Having a development framework

When developing software you’ll find yourself sometimes repeating the same lines of code between projects to accomplish similar tasks. When this situation occurs, you probably can build frameworks that can be reused later on projects.

The problem with developing frameworks is that it takes more time to build them and sometimes the project constraints don’t allow investing time in this type of issues.

Frameworks are generally composed of objects and libraries that can be used to extend a new set of objects, removing the need to rewrite code. Also, when changes are needed in these extended objects, is basically simple to add them because the framework handles most of the logic. Also fixing bugs is easier as a fix in the framework, which means all extended objects are fixed.

In our case, we develop all our products and projects on frameworks developed during the years and using freely available ones.

Data layer

Our data layer is completely automated. I really don’t remember the last time we had to write a SQL statement to access the database.

First we started using Gentle.NET that was very powerful at the moment. It allowed us to create tables, views with an easy object representation. It also provided CRUD methods out of the box.

Later we migrated to Enterprise Framework that provided a similar set of features but performance was even better and the possibility to use LINQ gave us a lot of flexibility for writing custom queries. Adding columns to tables is easy as adding the property to the data objects. The whole application then notices the changes and continues working.

The business (or logic) layer

For this one we created a custom framework. We have a set of classes that automatically handles CRUD operations with objects in the data layer. On all our products we have a set of separate objects for logic and data. This gives us lot flexibility when making future changes.

This business layer also includes functionality for getting a list of objects and some basic filtering methods for these objects.

Authentication and authorization

We have a set of classes that handles authentication and authorization at the object level for users. Each object checks by itself if the current user has permissions to perform the selected operation. This verification is even made in relation to the object and user. In essence, is the current object owned by the current user and then can the current user perform the actual operation.

All this is a part of a framework and objects get the functionality by inheriting from the framework objects. No need to code and recode again these validations.

Email handling

We have a container that has all email templates configured and just need to plug it into the application for it to work. We just need to configure the content for the emails and the events the application will respond to for sending the emails (user registered, forgot password, etc.).

All SMTP send and receive is already coded.

Do you think frameworks can help reduce development time?

Generating serial numbers and keys in C# and VB.NET

Using serial numbers is the most common way to unlock applications in the market today. Microsoft made that part of our life (us developers and isv) easier using serial keys all over their product lines. This has made final users and customer familiar with the term and how the should use them to activate their applications and that’s why we use them in our .net licensing product LicenseSpot.

One aspect to keep in mind about generating serial numbers is to keep them unique. In the function below we’re using GUIDs to generate serial numbers as we know for sure that they’re unique.

The function basically takes a guid string and just take the desired length for the key. It returns a serial number with the format: XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX.

public  string GetSerialNumber()
	Guid serialGuid = Guid.NewGuid();
	string uniqueSerial = serialGuid.ToString("N");

	string uniqueSerialLength = uniqueSerial.Substring(0, 28).ToUpper();

	char[] serialArray = uniqueSerialLength.ToCharArray();
	string finalSerialNumber = "";

	int j= 0;
	for (int i = 0; i < 28; i++)
		for (j = i; j < 4 + i; j++)
			finalSerialNumber += serialArray[j];
		if (j == 28)
			i = (j) - 1;
			finalSerialNumber += "-";

	return finalSerialNumber;

Below the VB.NET code:

Public Function GetSerialNumber() As String
	Dim serialGuid As Guid = Guid.NewGuid()
	Dim uniqueSerial As String = serialGuid.ToString("N")
	Dim uniqueSerialLength As String = uniqueSerial.Substring(0, 28).ToUpper()

	Dim serialArray As Char() = uniqueSerialLength.ToCharArray()
	Dim finalSerialNumber As String = ""

	Dim j As Integer = 0
	For i As Integer = 0 To 27
		For j = i To 4 + (i - 1)
			finalSerialNumber += serialArray(j)
		If j = 28 Then
			Exit For
			i = (j) - 1
			finalSerialNumber += "-"
		End If

	Return finalSerialNumber
End Function

Upload multiple files using jQuery and ASP.NET

A few weeks back I needed a control that allowed me to upload multiple files to a SQL database going through an ASP.NET ashx handler. Also, the whole control needed to be implemented client side and the best option if using jQuery.

I spent lots of time trying to find some good control that didn’t used Flash. Most of the controls available out there were pure based Flash applications or a combination of jQuery + Flash. None were pure jQuery and supported the option of multiple files. Then I found Andrew Valums jQuery upload control. It was pretty easy to install and configured. The only drawback is that uses iframe for uploading the file, but this is transparent to the end user, so I decided to give it a try.

Here’s how it works:

Download the control

Go the website and download the control. Keep in mind there are two versions: one GPL and another one with the MIT license. I went with the one with the MIT license. You can download it here.

Place the control on your page

Use the following HTML code to place it:

<div id="uploadRegion">
<input id="button3" type="file" />
<p>Uploaded files:</p>
<ol id="infoUploadedFiles" class="files"></ol>

jQuery code to create the control

new AjaxUpload('#button3', { action: 'filehandler.ashx',
name: 'myfile',
data: { '' },
onComplete : function(file, response){
var fileResponse = $.parseJSON(response);


ASP.NET code to handle and receive the file


HttpPostedFile file = context.Request.Files[0];

string name = Path.GetFileName(file.FileName);
string ext = Path.GetExtension(file.FileName);

byte[] fileContent = new byte[file.ContentLength];
file.InputStream.Read(fileContent, 0, file.ContentLength);

After receiving the file in a byte array proceed to save it to the hard disk or a database, as needed.

