is like skiing. Just like skiing, the goal is not to get to the bottom
of the hill. It’s to have a bunch of good runs before the sun sets.” – Seth Godin
It's been a good run. After more than 10 years in patterns & practices, I'm on to my next adventure here at Microsoft.
I learned more about project management, application architecture,
software development, processes, teamwork, leadership, product success,
and making impact than I think I could have ever hoped to learn anywhere
There
are a few ways I can share my journey in patterns & practices. One
of my managers referred to me as “the abilities PM” because of my focus on quality attributes
(security, performance, scalability, etc.) and that’s a pretty good
place to start. My role as a PM (Program Manager) in patterns &
practices, can largely be defined in terms of my impact on these three
areas: security, performance, and application architecture. (Yes, there is more to the story, but those three areas, serve as a good enough lens for now.)
The Security Story
It all started when I joined patterns & practices (PAG or the Prescriptive Architecture Guidance team at the time.)
<a href="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-48-03-metablogapi/3007.image_5F00_6BE68D08.png"></a>
and other .NET Framework leaders. Having performed more than 650
customer architecture and design reviews, I was in a unique position to
share all the principles, patterns, practices, and anti-patterns that I
had seen across a large number of customer projects, many of which were
on the leading and bleeding edge of this space.
top priority, and he asked patterns & practices what we were going
to do about security. In turn, my manager asked me, what I was going to
do about security. Coming from a middleware background, security was
something I was usually trying to work around, especially when I had to
flow callers to the backend. My new challenge was to design security
architectures for our application platform on .NET. Boy, was I in for a
ride.
I knew security was the name of the game, but I had a lot to learn in terms of leading project teams around the world,
brokering in all the right parts of the company, our community, and the
industry. I also had a lot to learn in terms of how to create
prescriptive guidance. The purpose was not to just put out a book. The
purpose was to drive customer success on the platform. This included creating a durable, and evolvable security story
that our customers could build on, and that we could use to “train the
trainers.” This also meant creating a knowledge base that we could use
as an anchor fordriving product feedback and platform change.
This was all in addition to learning how to think about security from
an architecture and design standpoint, in a way that could help
customers build more secure applications.
While
I learned a lot from doing end-to-end security architectures and
putting our variety of products and technologies together, the real
a threats, attacks, vulnerabilities, and countermeasures perspective.
It was about thinking about security in a more holistic way, and our
little mantra was “secure the network, host, and app.”
We had
the ultimate security dream team, on mission impossible, and we pulled
it off. Our core engineering team included Alex Mackman, Michael
Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan, and we had
an extended team of industry champs including Joel Scambray of the
Hacking Exposed series. (In fact, check out the extensive team list at
and we were told that is was our prescriptive guidance that made the
difference in a very big way. In addition, our guide was downloaded
more than 800,000 times in the first six months, and it quickly
established the mental models and language for how our
growing customer base thought about security on the .NET platform. It
was a powerful thing when customers would say to us back in our
language, “We’re using the trusted subsystem model …” It was like
poetry in motion.
The big thing we learned from the journey was the power of having end-to-end application scenarios,
along with maps of threats and countermeasures, while baking security
into the life cycle, and using proven practices, like threat modeling,
to significantly change the game.
Here are some of the key security deliverables at a glance from the various security adventures over the years:
<a href="http://blogs.msdn.com/b/jmeier/archive/2010/08/03/now-available-azure-security-notes-pdf.aspx">Windows Azure Security Notes</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949034.aspx">Improving Web Services Security: Scenarios and Implementation Guidance for WCF</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998382.aspx">Security Engineering Explained</a>
<a href="http://msdn.microsoft.com/en-us/library/ff648006.aspx">Threat Modeling Web Applications</a>
<a href="http://msdn.microsoft.com/en-us/library/ms994921.aspx">Improving Web Application Security: Threats and Countermeasures</a>
<a href="http://msdn.microsoft.com/en-us/library/aa302415.aspx">Building Secure ASP.NET Applications</a>
This
doesn’t include the product feedback work we did, or the work we did to
bake security into Visual Studio / MSF Agile, or the patents we filed,
which were the icing on the cake. As a sidenote, behind the scenes we
called our “threats and countermeasures” guide “WOMA.” It was short for
weapon-of-mass adoption, because our field was continuously telling us
stories of how they were winning accounts against the competition.
