure CSS, introducing new elements in an existing page can be a nightmare, the existing elements can shift easily.

If you add to that, that FF and IE have a different box and a different way to represent positioning (margin and padding), things can get messy for cross browser compatibility.

JavaScript also requires extra effort and strings without escaping quotes, for example single quotes can break anything injected on the JavaScript when the DOM is created on the document create event in the browser.

In the past few years, the outcome of JavaScript libraries such as JQuery, Dojo and GWT have made the life of developers easier.

I wonder if in a few years the world will move away from HTML/JavaScript and go to web sites developed with alternate means, ie Silverlight/Flex…how would the pie chart above look like?

Cheers!

PS. The subject of this blog post might not necessarily align with my employer or coworker’s opinion and it is given only as a comment. Oh, and I never swear…

No tags

Well, I’m heavily using JQuery now on a web application and I must say I’m very fond of this library.

It’s very easy to use, encapsulates quite a few cross browser compatibility issues so the developer doesn’t have the pain to check what browser the page will be displayed on. The ajax calls ($.get, $.ajax and $.post) work like a charm and the pages can have painless and cool animations and effects.

But, no matter how robust and sturdy a library is, we always need to debug. I must say Visual Studio 2008 is heaven to debug JavaScript code. I just have to put the debugger; keyword in front of the line to create a break point. The IDE shows the iexplorer.exe process and thread ID (you can also chose to debug on FF or your favorite browser). You can review your locals, add to the Watch Windows or just take a sneak peek with Quick Watch.

All the power of strongly type language debugging is now available for the type agnostic JavaScript and believe me, this is priceless when you debug JSON.

Happy JQuery debugging!

Oops, this post was about debugging JavaScript on the partial views in MVC…

Now I remember what I was suppose to comment on:

If you use your Model properties inside your JavaScript code, you won’t be able to put this code on a separate .js file and include it on your main view header or even include it on your partial view. It won’t work.

Unfortunately the javascript code should be embedded along with your MVC markup on your partial view. You see, the rendering of these HTML helpers happen first on the server side before the page is served, while the js include happens after. Maybe MVC will be smart enough to detect these js includes in the future and render any helper content inside the js includes, as of MVC 2.0 RTM, this is not possible.

Done!

No tags

On my previous post I ranted about the need my team has for a plug in implementation for a web portal. I’m sure this requirement is on almost every web team that develops a web portal.

We were paying close attention to the ASP.NET MVC framework in conjunction with MEF:

MEF and ASP.NET MVC sample

and see great potential here. the only drawback is that plug ins will run as part of the same application domain, afaik. This might not be a drawback if your plug ins do not need to be hosted on a different service and domain.

We took a close look at the Areas in ASP.NET MVC 2 Preview 1 recently released, but the concept of Areas is mostly for organizing big web projects, not for developing modules as plug ins.

See the copy and paste from this blog post by Haacked:

… right now, Areas isn’t intended to address the “pluginnable” architecture. We started going down that route but it raises a lot of challenging questions such as where does the database go and how do you handle communication via areas and how do you administrate plugins?

I’m not sure that the core framework at this time is the place to put these concerns. I see this as something that might be better left to a higher level framework on top of ours, much in the way that DotNetNuke or Drupal are hosts for plugins.

However, I’m not closing the door on this, but I think you’ll see we’ll take a very iterative incremental approach. Right now, Areas is focused on helping teams manage the complexity of an application. It’s a small step. We’ll be looking at application composition as we move forward.

@Peter, For the security boundary question, at the end, it’s still just one application. Everything is merged into the same app running in the same AppDomain. So they share the same security boundary in that regard. Of course, you can use AuthorizeAttribute and other means to create security boundaries around areas should you choose.

I’m not sure my team would like to go for DotNetNuke unless it is rewritten on MVC, this is only my personal opinion and I would have to POC further before reaching a conclusion.

MEF so far looks like a good candidate…

No tags

I must confess that the lack of posts on my blog are mainly due to a very silly reason, I started playing FarmVille on Facebook with my friends and it reminded me of my favorite game SimCity.

What I like most about the game is how it runs on an iframe, is able to send requests to all the FB friends and keeps the FB session alive even though I haven’t clicked outside of the FarmVille iframe in a long time. It’s not as sophisticated as SimCity, but lets’ wait till it evolves…

A few months ago I was evaluating web frameworks with several criteria. The main one was the ability to extend the web application without the need to recompile and deploy the existing modules.

There are two main concepts for applications in general that save up a great deal of time in testing and deploying (in maintenance in general)

Composite: Composition strategies determine how you manage
component dependencies and the interactions between
components.

