Saturday, May 24, 2008

Analysis Services Execute DDL Task

DDL Means Data Definition Language. This Task runs DDL Statements that can create ,drop or alter the mining models and Multi dimensionals objects such as cubes and dimensions.

For Example, by using this task with proper DDL, we can create Partition in cube the (OLAP Databases).

DDL Statements are represented as statements in

  • Analysis Services Scripting Language (ASSL) - It is used to define and describe an Instance of Analysis Services, Databases and Database Objects
  • XML For Analysis (XMLA) Command - It is used to send action command such as alter, create, drop or process the OLAP Objects
We need Analysis Services connection to execute this task, also if we want to execute DDL which is stored in the separate file, then we need to create File connection to that file

Thursday, May 22, 2008

SSIS: Configuring the ActiveX Script Task

You can set properties programmatically or through SSIS Designer.

To Set the Properties by SSIS Designer:

  • Place "Activex Script Task" on Control Flow Designer From "Contol Flow Items" Tool Box
  • double Click on this task
  • Activex Script Task Editor will display which contains 3 tabs namely General, Script and Expressions
  • In General Tab, We can update the name and Description of the Task, As shown in the Following Figure

  • In Script Tab,

  • we can update following details about the script
  1. language used in script, this will helps to the compiler for compile our code by using to proper language compiler
  2. script, which will be executed by Activex script Task at run time
  3. Entry Method, here we need provide a method name which is available in the script (script available in step 2), it is a entry point, from where the script will start executing. it is same as Main() function in C, C++, C#

Next is the Expression Tab, here we can assign the value of the property dynamically by executing some expression, calculation, etc.,

Example Script for Exercise:

Language: VB Script Language


Function Msg()
End Function

Entry Method:

Assign these values in script Tab of this task, then execute

you can the Message box with "Hi" Message.

SSIS: ActiveX Script Task

Activex Script Task allows to write our own custom code by using activex Script languages. at present, this task supports following 4 scripting languages
  1. VB Script Language
  2. JScript Language
  3. SignedJavaScript Class
  4. SignedVBScript Class
ActiveX script has typically been used for the following purposes:
  • Including business logic in packages. For example, ActiveX script can use conditional logic to manage package workflow.
  • Writing functions that use conditional logic to set variable values. For example, an ActiveX script can access values in a database table by using ActiveX Data Objects (ADO) and populate variables with the table values.
  • Performing complex computations. For example, an ActiveX script can compute new dates by applying built-in functions such DateAdd and DateDiff to data values.
  • Accessing data using other technologies that are not supported by built-in connection types. For example, an ActiveX script can use Active Directory Service Interfaces (ADSI) to access and extract the user names from Active Directory.
If you have existing ActiveX scripts that you would like to continue to use until they can be upgraded, you can configure the ActiveX Script task in the following ways:
  • Provide the existing script that the task runs.
  • Specify the scripting language that was used in the script. The ActiveX Script task supports the VBScript and JScript languages and other scripting languages installed on the local computer.
  • Specify the name of the function that is the entry point for the script.

Monday, May 12, 2008

ASP.NET For Beginners

Dear Friends,

This article will helps the people, who wants to start learn about ASP.NET.

Please download the document from the links given below

ASP.NET Tutorials

  1. Sample 1
  2. Sample 2
  3. Sample 3
  4. Sample 4
  5. Sample 5
  6. Sample 6
This document contains some sample project which is explained by step by step.

Monday, April 14, 2008

.NET 3.0

Microsoft’s .NET Framework 3.0 (formerly codenamed “WinFX”), is the new managed code programming model for Windows. It combines the power of the .NET Framework 2.0 with four new technologies:
  1. Windows Presentation Foundation (WPF)
  2. Windows Communication Foundation (WCF)
  3. Windows Workflow Foundation (WF)
  4. Windows CardSpace
Use the .NET Framework 3.0 to build applications that have visually compelling user experiences, seamless communication across technology boundaries, the ability to support a wide range of business processes, and an easier way to manage your personal information online.
Figure - The .NET Framework 3.0.

Windows Communication Foundation

Discover the new breed of communications infrastructure built around the Web services. This suite of .NET technologies for building and running connected systems unifies a broad array of distributed systems capabilities in a composable and extensible architecture to provide secure, reliable, and transacted messaging along with interoperability.

Windows Presentation Foundation

Find information to help you learn about the Windows Presentation Foundation, Microsoft's technology for building applications and high fidelity experiences in Windows Vista, blending together application UI, documents, and media content, while exploiting the full power of your computer. Get hands-on labs, samples, and more.

Windows Workflow Foundation

Learn all about Microsoft's new programming model, engine and tools for quickly building workflow-enabled applications on Windows. Windows Workflow Foundation includes support for both system workflow and human workflow across a wide range of scenarios.

