James Kovacs' Weblog

At first glance, PowerShell appears to be yet another command shell with the interesting twist that you pipe objects between commands rather than strings. But there is more to PowerShell than that. One fascinating area is PowerShell Providers. (PowerShell Providers aren’t anything new as they’ve been there since v1. So I’m not the first – nor will I be the last – to blog about them, but hopefully some folks starting out with PowerShell find this useful…)

We’ll start with a simple example using “ls” to list the contents of a directory:

ls c:\

Now “ls” is just a two-letter version of “dir” and both are aliases for “Get-ChildItem”. How do I know that?

ls alias:

This prints out all current aliases. That funky “alias:” is a PowerShell provider. If you want a specific alias, you can “ls alias:ls” or “ls alias:dir”.

To get a list of currently installed PowerShell providers, you can use Get-PSProvider:

You should notice a few interesting entries there. You want a list of environment variables? The Environment provider does the trick:

Note that providers aren’t read-only. Let’s say you want to temporarily add a directory to your path. In cmd.exe, you would do the following:

set PATH = %PATH%;<EXTRA_DIR>;

In PowerShell, you use the Environment provider:

$env:PATH += “;<EXTRA_DIR>”;”

Notice the env: prefix that tells PowerShell that the variable is handled by the Environment provider. (Notice above that “Env” is listed as the “drive” for the Environment provider.)

Let’s explore some more…

Notice that changing drive letters is actually handled by the Function provider and are just commands.

It gets more interesting with the Registry provider through which you can access HKEY_LOCAL_MACHINE via hklm: and HKEY_CURRENT_USER via hkcu:.

You even get tab completion while typing. (Try ls hkcu:<TAB><TAB><TAB> to see various subkeys for HKEY_CURRENT_USER.) And assuming that you have write permission to the registry keys, you can set them too!

PowerShell providers aren’t limited to those shipped by Microsoft. You can in fact write your own, though I’ve never tried it. People have written their own providers for everything from SharePoint to Subversion.

So go check out PowerShell providers. Happy Scripting!

A few weeks ago Richard and Carl invited me to appear on .NET Rocks again and I jumped at the chance. I had a great time talking to them about doing more with less (writing less, but smarter code) and how convention-over-configuration changes the way that we develop software for the better. Check it out .NET Rocks #475 featuring yours truly!

Thanks to everyone who came out to my presentation last night at the Calgary .NET User Group. I enjoyed talking using convention-over-configuration techniques for doing more with less code. I demonstrated how frameworks like Fluent NHibernate, AutoMapper, Castle Windsor, ASP.NET MVC, and jQuery support this style of development. (Links below.) I only scratched the surface though. Other frameworks like StructureMap and FubuMVC also are heavily convention-based. With a bit of creative thinking, you can use these techniques in your own code to reduce duplication and increase flexibility.

• Fluent NHibernate
• NHForge
• AutoMapper
• Castle Windsor
• ASP.NET MVC
• jQuery & jQuery UI

For those of you who attended, you’ll realize why Darth Vader accompanies this post. For everyone else, you’ll have to check out the slidedeck and code:

PPTX | Code

I’ll be presenting at the Calgary .NET User Group next week. Come out for a fun discussion and lively discussion on improving your application development using convention-over-configuration techniques.

Abstract

As developers, we spend an inordinate amount of time writing “glue code”. We write code to transform database rows to domain objects… domain objects to view-models or DTOs… We write code to configure inversion of control containers and wire dependencies together. We write code to style our UIs and respond to UI events. Wouldn’t it be nice if this could happen automagically for us? This session will look at using convention-based approaches using Fluent NHibernate, AutoMapper, Castle Windsor, and jQuery to reduce the amount of repetitive code and accelerate application development.

DevTeach is my favourite conference of the year and it’s happening again in Vancouver on June 8-12, 2009. No, it’s not my favourite conference because I’m one of the Tech Chairs. It’s the other way around. I’m a Tech Chair because DevTeach is my favourite conference. For the curious, Tech Chairs do not receive an honorarium or other compensation. We do it because we love DevTeach and the community it brings together. Here are my Top 10 Reasons to attend DevTeach Vancouver.

