Rockford Lhotka

 Monday, May 3, 2010
Monday, May 3, 2010 4:38:49 PM (Central Standard Time, UTC-06:00)  #    Disclaimer

CSLA 4 Beta 1 is now available for download. This includes CSLA .NET version 4 for .NET and Silverlight.

Beta 1 is essentially feature complete. It includes some really big (breaking) changes from 3.8.

Here’s a list of highlights, and of course the change log lists essentially all the changes (with the breaking changes highlighted).

The biggest change is the new business, validation and authorization rules system (info here, here and here). While the new rule system requires changes to your existing business, validation and authorization rules code, the new capabilities are pretty amazing and I think you’ll find it is worth the effort to make the changes.

There are many other changes as well, touching almost every aspect of the framework. From new ASP.NET MVC support, to enhanced MVVM support in Silverlight and WPF, to addressing many of the most common requests around the data portal, CSLA 4 should offer benefits to most application scenarios.

This is a beta 1 release, and is the start of the overall beta-to-release process. Based on your feedback using this beta, I expect to do a couple more beta releases over the next few weeks, with a final release in about 6-8 weeks (so around the end of June).

While I’m sure there will be changes based on feedback, the focus during the beta process is on fixing bugs or addressing anything that is clearly broken. I do not anticipate any major feature changes or enhancements during this process – that’s what the past few months of pre-releases were all about.

CSLA 4 does require .NET 4 and (optionally) Silverlight 4. It also requires Visual Studio 2010. If you are using older versions of Visual Studio, .NET or Silverlight then you should continue to use version 3.8.

Please download CSLA 4 Beta 1 and offer bug reports or other feedback using the CSLA forum.

Monday, May 3, 2010 11:17:04 AM (Central Standard Time, UTC-06:00)  #    Disclaimer

At the Chicago codecamp this past weekend I was sitting next to a younger guy (probably mid-20’s) who was angsting about what to learn and not learn.

“I’ll never learn C#, it is Microsoft only”

“Should I learn Python? I don’t have a use for it, but people talk about it a lot”

And much, much more.

Eventually, for better or worse (and I suspect worse), I suggested that you can’t go wrong. That every programming language has something to teach, as does every platform and every architectural model.

For my part, a few years ago I listed many of the languages I’d learned up to that point – and I don’t regret learning any of them. OK, I also learned RPG and COBOL, and they weren’t fun – but even those languages taught me something about how a language shouldn’t work :)  But I must say that PostScript was a fun language – programming printers is kind of an interesting thing to do for a while.

Platform-wise, I’ve used Apple II, C64, AmigaOS, OpenVMS, PC DOS, Novell, Windows 3.x, Windows NT, and modern Windows, as well as Unix, Linux and a tiny bit of some JCL-oriented mainframe via batch processing.

Every platform has something to teach, just like every programming language.

I also suggested that people who’ve only ever done web development, or only ever done smart-client or terminal-based development – well – they’re crippled. They lack perspective and it almost always limits their career. If you’ve never written a real distributed n-tier app, it is really hard to understand the potential of leveraging the all those resources. If you’ve never written a server-only app (like with a VT100 terminal) it is really hard to understand the simplicity of a completely self-contained app model. If you’ve never written a web app it is really hard to understand the intricacies of managing state in a world where state is so fluid.

Sadly (in my view at least), the angsting 20-something wasn’t interested in hearing that there’s value in learning all these things. Perhaps he was secretly enjoying being paralyzed by the fear that he’d “waste” some time learning something that wasn’t immediately useful. Who knows…

It is true that things aren’t always immediately useful. Most of the classes I took in college weren’t immediately useful. But even something as non-useful as Minnesota history turns out to be useful later in life – it is a lot more fun to travel the state knowing all the interesting things that happened in various places and times. (I pick that topic, because when I took that class I thought it was a total waste of time – I needed credits and it seemed easy enough – but now I’m glad it took it!)