The Performance Story
Performance was right up my alley, but it was a significant shift from security.
<a href="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-48-03-metablogapi/1856.image_5F00_5CCFAE2E.png"></a>
Ironically,
I got a lot better at tackling security, by learning more about
performance. The big lesson I learned was that you have to bound or
constrain your efforts in some way. Just like performance can always be
improved, so can security, so it’s all about prioritizing, knowing
where to focus, and connecting back to the business objectives, aside
from the technical perspective, and user experience.
(or, “Perf and Scale” as we affectionately called it.) It was where I
first got to work with folks like Rico Mariani, Jan Gray, and Gregor
Noriskin. It was mind blowing.
Working on performance and
scalability was probably the most technically challenging exercise I’ve
had at Microsoft. I remember spending countless days and nights walking
through CLR internals, figuring out how to optimize collections,
sorting through multi-threading patterns, and mastering how garbage
collection really worked. Strangely enough, the “ah-ha” that I
appreciated the most was figuring out that we could think of performance
in terms of response time, throughput, and resource utilization
(CPU, memory, network, and disk.) That little lens was the key to
figuring out how to do effective performance modeling and solving nasty
performance bottlenecks. It also helped us parse complicated
performance scenarios down into bite-sized chunks.
Here are some of the key performance deliverables at a glance from the various performance adventures over the years:
<a href="http://msdn.microsoft.com/en-us/library/ms998530.aspx">Improving .NET Application Performance and Scalability</a>
<a href="http://msdn.microsoft.com/en-us/library/bb924375.aspx">Performance Testing Guidance for Web Applications</a>
While performance took me to the depth of things, it was application architecture that took me to the breadth of things …
Application Architecture
<a href="http://blogs.msdn.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-48-03-metablogapi/7120.image_5F00_34BCFF0F.png"></a>
It
was a chance to finally showcase how to put our platform technologies
together into common application archetypes. Rather than just a bunch
of technologies, we could talk about our application platform very specifically
in terms of application types: Web applications, RIA applications,
desktop applications, Web services, and mobile applications. We could
talk about scenarios and trade-offs. We could look at the shapes of applications in terms of architectural styles and patterns. We could look at cross-cutting concerns,
such as caching, communication, concurrency, configuration management,
data access, exception management, logging, state management,
validation, and workflow. We could also walk the various quality attributes, like performance, security, reliability, manageability, usability, etc.
In fact, I’ve continued to map out our Microsoft application platform
each year, as a way to quickly see the forest from the trees and to
figure out where to spend my time.
During my adventures with
application architecture, I got to learn a lot and work with amazing
people. I also learned how to go across a lot of information faster
and easier, and bring teams of people along the journey. The secret was
to keep creating maps that helped everybody get on to the same page
fast. This was an invaluable approach as our team was hunting and
gathering all the pattern collections we could find. We basically built
a large catalog and constellation of application patterns in the form
of maps. While we didn’t include our maps in the guide, they helped our
team and extended team ramp up in various spaces very quickly, as well
as advance the practice of application architecture. Basically, we
could browse patterns of solutions at a glance.
Behind the scenes, we created this technique by synthesizing the
expertise of more than 30 top solution architects, that had years of
experience with structuring and designing end-to-end applications,
dealing with security, performance, and reliability issues, and dealing
with cross-cutting concerns. The idea was to put down on paper, a
proven practice for rapidly modeling applications on a whiteboard and
identify risks earlier vs. later.
What’s Next?
I’ll
have more to share as I go along. What you’ll most likely see is a
shift to more focus on strategy, execution, and business impact. I’ll
also share more information on the art and science of program management.