1. It’s got a dedicated Agile Track, baby! 18 sessions of agile goodness.
2. The Agile Track has more TLAs than any other track, including TDD, BDD, DDD, ORM, IoC, and DSL!
3. Internationally renowned speakers, including Oren Eini (aka Ayende Rahien), David Laribee, Michael Stiefel, Greg Young, Eric Renaud, Francois Tanguay, Claudio Lassala, Hamilton Verissimo, Owen Rogers, Donald Belcham, and me. And that’s just the Agile Track!
4. More IoC than you can shake a stick at with sessions by Oren Eini (current maintainer of Castle Windsor), Hamilton Verissimo (creator of Castle Windsor and Microsoft PM on MEF), and me. (I feel so outclassed in that line-up.)
5. 1-day pre-conference session on Agile Development with IoC and ORM with James Kovacs and Oren Eini. Register now! ($399 CAD) Spend an intense day of coding with Oren and me learning about how to build applications with Fluent NHibernate, Windsor, AutoMapper, and other agile-friendly technologies.
6. ALT.NET Canada happening June 12-14, 2009 at the same hotel. Register now! (FREE!) (DevTeach is a major sponsor of ALT.NET Canada. Thank you, JR!)
7. .NET Rocks will be in the house again! Carl and Richard always provide lively discussion and entertainment. DevTeach Vancouver will be no different with a .NET Rocks-hosted Visual Studio 2010 Beta 1 InstallFest.
8. At DevTeach, speakers don’t hide in the Speakers Lounge. You get to meet them face-to-face and ask them questions.
9. DevTeach Education Stimulus Package! In difficult times, DevTeach trying to help out by providing three registrations for the price of two. You can find details on the Registration page.
10. DevTeach is a conference where speakers go to learn. Unlike other conferences, speakers actually go to each other’s sessions and participate. This results in lively discussions that are fun for speakers and attendees alike.

Hope to see you at DevTeach Vancouver! Don’t forget to register for the day-long Oren/James extravaganza of agile fun. Or ALT.NET Canada!

A few months back, I announced that I was doing a series of articles for MSDN Magazine on improving a “classic” ASP.NET application with modern tooling and frameworks. As an application, I chose ScrewTurn Wiki 3.0 to use as my example throughout. The first article, Extreme ASP.NET Makeover – Getting Your House in Order, went live a few days ago. The article is purposefully a different format for MSDN Magazine than “traditional” articles in that it incorporates short screencasts where appropriate rather than just code snippets and pictures. (Code snippets and pictures are included too, though!) I tried to make the screencasts an integral part of the narrative where actually showing something was easier than text, pictures, or code. I would love to hear your feedback on the format and content.

Nitpickers Corner: In the series, I use MSBuild as the build tool. Yes, I wrote my own PowerShell-based build tool, psake. Yes, I use NAnt on many of my projects for clients. (They’re already using NAnt and PowerShell is a new skillset for them.) So why MSBuild for the series? Because it is installed by default with .NET 2.0 and above. Not my first choice, but a pragmatic choice for a series focused on improving what you have.

Last night I gave a presentation on psake and PowerShell to the Virtual ALT.NET (VAN) group. I had a fun time demonstrating how to write a psake build script, examining some psake internals, discussing the current state of the project, and generally making a fool of myself by showing how much of a PowerShell noob I really am. I believe that the presentation was recorded and will be posted online in the next few days. Then you too can see me fumbling around trying to remember PowerShell syntax. I consider myself a professional developer when it comes to many areas, but in terms of PowerShell I am a hack who learns just enough to get the job done.

As promised, here are the links from the meeting…

psake Resources

Project Homepage

Users mailing list

Dev mailing list

PowerShell Resources

PowerShell Cheat Sheet
 

Windows PowerShell in Action (book)
 

Windows PowerShell Team Blog

On Twitter, I have a search for #psake. If you have a question, comment, or quibble about psake, you can use the #psake hashtag or @JamesKovacs to get my attention.

P.S. A number of people expressed interest in some of my dev-related PowerShell scripts, such as removing unversioned files from a SVN working copy, updating all SVN working copies off a common directory, cleaning a solution, … I’ll be putting them in a publicly accessible location soon and blogging about those scripts. So please be patient and don’t adjust your sets.

I don’t have to remind everyone that we’re in the middle of a world-wide economic depression downturn. When the economy is good, it is hard enough to convince your boss to re-build an application from scratch. When the economy is bad, it is bloody near impossible. In the coming months (and potentially years), I expect that as developers we’re going to be seeing more and more brownfield projects, rather than greenfield ones. We’re going to see more push for evolutionary development of applications rather than wholesale replacement. We will be called upon to improve existing codebases, implement new features, and take these projects in initially unforeseen directions. We will have to learn how to be Working Effectively with Legacy Code. (Took some effort to coerce the title of Michael Feathers’ excellent book into that last sentence.) A lot of companies have tremendous investment in existing “classic” ASP.NET websites, but there is a desire to evolve these sites rather than replace them, especially given these tough economic times. Howard Dierking, editor of MSDN Magazine, has asked me to write a 9-week series entitled From Web Dev to RIA Dev where we will explore refactoring an existing “classic” ASP.NET site. We want to improve an existing ASP.NET using new technologies, such as AJAX, jQuery, and ASP.NET MVC. We want to show that you can adopt better practices, such as continuous integration, web testing (e.g. WatiN, WatiR, Selenium), integration testing, separation of concerns, layering, and more.

