Coding and the Dangers of Familiarity: Keep Your Senses Sharp

When I started at my current company, we essentially had one major project that everyone in the team worked on. It was a client that we had been working with for a long time.  It was a fun project to work on, and I learned a lot about ASP.NET MVC and Sitecore. Even when the project closed, I had no regrets about working on it for nearly two years, with very little other projects coming up during that time.

It wasn’t until the project closed that I realized how it programmed me into doing a certain set of coding practices. They weren’t particularly bad practices, but you could say they weren’t the accepted, best way of doing things. Soon, I was being assigned to projects where the best practices and/or frameworks were in use and I was expected to use those. I’ll give you two key examples, which were both shocking once I realized what I had not done:

  • Glass Mapper. I started a new project where Glass was being used extensively. I had some small training/research on Glass in the past, but this was first project where I had to use it. I did end up using it somewhat effectively, but what shocked me was how suddenly, my defensive coding instincts did not kick in. For example, for 1.5-2.0 years, I was used to doing this:
if (item != null && item.Fields["Heading"] != null && !string.IsNullOrEmpty(item.Fields["Heading"].Value))

The second I would use .Fields[] call in Sitecore development, I would know to do extensive null checks; it’s the way I was trained – but now, I was not using that call anymore. The code was completely different, and so I did not even think of checking for null for some reason. I don’t know why I wouldn’t check for null – maybe I thought Glass would take care of it and never return null? Silly me.

  • Logging. I learned Sitecore development in an environment where I never had to add logging in case an error occurs. My former co-workers that wrote the site added a global try/catch around everything, so that whenever some code in a controller errors out, the details of the error would be entered into a record in an Exception (SQL) table. Essentially, I very rarely or never had to use Log.Error to write an error to the Sitecore log, since the Exception table would always catch that. Well, this convenience turned me into a poor developer; I realized this as soon as some code I wrote went live for a new project. It unexpectedly errored out, but I had no way of finding out what the error was because the site had a custom error page.

This is just my personal experience, and I don’t mean to rag on the project that taught me how to do Sitecore development, but the point I’m trying to make is: if you do the same thing over and over, and suddenly have to do something new, make sure you do some common sense checks before committing the code; namely:

  • Null check all the things.
  • Log information, warnings and errors for each functional part of the code that will be running.
  • Also, will your change negatively affect something that you did not intend? Carefully observe the differences between your new code and the old code.

Additionally, If you’ve been working on one project for a long time, and the development practices generally used in that project are not optimal, keep you coding senses sharp by learning about the best practices in your spare time. Read articles, watch videos, create a Sandbox project which includes those better practices in use. If you have any similar experiences, I would love to read them – thanks!

Sitecore Security Acronyms – ar|au|pe|pd – What Do They Mean?

If you’ve ever explored the SharedFields table of the Sitecore content database, you might have noticed occasionally seeing field values like this:

ar|sitecore\Sitecore Client Maintaining|pe|+item:create|+item:delete|+item:publish|+item:write|pd|+item:create|+item:delete|+item:publish|+item:write|

You may also notice that the FieldId you see in rows that contain that value is always the same. It’s the __Security field of course, which is a shared field used across all Sitecore items. Makes sense, we are querying a table called SharedFields.

So what does this field value mean? To find this out, I simply checked the value of the __Security field on the item specified in the row. You may have to check Standard fields in the View tab to see this field. Scroll down to the Security field section and expand it, and you will see the permissions that role has to this item. You can also see the original string if you check Raw values in the View tab.

To understand what the four individual acronyms mean, I had to do some educated guessing based on how the permissions appear in Access Viewer:

  • ar – Permission applies to a role
  • au – Permission applies to a user
  • pe – Item-level permissions
  • pd – Descendant-level permissions

Additionally, a + sign in front of an item:action means permission was granted. A – sign means permission was denied.

I didn’t really have to know this, I was just curious. Hopefully this explains it for others out there too. If you have any additional information to share, please leave a comment!


#dotNETConf, Day 1 – Summary

Day 1 is in the books! I’ll admit I didn’t see everything, only certain sessions, but I thought I’d share what I got out of the free, virtual .NET conference hosted by Microsoft on Channel 9.

Keynote – Scott Hunter

I loved the Keynote; they got right to the heart of what’s new and cool with .NET, specifically explaining what .NET Standard is, how .NET Core is evolving and such. They went over the new templating engine – how you can use dotnet new in a console to create a new project without the need for Visual Studio. That command will show a list of available projects you can create. You would then run dotnet new Console, for instance, to create a new C# Console application.

One really cool thing they showed was the ability to edit a .csproj file without having to unload the project. I am LOVING these quality of life improvements Microsoft has been rolling out! In fact, last week I learned that in Visual Studio 2015 you can evaluate lambda expressions in a Watch window, which blew my mind, so I can’t wait to start using the newer versions of this great IDE.

Scott then showed Razor Pages, which as Razor views with .cshtml.cs code behind files included. Pretty cool, seems like MVC for Slackers basically. Probably not for me personally. Then, he showed Application Insights and Snapshots in Azure, which can provide detailed information about errors the application ran into. Good stuff.