I’ve been mentoring a lot of people and I think the PM role at
Microsoft is a very special one. One of my mail goals is to broadly
share the lessons I’ve learned from driving projects and leading teams
and making impact as a PM on the patterns & practices team.
patterns & practices Guidance at a Glance
Meanwhile,
here is my catalog of patterns & practices guidance at a glance.
Note that a lot of the prescriptive guidance I’ve worked on is out of
date because of changes in technology. That said, you can still learn
many of the key principles, patterns, and practices that the guidance
is based on. In this respect, much of the guidance is “evergreen” in
that it’s timeless and durable.
Books
<a href="http://msdn.microsoft.com/en-us/library/bb668991.aspx">Team Development with Visual Studio Team Foundation Server</a>
Developer Guidance Maps
<a href="http://blogs.msdn.com/b/jmeier/archive/2010/11/01/ado-net-developer-guidance-map.aspx">ADO.NET Developer Guidance Map</a>
<a href="http://blogs.msdn.com/b/jmeier/archive/2010/10/26/asp-net-developer-guidance-map.aspx">ASP.NET Developer Guidance Map</a>
<a href="http://blogs.msdn.com/b/jmeier/archive/2010/10/26/silverlight-developer-guidance-map.aspx">Silverlight Developer Guidance Map</a>
<a href="http://blogs.msdn.com/b/jmeier/archive/2010/11/01/windows-azure-developer-guidance-map.aspx">Windows Azure Developer Guidance Map</a>
<a href="http://blogs.msdn.com/b/jmeier/archive/2010/11/02/windows-phone-developer-guidance-map.aspx">Windows Phone Developer Guidance Map</a>
<a href="http://msdn.microsoft.com/en-us/architecture/aa699449.aspx">A Language for Software Architecture</a>
Books / Guides
<a href="http://www.amazon.com/Microsoft-Application-Architecture-Patterns-Practices/dp/073562710X">Application Architecture Guide</a>
Methods
<a href="http://blogs.msdn.com/b/jmeier/archive/2008/11/06/agile-architecture-method.aspx">Agile Architecture Method</a>
Guidelines
<a href="http://apparch.codeplex.com/wikipage?title=Architecture%20and%20Design%20Guidelines&referringTitle=Guidelines">Architecture and Design Guidelines</a>
<a href="http://apparch.codeplex.com/wikipage?title=Mobile%20Application%20Archetype&referringTitle=Guidelines">Mobile Application Archetype</a>
<a href="http://apparch.codeplex.com/wikipage?title=Rich%20Client%20Application%20Archetype&referringTitle=Guidelines">Rich Client Application Archetype</a>
<a href="http://apparch.codeplex.com/wikipage?title=Rich%20Internet%20Application%20Archetype&referringTitle=Guidelines">Rich Internet Application Archetype</a>
<a href="http://apparch.codeplex.com/wikipage?title=Services%20Application%20Archetype&referringTitle=Guidelines">Services Application Archetype</a>
<a href="http://apparch.codeplex.com/wikipage?title=Web%20Application%20Archetype&referringTitle=Guidelines">Web Application Archetype</a>
<a href="http://apparch.codeplex.com/wikipage?title=Presentation%20Layer%20Guidelines&referringTitle=Guidelines">Presentation Layer Guidelines</a>
<a href="http://apparch.codeplex.com/wikipage?title=Business%20Layer%20Guidelines&referringTitle=Guidelines">Business Layer Guidelines</a>
<a href="http://apparch.codeplex.com/wikipage?title=Data%20Access%20Layer%20Guidelines&referringTitle=Guidelines">Data Access Layer Guidelines</a>
<a href="http://apparch.codeplex.com/wikipage?title=Service%20Layer%20Guidelines&referringTitle=Guidelines">Service Layer Guidelines</a>
Checklists
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Architecture%20and%20Design&referringTitle=Checklists">Checklist - Architecture and Design</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Communication&referringTitle=Checklists">Checklist - Communication</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Presentation%20Layer&referringTitle=Checklists">Checklist - Presentation Layer</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Business%20Layer&referringTitle=Checklists">Checklist - Business Layer</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Data%20Access%20Layer&referringTitle=Checklists">Checklist - Data Access Layer</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Service%20Layer&referringTitle=Checklists">Checklist - Service Layer</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Web%20Application&referringTitle=Checklists">Checklist - Web Application</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Rich%20Internet%20Application%20%28RIA%29&referringTitle=Checklists">Checklist - Rich Internet Application (RIA)</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Rich%20Client%20Application&referringTitle=Checklists">Checklist - Rich Client Application</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Service%20Archetype&referringTitle=Checklists">Checklist - Service Archetype</a>
<a href="http://apparch.codeplex.com/wikipage?title=Checklist%20-%20Mobile%20Application&referringTitle=Checklists">Checklist - Mobile Application</a>
How Tos