So I have two questions for you, Dear Reader…

1. Can you think of a representative “classic” ASP.NET website (or websites) for the project?
2. What topics would you like to see covered?

I should clarify what I mean…

“Classic” ASP.NET Applications

I’m currently considering PetShop, IBuySpy, DasBlog, SubText, and ScrewTurn Wiki. I’m not looking for one riff with bad practices. Just an ASP.NET project in need of some TLC – one that doesn’t have a decent build script, isn’t under CI, a bit shy on the testing, little to no AJAX, etc. The code should be typical of what you would see in a typical ASP.NET application. (For that reason, I am probably going to discount IBuySpy as it is built using a funky webpart-like framework, which is not typical of most ASP.NET applications.) Some of the ASP.NET applications that I just mentioned don’t exactly qualify because they do have build scripts, tests, and other features that I would like to demonstrate. I will get permission from the project owner(s) before embarking on this quest and plan to contribute any code back to the project. Needless to say that the project must have source available to be considered for this article series. So please make some suggestions!

Topics

I have a lot of ideas of technologies and techniques to explore including proper XHTML/CSS layout, jQuery, QUnit, AJAX, HTTP Modules/Handlers, build scripts, continuous integration (CI), ASP.NET MVC, web testing (probably WatiN or Selenium), refactoring to separate domain logic from codebehind/sprocs, … I will cover one major topic per week over the 9-week series. So I’ve got lots of room for cool ideas. What would you like to see? What do you think is the biggest bang for your buck in terms of improving an existing ASP.NET application?

Depending on the topics covered (based on your feedback here), I might use one site for the entire series or different sites to cover each topic. It would add some continuity to the series to use a single site over the 9 weeks, but after a brief inspection of the codebases mentioned above, I am having my doubts about finding a single representative site. We’ll have to see. Please leave your suggestions in the comments below. Thanks in advance!

I’ve been having fun writing about my adventures in PowerShell. I would like to thank everyone for their encouragement and feedback. Something that I haven’t explicitly stated – which should go without saying as this is a blog – is that I am not a PowerShell expert. This is one man’s journey learning about PowerShell. I consider myself an expert on C#, .NET, and many other things, but as for PowerShell, I am a hacker. I learn enough to get the job done.

Yes, I wrote psake, which is a cool little PowerShell-based build tool, if I do say so myself. I wrote it in part to learn more about PowerShell and what was possible. (I surprised myself that I was able to write a task-based build system in a few hours with about 100 lines of PowerShell, ignoring comments.)

If you’re looking for PowerShell gospel, I would recommend checking out the Windows PowerShell Blog (the blog of Jeffrey Snover and the rest of the PowerShell team), Windows PowerShell in Action by Bruce Payette, the PowerScripting Podcast, or any of the myriad PowerShell MVP blogs. They are the experts. I’m just a hacker having fun.

With that disclaimer, I hope that by documenting my PowerShell learnings in public, I will help other developers learn PowerShell. I know that I am learning great things about PowerShell from my readers. In Getting Started with PowerShell – Developer Edition, I lamented the lack of grep. My friend, Chris Tavares – known for his work on Unity and ASP.NET MVC – pointed out that Select-String can perform similar functions. Awesome! Then in PowerShell, Processes, and Piping, Jeffrey Snover himself pointed out that PowerShell supports KB, MB, and GB – with TB and PB in v2 – so that you can write:

get-process | where { $_.PrivateMemorySize –gt 200MB }

rather than having to translate 200MB into 200*1024*1024 as I originally did. Fantastic!

In Writing Re-usable Scripts with PowerShell, wekempf, Peter, and Josh discussed the merits of setting your execution policy to Unrestricted. I corrected the post to use RemoteSigned, which means that downloaded PowerShell scripts have to be unblocked before running, but local scripts can run without requiring signing/re-signing. Thanks, guys. I agree that RemoteSigned is a better option.