Windows CardSpace

Find out how to build applications with Windows Cardspace (formerly "InfoCard"), Microsoft's technology for managing digital identities.

Note: For More Details about Framework 3.0, Please Refer the following Link

Sunday, April 13, 2008


Recommended books

I recommend the following books, either because I personally like them, or because I think they are well regarded by other .NET developers. (Note that I get a commission from Amazon if you buy a book after following one of these links.)

Web sites


The following Weblogs ('blogs') have regular .NET content:

Free tools

.NET 2.0

What are the new features of .NET 2.0?

Generics, anonymous methods, partial classes, iterators, property visibility (separate visibility for get and set) and static classes. See for more information about these features.

What are the new 2.0 features useful for?

Generics are useful for writing efficient type-independent code, particularly where the types might include value types. The obvious application is container classes, and the .NET 2.0 class library includes a suite of generic container classes in the System.Collections.Generic namespace. Here's a simple example of a generic container class being used:

    List myList = new List();
myList.Add( 10 );

Anonymous methods reduce the amount of code you have to write when using delegates, and are therefore especially useful for GUI programming. Here's an example

    AppDomain.CurrentDomain.ProcessExit += delegate { Console.WriteLine("Process ending ..."); };

Partial classes is a useful feature for separating machine-generated code from hand-written code in the same class, and will therefore be heavily used by development tools such as Visual Studio.

Iterators reduce the amount of code you need to write to implement IEnumerable/IEnumerator. Here's some sample code:

    static void Main()
RandomEnumerator re = new RandomEnumerator( 5 );
foreach( double r in re )
Console.WriteLine( r );

class RandomEnumerator : IEnumerable
public RandomEnumerator(int size) { m_size = size; }

public IEnumerator GetEnumerator()
Random rand = new Random();
for( int i=0; i <>
yield return rand.NextDouble();

int m_size = 0;

The use of 'yield return' is rather strange at first sight. It effectively synthethises an implementation of IEnumerator, something we had to do manually in .NET 1.x.

What's the problem with .NET generics?

.NET generics work great for container classes. But what about other uses? Well, it turns out that .NET generics have a major limitation - they require the type parameter to be constrained. For example, you cannot do this:

    static class Disposer
public static void Dispose(T obj) { obj.Dispose(); }

The C# compiler will refuse to compile this code, as the type T has not been constrained, and therefore only supports the methods of System.Object. Dispose is not a method on System.Object, so the compilation fails. To fix this code, we need to add a where clause, to reassure the compiler that our type T does indeed have a Dispose method

    static class Disposer where T : IDisposable
public static void Dispose(T obj) { obj.Dispose(); }

The problem is that the requirement for explicit contraints is very limiting. We can use constraints to say that T implements a particular interface, but we can't dilute that to simply say that T implements a particular method. Contrast this with C++ templates (for example), where no constraint at all is required - it is assumed (and verified at compile time) that if the code invokes the Dispose() method on a type, then the type will support the method.

In fact, after writing generic code with interface constraints, we quickly see that we haven't gained much over non-generic interface-based programming. For example, we can easily rewrite the Disposer class without generics:

    static class Disposer
public static void Dispose( IDisposable obj ) { obj.Dispose(); }

For more on this topic, start by reading the following articles:

Bruce Eckel:
Ian Griffiths:
Charles Cook:

What's new in the .NET 2.0 class library?

Here is a selection of new features in the .NET 2.0 class library:

  • Generic collections in the System.Collections.Generic namespace.
  • The System.Nullable type. (Note that C# has special syntax for this type, e.g. int? is equivalent to Nullable)
  • The GZipStream and DeflateStream classes in the System.IO.Compression namespace.
  • The Semaphore class in the System.Threading namespace.
  • Wrappers for DPAPI in the form of the ProtectedData and ProtectedMemory classes in the System.Security.Cryptography namespace.
  • The IPC remoting channel in the System.Runtime.Remoting.Channels.Ipc namespace, for optimised intra-machine communication.

and many, many more. See,VS.80).aspx for a comprehensive list of changes.


How does .NET remoting work?

.NET remoting involves sending messages along channels. Two of the standard channels are HTTP and TCP. TCP is intended for LANs only - HTTP can be used for LANs or WANs (internet).

Support is provided for multiple message serializarion formats. Examples are SOAP (XML-based) and binary. By default, the HTTP channel uses SOAP (via the .NET runtime Serialization SOAP Formatter), and the TCP channel uses binary (via the .NET runtime Serialization Binary Formatter). But either channel can use either serialization format.

There are a number of styles of remote access:

  • SingleCall. Each incoming request from a client is serviced by a new object. The object is thrown away when the request has finished.
  • Singleton. All incoming requests from clients are processed by a single server object.
  • Client-activated object. This is the old stateful (D)COM model whereby the client receives a reference to the remote object and holds that reference (thus keeping the remote object alive) until it is finished with it.