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Create%20a%20Web%20Application%20Using%20Silverlight%202.0&referringTitle=How%20Tos">How To - Create a Web Application Using Silverlight 2.0</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Create%20a%20Windows%20Application%20Using%20WPF%20and%20XAML&referringTitle=How%20Tos">How To - Create a Windows Application Using WPF and XAML</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Create%20an%20N-Tier%20Application%20with%20the%20.NET%20Framework&referringTitle=How%20Tos">How To - Create an N-Tier Application with the .NET Framework</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Design%20Business%20Components&referringTitle=How%20Tos">How To - Design Business Components</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Design%20Business%20Entities&referringTitle=How%20Tos">How To - Design Business Entities</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Design%20Business%20Workflow%20Components&referringTitle=How%20Tos">How To - Design Business Workflow Components</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Design%20Caching%20for%20Web%20Application&referringTitle=How%20Tos">How To - Design Caching for Web Application</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Design%20Exception%20Management&referringTitle=How%20Tos">How To - Design Exception Management</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Design%20Presentation%20Layer&referringTitle=How%20Tos">How To - Design Presentation Layer</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Design%20Rich%20User%20Interface%20with%20Silverlight%20and%20Blend&referringTitle=How%20Tos">How To - Design Rich User Interface with Silverlight and Blend</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Design%20Your%20Architecture&referringTitle=How%20Tos">How To - Design Your Architecture</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Design%20Your%20Data%20Access%20Layer&referringTitle=How%20Tos">How To - Design Your Data Access Layer</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Domain%20Driven%20Design&referringTitle=How%20Tos">How To - Domain Driven Design</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Improve%20User%20Experience%20with%20AJAX&referringTitle=How%20Tos">How To - Improve User Experience with AJAX</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Page%20Records%20Using%20AJAX&referringTitle=How%20Tos">How To - Page Records Using AJAX</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Structure%20Your%20Application&referringTitle=How%20Tos">How To - Structure Your Application</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Use%20ASP.NET%20MVC&referringTitle=How%20Tos">How To - Use ASP.NET MVC</a>
<a href="http://apparch.codeplex.com/wikipage?title=How%20To%20-%20Validate%20Input%20and%20Data&referringTitle=How%20Tos">How To - Validate Input and Data</a>
Performance
<a href="http://msdn.microsoft.com/en-us/library/bb924361.aspx">Agile Performance Testing</a>
<a href="http://msdn.microsoft.com/en-us/library/bb924372.aspx">Load Testing</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998579.aspx">Measuring Performance</a>
<a href="http://msdn.microsoft.com/en-us/library/bb924367.aspx">Modeling Application Usage</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998574.aspx">Performance Code Inspection</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998544.aspx">Performance Design Inspection</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998534.aspx">Performance Engineering</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998537.aspx">Performance Modeling</a>
<a href="http://msdn.microsoft.com/en-us/library/bb924371.aspx">Performance Test Reporting</a>
<a href="http://msdn.microsoft.com/en-us/library/bb924356.aspx">Performance Testing</a>
<a href="http://msdn.microsoft.com/en-us/library/bb924374.aspx">Stress Testing</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998583.aspx">Tuning Performance</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998537.aspx">Performance Design Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998547.aspx">.NET Framework Performance Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998551.aspx">.NET Interop Performance Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998569.aspx">ADO.NET Performance Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998549.aspx">ASP.NET Performance Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998565.aspx">Remoting Performance Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998541.aspx">Web Application Performance Design Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998562.aspx">Web Services Performance Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998559.aspx">XML Performance Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998592.aspx">Performance Design Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979052.aspx">.NET Framework Performance Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998589.aspx">ADO.NET Performance Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998596.aspx">ASP.NET Performance Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms978923.aspx">Enterprise Services Performance Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms978943.aspx">Interop Performance Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979159.aspx">Remoting Performance Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979169.aspx">SQL Server Performance Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979173.aspx">Web Services Performance Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979180.aspx">XML Performance Checklist Checklist</a>