(And some classes were just fun. I took a “Foundations of Math” class – my favorite class ever. We learned how to prove that 1+1=2 – why is that actually how it works? And why x+y=y+x, but x-z<>z-x. Useful? No. Never in my career have I directly used any of that. But fun? Oh yeah! :) )

A colleague of mine, some years ago, was on an ASP classic gig. This was in 2004 or 2005. He was very frustrated to be working on obsolete technology, right as .NET 2.0 was about to come out. His fear was that he’d be left behind as ASP.NET moved forward, and he had 3-4 more months of working on 1997 technologies. My point to him was that even if the technology wasn’t cutting edge, there were things to be learned about the business, the management style and the process being used by the client.

A career isn’t about a given technology, or even a technology wave. It is a long-term 20-30 year endeavor that requires accumulation of knowledge around technology, architecture, software design, best practices, business concepts, management concepts, software process, business process and more.

People who fixate on technology simply can’t go as far in their career as people who also pay attention to the business, management and inter-personal aspects of the world. It is the combination of broad sweeping technical knowledge and business knowledge that really makes a person valuable over the long haul.

“Wasting” 6-8 months on some old technology, or learning a technology that never becomes mainstream (I learned a language called Envelope of all things – and it was in the cool-but-useless category) is not that big a deal. That’s maybe 2% of your career. And if, during that time, you didn’t also learn something interesting about business, management and process – as well as deepening your appreciation for some aspects of technology, then I suggest you just weren’t paying attention…

All that said, spending several years working on obsolete technology really can harm your career – assuming you want to remain a technologist. I’m not saying you should blissfully remain somewhere like that.

But I am suggesting that, as a general rule, spending a few weeks or even months learning and using anything is useful. Nothing is a waste.

Monday, May 3, 2010 8:41:33 AM (Central Standard Time, UTC-06:00)  #    Disclaimer
 Tuesday, April 27, 2010

Here’s a really nice forum post discussing how one CSLA user combined the Reactive (Rx) framework with the CSLA data portal to streamline async calls.

Tuesday, April 27, 2010 3:03:54 PM (Central Standard Time, UTC-06:00)  #    Disclaimer
 Monday, April 26, 2010

I’m looking at how to provide information around .NET 4, Silverlight 4 and CSLA 4.

It is a challenging consideration. Many people like books, and I do to. I could create an Expert 2010 Business Objects book, which would take around 6 months. That means it would be out just about in time for Silverlight 5 to ship. Given the rate of Silverlight releases, conventional books (at least of the ~750 page variety) are too slow.

A lot of people have found my PDF ebooks to be very useful. Each one was around ~140 pages, and there’s no print/shipping/production time. This means they come out much faster – but they are still essentially static content once published, just like a conventional book.

The Silverlight and Core 3.8 video series have also been very popular. Not everyone likes to read, and there’s some real value in watching how things are done in a more dynamic manner. Also, videos take less time to produce than either an ebook or conventional book, so they are potentially more responsive. On the other hand, some people really dislike video content and prefer books.

I think it is safe to say that I’ll continue to produce video content, as that addresses an important set of users and is relatively fast to produce.

But I also think text content is important. It has a different price point, and offers advantages around consumption that just aren’t there with videos.

So the question is how to make text content timely, and at least a little less static – while still recognizing the realities of the amount of work involved.

Most conventional publishers now offer a “beta program” of some sort for their books. Basically you buy the book before it exists, and you get access to draft copies of chapters as they arrive. Once the chapters go through the edit process, you then get access to the final versions.

I’m thinking about doing something along that line for CSLA 4. Create ebook content, perhaps with each chapter as a separate PDF. Put this content on like I do with the videos, and then refresh the PDF files as they go through the revision process.

To be clear, this would be the “How to Use CSLA 4” book, not the “How to Build a .NET Framework” book. The focus would be on using the various features of CSLA to construct a reusable business layer, and how to use the data portal to achieve flexible n-tier deployment and scalability. Nor would it dive into specific UI technologies – I’d do separate ebooks for those.