Distributed garbage collection of objects is managed by a system called 'leased based lifetime'. Each object has a lease time, and when that time expires the object is disconnected from the .NET runtime remoting infrastructure. Objects have a default renew time - the lease is renewed when a successful call is made from the client to the object. The client can also explicitly renew the lease.

If you're interested in using XML-RPC as an alternative to SOAP, take a look at Charles Cook's XML-RPC.Net.

How can I get at the Win32 API from a .NET program?

Use P/Invoke. This uses similar technology to COM Interop, but is used to access static DLL entry points instead of COM objects. Here is an example of C# calling the Win32 MessageBox function:

    using System; 
using System.Runtime.InteropServices;

class MainApp
[DllImport("user32.dll", EntryPoint="MessageBox", SetLastError=true, CharSet=CharSet.Auto)]
public static extern int MessageBox(int hWnd, String strMessage, String strCaption, uint uiType);

public static void Main()
MessageBox( 0, "Hello, this is PInvoke in operation!", ".NET", 0 );
} is a great resource for off-the-shelf P/Invoke signatures.

How do I write to the application configuration file at runtime?

You don't. See

What is the difference between an event and a delegate?

An event is just a wrapper for a multicast delegate. Adding a public event to a class is almost the same as adding a public multicast delegate field. In both cases, subscriber objects can register for notifications, and in both cases the publisher object can send notifications to the subscribers. However, a public multicast delegate has the undesirable property that external objects can invoke the delegate, something we'd normally want to restrict to the publisher. Hence events - an event adds public methods to the containing class to add and remove receivers, but does not make the invocation mechanism public.

See this post by Julien Couvreur for more discussion.

What size is a .NET object?

Each instance of a reference type has two fields maintained by the runtime - a method table pointer and a sync block. These are 4 bytes each on a 32-bit system, making a total of 8 bytes per object overhead. Obviously the instance data for the type must be added to this to get the overall size of the object. So, for example, instances of the following class are 12 bytes each:

    class MyInt
private int x;

However, note that with the current implementation of the CLR there seems to be a minimum object size of 12 bytes, even for classes with no data (e.g. System.Object).

Values types have no equivalent overhead.

Will my .NET app run on 64-bit Windows?

64-bit (x64) versions of Windows support both 32-bit and 64-bit processes, and corresponding 32-bit and 64-bit versions of .NET 2.0. (.NET 1.1 is 32-bit only).

.NET 1.x apps automatically run as 32-bit processes on 64-bit Windows.

.NET 2.0 apps can either run as 32-bit processes or as 64-bit processes. The OS decides which to use based on the PE header of the executable. The flags in the PE header are controlled via the compiler /platform switch, which allows the target of the app to be specified as 'x86', 'x64' or 'any cpu'. Normally you specify 'any cpu', and your app will run as 32-bit on 32-bit Windows and 64-bit on 64-bit Windows. However if you have some 32-bit native code in your app (loaded via COM interop, for example), you will need to specify 'x86', which will force 64-bit Windows to load your app in a 32-bit process. You can also tweak the 32-bit flag in the PE header using the SDK corflags utility.

Some more explanation here:

What is reflection?

All .NET compilers produce metadata about the types defined in the modules they produce. This metadata is packaged along with the module (modules in turn are packaged together in assemblies), and can be accessed by a mechanism called reflection. The System.Reflection namespace contains classes that can be used to interrogate the types for a module/assembly.

Using reflection to access .NET metadata is very similar to using ITypeLib/ITypeInfo to access type library data in COM, and it is used for similar purposes - e.g. determining data type sizes for marshaling data across context/process/machine boundaries.

Reflection can also be used to dynamically invoke methods (see System.Type.InvokeMember), or even create types dynamically at run-time (see System.Reflection.Emit.TypeBuilder).


Is there built-in support for tracing/logging?

Yes, in the System.Diagnostics namespace. There are two main classes that deal with tracing - Debug and Trace. They both work in a similar way - the difference is that tracing from the Debug class only works in builds that have the DEBUG symbol defined, whereas tracing from the Trace class only works in builds that have the TRACE symbol defined. Typically this means that you should use System.Diagnostics.Trace.WriteLine for tracing that you want to work in debug and release builds, and System.Diagnostics.Debug.WriteLine for tracing that you want to work only in debug builds.

Can I redirect tracing to a file?

Yes. The Debug and Trace classes both have a Listeners property, which is a collection of sinks that receive the tracing that you send via Debug.WriteLine and Trace.WriteLine respectively. By default the Listeners collection contains a single sink, which is an instance of the DefaultTraceListener class. This sends output to the Win32 OutputDebugString() function and also the System.Diagnostics.Debugger.Log() method. This is useful when debugging, but if you're trying to trace a problem at a customer site, redirecting the output to a file is more appropriate. Fortunately, the TextWriterTraceListener class is provided for this purpose.

