Monthly Archives: January 2010

We’re Hiring! Test Positions Open on Entity Framework and WCF Data Services (Astoria) Teams

Posted on by
Reply

With work on Visual Studio 2010 winding down, both the Entity Framework and Astoria teams have test engineer positions open. Here are the job postings:

Note: If the job descriptions above still say you need C/C++ experience, this is not true. If you don’t have experience in these areas, don’t let that discourage you from applying! In fact, I didn’t have C/C++ experience upon arriving here…

Now, I know what you’re thinking—"ugh, test, you mean those guys who sit on the other side of the building and click on things all day?" And actually, when I first joined as a tester, I had a bit of the same mentality. That’s why I wanted to find out for myself what testers actually do. I have worked at Microsoft for a year now as a tester on the Entity Framework team and have learned a lot about the discipline of test, but I know I have only scratched the surface. Also, I should clarify that these positions are opening on the runtime team, so you won’t be clicking on things that much, if at all. :)

My background as a .NET developer has really helped me excel as a test engineer. The challenges that we face are very diverse and as a result I think there are many more opportunities for growth in the test discipline than in other disciplines. In a sense, we are developers ourselves; we don’t ship code (typically), but we must have the ingenuity and creativity to verify the code that does ship meets a high quality bar. Test can be a very demanding discipline, especially for those people who have a background in development.

If you want to know more about my experiences feel free to contact me using the contact form page, and I hope you consider applying if you’re looking for a challenging job.

P.S. I should note that the Astoria job description is missing an important sales pitch—you get to work with Pablo Castro! Yes, that Pablo.

POCO Templates for Entity Framework v4 Beta 2 Released

Posted on by
Reply

Today we have finally released an update to the POCO Templates that is compatible with Visual Studio 2010 Beta 2. Official announcement on the ADO.NET team blog.

One thing I will highlight is that the templates won’t be released with the final version of Visual Studio 2010. Instead we will continue to push releases through the Visual Studio Extension Gallery. This means you can easily download the POCO Templates using Visual Studio’s Extension Manager (accessed through the Tools menu).

Extension Manager menu item

Once in the Extension Manager, click the Online Gallery tab on the left side of the window and use the search box (top right) to type in "POCO template." After a few seconds you should see the POCO template extensions appear. There are two extensions, one for C# and one for Visual Basic.

image

After you install the extension, you’ll have a new item template for C# projects or Visual Basic projects (depending on which you installed) that will allow you to generate POCO entities from an Entity Framework model. For more in depth information on how to use the POCO templates, have a look at the POCO Template Walkthrough.

As always we are interested in your feedback so feel free to request features or report bugs through the Microsoft Connect web site.

CAS Policy on 64-bit Machines – #19

Posted on by
2

Well it’s been quite a while since my last post. I hope you all had a happy holiday season!

Today I’m going to talk about an issue I saw recently with a 64-bit machine and the partial trust tests for the Entity Framework. Even though .NET 4 disables CAS policy, it is more interesting for the Entity Framework to test with CAS policy enabled, because this allows us to configure security permissions on a per-assembly basis instead of per-AppDomain. The workflow for the tests is similar to the following:

  1. Enable CAS policy.
  2. Use the System.Security.Policy APIs to configure the correct set of permissions for the test assemblies. (Some have ReflectionPermission, some don’t, etc.) This is a separate EXE from the next step.
  3. Initialize the test harness and run the test cases.

When running in our lab recently, a few test cases failed for reasons I could not explain. Further analysis revealed that the tests were running in full trust, and so these negative test cases failed because the expected exceptions were not thrown. How did this happen?

Diagnosis

The first thing I did was to experiment with the command line switches of caspol.exe. I started a new command prompt and ran the following command. The –rsp switch stands for resolve permission set. System.Data.Test.PartialTrust.Caller.dll is the name of one of the assemblies that needs a custom permission set.

caspol.exe –rsp System.Data.Test.PartialTrust.Caller.dll

Microsoft (R) .NET Framework CasPol 4.0.21006.1
Copyright (c) Microsoft Corporation.  All rights reserved.

WARNING: The .NET Framework does not apply CAS policy by default. Any settings
shown or modified by CasPol will only affect applications that opt into using
CAS policy.

Please see http://go.microsoft.com/fwlink/?LinkId=131738 for more information.

Resolving permissions for level = Enterprise
Resolving permissions for level = Machine
Resolving permissions for level = User

Grant =
<PermissionSet class="System.Security.PermissionSet"
version="1"
Unrestricted="true"/>

Success

This had at least confirmed my suspicions that the tests were running in full trust. I looked back at the original executable code that configures the policy for the assemblies. It did not seem out of the ordinary, and besides, it had worked in many previous test runs.

