Every year for Jenn’s birthday we take a trip to the beach with some friends of ours. This year we decided to go down to the Oregon Coast Aquarium in Newport.

I took several pictures that I’ll have to post later, but I did get a nice video of the Passages of the Deep exhibit where you walk under the various fish. This particular video shows the sharks in the exhibit.

I’m running Windows Server 2008 R2 as a non-admin user with User Account Control turned on. The stupid Adobe Reader update thing pops up in the corner saying “Update available” and when I tell it to install, I get:

Error 1625: Update failed. Update not permitted by system policy.

Last time I fixed this by using Autoruns and removing the Adobe Updater thing from the list of programs to run. Of course, that means no updates unless I apply them manually, either. Today I found this forum thread with the actual answer:

1. Open C:\Program Files (x86)\Common Files\Adobe\ARM\1.0 in Windows Explorer.
2. Right-click AdobeARM.exe and “Run As Administrator.”
3. When the “update available” balloon pops up in the corner, tell it to install. It should work now because it has the right permissions.

Done and done. Sort of annoying that Adobe hasn’t fixed this but… well, it is what it is.

Visual Studio has a nasty habit of forgetting your default browser settings at seemingly arbitrary times. Couple that with the fact that you can only really switch your default browser in VS using this “Browse With…” context menu on a browsable ASPX or HTML page (and the fact that in your MVC solutions you probably don’t have a directly browsable ASPX or HTML page) and this whole thing is a nightmare.

Enter Hanselman, who has posted a Powershell solution to the problem. YAY!

I got a copy of Testing ASP.NET Web Applications a while ago but it’s taken me some time to get through it because I wanted to dedicate the time and attention to it that it needed. There really aren’t many decent books that discuss testing all different aspects of web applications (though there are several dedicated specifically to security testing). The content in this book is something I’ve been trying to find for a long time in a format aggregated all together in one place and, despite a few rough edges, I’ll be recommending it to my QA friends this year.

I’ll run down the content chapter by chapter so you can see what’s inside and decide for yourself.

Chapter 1: Preliminary Concerns

The first chapter gives a nice, concise history of testing tools starting from sUnit (Smalltalk unit testing) and bringing us through today, so you can see where we’ve been. It also provides a really nice terminology list. I may have to blow the terminology list up and attach it to my wall so I can point to it and make sure in discussions that everyone’s on the same page, talking about the same thing. Finally, there’s a good test-related “mythbusters” section you can use to get testing moving forward in your organization.

Chapter 2: Design and Testability

This chapter starts off with a summary overview of what makes a good unit test. I agreed with some points and disagreed with others, but the qualities that “make a good unit test” are sort of a religious debate that people can’t agree on - for example, naming conventions. That said, they revisit what makes a good unit test at the end with a checklist of sorts that is really good. They talk about the design of your code and how it affects testability, discussing the SOLID design principles, and test smells (fragile tests, slow tests, etc.) you might encounter. They do touch lightly on pair programming and test driven development in this chapter (saving the details for the next chapter) but they don’t discuss it in a dogmatic way, which is a nice change from most articles you’ll read on the subject.

There is a section on refactoring in chapter 2 that felt somewhat out of place, like they wanted to relate the refactoring examples to how easy refactoring can be if you design your code well, but it really felt bolted on and distracting.

Chapter 3: Unit Testing and Test Driven Development

The chapter on unit testing and TDD should have been one of the best chapters, but it wasn’t as helpful as I’d hoped it would be. Since this is an ASP.NET specific book, the aim of the chapter should have been to explain how to get testing running in ASP.NET - web forms and MVC. Of the 50 pages in the chapter, about two talk about web forms and the model-view-presenter way of separating concerns and getting web forms testable. The rest of the time is spent on ASP.NET MVC and setting up an example application that gets used through the rest of the book. While I agree with the authors that MVC is a far more testable framework, that doesn’t help the people who have legacy applications or who are otherwise stuck on web forms. There is a tiny bit at the end that basically says, “It’s not worth much to try retrofitting unit tests to web forms” (without saying those exact words). I feel like there was a huge opportunity missed.

As for MVC, the authors suggest a different “default project structure” than the one provided by ASP.NET MVC out of the box, and I only partially agree with the proposal. The idea is sound, but it would be nice to see things in a stock fashion since a new project structure really only applies to Greenfield work.

The walkthrough of creating the demo application is very valuable and shows the red/green/refactor process of test driven development well. If you’re unfamiliar with this process, it’s good to see it. Of course, they also introduce a lot of patterns and concepts very quickly with little ceremony (e.g., the repository pattern, NHibernate usage, etc.) and that’s a lot to take in, so be patient.