Here's how to use the TextWriterTraceListener class to redirect Trace output to a file:

FileStream fs = new FileStream( @"c:\log.txt", FileMode.Create, FileAccess.Write );
Trace.Listeners.Add( new TextWriterTraceListener( fs ) );

Trace.WriteLine( @"This will be writen to c:\log.txt!" );

Note the use of Trace.Listeners.Clear() to remove the default listener. If you don't do this, the output will go to the file and OutputDebugString(). Typically this is not what you want, because OutputDebugString() imposes a big performance hit.

Can I customise the trace output?

Yes. You can write your own TraceListener-derived class, and direct all output through it. Here's a simple example, which derives from TextWriterTraceListener (and therefore has in-built support for writing to files, as shown above) and adds timing information and the thread ID for each trace line:

    class MyListener : TextWriterTraceListener
public MyListener( Stream s ) : base(s)

public override void WriteLine( string s )
Writer.WriteLine( "{0:D8} [{1:D4}] {2}",
Environment.TickCount - m_startTickCount,
s );

protected int m_startTickCount = Environment.TickCount;

(Note that this implementation is not complete - the TraceListener.Write method is not overridden for example.)

The beauty of this approach is that when an instance of MyListener is added to the Trace.Listeners collection, all calls to Trace.WriteLine() go through MyListener, including calls made by referenced assemblies that know nothing about the MyListener class.

Are there any third party logging components available?

Log4net is a port of the established log4j Java logging component.


How do I spawn a thread?

Create an instance of a System.Threading.Thread object, passing it an instance of a ThreadStart delegate that will be executed on the new thread. For example:

    class MyThread
public MyThread( string initData )
m_data = initData;
m_thread = new Thread( new ThreadStart(ThreadMain) );

// ThreadMain() is executed on the new thread.
private void ThreadMain()
Console.WriteLine( m_data );

public void WaitUntilFinished()

private Thread m_thread;
private string m_data;

In this case creating an instance of the MyThread class is sufficient to spawn the thread and execute the MyThread.ThreadMain() method:

    MyThread t = new MyThread( "Hello, world." );

How do I stop a thread?

There are several options. First, you can use your own communication mechanism to tell the ThreadStart method to finish. Alternatively the Thread class has in-built support for instructing the thread to stop. The two principle methods are Thread.Interrupt() and Thread.Abort(). The former will cause a ThreadInterruptedException to be thrown on the thread when it next goes into a WaitJoinSleep state. In other words, Thread.Interrupt is a polite way of asking the thread to stop when it is no longer doing any useful work. In contrast, Thread.Abort() throws a ThreadAbortException regardless of what the thread is doing. Furthermore, the ThreadAbortException cannot normally be caught (though the ThreadStart's finally method will be executed). Thread.Abort() is a heavy-handed mechanism which should not normally be required.

How do I use the thread pool?

By passing an instance of a WaitCallback delegate to the ThreadPool.QueueUserWorkItem() method

    class CApp
static void Main()
string s = "Hello, World";
ThreadPool.QueueUserWorkItem( new WaitCallback( DoWork ), s );

Thread.Sleep( 1000 ); // Give time for work item to be executed

// DoWork is executed on a thread from the thread pool.
static void DoWork( object state )
Console.WriteLine( state );

How do I know when my thread pool work item has completed?

There is no way to query the thread pool for this information. You must put code into the WaitCallback method to signal that it has completed. Events are useful for this.

How do I prevent concurrent access to my data?

Each object has a concurrency lock (critical section) associated with it. The System.Threading.Monitor.Enter/Exit methods are used to acquire and release this lock. For example, instances of the following class only allow one thread at a time to enter method f():

    class C
public void f()

C# has a 'lock' keyword which provides a convenient shorthand for the code above:

    class C
public void f()

Note that calling Monitor.Enter(myObject) does NOT mean that all access to myObject is serialized. It means that the synchronisation lock associated with myObject has been acquired, and no other thread can acquire that lock until Monitor.Exit(o) is called. In other words, this class is functionally equivalent to the classes above:

    class C
public void f()
lock( m_object )

private m_object = new object();

Actually, it could be argued that this version of the code is superior, as the lock is totally encapsulated within the class, and not accessible to the user of the object.

Should I use ReaderWriterLock instead of Monitor.Enter/Exit?

Maybe, but be careful. ReaderWriterLock is used to allow multiple threads to read from a data source, while still granting exclusive access to a single writer thread. This makes sense for data access that is mostly read-only, but there are some caveats. First, ReaderWriterLock is relatively poor performing compared to Monitor.Enter/Exit, which offsets some of the benefits. Second, you need to be very sure that the data structures you are accessing fully support multithreaded read access. Finally, there is apparently a bug in the v1.1 ReaderWriterLock that can cause starvation for writers when there are a large number of readers.