Practices at a Glance
<a href="http://msdn.microsoft.com/en-us/library/ms998512.aspx">Performance Practices at a Glance</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979195.aspx">How To - Optimize SQL Indexes</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979196.aspx">How To - Optimize SQL Queries</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979197.aspx">How To - Page Records in .NET Applications</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979198.aspx">How To Performance Capacity Planning for .NET Applications</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979200.aspx">How To - Submit and Poll for Long-Running Tasks</a>
<a href="http://msdn.microsoft.com/en-us/library/ms979204.aspx">How To - Use Custom Performance Counters from ASP.NET</a>
Security
Guides
<a href="http://msdn.microsoft.com/en-us/library/ms998404.aspx">Security Engineering</a>
<a href="http://blogs.msdn.com/b/jmeier/archive/2010/02/22/agile-security-engineering.aspx">Agile Security Engineering</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998364.aspx">Security Code Inspection</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998367.aspx">Security Deployment Inspection</a>
<a href="http://msdn.microsoft.com/en-us/library/aa302421.aspx">Security Design Inspection</a>
<a href="http://msdn.microsoft.com/en-us/library/ms978516.aspx">Threat Modeling</a>
Threats and Countermeasures
<a href="http://msdn.microsoft.com/en-us/library/aa302418.aspx">Threats and Countermeasures for Web Applications</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949001.aspx">Threats and Countermeasures for Web Services</a>
Cheat Sheets
<a href="http://msdn.microsoft.com/en-us/library/ms978518.aspx">Web Application Security Frame</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949070.aspx">Web Services Security Frame</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949070.aspx">Web Services Security Patterns</a>
<a href="http://msdn.microsoft.com/en-us/library/aa480477.aspx">.NET Framework Security Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998264.aspx">ADO.NET Security Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998258.aspx">ASP.NET Security Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949068.aspx">WCF Security Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/aa302420.aspx">Web Application Security Design Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949020.aspx">Web Services Security Design Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/aa480474.aspx">.NET Framework Security Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/aa480473.aspx">ADO.NET Security Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998249.aspx">ASP.NET Security Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949052.aspx">WCF Security Checklist</a>
<a href="http://msdn.microsoft.com/en-us/library/aa480479.aspx">.NET Framework Security Practices at a Glance</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998372.aspx">ASP.NET Security Practices at a Glance</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949062.aspx">WCF Security Practices at a Glance</a>
Questions and Answers
<a href="http://msdn.microsoft.com/en-us/library/bb981440.aspx">ASP.NET Security Questions and Answers</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949043.aspx">WCF Security Questions and Answers</a>
Explained
<a href="http://msdn.microsoft.com/en-us/library/aa480476.aspx">ASP.NET Forms Authentication Explained</a>
<a href="http://msdn.microsoft.com/en-us/library/aa480475.aspx">ASP.NET Windows Authentication Explained</a>
Application Scenarios
<a href="http://msdn.microsoft.com/en-us/library/cc949093.aspx">WCF Intranet Scenario - Web to Remote WCF Using Transport Security (Original Caller, TCP)</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949089.aspx">WCF Intranet scenario - Web to Remote WCF Using Transport Security (Trusted Subsystem, HTTP)</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949041.aspx">WCF Intranet Scenario - Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949032.aspx">WCF Intranet Scenario - Windows Forms to Remote WCF Using Transport Security (Original Caller, TCP)</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949024.aspx">WCF Internet Scenario - WCF and ASMX Client to Remote WCF Using Transport Security (Original Caller, HTTP)</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949088.aspx">WCF Internet Scenario - Web to Remote WCF Using Transport Security (Trusted Subsystem, TCP)</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949050.aspx">WCF Internet Scenario - Windows Forms Client to Remote WCF Using Message Security (Original Caller, HTTP)</a>
