Returning data from command handlers

This article extends the architectural design of command handlers to allow command handlers to return data. UPDATE: Although the article below might still be very entertaining, my opionion on the subject has changed. The problems described below will go away completely when you stop using use database generated IDs! Instead let the consumer of that command generate an ID (most likely a GUID). In this case, since the client creates the ID, they already have that value, and you don’t have to return anything.

Meanwhile... on the query side of my architecture

Command-query separation is a common concept in the software industry. Many architectures separate commands from the rest of the system and send command messages that are processed by command handlers. This same concept of messages and handlers can just as easily be applied to the query side of an architecture. There are not many systems using this technique and this article is an attempt to change that. Two simple interfaces will change the look of your architecture… forever.

Meanwhile... on the command side of my architecture

This article describes how a single interface can transform the design of your application to be much cleaner, and more flexible than you ever thought possible. Chapter 10 of my book contains a much more elaborate version of this article. Since I began writing applications in .NET I’ve been separating operations that mutate state (of the database mostly) from operations that return data. This is basically what the Command-query separation principle is about.

Adding Covariance and Contravariance to Simple Injector

A few weeks back I read this question on Stack Overflow. The question was about applying covariance / contravariance (or variance for short) to the Autofac dependency injection container. The question triggered me to think about variance support in Simple Injector. I was wondering whether special changes were needed to the core framework to allow this. However, it didn’t take me long to realize that enabling variance is actually pretty easy for anyone using the Simple Injector.

Dependency Injection in ASP.NET Web Forms

This article describes how to create and configure a custom PageHandlerFactory class that enables automatic constructor injection for System.Web.UI.Page classes. This keeps your application design clean and allows you to keep the application’s dependency to the IoC library to a minimum. IMPORTANT: Since the introduction of Web Forms v4.7.2, there is now better support for DI. That makes this article out-dated. When working with IoC frameworks, one should always try to minimize the amount of application code that takes a dependency on that framework.

Breaking changes in SmtpClient in .NET 4.0

In .NET 4.0 the SmtpClient class now implements IDisposable. This is a breaking change what you should watch out for. For .NET 4.0 the BCL team decided to pool SMTP connections, just as .NET already did with database connections. This of course means that the SmtpClient class should implement IDisposable, just as the SqlConnection does. When STMP connections are pooled, the overhead over establishing a new connection is lowered, which is a good thing.

Protecting against Regex DOS attacks

Bryan Sullivan describes in the May issue of his MSDN article a denial of service attack that abuses regular expressions. As Bryan explains, a poorly written regex can bring your server to its knees. Bryan demonstrates that even the simplest regular expressions can bring your server to its knees. Here are some examples of regular expressions that can easily cause this to happen: ^(\d+)+$ ^(\d+)*$ ^(\d*)*$ ^(\d+|\s+)*$ ^(\d|\d\d)+$ ^(\d|\d?)+$ Read more about the causes and the cures here.

Protecting against XML Entity Expansion attacks

Tom Hollander describes on his blog a denial of service attack I never knew the existence of, called XML Entity Expansion attack. Tom explains how to bring a server to its knees when allowing any type of xml document as input and passing it directly to an XmlDocument for parsing. Tom uses the following XML document of less than 1 KB to demonstrate the attack: <!DOCTYPE foo [ <!ENTITY a "1234567890" > <!

The death of LINQ to SQL

The Microsoft ADO.NET team blog made an important announcement yesterday about the future of LINQ to SQL. The ADO.NET team announced that Microsoft will continue to make some investments in LINQ to SQL, but they also made it pretty clear that LINQ to Entities is the recommended data access solution in the future frameworks. Microsoft will invest heavily in the Entity Framework. I always wondered why Microsoft focused on two different O/RM technologies for the .


This article describes an implementation of a ReadOnlyDictionary<TKey, TValue> that’s missing from the .NET framework. UPDATE 2012-06-05: .NET 4.5 will (finally finally!!) contain a ReadOnlyDictionary<TKey, TValue>, which will make this post (that has long be my top most googled article) finally redundant. If you’re still developing under .NET 4.0 or below, please read on. UPDATE 2013-04-11: Software license notice: I previously released this under the MIT license, but decided to change this.

.NET Backwards compatibility, why should we?

Microsofts corporate vice present of the Developer Division, Somasegar, wrote on his weblog about the backwards compatibility of the .NET framework version 2.0. But his readers doubt the usefulness of this compatibility, as do I. UPDATE 2010: This post was written in 2006. During the last couple of years I worked for many clients and found that the backwards compatibility of .NET was very important for many of my clients, because it allowed them to migrate slowly from one version to the next without making very big investments.

Welcome to my blog

Hi everybody, welcome to my blog! This blog will be a place where I share my random thoughts about ASP.NET, C# and everything related to it. I will post code snippets and links to interesting other blogs. Comments