Ian Griffiths has some interesting discussion on ReaderWriterLock here and here.

Implications for COM

Does .NET replace COM?

This subject causes a lot of controversy, as you'll see if you read the mailing list archives. Take a look at the following two threads:

The bottom line is that .NET has its own mechanisms for type interaction, and they don't use COM. No IUnknown, no IDL, no typelibs, no registry-based activation. This is mostly good, as a lot of COM was ugly. Generally speaking, .NET allows you to package and use components in a similar way to COM, but makes the whole thing a bit easier.

DCOM dead?

Pretty much, for .NET developers. The .NET Framework has a new remoting model which is not based on DCOM. DCOM was pretty much dead anyway, once firewalls became widespread and Microsoft got SOAP fever. Of course DCOM will still be used in interop scenarios.

Is COM+ dead?

Not immediately. The approach for .NET 1.0 was to provide access to the existing COM+ services (through an interop layer) rather than replace the services with native .NET ones. Various tools and attributes were provided to make this as painless as possible. Over time it is expected that interop will become more seamless - this may mean that some services become a core part of the CLR, and/or it may mean that some services will be rewritten as managed code which runs on top of the CLR.

For more on this topic, search for postings by Joe Long in the archives - Joe is the MS group manager for COM+. Start with this message:

Can I use COM components from .NET programs?

Yes. COM components are accessed from the .NET runtime via a Runtime Callable Wrapper (RCW). This wrapper turns the COM interfaces exposed by the COM component into .NET-compatible interfaces. For oleautomation interfaces, the RCW can be generated automatically from a type library. For non-oleautomation interfaces, it may be necessary to develop a custom RCW which manually maps the types exposed by the COM interface to .NET-compatible types.

Here's a simple example for those familiar with ATL. First, create an ATL component which implements the following IDL:

    import "oaidl.idl";
import "ocidl.idl";

helpstring("ICppName Interface"),

interface ICppName : IUnknown
[helpstring("method SetName")] HRESULT SetName([in] BSTR name);
[helpstring("method GetName")] HRESULT GetName([out,retval] BSTR *pName );

helpstring("cppcomserver 1.0 Type Library")
helpstring("CppName Class")
coclass CppName
[default] interface ICppName;

When you've built the component, you should get a typelibrary. Run the TLBIMP utility on the typelibary, like this:

    tlbimp cppcomserver.tlb

If successful, you will get a message like this:

    Typelib imported successfully to CPPCOMSERVERLib.dll

You now need a .NET client - let's use C#. Create a .cs file containing the following code:

    using System;

public class MainApp
static public void Main()
CppName cppname = new CppName();
cppname.SetName( "bob" );
Console.WriteLine( "Name is " + cppname.GetName() );

Compile the C# code like this:

    csc /r:cppcomserverlib.dll csharpcomclient.cs

Note that the compiler is being told to reference the DLL we previously generated from the typelibrary using TLBIMP. You should now be able to run csharpcomclient.exe, and get the following output on the console:

    Name is bob

Can I use .NET components from COM programs?

Yes. .NET components are accessed from COM via a COM Callable Wrapper (CCW). This is similar to a RCW (see previous question), but works in the opposite direction. Again, if the wrapper cannot be automatically generated by the .NET development tools, or if the automatic behaviour is not desirable, a custom CCW can be developed. Also, for COM to 'see' the .NET component, the .NET component must be registered in the registry.

Here's a simple example. Create a C# file called testcomserver.cs and put the following in it:

    using System;
using System.Runtime.InteropServices;

namespace AndyMc
public class CSharpCOMServer
public CSharpCOMServer() {}
public void SetName( string name ) { m_name = name; }
public string GetName() { return m_name; }
private string m_name;

Then compile the .cs file as follows:

    csc /target:library testcomserver.cs

You should get a dll, which you register like this:

    regasm testcomserver.dll /tlb:testcomserver.tlb /codebase

Now you need to create a client to test your .NET COM component. VBScript will do - put the following in a file called comclient.vbs:

    Dim dotNetObj
Set dotNetObj = CreateObject("AndyMc.CSharpCOMServer")
dotNetObj.SetName ("bob")
MsgBox "Name is " & dotNetObj.GetName()

and run the script like this:

    wscript comclient.vbs

And hey presto you should get a message box displayed with the text "Name is bob".

An alternative to the approach above it to use the moniker developed by Jason Whittington and Don Box.

Is ATL redundant in the .NET world?

Yes. ATL will continue to be valuable for writing COM components for some time, but it has no place in the .NET world.

Intermediate Language (IL)

Can I look at the IL for an assembly?

Yes. MS supply a tool called ILDASM that can be used to view the metadata and IL for an assembly.

Source code be reverse-engineered from IL?

