Repository Pattern

Repository commonly refers to a storage location, often for safety or preservation.

Objectives of using repository

Use the Repository pattern to achieve one or more of the following objectives:

• You want to maximize the amount of code that can be tested with automation and to isolate the data layer to support unit testing.
• You access the data source from many locations and want to apply centrally managed, consistent access rules and logic.
• You want to implement and centralize a caching strategy for the data source.
• You want to improve the code's maintainability and readability by separating business logic from data or service access logic.
• You want to use business entities that are strongly typed so that you can identify problems at compile time instead of at run time.
• You want to associate a behavior with the related data. For example, you want to calculate fields or enforce complex relationships or business rules between the data elements within an entity.
• You want to apply a domain model to simplify complex business logic.

Solution

Use a repository to separate the logic that retrieves the data and maps it to the entity model from the business logic that acts on the model. The business logic should be agnostic to the type of data that comprises the data source layer. For example, the data source layer can be a database, a SharePoint list, or a Web service.

The repository mediates between the data source layer and the business layers of the application. It queries the data source for the data, maps the data from the data source to a business entity, and persists changes in the business entity to the data source. A repository separates the business logic from the interactions with the underlying data source or Web service. The separation between the data and business tiers has three benefits:

• It centralizes the data logic or Web service access logic.
• It provides a substitution point for the unit tests.
• It provides a flexible architecture that can be adapted as the overall design of the application evolves.

The repository pattern is an abstraction. Its purpose is to reduce complexity and make the rest of the code persistent ignorant. As a bonus it allows you to write unit tests instead of integration tests. The problem is that many developers fail to understand the patterns purpose and create repositories which leak persistence specific information up to the caller (typically by exposing IQueryable<T>, read through Mark Seemann’s blog  IQueryable is Tight Coupling ).

The Repository Pattern is a common construct to avoid duplication of data access logic throughout our application. This includes direct access to a database, ORM, WCF dataservices, xml files and so on.  We can easily query the repository for data objects, without having to know how to provide things like a connection string. The repository behaves like a freely available in-memory data collection to which we can add, delete and update objects.

The Repository pattern adds a separation layer between the data and domain layers of an application. It also makes the data access parts of an application better testable. Using repositories is not about being able to switch persistence technology (i.e. changing database or using a web service etc instead).

Creating Repository is not as tough as it sounds to be, once you implement this by your own, you’ll love it for sure.

Create Repository pattern

Step1 Very first thing to create a repository is to define an interface inside which we declare CRUD operations on entity.

using System;

using System.Linq;

using System.Linq.Expressions;

namespace Demo.Repositories

{

    public interface IRepository

    {

        void Insert(T entity);

        void Delete(T entity);

        List<T> SearchFor(Expression<Func<T, bool>> predicate);

        List<T> GetAll();

        T GetById(int id);

    }

}

Step2 Create a class inheriting the interface, pretty straight forward approach. 

using System;

using System.Data.Linq;

using System.Linq;

using System.Linq.Expressions;

namespace Demo.Repositories

{

    public class Repository<T> : IRepository<T> where T : class, IEntity

    {

        protected Table<T> DataTable;

        public Repository(DataContext dataContext)

        {

            DataTable = dataContext.GetTable<T>();

        }

        #region IRepository<T> Members

        public void Insert(T entity)

        {

            DataTable.InsertOnSubmit(entity);

        }

        public void Delete(T entity)

        {

            DataTable.DeleteOnSubmit(entity);

        }

        public IQueryable<T> SearchFor(Expression<Func<T, bool>> predicate)

        {

            return DataTable.Where(predicate);

        }

        public IQueryable<T> GetAll()

        {

            return DataTable;

        }

        #endregion

    }

}

Now the major part of our job is done.

Step 3 Use the repository in the application

using System;

using System.Collections.Generic;

using System.Linq;

using Demo.Repositories;

namespace LinqToSqlRepositoryConsole

{

    internal class Program

    {

        private static void Main()

        {

            using (var dataContext = new HotelsDataContext())

            {

                var hotelRepository = new Repository<Hotel>(dataContext);

                var cityRepository = new Repository<City>(dataContext);

                City city = cityRepository

                    .SearchFor(c => c.Name.StartsWith("Mum"))

                    .Single();

                IEnumerable<Hotel> orderedHotels = hotelRepository

                    .GetAll()

                    .Where(c => c.City.Equals(city))

                    .OrderBy(h => h.Name);

                Console.WriteLine("* Hotels in {0} *", city.Name);

                foreach (Hotel orderedHotel in orderedHotels)

                {

                    Console.WriteLine(orderedHotel.Name);

                }

                Console.ReadKey();

            }

        }

    }

}

Now that we have most of the things ready we can refine our functionality as per our choice, add more entity specific operations.

