Application Security Testing: An Integral Part of DevOps
Web applications have been a great enabler for business needs, because for one thing, the users are not anymore tied to physical location. However, building web applications has often required more work compared to traditional desktop applications. Especially if you wanted to have good-looking graphics and slick user interfaces with complex controls, then you often had to plan for a slower development cycle.
Microsoft developed original Silverlight originally to be a "Flash killer", but this only applied to the initial version of the technology. Today, Silverlight 4 is here, and it is capable of delivering way more than just fancy animated banners. Instead, Silverlight allows you to write line-of-business applications (LOB) with complex interactivity and visually stunning user interfaces. All this is possible through the web browser, and programming is still done with the familiar .NET technologies and Microsoft Visual Studio. Silverlight training material often focuses on graphics, animation and visual design. While all these can be important in business applications, all business applications require some form of data access and user interface conventions that are present in all those applications. To get developers up to speed quickly, Microsoft has lately focused more on business developer's needs.
In this article, you are going to learn the basics of both Silverlight 4 and WCF RIA Services, and also see how you can use them to build business applications for the web. The tools you need are the latest ones, which is no surprise. Microsoft Visual Studio 2010 is a requirement, on top of which you need to install both the Silverlight 4 runtime and the SDK kit, and also the WCF RIA Services with tooling support. All the necessary download links are provided in the Resources section at the end of this article. At this writing, the latest versions are the RC ones.
What's New in Silverlight 4?
Many of the new features in Silverlight 4 are geared towards business applications. New features such as printing support, better localization especially for Asian languages and the RichTextBox control are three of such examples. For instance, the RichTextBox control supports advanced text formatting, but also can display pictures inlined with text, and include embedded controls such as a DataGrid to display tabular data along with document text.
Speaking of the DataGrid control, this useful workhorse has been enhanced in Silverlight 4. For instance, columns can now be auto-sized, meaning that their width can be based on the content. Additionally, whole rows of data can now be copied to the clipboard, allowing easy access in other programs, such as Excel. Interfaces such as
INotifyDataErrorInfo allow improved support for data validation.
In addition to working inside the browser window, Silverlight 4 applications can also work outside the browser, much like more traditional stand-alone applications. This feature is called Out-of-Browser, and you can easily check if your application is running in this fashion by checking the
AppCurrent.IsRunningOutOfBrowser property. The Out-of-browser feature can give your Silverlight application additional rights on the target system, in which case it is called a trusted application.
For instance, a trusted out-of-browser Silverlight 4 application can have access to the computer's file system, but of course in a limited fashion. Access is mostly restricted to folders under the user's own profile. Accessing files can be useful for many business applications, but Silverlight 4 contains also one feature that is highly regarded to many line-of-business solutions: native integration.
Native integration gives your Silverlight 4 out-of-browser application access to the COM interoperability features in Windows. For instance, you might use this feature to control Microsoft Office applications such as Word or Excel. But native integration isn't limited to these two products only; instead, you could even control an embedded device from a Silverlight application provided that a suitable COM interface is available.
What is WCF RIA Services?
Building multi-tier web applications with a Silverlight client has previously been, if not particularly difficult, at least time-consuming. Also, most business applications have had the need to connect to a data source, and writing the server back-end to support this is often similar repetitive work, no matter which application your are writing the backend for.
In addition to being a set of class libraries, RIA Services also provides tools inside
Microsoft Visual Studio to help in building the application that contains both server-side code and the Silverlight client. The Visual Studio tools include parts that build classes, reflect changes from one project to another, and also automatically generate code.
In addition to just supporting basic data retrieval from the server-side WCF application, RIA Services also supports many more advanced features, such as using LINQ for data retrieval and DomainDataSource components on the client-side to support nice drag-and-drop client application development in Visual Studio 2010. Security support is also built in to RIA Services, which means you can restrict access to certain features with a conventional username and password, or even Windows authentication.
Related to security features, you can also build validation features into your RIA Services applications. By default, RIA Services copies validation rules from the server to the client. This allows rich validation on the client, but does not let invalid data to be stored in the database, as the rules are validated on the server as well. In this respect validation in RIA applications is similar to that in traditional ASP.NET web forms applications with client-side validation enabled.