Welcome  |  Sign In
Skip Navigation Links
MSDN Magazine
Click to Rate and Give Feedback
Popular Articles
Kenny Kerr sings the praises of the new Visual C++ 2008 Feature Pack, which brings modern conveniences to Visual C++.

By Kenny Kerr (May 2008)
Here the author answers questions regarding the Entity Framework and provides an understanding of how and why it was developed.

By Elisa Flasko (July 2008)
Learn how to automate custom SharePoint application deployments, use the SharePoint API, and avoid the hassle of custom site definitions.

By E. Wilansky, P. Olszewski, and R. Sneddon (May 2008)
Jay Flowers demonstrates how to set up and use a Continuous Integration server using both discrete tools and the more comprehensive CI Factory solution.

By Jay Flowers (March 2008)
More ...
Read the Blog
Windows Presentation Foundation (WPF) offers excellent support for managing the display and editing of complex data. In the December 2007 edition of MSDN Magazine, John Papa did a great job of explaining essential WPF data binding concepts. ...
Read more!
The most fundamental form of Web testing is HTTP request/response testing. This involves programmatically sending an HTTP request to the Web application, fetching the HTTP response, and examining the response for an expected value. In the May 2008 issue of MSDN Magazine, Read more!
In the November issue of MSDN Magazine, Jeffrey Richter demonstrates some recent additions to the C# programming language that make working with the APM significantly easier. In the June ...
Read more!
The July 2008 issue of MSDN Magazine is now available online. Here's what's in the issue: Data Services: Develop ...
Read more!
The June 2008 issue features the first installment of a new MSDN Magazine column on software design fundamentals. We’ll discuss design patterns and principles in a manner that isn't bound to a specific tool or lifecycle methodology. In this issue, Jeremy Miller starts the Patterns in Practice column ...
Read more!
In the April 2008 issue of MSDN Magazine, Kenny Kerr introduced the Windows Imaging Component (WIC), showing you how you can use it to encode and decode different image ...
Read more!
More ...
November2004 November 2004
Attack Surface: Mitigate Security Risks by Minimizing the Code You Expose to Untrusted Users
In this article, Microsoft security expert Michael Howard discusses the cardinal rules of attack surface reduction. His rules - reduce the amount of code executing by default, reduce the volume of code that is accessible to untrusted users by default, and limit the damage if the code is exploited - are explained along with the techniques to apply the rules to your code. Michael Howard
App Lockdown: Defend Your Apps and Critical User Info with Defensive Coding Techniques
Whether you're storing database connection strings, user credentials, or logon info, you'll need to practice good defensive programming techniques to avoid those surprise situations in which your data is exposed. In this article, author Kenny Kerry shows you how. Kenny Kerr
Cryptography: Employ Strong Encryption in Your Apps with Our CryptoUtility Component
When storing sensitive data, you need to be able to identify threats, determine how these threats interact with each other, and how issues can combine to constitute a vulnerability that will leave your data exposed. With a good understanding of the various cryptographic algorithms, salt, hashes, ACLs, and other available techniques, you'll be in a better position to protect your critical data. Michael Stuart and J Sawyer
Trustworthy Code: Exchange Data More Securely with XML Signatures and Encryption
You can sign any kind of data using XML Signature, including part of an XML document, other XML documents, or other data of any format. However, in practice, XML signatures are most frequently used to sign other data represented in XML. In this article, the authors discuss the new standard and how you can benefit from it in your apps. Mike Downen and Shawn Farkas
Safety in Windows: Manage Access to Windows Objects with ACLs and the .NET Framework
Until now, Microsoft did not provide explicit support in the .NET Framework for manipulating security settings. With the .NET Framework 1.x, access can only be granted to users via a series of cumbersome P/Invoke calls. By introducing the concepts of security objects and rules, the .NET Framework 2.0 allows developers to manipulate security settings of objects in a few easy steps using managed code. Want to know more? Read on. Mark Novak
Intrusion Prevention: Build Security Into Your Web Services with WSE 2.0 and ISA Server 2004
Once you've addressed security in your code, it's time to look at the environment it runs in. Firewalls stop unauthorized traffic from getting into your network, and smart Web service-specific firewalls, like the one that comes with Internet Security and Acceleration (ISA) Server 2004, bring XML intrusion prevention to your system for that added layer of safety. Dino Esposito
Code Download (1,868 KB)
.Chm Files

Columns
Editor's Note: Vote Early and Often for MSDN Magazine
As this issue of MSDN Magazine goes to press, Election Day is drawing near. Like many candidates for office, this magazine sports some bold cover lines and bright, appealing pictures. Unlike those same politicians, however, we will keep working for you month after month, year after year, even after you elect to purchase the magazine.
New Stuff: Resources for Your Developer Toolbox
Jungo Software Technologies has announced the release of Go-HotSwap 6. 22, a complete off-the-shelf software package offering a solution for hardware vendors, system integrators, and operating system vendors, aiming to provide hot-swap capabilities to their users. Nancy Michell
Web Q&A: ADO.NET Joins, HTML to XHTML, ASP.NET ViewState, and More
Edited by Nancy Michell
Data Points: Updating Data in Linked Servers, Information Schema Views, and More
Every day a developer somewhere needs to write code to iterate through SQL Server™ system objects, query and update tables in linked servers, handle optimistic concurrency, and retrieve column and stored procedure metadata. John Papa
Test Run: API Test Automation in .NET
The most fundamental type of software test automation is automated API testing. API testing essentially entails testing the individual methods that make up a software system rather than testing the overall system itself. James McCaffrey
Advanced Basics: Digital Grandma
As a parent of a young child, I take a lot of pictures—many more than anyone would ever be interested in seeing. Well, anyone except my mother. This is her first grandchild and the one or two pictures I send to her each week only brush the surface of her grandmotherly needs. Duncan Mackenzie
Cutting Edge: The ASP.NET 2.0 Wizard Control
ASP.NET has a lot to offer to both the low-level programmer willing to control every little step of the code and the busiest of developers who needs to point-and-click his way through Web app development using just a few existing components. Dino Esposito
Service Station: Improving Web Service Interoperability
If interoperability is the main promise of Web services, why is it that so many developers and organizations have a difficult time achieving it in practice? With all due respect to our hard-working standards bodies, the primary culprits are the imperfect specifications guiding today's implementations. Aaron Skonnard
.NET Matters: ThreadPoolPriority, and MethodImplAttribute
Stephen Toub
C++ Q&A: Calling Virtual Functions, Persisting View State, POD Type
Paul DiLascia
{End Bracket}: A Tidal Wave of Change
I surf the Net somewhat obsessively when I have spare time, and I often read various discussion forums such as Slashdot and Neowin. Now, the journalism at those sites isn't always the highest quality, and I have noticed a marked lack of perspective on the level of changes that have occurred in this industry. Larry Osterman
Page view tracker