Show active file in solution explorer VS 2010/ VS 2012

Visual Studio has a setting that does this automatically.

Tools – Options – Projects and Solutions – Track Active Item in Solution Explorer

Just select it and you’re all set!

UML Part I

UML Intro

UML stands for Unified Modeling Language. UML is a graphical language for visualizing, specifying, constructing & documenting the artifacts of a software system. It is a standard language for designing and documenting a system in an object oriented manner. UML provides blue print for Business process, System functioning, programming language statements, Database schema & reusable components.

UML is used in all phases of software development from Requirement Specification to Acceptance Test and from Designing a solution to Deploying/ Packaging. Modeling has been around for years not only in software field but also in other fields like Civil, Mechanical, etc. we get a model ready & approved before starting the production. Modeling makes complex system to break up into simple and discrete pieces that be individually understood. If we ask ourselves have we been doing/ following modeling, most of us would say NO. But all of us do modeling, the flowchart that we draw is a model for your module isn't it.

Now we should see what are the advantages of modeling:

1. Readability: Representing the whole architecture in flowcharts, class diagrams, state diagrams, ER diagrams, etc. makes our project more readable. Especially when we have programmer's changing job, handover becomes easier.
2. Re-usability: Once the system is readable and broken down to pieces, it becomes easier to identify redundant and similar modules. Thus increasing re-usability. We can decide of reusable components to be used across the application.Why shall we adopt UML?

Well different languages have different ways of coding and syntax's. In order to bring all languages under one roof UML comes into picture. As the term comes in UNIFIED, it unifies all different languages in one roof so people who are working on some other platforms can understand that.

There was an interesting question put up “Does UML fit in Agile/Scrum environment?” during a UML session presented by myself & one of my colleague at our office CastleRock, Kolkata.
Well the answer is yes, UML is not a methodology dependent you can apply it to any of the software development process. If we have a blueprint of the whole architecture, whenever we are required to make changes or alter a section/ module we can very easily trace which all sections/ modules would get effected & at the same time you can figure out how much time it might take to finish the job.

You can checkout the list of UML tools at http://www.sereferences.com/uml-tools.php.

In the next post I will cover different UML diagrams.

Section 508 guidelines

Section 508 Guidelines

• (a) A text equivalent for every non-text element shall be provided (e.g., via "alt", "longdesc", or in element content).

If we properly separate our three layers, we remove most of the situations in which we would have to provide text equivalents. Markup should only include img tags when the image is actually part of the content of the page (i.e. Flickr or Boston.com's The Big Picture).

The lesson: Logos, navigation, buttons and other content elements are not proper uses of img tags. When non-text content is necessary, use title and alt attributes.

• (b) Equivalent alternatives for any multimedia presentation shall be synchronized with the presentation.

That fancy Java slideshow applet that adds ripple effects to the slides probably isn't necessary. Simplify your life and make basic HTML pages styled with CSS instead.

The lesson: If you do need multimedia capabilities, use technologies that have accessibility options.

• (c) Web pages shall be designed so that all information conveyed with color is also available without color, for example from context or markup.

Users with colorblindness or screen readers can't tell a red icon from a green icon. If all you have in your HTML is an img tag, you are hiding content from people that are unable to see the page. Be sure to have meaningful text content in your HTML whenever you are conveying information with color.

The lesson: Color is presentation, not content. Convey all information as text in HTML and use styles heets to make it pretty and colorful.

• (d) Documents shall be organized so they are readable without requiring an associated style sheet.

Remember our three layers of separation?

The lesson: If you have created a page that needs CSS or JavaScript to be readable, you have violated our "HTML is content" principle. Semantic markup without styles creates HTML that is meaningful even if it is boring to look at.

• (e) Redundant text links shall be provided for each active region of a server-side image map.

Don't use image maps as they are almost always unnecessary. As simple as that.

The lesson: Provide basic text interactions with plain old HTML. If rich interactions are necessary, enable them by using progressive enhancement techniques.

• (f) Client-side image maps shall be provided instead of server-side image maps except where the regions cannot be defined with an available geometric shape.

The lesson: Plan/ discuss it before implementing.

(g) Row and column headers shall be identified for data tables.

Since we only use tables for the markup of tabular data and not for layout, this requirement can be satisfied by adding th, and optionally thead tags, to the table. Complicated tables can be simplified by being split into multiple tables, or by using multiple levels of headings and using the scope attribute on th tags.