Let’s talk security for a second. I am careful about security. I run as a normal user on Vista and have a separate admin account. When setting up teamcity.codebetter.com, the build agent runs under a least privilege account, which is why we can’t run NCover on the build server yet. (NCover currently requires admin privs, though Gnoso is working on fixing that in short order.) (Imagine if we did run builds as an Administrator or Local System. Someone could write a unit test that added a new user with admin privs to the box, log in remotely and start installing bots, malware, and other evil.) So I tend to be careful about security.

Now for my real question… What is the threat model for PowerShell that requires script signing? Maybe I’m being really dense here, but I don’t get it. Let’s say I want to do something really evil like formatting your hard drive. I create a PowerShell script with “format c:” in it, exploit a security vulnerability to drop it onto your box, and exploit another security vulnerability to launch PowerShell to execute the script. (Or I name it the same as a common script, but earlier in your search path, and wait for you to execute it.) But you’ve been anal-retentive about security and only allow signed scripts. So the script won’t execute. Damn! Foiled again! But wait! Let me just rename it from foo.ps1 to foo.cmd or foo.bat and execute it from cmd.exe. If I can execute code on your computer, there are easier ways for me to do bad things than writing PowerShell scripts. Given that we can’t require signing for *.cmd and *.bat files as this would horribly break legacy compatibility, what is the advantage of requiring PowerShell scripts to be signed by default? Dear readers, please enlighten me!

UPDATE: Joel “Jaykul” Bennett provided a good explanation in the comments. I would recommend reading:

http://blogs.msdn.com/powershell/archive/2008/09/30/powershell-s-security-guiding-principles.aspx

as it exlains the PowerShell Team’s design decision. The intention wasn’t to force everyone to sign scripts, but to disable script execution for most users (as they won’t use PowerShell), but allow PowerShell users to opt into RemoteSigned or Unrestricted as they so choose. Script signing is meant for administrators to set group policy and use signed scripts for administration (as one example use case of script signing).

Thanks again, Joel! That was faster than sifting through the myriad posts on script signing trying to find the reasoning behind it. Once again, the advantages of learning as a community!

Continuing on from last time, I will now talk about writing re-usable scripts in PowerShell. Any command that we have executed at PowerShell command line can be dropped into a script file. I have lots of little PowerShell scripts for common tasks sitting in c:\Utilities\Scripts, which I include in my path. Let’s say that I want to stop all running copies of Cassini (aka the Visual Studio Web Development Server aka WebDev.WebServer.exe).

Stop-Process -name WebDev.WebServer.exe -ErrorAction SilentlyContinue

This will terminate all running copies of the above-named process. ErrorAction is a common parameter for all PowerShell commands that tells PowerShell to ignore failures. (By default, Stop-Process would fail if no processes with that name were found.)

We’ve got our command. Now we want to turn it into a script so that we don’t have to type it every time. Simply create a new text file with the above command text called “Stop-Cassini.ps1” on your desktop using the text editor of your choice. (The script can be in any directory, but we’ll put it on our desktop to start.) Let’s execute the script by typing the following at the PowerShell prompt:

Stop-Cassini

What just happened? Why can’t PowerShell find my script? By default, PowerShell doesn’t include the current directory in its search path, unlike cmd.exe. To run a script from the current directory, type the following:

.\Stop-Cassini

Another option is to add the current directory to the search path by modifying Computer… Properties… Advanced… Environment Variables… Path. Or you can modify it for the current PowerShell session using:

$env:Path += ‘.\;’

($env: provides access to environment variables in PowerShell. Try $env:ComputerName, $env:OS, $env:NUMBER_OF_PROCESSORS, etc.)

You could also modify your PowerShell startup script, but we’ll talk about that in a future instalment. Let’s run our script again:

No dice again. By default, PowerShell does not allow unsigned scripts to run. This is a good policy on servers, but is a royal pain on your own machine. That means that every time you create or edit a script, you have to sign it. This doesn’t promote the use of quick scripts for simplifying development and administration tasks. So I turn off the requirement for script signing by running the following command from an elevated (aka Administrator) PowerShell prompt:

Set-ExecutionPolicy Unrestricted

Set-ExecutionPolicy RemoteSigned

If this command fails with an access denied error:

then make sure that you launched a new PowerShell prompt via right-click Run as administrator…

Third time is the charm…

We are now able to write and use re-usable scripts in PowerShell. In my next instalment, we’ll start pulling apart some more complicated scripts that simplify common developer tasks.

UPDATE: As pointed out by Josh in the comments, setting your execution policy to RemoteSigned (rather than Unrestricted) is a better idea. Downloaded scripts will require you to unblock them (Right-click… Properties… Unblock or ZoneStripper if you have a lot) before execution. Thanks for the correction.