Basically it will be like the Core 3.8 video series, but in ebook form, and targeting CSLA 4 of course.


Monday, April 26, 2010 12:36:35 PM (Central Standard Time, UTC-06:00)  #    Disclaimer

I’ll be at the Chicago code camp this coming Saturday, May 1.

I’ll be talking about CSLA 4, walking through the new business, validation and authorization rules features, along with many of the other new features in version 4 (like the new LINQ support, ASP.NET MVC components, XAML components, etc).

If you are in the Chicago area, I encourage you to come to the code camp – there are a lot of good speakers and it will be a great time!

Also, on May 1 is the Iowa code camp, and at least a couple people from Magenic (Jason Bock and Brent Edwards) will be speaking at that event.

Monday, April 26, 2010 8:33:33 AM (Central Standard Time, UTC-06:00)  #    Disclaimer
 Saturday, April 24, 2010

I’m well into the redesign of the authorization system in CSLA .NET. The new system is integrated into the new business rules system, and so is no longer a separate concept. To me this makes sense, since authorization rules are just a specific type of business rule.

Some of the basic concepts from CSLA .NET 2.0 to 3.8 are still there. Per-property authorization:

  • CanReadProperty()
  • CanWriteProperty()
  • CanExecuteMethod()

Per-type authorization (which is a little different now) where you can ask:

  • Can the user create an instance of this type?
  • Can the user get/fetch an instance of this type?
  • Can the user edit/save an instance of this type?
  • Can the user delete an instance of this type?

And the new per-instance authorization where you can ask:

  • Can the user create the instance you already have? (silly, but possible)
  • Can the user get/fetch the instance you already have? (silly, but possible)
  • Can the user edit/save this instance?
  • Can the user delete this instance?

The actual authorization checks occur by executing an IAuthorizationRule rule object. CSLA provides the AuthorizationRule base class to make it easy to implement most rules, and includes IsInRole and IsNotInRole rules. For example, here’s the IsInRole rule:

/// <summary>
/// IsInRole authorization rule.
/// </summary>
public class IsInRole : AuthorizationRule
  private List<string> _roles;

  /// <summary>
  /// Creates an instance of the rule.
  /// </summary>
  /// <param name="action">Action this rule will enforce.</param>
  /// <param name="roles">List of allowed roles.</param>
  public IsInRole(AuthorizationActions action, List<string> roles)
    : base(action)
    _roles = roles;

  /// <summary>
  /// Creates an instance of the rule.
  /// </summary>
  /// <param name="action">Action this rule will enforce.</param>
  /// <param name="element">Member to be authorized.</param>
  /// <param name="roles">List of allowed roles.</param>
  public IsInRole(AuthorizationActions action, Csla.Core.IMemberInfo element, List<string> roles)
    : base(action, element)
    _roles = roles;

  /// <summary>
  /// Rule implementation.
  /// </summary>
  /// <param name="context">Rule context.</param>
  protected override void Execute(AuthorizationContext context)
    if (_roles.Count > 0)
      foreach (var item in _roles)
        if (Csla.ApplicationContext.User.IsInRole(item))
          context.HasPermission = true;
      context.HasPermission = true;

At its most basic a rule is composed of some simple items:

  • An action (read/write property, execute method, create/get/edit/delete type/instance)
  • An optional target element (property/method)
  • An Execute() method that actually implements the rule

If your rule needs more information that’s fine – it is your class, so you can just add more properties. Just remember that a rule object is used across all instances of a business object type, so (just like with other business rules) the Execute() method absolutely must not change instance-level state in the rule object.