The lesson: All tables should use th instead of td to markup row and column headers.

·         (h) Markup shall be used to associate data cells and header cells for data tables that have two or more logical levels of row or column headers.

As mentioned above, the tables elements have various attributes that allow complex associations between headers and content.

The lesson: Check out the id, headers, axis, and scope tags. Read up on techniques for table accessibility from WCAG.

·         (i) Frames shall be titled with text that facilitates frame identification and navigation.

Frames are generally a bad idea, but when you absolutely must use a frame, be sure to add appropriate title attributes to the frame element. This element allows a user using a screen reader to know what is content contained in the frame.

The lesson: Do not use frames. If you must, add a title attribute to all frames.

·         (j) Pages shall be designed to avoid causing the screen to flicker with a frequency greater than 2 Hz and lower than 55 Hz.

As the site is going to be for people with disabilities should take care.

The lesson: You might be in trouble if you want anything on your page to blink or flicker.

·         (k) A text-only page, with equivalent information or functionality, shall be provided to make a web site comply with the provisions of this part, when compliance cannot be accomplished in any other way. The content of the text-only page shall be updated whenever the primary page changes.

If constructed properly, your site will have no need for text-only pages. When a text-only page is absolutely necessary, use your CMS to display the same content on both the text-only and the rich pages. When the content is updated, it will be applied to both pages.

The lesson: Dynamically generated pages can ensure that the text-only pages are updated when the rest of the site content is. Build your site well and you won't have to worry about this.

·         (l) When pages utilize scripting languages to display content, or to create interface elements, the information provided by the script shall be identified with functional text that can be read by assistive technology.

As we learned in part one of this article, scripting languages (behavior) should never be used in place of content or interface (markup). Properly written, the behavior should complement and extend a functional markup-only application. This development strategy is called progressive enhancement.

The lesson: Do not rely on JavaScript to render markup or content. It is a violation of the separation of content and behavior.

·         (m) When a web page requires that an applet, plug-in or other application be present on the client system to interpret page content, the page must provide a link to a plug-in or applet that complies with §1194.21(a) through (l).

While rich content is nice, it should only come after developing a site with comprehensive access to content through traditional means. A zooming map with color overlays can enhance a users's experience, but the underlying data or analysis should also be available through accessible text-based pages. When rich content is necessary, provide links to plug-ins that have accessibility features built-in and make sure that the content rendered by those plugins takes advantage of the accessibility features.

The lesson: Only use plug-ins that have accessibility features.

·         (n) When electronic forms are designed to be completed on-line, the form shall allow people using assistive technology to access the information, field elements, and functionality required for completion and submission of the form, including all directions and cues.

Accessible and attractive forms can be quite intimidating at first. Fortunately HTML provides you with all the tools necessary to create forms that are easily read with assistive technologies: fieldset, legend, label, and others. Each form element should have a label associated with it. The for attribute of the label contains the id of the form field to which it is related. The label element also provides a convenient styling hook that removes the need to use a table for layout. Each label/element combination can be written as an item (li) within a list.

JavaScript is often used for client-side form validation, but it should only be used as a convenience to the user. The server should always validate forms as well. When there are errors in server-side validation, they should be displayed grouped together at the top of the form. This allows the user to know what the problems were without having to go through each form element. Complex forms should show the errors on individual fieldsets or at the field level.

A List Apart has a fantastic article about how to create accessible, good looking forms.

The lesson: HTML provides all the tools necessary to create accessible forms. Keep them simple and use CSS to do the layout.

·         (o) A method shall be provided that permits users to skip repetitive navigation links.

This is usually accomplished by adding an anchor to the top of the page content that takes the user to an element right past the navigation elements. The link is typically styled using CSS as to make it invisible to users that are not using assistive technologies. Once HTML 5 is widely support, the new nav element will allow users to skip past navigation without having to add a link specifically for that purpose.

The lesson: A simple anchor will get the job done.

·         (p) When a timed response is required, the user shall be alerted and given sufficient time to indicate more time is required.

On the off chance your application requires timed responses (timed sessions?), provide users with a warning that their time is about to expire. Give them the opportunity to extend their time. Mint and many banks do a beautiful job of this by letting you know when your session is about to expire and giving you the opportunity to save it.

The lesson: Never make assumptions about how long it will take your users to complete actions. Be polite and give them the option to extend their time if it is about to expire.