<a href="http://msdn.microsoft.com/en-us/library/aa302385.aspx">ASP.NET Intranet Scenarios</a>
<a href="http://msdn.microsoft.com/en-us/library/aa302386.aspx">ASP.NET Extranet Scenarios</a>
<a href="http://msdn.microsoft.com/en-us/library/aa302387.aspx">ASP.NET Internet Scenarios</a>
ASP.NET Security How Tos
<a href="http://msdn.microsoft.com/en-us/library/ms998300.aspx">How To - Connect to SQL Server Using SQL Authentication in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998292.aspx">How To - Connect to SQL Server Using Windows Authentication in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998297.aspx">How To - Create a Service Account for ASP.NET Applications</a>
<a href="http://msdn.microsoft.com/en-us/library/aa480478.aspx">How To - Improve Security When Hosting Multiple Applications</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998325.aspx">How To - Instrument ASP.NET Applications for Security</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998274.aspx">How To - Prevent Cross-Site Scripting in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998310.aspx">How To - Protect Forms Authentication in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/bb355989.aspx">How To - Protect from Injection Attacks in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998271.aspx">How To - Project from SQL Injection Attacks in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998331.aspx">How To - Use ADAM for Roles in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998336.aspx">How To - Use Authorization Manager (AzMan) in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998360.aspx">How To - Use Forms Authentication with Active Directory in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998345.aspx">How To - Use Forms Authentication with Active Directory in Multiple Domains</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998317.aspx">How To - Use Forms Authentication with SQL Server in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998306.aspx">How To - Use Health Monitoring in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998351.aspx">How To - Use Impersonation and Delegation in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998355.aspx">How To - Use Protocol Transition and Constrained Delegation in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998267.aspx">How To - Use Regular Expressions to Constrain Input in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998320.aspx">How To - Use the Network Services Account to Access Resources in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998314.aspx">How To - Use Role Manager in ASP.NET</a>
<a href="http://msdn.microsoft.com/en-us/library/ms998358.aspx">How To - Use Windows Authentication in ASP.NET 2.0</a>
WCF Security How Tos
<a href="http://msdn.microsoft.com/en-us/library/cc949006.aspx">How to: Audit and Log Security Events in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949011.aspx">How to: Create and Install Temporary Certificates in WCF for Message Security During Development</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949067.aspx">How to: Create and Install Temporary Certificates in WCF for Transport Security During Development</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949057.aspx">How to: Create and Install Temporary Client Certificates in WCF During Development</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949080.aspx">How to: Host WCF in a Windows Service Using TCP</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949013.aspx">How to: Impersonate the Original Caller in WCF Calling from a Web Application</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949055.aspx">How to: Impersonate the Original Caller in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949075.aspx">How to: Perform Input Validation in WCF</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949095.aspx">How to: Perform Message Validation with Schema Validation in WCF</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949012.aspx">How to: Use basicHttpBinding with Windows Authentication and TransportCredentialOnly in WCF from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc948997.aspx">How to: Use Certificate Authentication and Message Security in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949005.aspx">How to: Use Certificate Authentication and Transport Security in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949014.aspx">How to: Use Delegation for Flowing the Original Caller Credentials to the Back End in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949048.aspx">How to: Use Health Monitoring to Instrument a WCF Service for