The Execute() method is passed a context object. The context object contains some simple properties:

  1. Target (optional reference to business object)
  2. HasPermission (true/false result returned by rule)

The Target property may be null. For per-property rules it will not be null, and for per-instance rules it will not be null. But for per-type rules it will be null. The way CSLA itself (especially the data portal) invokes rules is always per-property or per-type. The thing is, when possible even the per-type checks include the Target reference (typically only for CanEditObject checks). So you can use it if it is there, but you need to handle the case where it is null.

But the real point here, is that you can write your own authorization rule that has nothing to do with roles. You could use permissions, claims, random numbers – whatever you want to use to decide whether the user can or can’t perform the requested action.

Authorization rules are added in the AddBusinessRules() override in your business class – just like other business rules:

protected override void AddBusinessRules()
  BusinessRules.AddRule(new IsInRole(
    new List<string> { “Administrator” });

The rule set concept from other business rules applies here too – so you can have different authorization rules for different users/contexts/etc.

Finally, you can invoke rules as follows:

// per-type
bool result = Csla.Rules.BusinessRules.HasPermission(
  AuthorizationActions.CreateObject, typeof(Customer));
// per-instance
bool result = Csla.Rules.BusinessRules.HasPermission(
  AuthorizationActions.EditObject, _myCustomer);

The existing IAuthorizeReadWrite interface continues to operate as in 3.x, so you can use that to invoke CanReadProperty/CanWriteProperty/CanExecuteMethod as before.

Friday, April 23, 2010 11:07:27 PM (Central Standard Time, UTC-06:00)  #    Disclaimer
 Monday, April 19, 2010

Jason Bock just blogged with some interesting work he’s been doing around custom code analysis rules for CSLA 4:

Using Custom CodeAnalysis Rules in Your CSLA Projects

Monday, April 19, 2010 9:34:11 AM (Central Standard Time, UTC-06:00)  #    Disclaimer

I have put the demos from my Visual Studio 2010 launch talks online:

BasicVM and LiveDemo are literally the code I created on stage, so they are nothing to look at and probably have little value if you weren’t at the talks. The other demos are more complete and may be useful – especially UsingBxf, which shows some interesting UI proto-framework concepts in a pretty straightforward manner.


Demo created on stage to illustrate the most basic MVVM concepts.


Demo/prototype of a knowledge base/forum application that makes use of a pre-release version of CSLA 4, MVVM and other Silverlight concepts. It is a 3-tier physical deployment (Silverlight client, web/app server, SQL Server database) architecture using many CSLA .NET concepts.

This code uses the Bxf (“Basic XAML Framework”) to implement its shell and viewmodel code in a way that can be unit tested.

This project has a dependency on a pre-release version of CSLA 4.


Demo created on stage to illustrate the basic use of the Visual Studio 2010 XAML designer.


Demo showing simple use of the “Basic XAML Framework” (Bxf) in WPF. The same Bxf code works in Silverlight as well. The Bxf code and this demo show how to implement a basic UI shell that shows content and a status bar. For more advanced uses of Bxf see the Collective demo.

This project has a dependency on a pre-release version of CSLA 4.


Demo showing some concepts and implementation around MVVM.


Demo showing some concepts and implementation around MVVM.

Monday, April 19, 2010 8:59:44 AM (Central Standard Time, UTC-06:00)  #    Disclaimer

Here’s a link to an article I wrote on using code-gen vs building a more dynamic runtime:

Update: There doesn't appear to be a code download on the Microsoft site. Click here to download the code.

Sunday, April 18, 2010 11:30:24 PM (Central Standard Time, UTC-06:00)  #    Disclaimer
 Friday, April 16, 2010

I have put CSLA 4 Preview 4 online for download.

CSLA 4 requires Visual Studio 2010, .NET 4 and (optionally) Silverlight 4.

There are a lot of changes in CSLA 4 - make sure to read the change log!

This will be the last preview, and it includes all planned CSLA 4 functionality except:

  • New authorization rules system
  • INotifyDataErrorInfo support (SL only)
  • Class level DataAnnotation attributes

My intent is to finish these three items within the next two weeks, and then enter a beta phase.