15 Steps for Web Accessibility

 Steps to make your website accessible 

1. Make sure all images, graphs, and other non-text items have a text equivalent.

2.  Provide synchronized captions for all video, as well as captions or a transcript of audio content.

3.  Do not use color as the only way to convey information.

4.  You can use style sheets for layout, but the page must still make sense without them.

5.  When using images as links, for example a drop down menu, make sure each link (as well as the overall image) has alt text describing the destination.  Avoid using server-side image maps.  If you do use server-side image maps, be sure to provide separate identical text links to access the same content.

6.  Label column and row headers in a data table.  Try to avoid using tables for layout purposes, but if you do then do not label headers.

7.  Make sure all cells in the table are associated with the appropriate headers. When the table is set-up correctly, screen readers can navigate through data tables one cell at a time, and they will hear the column and row headers spoken to them.

8.  Be sure to give each frame a title that identifies its purpose.

9.  Avoid any graphics, animations, movies, or other objects which have flickering, or flashing effects.

10.  Use a text-only alternative only as a last resort, and be sure to keep it up to date with other content.

11.  When using scripts, make sure all text within the script is provided as text or alt text and that any interaction can be achieved with a keyboard.

12.  Be sure to include a link to any applet or plug-in required to access content on the same page as the content. For example: Adobe Reader.  The plug-in itself must meet more specific requirements, which can be found in the official requirement.

13.  If a form can be filled out online by a user, all aspects of the form must be made accessible.  This includes labels for each field, as well as ensuring the form can be filled out using a keyboard.

14.  Include a way for the user to immediately skip to the main content of the page.

15.  When a timed response is required, alert the user and give sufficient time for them to indicate that more time is needed.

Safe SQL Literals

Handle SQL injection

Manage the input data from UI  to be safe  for SQL execution has been problem in many sites which has caused lot of damage to different sites called as SQL injection. Hackers are always there looking into your website to find loop holes.

Still people don't take care to handle these small issues which cause financial loss, as well as companies loose their clients. I am laying out a sample code which would help you to handle inputs for SQL injection.

There are different samples available and the below is the one which I see to be most safest.

public string SafeSqlLiteral(string strValue)
    {
        strValue = strValue.Replace("'", "''"); // Most important one! This line alone can prevent most injection attacks
        strValue = strValue.Replace("--", "").Replace("[", "[[]").Replace("%", "[%]").Replace(" OR ", "").Replace(" or ", "");
        strValue = strValue.Replace(" AND ", "").Replace(" and ", "").Replace("\\\r\n", "").Replace("\\\r\n\r\n", "");

        string[] myArray = new string[] { "xp_ ", "update ", "insert ", "select ", "drop ", "alter ", "create ", "rename ", "delete ", "replace " };
        int i = 0;
        int i2 = 0;
        int intLenghtLeft = 0;
        for (i = 0; i < myArray.Length; i++)
        {
            string strWord = myArray[i];
            Regex rx = new Regex(strWord, RegexOptions.Compiled | RegexOptions.IgnoreCase);
            MatchCollection matches = rx.Matches(strValue);
            i2 = 0;
            foreach (Match match in matches)
            {
                GroupCollection groups = match.Groups;
                intLenghtLeft = groups[0].Index + myArray[i].Length + i2;
                strValue = strValue.Substring(0, intLenghtLeft - 1) + "&nbsp;" + strValue.Substring(strValue.Length - (strValue.Length - intLenghtLeft), strValue.Length - intLenghtLeft);
                i2 += 5;
            }
        }
        return strValue;
    }

Encrypting & Decrypting web.config

Encrypting & Decrypting  web.config

We can encrypt each section of the web.config using the encryption provided by aspnet_regiis.exe.


<!-- Encrypt Connection String -->
C:\WebPortal>aspnet_regiis.exe -pef connectionStrings c:\WebPortal-prov "RsaProtectedConfigurationProvider"
Encrypting configuration section...
Succeeded!
Here the -pe switch specifies the configuration section "connectionStrings" to encrypt.

C:\WebPortal>aspnet_regiis.exe -pdf connectionStrings c:\WebPortal
Decrypting configuration section...
Succeeded!
Here the -pef switch specifies the configuration section to encrypt and allows you to supply the physical directory path for your configuration file.




<!-- Encrypt AppSettings -->
C:\WebPortal>aspnet_regiis.exe -pef appSettings c:\WebPortal-prov "RsaProtectedConfigurationProvider"
Encrypting configuration section...
Succeeded!
Here the -prov switch specifies the provider name.

C:\WebPortal>aspnet_regiis.exe -pdf appSettings c:\WebPortal
Decrypting configuration section...
Succeeded!