C#

static void SetPermissions()

{

    // Find the machine policy level

    PolicyLevel machinePolicyLevel = null;

    IEnumerator ph = SecurityManager.PolicyHierarchy();

 

    while (ph.MoveNext())

    {

        PolicyLevel pl = (PolicyLevel)ph.Current;

        if (pl.Label == "Machine")

        {

            machinePolicyLevel = pl;

            break;

        }

    }

 

    NamedPermissionSet ps = new NamedPermissionSet("CallerPermSet", PermissionState.None);

 

    // Add permissions (omitted)

 

    StrongNamePublicKeyBlob key = typeof(Caller).Assembly.Evidence

      .OfType<StrongName>().First().PublicKey;

    IMembershipCondition mc = new StrongNameMembershipCondition(key, null, null);

 

    // Create the code group

    PolicyStatement policy = new PolicyStatement(ps, PolicyStatementAttribute.Exclusive);

 

    CodeGroup codeGroup = new UnionCodeGroup(mc, policy);

 

    codeGroup.Description = "Permissions for PT Caller";

    codeGroup.Name = "CallerGroup";

 

    // Add the code group

    machinePolicyLevel.RootCodeGroup.AddChild(codeGroup);

 

    // Save changes

    SecurityManager.SavePolicy();

}

VB

Sub SetPermissions()

    ‘ Find the machine policy level

    Dim machinePolicyLevel As PolicyLevel = Nothing

    Dim ph As IEnumerator = SecurityManager.PolicyHierarchy()

 

    While ph.MoveNext()

        Dim pl As PolicyLevel = DirectCast(ph.Current, PolicyLevel)

        If pl.Label = "Machine" Then

            machinePolicyLevel = pl

            Exit While

        End If

    End While

 

    Dim ps As NamedPermissionSet = New NamedPermissionSet("CallerPermSet", PermissionState.None)

 

    ‘ Add permissions (omitted)

    Dim key As StrongNamePublicKeyBlob = GetType(Caller).Assembly.Evidence _

        .OfType(Of StrongName)().First().PublicKey()

    Dim mc As IMembershipCondition = New StrongNameMembershipCondition(key, Nothing, Nothing)

 

    ‘ Create the code group

    Dim policy As PolicyStatement = New PolicyStatement(ps, PolicyStatementAttribute.Exclusive)

 

    Dim codeGroup As CodeGroup = New UnionCodeGroup(mc, policy)

 

    codeGroup.Description = "Permissions for PT Caller"

    codeGroup.Name = "CallerGroup"

 

    ‘ Add the code group

    machinePolicyLevel.RootCodeGroup.AddChild(codeGroup)

 

    ‘ Save changes

    SecurityManager.SavePolicy()

End Sub

My next plan of attack was to determine whether the changes to security policy were really being made. Even though no exceptions were thrown, I couldn’t understand why caspol –rsp would tell me that the framework would run our test assembly in full trust. i tried listing all the code groups from caspol under the Machine level:

caspol –m –lg

Microsoft (R) .NET Framework CasPol 4.0.21006.1
Copyright (c) Microsoft Corporation.  All rights reserved.

WARNING: The .NET Framework does not apply CAS policy by default. Any settings
shown or modified by CasPol will only affect applications that opt into using
CAS policy.

Please see http://go.microsoft.com/fwlink/?LinkId=131738 for more information.

Policy change prompt is ON

Level = Machine

Code Groups:

1.  All code: Nothing
   1.1.  Zone – MyComputer: FullTrust
      1.1.1.  StrongName – 00240000048000009400000006020000002400005253413100040
0000100010007D1FA57C4AED9F0A32E84AA0FAEFD0DE9E8FD6AEC8F87FB03766C834C99921EB23BE
79AD9D5DCC1DD9AD236132102900B723CF980957FC4E177108FC607774F29E8320E92EA05ECE4E82
1C0A5EFE8F1645C4C0C93C1AB99285D622CAA652C1DFAD63D745D6F2DE5F17E5EAF0FC4963D261C8
A12436518206DC093344D5AD293: FullTrust
      1.1.2.  StrongName – 00000000000000000400000000000000: FullTrust
   1.2.  Zone – Intranet: LocalIntranet
      1.2.1.  All code: Same site Web
      1.2.2.  All code: Same directory FileIO – ‘Read, PathDiscovery’
   1.3.  Zone – Internet: Internet
      1.3.1.  All code: Same site Web
   1.4.  Zone – Untrusted: Nothing
   1.5.  Zone – Trusted: Internet
      1.5.1.  All code: Same site Web
Success

The custom code groups weren’t there! But if I inspected the code groups in code after running the setup executable, then they did appear.

Resolution

Eventually I just got frustrated and pulled out procmon to figure out what caspol.exe was doing under the covers. I saw it reading and writing from configuration files in the .NET Framework directory, and that’s when it hit me. The setup executable that writes to security policy was compiled as AnyCPU and thus any security policy edits were flushed to the configuration files in the %WINDIR%Microsoft.NETFramework64 directory. Our test harness was erroneously running as a 32-bit application on a 64-bit machine, which means the security policy it read was actually from the %WINDIR%Microsoft.NETFramework directory!

There are two versions of caspol.exe on 64-bit machines! One is for 32-bit applications, and the other is for 64-bit. As you can probably infer, I was incorrectly using the 32-bit one in my diagnosis above, which is why I never saw any of the custom code groups added to security policy.

It took a couple hours to figure this out, so I hope this post can help save you some time if you ever run into a similar situation!