Yes, it is often relatively straightforward to regenerate high-level source from IL. Lutz Roeder's Reflector does a very good job of turning IL into C# or VB.NET.

How can I stop my code being reverse-engineered from IL?

You can buy an IL obfuscation tool. These tools work by 'optimising' the IL in such a way that reverse-engineering becomes much more difficult.

Of course if you are writing web services then reverse-engineering is not a problem as clients do not have access to your IL.

Can I write IL programs directly?

Yes. Peter Drayton posted this simple example to the DOTNET mailing list:

    .assembly MyAssembly {}

.class MyApp {

.method static void Main() {
ldstr "Hello, IL!"
call void System.Console::WriteLine(class System.Object)

Just put this into a file called, and then run ilasm An exe assembly will be generated.

Can I do things in IL that I can't do in C#?

Yes. A couple of simple examples are that you can throw exceptions that are not derived from System.Exception, and you can have non-zero-based arrays.

Code Access Security

What is Code Access Security (CAS)?

CAS is the part of the .NET security model that determines whether or not code is allowed to run, and what resources it can use when it is running. For example, it is CAS that will prevent a .NET web applet from formatting your hard disk.

How does CAS work?

The CAS security policy revolves around two key concepts - code groups and permissions. Each .NET assembly is a member of a particular code group, and each code group is granted the permissions specified in a named permission set.
For example, using the default security policy, a control downloaded from a web site belongs to the 'Zone - Internet' code group, which adheres to the permissions defined by the 'Internet' named permission set. (Naturally the 'Internet' named permission set represents a very restrictive range of permissions.)

Who defines the CAS code groups?

Microsoft defines some default ones, but you can modify these and even create your own. To see the code groups defined on your system, run 'caspol -lg' from the command-line. On my system it looks like this:

Level = Machine
Code Groups:
1. All code: Nothing
1.1. Zone - MyComputer: FullTrust
1.1.1. Honor SkipVerification requests: SkipVerification
1.2. Zone - Intranet: LocalIntranet
1.3. Zone - Internet: Internet
1.4. Zone - Untrusted: Nothing
1.5. Zone - Trusted: Internet
1.6. StrongName -









AC1DF1734633C602F8F2D5: Everything

Note the hierarchy of code groups - the top of the hierarchy is the most general ('All code'), which is then sub-divided into several groups, each of which in turn can be sub-divided. Also note that (somewhat counter-intuitively) a sub-group can be associated with a more permissive permission set than its parent.

How do I define my own code group?

Use caspol. For example, suppose you trust code from and you want it have full access to your system, but you want to keep the default restrictions for all other internet sites. To achieve this, you would add a new code group as a sub-group of the 'Zone - Internet' group, like this:

caspol -ag 1.3 -site FullTrust

Now if you run caspol -lg you will see that the new group has been added as group 1.3.1:

... 1.3. Zone - Internet: Internet

1.3.1. Site - FullTrust


Note that the numeric label (1.3.1) is just a caspol invention to make the code groups easy to manipulate from the command-line. The underlying runtime never sees it.

How do I change the permission set for a code group?

Use caspol. If you are the machine administrator, you can operate at the 'machine' level - which means not only that the changes you make become the default for the machine, but also that users cannot change the permissions to be more permissive. If you are a normal (non-admin) user you can still modify the permissions, but only to make them more restrictive. For example, to allow intranet code to do what it likes you might do this:

caspol -cg 1.2 FullTrust

Note that because this is more permissive than the default policy (on a

standard system), you should only do this at the machine level - doing it at the user level will have no effect.

Can I create my own permission set?

Yes. Use caspol -ap, specifying an XML file containing the permissions in the permission set. To save you some time, here is a sample file corresponding to the 'Everything' permission set - just edit to suit your needs. When you have edited the sample, add it to the range of available permission sets like this:
caspol -ap samplepermset.xmlThen, to apply the permission set to a code group, do something like this:

caspol -cg 1.3 SamplePermSet

(By default, 1.3 is the 'Internet' code group)

I'm having some trouble with CAS. How can I troubleshoot the problem?

Caspol has a couple of options that might help. First, you can ask caspol to tell you what code group an assembly belongs to, using caspol -rsg. Similarly, you can ask what permissions are being applied to a particular assembly using caspol -rsp.

I can't be bothered with CAS. Can I turn it off?
Yes, as long as you are an administrator. Just run:
caspol -s off


What are attributes?

There are at least two types of .NET attribute. The first type I will refer to as a metadata attribute - it allows some data to be attached to a class or method. This data becomes part of the metadata for the class, and (like other class metadata) can be accessed via reflection. An example of a metadata attribute is [serializable], which can be attached to a class and means that instances of the class can be serialized.

[serializable] public class CTest {}

The other type of attribute is a context attribute. Context attributes use a similar syntax to metadata attributes but they are fundamentally different. Context attributes provide an interception mechanism whereby instance activation and method calls can be pre- and/or post-processed. If you have encountered Keith Brown's universal delegator you'll be familiar with this idea.