Chapter 4: Integration Testing

This chapter is a pretty short chapter and talks about the differences between unit testing and integration testing, then runs through adding some integration tests to the sample application so you can get a feel for doing that.

Chapter 5: Automated User Interface Testing

This chapter breaks down the different types of functional testing and talks about the benefits, drawbacks, and challenges of automating the UI. The discussion of challenges is really good, listing different ways your UI automation tests can fail. It definitely gives you something to think about as you head down this road.

They break down different tools and approaches to UI testing with a primary focus on WatiN, Visual Studio Web Tests, and Selenium usage. They then show how to apply these tools to automating the sample application so you can see them in action. (There is also a section on qUnit - unit testing for JavaScript - at the end of the chapter, but it’s really thin and feels like an afterthought.)

During the automation of the sample app, there is a little bit of distraction as the authors get a little lost in the weeds introducing test data generators with fluent interfaces right in the middle. For automated UI testing you do need some test data to populate the system with, but it’s really confusing and distracting plopped right in the middle of everything.

Chapter 6: Acceptance Testing

The chapter on acceptance testing starts off with some good terminology, but then dives into Scrum project management methodology. It feels like they’re taking you on a ride, but if you have a little faith, you’ll see how they bring you back around to testing. It’s a worthwhile detour, even if it feels a little abrupt.

They focus on FitNesse and Cucumber as the two acceptance testing frameworks and show you how to get each running. I read the FitNesse section twice and still didn’t really get it. There were lots of wiki screen shots and tiny code snippets, but nothing that was complete enough. It took skipping forward to the example section and once I got it, I started questioning if the work involved was really worth it. On the other hand, Cucumber seemed reasonably straightforward (though it, too, didn’t come clear until seeing a real example rather than just reading about it in hypothetical terms).

I’m not sure the acceptance testing chapter accomplished for me what it set out to. After seeing all of the work and “glue code” required to get the business users the ability to write tests, I wondered if it might be time better spent getting them to write use case documents and having the developers write WatiN tests to associate with those documents. (Of course, in thinking that, maybe I missed the point.)

Chapter 7: Manual Testing

This chapter talks about the things to look for in manual testing - usability, documentation, error messages - as well as scenarios you might look for - session timeouts, disconnected/down services, network issues, etc. It provides a few tools that can help you in manual testing and explains how to document manual test cases. It’s not a long chapter, but it’s nice to formalize some of this stuff, or at least give teams a place to start discussing. “Manual testing” isn’t just “jump in and start clicking buttons.”

Chapter 8: Performance Testing

Of all the chapters in the book, this one was my favorite. It starts off by giving a high-level description of what performance testing is and then it dives right in. There is some great guidance on establishing baselines and expectations as well as capturing requirements. It gives you a lot to think about and discuss with your customers around performance and gives a good set of questions to ask about it.

They provide a great list of tools you can use to measure performance and shows a sample run of each one. I was really happy with this bit because it was like having someone evaluate all of these tools for you, show you the outputs, and help you decide which one you like best. Really helpful.

They outline the components of a performance test environment and explain some of the relevant performance counters you should watch when running tests and what they mean.

Finally, they correlate performance testing with capacity planning so you can take the numbers you record and start figuring out what kind of resources you’ll need to address your site’s target audience.

Chapter 9: Accessibility Testing

Right after the chapter on performance testing, this was my next favorite chapter. There’s a nice “accessibility mythbusters” section to disprove common misconceptions about accessibility and the web and a good discussion about the benefits of making your site accessible.

One of the nice bits about this chapter is that they take the time to discuss a few of the disabilities that people visiting your site might have and then provide simulated screen shots showing what users with these disabilities might be seeing. (Granted, the book is printed in black and white so the screen shots showing “color blindness” are less than effective, but the rest are good.)

They talk about several things you might see in web sites - images, graphs, forms, lists - and how to make them accessible. They also talk about other things to look for like acronym usage and CAPTCHA and how those aren’t accessible. While they touch briefly on audio/visual media, not much help is offered beyond descriptions of what you could possibly do (not how to do it). Same thing with JavaScript - they talk a bit about what to do and what not to do, but don’t really show any examples.

There is a great list of links to different web accessibility standards, not just for the US but for countries around the world. There’s also a good list of tools you can use to help you test your site’s accessibility and they do a bit of a walkthrough using these tools to test their sample web site.

Chapter 10: Security Testing

This chapter starts out explaining some common security terminology and then dives into selling you the benefits of security testing. It’s unfortunate that anyone should have to be convinced to test their app for security, but if you have to get some time allocated from management, this is a decent list of things you can discuss.