Your feedback now and through the beta phase is absolutely invaluable to the quality of the release. If you are using or planning to use .NET 4 or Silverlight 4 please take a look at the preview and let me know your thoughts and any bugs you find by replying to this thread on the forum.

Friday, April 16, 2010 10:41:48 PM (Central Standard Time, UTC-06:00)  #    Disclaimer
 Friday, April 9, 2010

In preparation for the Twin Cities Code Camp I put together a short list showing the biggest and most important changes in CSLA 4:

  • Solution/project structure
    • Projects/assemblies better organized
    • Client profile support
    • Setup project
  • Business objects
    • List types now ObservableCollection<T>
    • New RegisterProperty() overloads
    • Automatic use of description/display attributes
    • CommandBase/CriteriaBase/CslaIdentity generic
    • Parent property public
    • Widespread use/requirement of Csla.Core.IPropertyInfo
  • Business rules
    • New business rule system
    • DataAnnotations
  • Authorization rules (coming)
    • New authz rule system
    • Integrated into business rule system
  • LINQ to CSLA
    • Remove 3.x implementation
    • Add LinqObservableCollection and ToSyncList()
    • CslaModelBinder
    • Controller
    • IModelCreator
  • Silverlight
    • IDataErrorInfo
    • INotifyDataErrorInfo (coming)
    • Browsable(false)
  • XAML
    • MVVM (ViewModelBase/ViewModel)
    • TriggerAction
    • Unified PropertyStatus/BusyAnimation
  • Data portal
    • Open up data portal for SL
    • Pluggable proxy objects to dynamically switch app servers
    • Compressed WCF example for .NET
    • Impersonation allowed via WCF
    • Client culture flows from SL client to app server
  • Reflection
    • MethodCaller uses lambda expressions
Friday, April 9, 2010 10:53:36 PM (Central Standard Time, UTC-06:00)  #    Disclaimer
 Tuesday, April 6, 2010

Software design and development is called many things. Sometimes engineering, sometimes art, sometimes magic. And sometimes science, though for some reason that is less common in my experience.

Which is a little odd, since a lot of us have Computer Science degrees, which are usually a Bachelors or Masters of Science.

Today I applied science in a way so obvious it just kind of hit me that we really do science, at least from time to time.

I’m working on the CSLA 4 business rules system, trying to exercise it to locate bugs and issues, as well as writing some blog posts (here and here) on the topic. I was writing a post about some thoughts I have around dependent properties, and it occurred to me that the current code doesn’t work like I think it should.

That’s a hypothesis. An assertion that something does (or in this case doesn’t) work a certain way.

So I wrote a test to establish that the current implementation doesn’t work the way I think it should. And I ran my test. And the test passed.

Now this isn’t good. My hypothesis was a negative, and my test was a positive. In other words, I wrote the test for the way I thought it should work, and I’m pretty convinced that the current implementation doesn’t work that way. So why did my test pass?

At this point I could do two things. I could say “well, it works, so I should be happy”, or I could be a scientist and figure out how or why it is working.

There are lots of parallels to this in real life. Especially in medicine, but in many other aspects of life as well. People observe something that appears to work (a herb seems to fix headaches or whatever), a technique that is referred to as being “evidence-based”. Some people just accept it and live with the ill-defined and unsubstantiated belief that the result is actually real and repeatable or reliable. Scientists don’t necessarily reject that it works, but they have the need to understand why it works, and to ensure it is actually repeatable.

In my case I spent a couple hours digging into how and why my test was passing. I found two things. First, my test was slightly faulty. Second, there really is a bug in my current implementation. In other words my original hypothesis is correct.

This was all really subtle. The current implementation half-works, but only because of a bug in the flawed implementation – it should have completely failed. In other words, the implementation is flawed, but a bug in the flawed implementation made it half-work. It is like a double-bug… And my test wasn’t thorough enough to fully exercise the scenario, so it didn’t catch the failure, so my testing methodology was also to blame.