7.2 Can I create my own metadata attributes?

Yes. Simply derive a class from System.Attribute and mark it with the AttributeUsage attribute. For example:


public class InspiredByAttribute : System.Attribute
public string InspiredBy;

public InspiredByAttribute( string inspiredBy )
InspiredBy = inspiredBy;

[InspiredBy("Andy Mc's brilliant .NET FAQ")]

class CTest

class CApp

public static void Main()
object[] atts = typeof(CTest).GetCustomAttributes(true);
foreach( object att in atts )

if( att is InspiredByAttribute )
Console.WriteLine( "Class CTest was inspired by{0}", ((InspiredByAttribute) att).InspiredBy );


What is serialization?
Serialization is the process of converting an object into a stream of bytes. Deserialization is the opposite process of creating an object from a stream of bytes. Serialization/Deserialization is mostly used to transport objects (e.g. during remoting), or to persist objects (e.g. to a file or database).

Does the .NET Framework have in-built support for serialization?
There are two separate mechanisms provided by the .NET class library - XmlSerializer and SoapFormatter/BinaryFormatter. Microsoft uses XmlSerializer for Web Services, and uses SoapFormatter/BinaryFormatter for remoting. Both are available for use in your own code.

I want to serialize instances of my class. Should I use XmlSerializer, SoapFormatter or BinaryFormatter?
It depends. XmlSerializer has severe limitations such as the requirement that the target class has a parameterless constructor, and only public read/write properties and fields can be serialized. However, on the plus side, XmlSerializer has good support for customising the XML document that is produced or consumed. XmlSerializer's features mean that it is most suitable for cross-platform work, or for constructing objects from existing XML documents.SoapFormatter and BinaryFormatter have fewer limitations than XmlSerializer. They can serialize private fields, for example. However they both require that the target class be marked with the [Serializable] attribute, so like XmlSerializer the class needs to be written with serialization in mind. Also there are some quirks to watch out for - for example on deserialization the constructor of the new object is not invoked.The choice between SoapFormatter and BinaryFormatter depends on the application. BinaryFormatter makes sense where both serialization and deserialization will be performed on the .NET platform and where performance is important. SoapFormatter generally makes more sense in all other cases, for ease of debugging if nothing else.

Can I customise the serialization process?
Yes. XmlSerializer supports a range of attributes that can be used to configure serialization for a particular class. For example, a field or property can be marked with the [XmlIgnore] attribute to exclude it from serialization. Another example is the [XmlElement] attribute, which can be used to specify the XML element name to be used for a particular property or field.Serialization via SoapFormatter/BinaryFormatter can also be controlled to some extent by attributes. For example, the [NonSerialized] attribute is the equivalent of XmlSerializer's [XmlIgnore] attribute. Ultimate control of the serialization process can be acheived by implementing the the ISerializable interface on the class whose instances are to be serialized.

Why is XmlSerializer so slow?
There is a once-per-process-per-type overhead with XmlSerializer. So the first time you serialize or deserialize an object of a given type in an application, there is a significant delay. This normally doesn't matter, but it may mean, for example, that XmlSerializer is a poor choice for loading configuration settings during startup of a GUI application.

Why do I get errors when I try to serialize a Hashtable?
XmlSerializer will refuse to serialize instances of any class that implements IDictionary, e.g. Hashtable. SoapFormatter and BinaryFormatter do not have this restriction.

XmlSerializer is throwing a generic "There was an error reflecting MyClass" error. How do I find out what the problem is?
Look at the InnerException property of the exception that is thrown to get a more specific error message.

Why am I getting an InvalidOperationException when I serialize an ArrayList?
XmlSerializer needs to know in advance what type of objects it will find in an ArrayList. To specify the type, use the XmlArrayItem attibute like this:

public class Person
public string Name;
public int Age;

public class Population
[XmlArrayItem(typeof(Person))] public ArrayList People;

Garbage Collection

What is garbage collection?

Garbage collection is a heap-management strategy where a run-time component takes responsibility for managing the lifetime of the memory used by objects. This concept is not new to .NET - Java and many other languages/runtimes have used garbage collection for some time.

Is it true that objects don't always get destroyed immediately when the last reference goes away?

Yes. The garbage collector offers no guarantees about the time when an object will be destroyed and its memory reclaimed.

Why doesn't the .NET runtime offer deterministic destruction?

Because of the garbage collection algorithm. The .NET garbage collector works by periodically running through a list of all the objects that are currently being referenced by an application. All the objects that it doesn't find during this search are ready to be destroyed and the memory reclaimed. The implication of this algorithm is that the runtime doesn't get notified immediately when the final reference on an object goes away - it only finds out during the next sweep of the heap.Futhermore, this type of algorithm works best by performing the garbage collection sweep as rarely as possible. Normally heap exhaustion is the trigger for a collection sweep.