Just like in the accessibility testing chapter, there is a list of links to related standards for security and compliance here as well as a list of places to go (like OWASP) for some guidance.

The bulk of the chapter focuses on the OWASP Top 10 vulnerabilities and walks you through an example of testing for each. This is the most valuable part of the chapter and if you’ve ever heard of, say, “SQL injection” but you’re not sure what it looks like, this is really good.

There is a section about how to assess and report vulnerabilities in your application which is really good for communicating risk and helping manage that for your project.

Finally, there’s a list of security-related testing tools… but there isn’t really a description of them or any example usage, just a list of URL links. This felt like a bit of missed opportunity here, or maybe a last-minute addition.

General Thoughts

There were a ton of spelling and grammar mistakes through the book, enough that it was a little distracting. I sort of wondered if the editor was asleep at the wheel. It didn’t make the book unreadable, but it does feel like a bump in an otherwise reasonably smooth ride.

Also, while many of the topics were really good, there were things I felt that belonged but were jammed in the wrong spots. For example, the discussion about design patterns that gets stuck in the middle of the TDD chapter may have felt better in the chapter before it about design.

Finally, there were lots of good tool lists, good links to related sites… it’d have been nice to see those recapped in appendices at the end so you don’t have to hunt them down later in the middle of the book.

In the End: Recommended

Despite some of the rough edges, I haven’t seen a book before that captures all of this information in one place. I know it’s earned a place on my shelf. If you’re looking for a book on testing ASP.NET web apps, this is one to consider.

I’ve been working struggling with WiX for the last few days and I feel like it’s mostly for two reasons:

1. WiX assumes you know MSI. That is, Windows Installer XML is a thin veneer over Microsoft Installer technology, not an abstraction layer for it. I think this is a faulty assumption. While I understand WiX isn’t meant to teach you MSI, if I’m building a new installer and I want to try WiX out, I’m probably not thinking, “Oh, I should go read the entire MSDN library about MSI first.” I’m actually thinking, “I’m building a new installer, I’m building it in WiX, and I should be able to read the WiX documentation or find WiX examples that show me how to do that.”
2. WiX documentation is thin. I think this is the result of the faulty assumption in item #1. There is very little linking from the WiX documentation back to the corresponding MSI docs on MSDN so you’d never know that the construct on this WiX page corresponds to this MSI concept. Examples are few and far between. The one tutorial out there assumes you’re building everything by hand and doesn’t really cover the Visual Studio integration that I’m sure people have picked up by now.

I’m guessing there are three schools of thought going on when it comes to contributing to WiX documentation:

• I already know how this works so everyone else must already know as well.
• The “smart user” can go “check out the source and figure it out” so that’s good enough.
• I’ve just struggled for the last week trying to get this to work and now that it does I’m too exhausted and frustrated to contribute anything back.

I know I fall into that last school: I’ve been screwing around with it for so long that, now that it works, I really just want to jump ship and be done with WiX until the next time I have to add something to the installer. Couple that with the fact that, really, while the installer works, I don’t know that what I did was “right,” just that “it works.” It feels very “duct tape and baling wire” so I’m not confident that any contributions I might make to the docs would be the way people should be doing things, just the way I got them working.

Maybe “it works” is the same as “the right way” in installer land? Hmmm. I’ll have to think about that. But I digress.

All that leads me up to a list of things I’d love to see in WiX documentation.