Ultimately my application of science has been beneficial, though it revealed a bunch more work I need to do.

The cool thing though, is that this reinforces how important science is in daily life, for computing and everything else. I surely hope that the medicines I take, and the airplanes in which I fly and the cars I drive go through rigorous scientific testing – because the last thing I want is to trust my life to evidence-based and unsubstantiated beliefs that everything is rosy…

Tuesday, April 6, 2010 1:25:57 PM (Central Standard Time, UTC-06:00)  #    Disclaimer
 Monday, April 5, 2010

I knew I was forgetting something when I wrote the big post covering the new CSLA .NET business rule system. And it was rule chaining, which really is a big feature.

In CSLA 3.8 a rule could return one value: true or false. This is because a rule was a Boolean method. Oh sure, you could return some limited data through the RuleArgs (Description, Severity, StopProcessing), but this was really all part of one result.

In CSLA 4 a rule can return many results. This means that one rule can invoke other rules, and all their consolidated results are returned as the result of the one rule. Or you could create a rule that invoked an external rules engine, returning all results of the engine as a result of your rule. Or you could create a rule that invoked a workflow (as in Windows Workflow Foundation 4), again consolidating the results of the workflow as a result of your rule.

One way to use this is as an escape hatch. If you don’t like the way CSLA manages rules, just write your own “rule” that is actually a replacement rule engine, and allow CSLA to invoke your rule engine every time a property changes.

But even if you don’t go so far as to write your own rule engine, there are various interesting patterns that fit neatly within the existing CSLA 4 rule model.

For example, it is quite common for people to want to invoke a rule only if other properties of the object are in a certain state. Maybe you only want to require a value if the object is new, but not if it already exists. To do this, you can create a gate rule

public class NewGateRule : BusinessRule
  public NewGateRule(Csla.Core.IPropertyInfo primaryProperty)
    : base(primaryProperty)
  { }

  private IBusinessRule _innerRule =
    (IBusinessRule)new Csla.Rules.CommonRule.Required(PrimaryProperty);

  protected override void Execute(RuleContext context)
    var obj = context.Target as Csla.Core.ITrackStatus;
    if (obj != null && obj.IsNew)

This rule creates an instance of the Required rule, but only executes that inner rule if the target business object’s IsNew property is true. So the real rule is only invoked if the gate condition is met.

Notice the use of the GetChainedContext() method, which takes the RuleContext passed to the NewGateRule and creates a chained RuleContext that is appropriate for the inner rule. This technique automatically consolidates the results of the inner rule together with the outer rule (and any other chained rules) so when the NewGateRule completes all the results are automatically processed.

The same coding technique could be used to invoke many other rules if desired, each one having its own chained RuleContext. And chaining can be nested, so you could have a gate rule execute another gate rule that executes the real rule and that should work fine.

Keeping in mind that rules are just types, it is possible to do something slightly more dynamic – though your metadata does need to include not just the full type name of the rule, but also a way to describe the constructor parameters required. But this pseudo-code illustrates the concept:

public class DynamicRule : BusinessRule
  public DynamicRule(Csla.Core.IPropertyInfo primaryProperty, string innerRule)
    : base(primaryProperty)
    var t = Type.GetType(innerRule);
    object[] args = new object[] { primaryProperty };
    _innerRule = (IBusinessRule)Activator.CreateInstance(t, args);

  private IBusinessRule _innerRule;

  protected override void Execute(RuleContext context)

In this case the rule expects the full type name of the real rule to be provided. It uses that type information to dynamically create an instance of the real rule, and then executes it using a chained RuleContext. It should be clear that this basic concept could be extended to create a rule that dynamically loads an entire set of rules (perhaps using MEF) and executes those rules using chaining.

Monday, April 5, 2010 10:51:46 PM (Central Standard Time, UTC-06:00)  #    Disclaimer