Is the lack of deterministic destruction in .NET a problem?

It's certainly an issue that affects component design. If you have objects that maintain expensive or scarce resources (e.g. database locks), you need to provide some way for the client to tell the object to release the resource when it is done. Microsoft recommend that you provide a method called Dispose() for this purpose. However, this causes problems for distributed objects - in a distributed system who calls the Dispose() method? Some form of reference-counting or ownership-management mechanism is needed to handle distributed objects - unfortunately the runtime offers no help with this.

Does non-deterministic destruction affect the usage of COM objects from managed code?

Yes. When using a COM object from managed code, you are effectively relying on the garbage collector to call the final release on your object. If your COM object holds onto an expensive resource which is only cleaned-up after the final release, you may need to provide a new interface on your object which supports an explicit Dispose() method.

Do I have any control over the garbage collection algorithm?

A little. For example, the System.GC class exposes a Collect method - this forces the garbage collector to collect all unreferenced objects immediately.

How can I find out what the garbage collector is doing?

Lots of interesting statistics are exported from the .NET runtime via the '.NET CLR xxx' performance counters. Use Performance Monitor to view them.

I've heard that Finalize methods should be avoided. Should I implement Finalize on my class?

An object with a Finalize method is more work for the garbage collector than an object without one. Also there are no guarantees about the order in which objects are Finalized, so there are issues surrounding access to other objects from the Finalize method. Finally, there is no guarantee that a Finalize method will get called on an object, so it should never be relied upon to do clean-up of an object's resources.Microsoft recommend the following pattern:

public class CTest : IDisposable


public void Dispose()

{... // Cleanup activities



~CTest() // C# syntax hiding the Finalize() method





In the normal case the client calls Dispose(), the object's resources are freed, and the garbage collector is relieved of its Finalizing duties by the call to SuppressFinalize() In the worst case, ie, the client forgets to call Dispose(), there is a reasonable chance that the object's resources will eventually get freed by the garbage collector calling Finalize() Given the limitations of the garbage collection algorithm this seems like a pretty reasonable approach

What is the lapsed listener problem?

The lapsed listener problem is one of the primary causes of leaks in .NET applications. It occurs when a subscriber (or ‘listener’) signs up for a publisher’s event, but fails to unsubscribe. The failure to unsubscribe means that the publisher maintains a reference to the subscriber as long as the publisher is alive. For some publishers, this may be the duration of the application.
This situation causes two problems. The obvious problem is the leakage of the subscriber object. The other problem is the performance degredation due to the publisher sending redundant notifications to ‘zombie’ subscribers.
There are at least a couple of solutions to the problem. The simplest is to make sure the subscriber is unsubscribed from the publisher, typically by adding an Unsubscribe() method to the subscriber.

When do I need to use GC.KeepAlive?

It's very unintuitive, but the runtime can decide that an object is garbage much sooner than you expect. More specifically, an object can become garbage while a method is executing on the object, which is contrary to most developers' expectations.


using System;

using System.Runtime.InteropServices;

class Win32



public static extern IntPtr CreateEvent( IntPtr lpEventAttributes,bool bManualReset,bool bInitialState, string lpName);

[DllImport("kernel32.dll", SetLastError=true)]

public static extern bool CloseHandle(IntPtr hObject);


public static extern bool SetEvent(IntPtr hEvent);


class EventUser


public EventUser()


hEvent = Win32.CreateEvent( IntPtr.Zero, false, false, null );




Win32.CloseHandle( hEvent );

Console.WriteLine("EventUser finalized");


public void UseEvent()


UseEventInStatic( this.hEvent );


static void UseEventInStatic( IntPtr hEvent )

{ //GC.Collect();

bool bSuccess = Win32.SetEvent( hEvent );

Console.WriteLine( "SetEvent " + (bSuccess ? "succeeded" : "FAILED!") );


IntPtr hEvent;


class App


static void Main(string[] args)


EventUser eventUser = new EventUser();



If you run this code, it'll probably work fine, and you'll get the following output:

SetEvent succeeded

EventDemo finalized
However, if you uncomment the GC.Collect() call in the UseEventInStatic() method, you'll get this output:

EventDemo finalized

SetEvent FAILED!
(Note that you need to use a release build to reproduce this problem.)
So what's happening here? Well, at the point where UseEvent() calls UseEventInStatic(), a copy is taken of the hEvent field, and there are no further references to the EventUser object anywhere in the code. So as far as the runtime is concerned, the EventUser object is garbage and can be collected. Normally of course the collection won't happen immediately, so you'll get away with it, but sooner or later a collection will occur at the wrong time, and your app will fail.

A solution to this problem is to add a call to GC.KeepAlive(this) to the end of the UseEvent method