• A disclaimer on the front page saying “you need to know MSI.” Buried a couple of pages down they mention that “in order to fully utilize the features in WiX, you must be familiar with the Windows Installer concepts.” I don’t think that’s quite accurate. On the front page of the site, and on the front page of the docs, there needs to be some big, bold, red, flashing sign that says, “If you don’t know MSI, STOP HERE.” OK, maybe not exactly that, but something up front to set my expectations that I need to know a little something about MSI before I can understand WiX. Either that, or all of the WiX docs need to be updated to stop making that assumption. (I like that better, but I know it’s not realistic.)
• A complete table of contents or index of all help topics. If you go to the main documentation page, you’ll see a fairly short table of contents. Say I want to add a dialog to my installer that gathers some information from the user. Which topic is that under? “How To Guides?” Nope. “Fundamental Tools and Concepts?” Nope. I don’t actually know. Any documentation I was able to find about user interface stuff was through the search box. And since there’s very little cross-linking from concept to concept, I don’t actually know if what I found was what I should have been finding. (Interestingly enough, it appears there’s sort of a one-way warp going on with the table of contents. For example, this page “Customizing Built-in WixUI Dialog Sets” shows, at the top, that it falls under a “Modifying the Installation User Interface” topic, which is under “Creating Installation Packages.” If you look at the “Creating an Installer Package” page, there is no link at all to the “Modifying the Installation User Interface” topic. That whole tree is orphaned.)
• Screen shots of all of the standard dialogs. There is a page that describes the “standard dialog set” that comes with WiX and there are textual descriptions of each of the dialogs… but there is no picture of them, so if you’re troubleshooting your installer, you need to sort of… guess… which dialog you’re looking at. Screen shots would really help to visually identify the dialogs.
• Flow charts of the standard UI. Once you figure out how to get a UI into your installer, you’ll probably want to modify it. Maybe you’ll want to add a new dialog into the flow. Except… what’s the flow? Where do I insert my dialog? I have to know the ID of the dialogs between which I want to insert my custom dialog but there’s no way to find that out. At least, none that I could figure. It was trial and error for me.
• Tips on troubleshooting and debugging. If I get error 2819 in my installer, what the hell is that supposed to mean? I know WiX is just a veneer over MSI and I don’t expect them to reproduce the MSI documentation, but a little “here’s how to troubleshoot issues in your installer” doc would be helpful. Can I add tracing somehow? Can I attach a debugger? What facilities are available to me? Even if there are none, a doc saying “you’re screwed” and a link to the error codes on MSDN would be helpful. Maybe some common solutions to common problems… if there are common problems.
• More cross-linking with relevant MSI documentation. The WiX documentation reads like it’s standalone, but it’s really not. For every document on there, there’s at least one corresponding page of MSDN documentation about MSI that would be helpful. Unfortunately, the only place you really see links to MSI docs are off the “fundamental concepts” page, and even then, there are only three links… and one is just to “the Windows Installer 4.5 SDK.” Not so helpful.
• More advanced how-to guides. Most of the guides on the site - and on the web in general - are “basic guides.” You know, “here’s how to install that EXE you built that has no dependencies, no configuration settings, and doesn’t need anything set in the registry or put into the GAC.” I’m not sure about the major WiX use case, but I don’t think an application that simple even needs an installer, let alone something written in WiX. I’m guessing that folks who have decided to go the WiX route are interested in the more intermediate and advanced scenarios. “I need to install a web site that has a database connection string that needs to be set at install time.” “I have a Windows service to install and it needs to ask for service credentials during install and maybe whether it should run on startup or manually.” Good luck with that.
• Rich examples, particularly around UI customization. One of the things I needed to do in my installer was add a custom dialog to get some data from the user about web site parameters (port number, app pool info). I want to reuse that dialog (sort of like the “Browse for Files” dialog) in different installers and may have to use it multiple times in one installer, sort of like calling a function - a “parameterized” dialog, if you will. This is easy to do in Windows forms apps. Figuring out how to create the dialog, wire it into the flow, send up the right button events, putting that together with “indirect properties,” and so on… it was a nightmare. I found a few reasonable examples of how to set up non-UI related items, but almost nothing except two-or-three line snippets when it came to UI. Even in the UI examples, they didn’t make sense. For example, when you look at an installer, the user gets asked for custom parameters after they choose a Typical/Custom/Complete install… but all of the examples insert dialogs before that choice. Admittedly, it’s easier to do that, but it’s not what you should be doing. Where are the examples that show it the right way? This goes hand-in-hand with the more advanced “how-to” guides idea, above.
• More information about web application deployment. WiX appears to be great about deploying, say, a console application, but if you follow the simple setup example they provide but use a web application instead of a Windows forms application, you’ll find the installer deploys your .dll into the root of the web app, not in the “bin” folder where it should be. How do you fix that? I posted my solution, but there is literally nothing about differences in deploying web apps from other app types. The closest it gets is documentation about “Iis Schema,” which is the extension that allows you to create IIS applications. Usage? Bah! Examples? No way, man. Just schema. Go Google for samples or blog posts if you want more. (Oh, and there’s no way I can tell that you can create an IIS7 application pool with .NET 4 and an integrated pipeline. Guessing that hasn’t made it in yet.)

I think WiX is a pretty powerful thing. I think it could help out a lot of people if it was more easily grasped - there’s a hell of a learning curve on it. I think they could get there if there was some time spent augmenting the docs.

(Dear Wrox: There’s totally a book opportunity here. There is only one book I could find on WiX, it’s from 2004, and several of the reviews claim it as “incomplete” or “not deep enough.” I’d totally buy a more recent, more complete book.)