Security</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949092.aspx">How to: Use netTcpBinding with Windows Authentication and Message Security in WCF from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949091.aspx">How to: Use netTcpBinding with Windows Authentication and Transport Security in WCF from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949022.aspx">How to: Use Protocol Transition for Impersonating and Delegating the Original Caller in WCF</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949027.aspx">How to: Use the SQL Server Role Provider with Username Authentication in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949054.aspx">How to: Use the SQL Server Role Provider with Windows Authentication in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949082.aspx">How to: Use Username Authentication with the SQL Server Membership Provider and Message Security in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949025.aspx">How to: Use Username Authentication with Transport Security in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949010.aspx">How to: Use wsHttpBinding with Username Authentication and TransportWithMessageCredential in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949030.aspx">How to: Use wsHttpBinding with Windows Authentication and Message Security in WCF Calling from Windows Forms</a>
<a href="http://msdn.microsoft.com/en-us/library/cc949017.aspx">How to: Use wsHttpBinding with Windows Authentication and Transport Security in WCF Calling from Windows Forms</a>
Visual Studio Team System
<a href="http://msdn.microsoft.com/en-us/library/bb668941.aspx">Team Build Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668944.aspx">Source Control Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668943.aspx">Reporting Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668942.aspx">Project Management Guidelines</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668945.aspx">Team Build Practices at a Glance</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668948.aspx">Source Control Practices at a Glance</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668947.aspx">Reporting Practices at a Glance</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668946.aspx">Project Management Practices at a Glance</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668950.aspx">Source Control Practices at a Glance</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668968.aspx">How To: Add a New Developer to Your Project in Visual Studio 2005 Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668977.aspx">How To: Automatically Run Code Analysis with Team Build in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668978.aspx">How To: Create a Custom Report for Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668979.aspx">How To: Create a “Risk over Time” Report for Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668980.aspx">How To: Create Custom Check-in Policies in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668981.aspx">How To: Create Your Source Tree in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668982.aspx">How To: Customize a Process Template in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668983.aspx">How To: Customize a Report in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668988.aspx">How To: Manage Projects in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668969.aspx">How To: Migrate Source Code to Team Foundation Server from Visual Source Safe</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668976.aspx">How To: Perform a Baseless Merge in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668971.aspx">How To: Set Up a Continuous Integration Build in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668975.aspx">How To: Set Up a Scheduled Build in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668986.aspx">How To: Structure ASP.NET Applications in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668994.aspx">How To: Structure Windows Applications in Visual Studio Team Foundation Server</a>
<a href="http://msdn.microsoft.com/en-us/library/bb668992.aspx">How To: Structure Your Source Control Folders in Team Foundation Server</a>
My Related Posts
<a href="http://blogs.msdn.com/b/jmeier/archive/2009/10/02/10-years-at-patterns-practices.aspx">10 Years at patterns & practices</a>
<a href="http://blogs.msdn.com/b/jmeier/archive/2009/02/09/people-i-ve-worked-with-on-past-projects.aspx">People I Worked with On Past Projects</a>
<a href="http://blogs.msdn.com/b/jmeier/archive/2010/03/07/the-power-of-blue-books-for-platform-impact.aspx">The Power of Blue Books for Platform Impact</a>
作者:蔣金楠
微信公衆賬号:大内老A
如果你想及時得到個人撰寫文章以及著作的消息推送,或者想看看個人推薦的技術資料,可以掃描左邊二維碼(或者長按識别二維碼)關注個人公衆号(原來公衆帳号蔣金楠的自媒體将會停用)。
本文版權歸作者和部落格園共有,歡迎轉載,但未經作者同意必須保留此段聲明,且在文章頁面明顯位置給出原文連接配接,否則保留追究法律責任的權利。
<a href="http://www.cnblogs.com/artech/archive/2011/03/17/1986916.html" target="_blank">原文連結</a>
![Oracle的基本操作[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)