Mobile .NET – Miguel de Icaza

Miguel showed a really cool feature of Visual Studio for Mac, where you can specify code to be run live. Meaning any change you make to the code will automatically propagate to the mobile phone / front end without having to save the file. He also shared something called the Embedinator-4000, which basically turns any .NET library into a native library, and it supports a range of things:


Visual Studio 2017 & C# 7.x – Mads Torgersen

New notable features are available in VS 2017, including:

  1. Code Styles – setting code standards in the IDE. VS will tell you when you deviate from the standards you set up.
  2. Live Unit Testing – as you are writing a class, or a controller, you can have a unit test running and providing pass/fail information as you type
  3. Smudges – small dots under a class name that might indicate suggestions – one example:


.NET Foundation – Jon Galloway

This session explained what .NET Standard is and how they are improving it. I thought .NET Standard meant .NET Framework before I attended this session. .NET Standard is a set of APIs that all .NET platforms have to implement (including .NET Framework). It’s a specification, not a thing you install, and it’s primary use is code reuse across all platforms that use it. The higher your .NET Standard version, the more APIs you get; the lower the version, the more platforms support it. Jon demoed a web application that shows which APIs are available in which .NET Standard versions; I don’t think it’s live anywhere, but looks pretty useful.

Diagnostics 101 – Jon Skeet

The purpose of this task was to inform people how to diagnose and troubleshoot programming issues better, before posting on Stack Overflow. That’s something I was guilty of when I first starting writing code so I can relate. The ones I got the most out of:

  • Divide and Conquer – Reduce the size of the codebase you’re looking at when trying to solve a problem. Essentially, he’s saying that you need to do some trial and error, eliminate some pieces of code that you think may be where the bug is hiding, and keep doing that until you uncover the bug. It’s common sense to me.
  • Challenge Assumptions – Your code is probably wrong. Question everything. This is basically what happens to me every time I start writing a Stack Overflow question. There are so many questions I started that I didn’t end up submitting because I realized what the problem was while I was typing it into the site, it’s incredible.
    • Things to be skeptical of:
      • Your code
      • The debugger’s immediate window – if it seems off, don’t trust it
      • In Watch, beware of the debugger’s string repesentation


Overall, really good first day. Not sure how much I’ll be tuning in for Day 2, unless I have absolutely nothing else to do.

#MKEDOTNET 2017 was a blast!

This past Saturday I attended MKE DOT NET for the third time. MKE DOT NET is a .NET developer conference based in the Milwaukee area. The previous two years the conference was held in a hotel in Pewaukee. This year, they changed things up a bit and hosted it at Potowatomi Casino near downtown Milwaukee. Getting there was a bit difficult because there were a lot of closed off streets, but once I got there it was really nice.

Keynote Speaker: Maria Naggaga

Lots of people are interested in developing in .NET, but the main complaint was that it’s too difficult to learn. Maria presented some up and coming options to make .NET easier to learn for people who are currently developing in other frameworks and languages, like Python or Ruby for example.

First, she listed off some recommended code school sites. This was helpful for me because I’ve been trying to get my brother into coding with .NET and C#. Sites included Free Code Camp, Code School, Treehouse, and Next, she showed an upcoming version of, which will include everything in the current Docs site, but added a Run button for every code snippet. That part wowed me; I know one of the big annoyances with developers learning .NET was having to install Visual Studio to do any coding, so this goes around that. Great job MSFT!

After the keynote, I attended several sessions. I will list out the sessions which I got the most out of below:

Hardening Your ASP.NET Core Applications – Brice Williams and Robert Hansen

This session went over securing ASP.NET Core applications. Brice and Bob showed how to enforce HTTPS on a site at the global level or controller level. Additionally, they went through some common security risks, such as Cross Site Scripting (XSS) and Cross Site Request Forgery ( CSRF), and how to counteract those in your application. One cool thing I learned was that Javascript UI frameworks like React or Angular will do the HTML encoding for you as a way to protect against CSRF. The most important point made was to not create a security system yourself; it is extremely difficult and there’s probably a system available that someone else made that would work for you.

Cool SQL Server Features Every Developer Should Know About – David Berry

This presentation went over some new features in SQL Server 2016:

  1. Temporal tables – Every time a row is changed, SSMS keeps a snapshot of the old row values. This allows us to see what the value in a column was at any given date and time. The history table is created and maintained automatically by SQL Server, removing the need for us to write triggers.
  2. JSON Support – Allows you to store JSON data in a VARCHAR() data type. There are some new functions that go along with this, such as JSON_VALUE to get a value from a JSON object,  and JSON_QUERY to pull out an entire array or object.

David also showed Windowing Functions, which was actually released with SQL Server 2008 and later. “Group By on steroids”, Windowing Functions can partition and aggregate data by different criteria in the same statement. One example was the RANK() function, which can find the highest value, partitioning over various columns, and provide a rank for each row. I really need to look into these functions more…

Building Reusable UI Components in ASP.NET Core MVC – Scott Addie

.vbhtml files exist. It’s true. That wasn’t the point of this talk though. Scott showed us a brand new feature in ASP.NET Core V1 called Tag Helpers. Using this feature you can express server-side processing via HTML elements. An example would be:

<hand player="John">

Hand is the class, Player is a property of Hand. Tag Helpers are really cool for a few reasons:

  1. They offer great IntelliSense support.
  2. They eliminate context switching between HTML and C# that you would get with Razor.
  3. They were designed with testing in mind.

One other cool thing I learned is the C# nameof() feature, which can  be used to avoid hard coding class name strings. Usage: i.e. nameof(MyClass) would output “MyClass” as a string.


This event keeps getting better every year. Particlarly, the SQL Server Features and UI Components sessions amazed me! I learned a lot of cool things in this conference, and made note of a lot of things to look into so that I can learn more. Thanks Centare for hosting another great MKE DOT NET!