Modularity: is designing a system that is divided into a set of functional units (named modules) that can be composed into a larger application. A module represents a set of related concerns. It can include components, such as views or business logic, and pieces of infrastructure, such as services for logging or authenticating users. Modules are independent of one another but can communicate with each other in a loosely coupled fashion.

The following are specific guidelines for developing a modular system:

• Modules should be opaque to the rest of the system and initialized through a well-known interface.
• Modules should not directly reference one another or the application that loaded them.
• Modules should use services to communicate with the application or with other modules.
• Modules should not be responsible for managing their dependencies. These dependencies should be provided externally, for example, through dependency injection.
• Modules should not rely on static methods that can inhibit testability.
• Modules should support being added and removed from the system in a pluggable fashion.

In an old post I was complaining about how in two of the ASP.NET frameworks that I was evaluating I couldn’t separate the modules that had an UI component and deploy them independently of the main application. I was mainly talking of WCSF and Spring.NET.

In WCSF, even though modules can be groups of MVP triads, the main web project still has to be modified each time a new module is added to the application as it contains the shared UI elements (aspx pages or ascx controls). When I tried the WCSF Modularity QuickStart I realized all of the web pages (aspx) are kept into the main web project and the rest of the projects are dlls without any visual part, only the interfaces to the views that are stored on the main web project (IViews.cs). To me, that couples the main web project with each module… It is not true modularity. See the description of the QuickStart here.

For Spring.NET the framework, as any DI framework, allows you to replace your BLL or DAL objects using configuration files as long as the implement the same contract (have the same interface), but there is no concept of module and no way to “plug in” a module containing aspx pages.

I spent some time looking into the Facebook API, after all, they do have a production implementation that complies with all the bullet points under Modularity (see above) During this “read and research” I came across two very good articles on cross browser communication:

Secure Cross-Domain Communication in the Browser by Danny Thorpe
and
Cross Domain Communication with IFrames on this blog.

Why jumping into Cross Browser Communication? Well, if I want to compose an application of different applications running on iframes I better read about Cross Browser Communication…

I decided to expose my ignorance and ask Danny Thorpe for advice, what the hell, he worked on the VCL, Windows Live, CoolIris <... and keep inserting cool projects here...> so he must know what he’s doing.

I emailed him on FB:
…
I do like the idea of FB where an application hosted on a different domain can interact with the facebook user, facebook sends the auth key, session key and signature and the application calls the facebook servers to perform actions on that user, whether getting the list of friends, send notifications, upload pictures etc. All these actions take place in the application’s servers doing requests to the FB servers and updating the application page on the iFrame running on facebook.

I’ve been trying to move away from the idea, mostly based on the fact that an enterprise application would need to share context (session) between its different modules and that transactions involving several modules might be too difficult.

I’m basing my devil’s advocate argument on your article and trying to state that facebook applications can indeed leave the user’s data on facebook servers on an inconsistent state, due to the different sessions that are not shared.
…

and Danny Thorpe was kind enough to reply:

…
Facebook does offer server to server data sharing as you describe, but most Facebook applications actually use client-side cross domain communications using an independent implementation of the iframe cross-domain channel I described in the article. I haven’t studied the Facebook api closely, but I have been informed by folks who have that there is some client-side cross domain communications going on in there.

I agree that sharing user context between modules in different domains in an enterprise application is a scary prospect. I don’t think the issue is with maintaining consistent state as with simple security and privacy issues.

There are other ways to allow multiple applications/domains to access a shared user resource. Delegated authorization is one technique sprouting up from several vendors, including Microsoft. The idea is that app A can be granted access to the user data on server B by the end user without disclosing the user’s login credentials. Server B issues a unique opaque token to App A representing the permissions granted by the end user. The token is unique to the user and application but does not disclose the user’s identity. App A stores the token and can then make requests of server B with that token attached, and server B will look up the token to see what permissions it grants and to see if it has been revoked by the user. The user can revoke the token independently of App A at any time.

Delegated authorization gives the appearance of single-sign-on even across disparate services with incompatible authorization domains. The user has control of granting and revoking access to their information. Multiple applications can connect to the shared resource to monitor state changes, avoiding the issue of inconsistent state.

…

In order to keep the look and feel of the different applications that compose a portal, I would have to share a site map, the ability to create a unique profile of the user and the look and feel or CSS of the different applications.

Now I’m facing the fork on the path:

• iFrames with cross domain communication to compose a portal with modules
• SSO and shared SiteMap and Profile API along with consistent design and CSS to glue the different modules.

more ramblings to follow…

L.

No tags