Transalating a webiste automatically based on users IP address

Why is it that sites that provide localization always try to assume that the best content for you is the one based on your location?

Most people sometimes aren’t in their hometown. They could be on a trip to Asia or the middle east, but this doesn’t mean that when researching for a site or information, they want to see these sites in mandarin or in Arabian.

I may say that the majority of users try to look information first in English because the majority on sites are already in this language. You have more probabilities in finding what you need when querying in English.

What I’m saying is, don’t try to provide information on your site with automatic translation based on the visiting’s user IP address. Give the information in your primary language, be it English, Spanish, French or Portuguese and then give the user the option to select the language in which they would like to see the website and save that on cookie or the user profile for when they comeback. If the user queries google in English and when it enters your site it is then automatically translated to Spanish because the user happened to be in Cabo for vacations, he might leave, inferring the original language of the site is Spanish.

A different approach about passwords in registration forms

With the hacked of Gawker Media sites and the release of a list of users and passwords stored on the sites, people all over the Internet started reacting to the news and offering techniques on how this can be resolved.

Some of the proposed techniques include getting rid of the user database implemented on many websites and let an external application handle the customer login using credentials from others sites like Twitter, Facebook and OpenID. In my personal opinion, I really don’t like any of these mechanism because I really don’t trust these companies. Your could argue that they might have better protection than some guy’s new web service that just launched in 30 days to test an idea. Maybe it’s true, but also this guy might have a better mechanism to prevent this kind of leaks than the big companies.

Also, I think it’s not true that having a single point for user authentication is going to resolve the whole issue. Compare it with credit card fraud. Do you think you can solve the credit card theft problem by just having ONE card with a $300,000 limit than having multiple cards with, say $5,000 limits? If someone steals one of the cards, you only loose the 5,000. If you someone steals your ONLY card, you might loose $300,000 and you’re left with NO card. This is call spreading the risk.

A different approach that we use on our sites is to generate a random and strong password automatically for the user and send it to their email. We give them access to what they’re requesting on the site with just entering the email (and other information if necessary) and then email them the password generated. When they decide to come back to the site, they used the autogenerated password. They can change it if they want, but we took that step out of the funnel (guessing and thinking what password to put on) and just let them proceed to perform the requesting transaction and letting them now in an email how to continue using our sites in the future with their new strong password.

Why application localization should start in the design stage

When I start developing and throwing out code, I can tell you I’m too concentrated in the features and how I want things to work out. Always testing and debugging and running around different possibilities in my head on how that piece of code could go wrong.

When writing elements on the interface, I just tend to place the needed controls or the html tags on web pages and add the labels to the respective controls. The labels just pop out of my head without even noticing what I’m writing. Most of the time I’m just thinking how the feature is going to work with the control.

So, when your application is finished, features are implemented, and then we begin with the cosmetic work. This is when the problem arises. If you intent is to offer your application in multiple languages, then localizing the controls and html pages is not part of the cosmetic work. The only way to localize your app when all the labels are hard coded is to make a copy of the web page or control, with the same code, and start changing the labels manually.

That’s why I always have a localization strategy before beginning throwing out the code. Even if you decide how the language engine is going to work after you’ve hardcoded the labels, the simple task of changing them to the variables is exhausting. After months of going through this process with some applications that didn’t have a localization strategy, I’m stilling finding hard coded labels.

Here are some simple strategies I’ve used:

  1. Desktop applications (server side): I always try to save the labels on the database repository of the application. Using this technique, I can add languages and modify labels without having to compile the application. Sometimes, developers embedded the label files in the executable itself, the drawback with this technique is having to recompile for adding new languages. With the database option, you just have to create generic functions to get labels out of the repository. I usually have four special fields for identifying the label: the screen or page, the name of the control, the language and the label value. It’s easy to find labels for a specific screen or page this way and save them on memory. Just one query to the database.
  2. Desktop applications (client side): I don’t like very much this technique, storing language files in the application local folder. For me, it seems prone for failure: what if the user deletes the file, what if the user opens the file and changes the labels, etc. If you need to store files on the hard disk, try to encrypt them and have some default language embedded in the app executable just in case the language files are deleted.
  3. Web application (server side labels): Again, the labels are stored in the database as in the previous technique, although some complications might arise. Remember getting a label value involves making a query for three fields in the database: the page, the language and the control. You might be able to make a function that gets all labels for a page and dynamically find the controls and assign the labels, but I always find it difficult to loop for controls in the page. On our projects I use the Custom Expression Builder functionality from ASP.NET. I’m able to assign the label in the HTML page and dynamically the .NET Framework detects the page and the label is passed as a parameter and then goes to the backend database to get the information. This way there’s never a hard coded value in the HTML. The only issue is that every label is a different request to the database. For one page with 20 labels and a thousand users seeing the page it comes to 20,000 queries to the DB for labels. What I did in this case is to implement a caching mechanism to store the label values in a file on the server. First I check the cache, and as a second option go to the database. Labels do not change that frequently, so the cache can last for a whole day without any issues. This is the technique used on all our websites (SkyXoft, RequestSpot).
  4. Web Application (client side): This is the technique used on our request and task management software. All labels are stored in javascript files (one for each language) defined as constants. In the application, on HTML pages, using some simple jQuery I then refer to the constant and assign it the html element in question. It is fast and simple. I determined the language on server side and include the javascript library (the script tag) in the html.

Any of these techniques should be enough for localizing an application. The most important issue here is to plan for language support before coding starts. Doing it afterward is a never ending work. Hidden hard coded labels appear every day.

If you want more information about the code we use or you have any other technique for localization, let me know in the comments.