The Office 2010 Beta Developer Training Kit has been released, and it’s chock full of interested presentations, links to videos, and most importantly, labs. Here’s a rundown of the labs, which you could probably use to make a full-scale Office 2010 application.

Getting Started with Office 2010 Development

Build and debug a small Word 2010 add-in. Learn how to customize the Office ribbon and use the ribbon designer. This C# lab utilizes the new dynamic keyword and uses WPF data-binding with the SharePoint Client API.

Open Xml Programming

Utilize the previous lab’s add-in to to use the Open XML SDK and a SharePoint 2010 ListEventHandler.

Business Connectivity Services

Create external content types in SharePoint Designer 2010 and Visual Studio 2010 then connect to the external data with Business Connectivity Services. You will extend a simple Outlook Form Region to use the external data once the connection is established using the SharePoint Workspace 2010 cache.

Developing BI Applications

Learn about the business intelligence offerings in SharePoint 2010 by utilizing the Chart Web Part, publishing Excel Workbooks to Excel Services, and using PerformancePoint Services to build rich dashboards to analyze business information.

InfoPath and Forms Services

Use InfoPath to define custom forms to aid in the entry of time tracking data. Learn how to use web parts to host and connect InfoPath forms, and write custom code to extend the capabilities of InfoPath forms.

Client Workflow

Using Visio 2010, SharePoint Designer 2010, and Visual Studio 2010, you will build a workflow process to approve a timesheet submission. When an entry is submitted by an employee, several fields are examined before an approved timesheet is produced. The data from this timesheet is used to generate a printable version in a Word document.

Office 2010 Service Applications

Word Services generates PDF and XPS files based on a Word document, and the Excel Service exposed a REST interface to an Excel workbook. This lab utilizes these services to build a report generation application.

Office 2010 UI Customization

Using C#, customize the UI in Office 2010, build a custom Ribbon, and build a custom Outlook Form Region.

Security and Deployment

This lab demonstrates how to deploy several Office add-ins using ClickOnce and post deployment actions. You will also learn how to create deployments containing multiple add-ins and how to create a WSP file to deploy an Office Document template.

The sessions have been scheduled for SoCalCodeCamp. If you are attending Microsoft PDC, you should definitely be attending SoCalCodeCamp as you will be getting a weekend full of great content for free!

Both of my sessions are on Saturday. First up is Mash Up – ASP.NET MVC, Bing, Bing Map, and Flickr at 12:15. Then at 4:00 I will present on RESTful Data.

I will probably attend the session on Advanced C# as the details hint at some things I’ve been discussing lately, and I want to hear the presenters’ take on things. The only concern I have is that I don’t like undue complexity… my goal is to make development easier. I think the functional and fluent paradigms in modern C# is easier once you get used to it. It’s not really “advanced” so much as a different way of thinking. Of course, I won’t know what’s up until I attend the session!

Registration for PDC 2009 is now open. If you register by September 15th you can save 500 bucks. Or you could get there my way: win a contest (hey, I’m a poor developer). As I mentioned in a previous article, INETA has a component contest that prizes a trip to PDC. But, it’s not the only one: Microsoft has announced the Code7 Contest - Code the Power of 7. It pays out great prizes, but you have to take advantage of the technologies built into Windows 7 like Libraries, Touch, Shell Integration, DirectX 11, and Sensors.

The PDC has also announced an initial list of sessions that will be available. Here are a few I’m interested in.

Zero to Awesome in Nothing Flat: The Microsoft Web Platform and You
Heavy on code and demos and light on slides. Join Scott Hanselman and build a seriously nice Web site in less than an hour using the Microsoft Web App Gallery, Web Platform Installer and the guts and glory of the Microsoft Web Platform. Starting from an open source application from the Gallery, the app customization goes into hyper drive with Microsoft Web Platform dev tools, frameworks, and database. Finish it off by optimizing for SEO and a few clicks to deploy to a real live Windows Server.

Windows Workflow Foundation 4 from the Inside Out
See why Windows Workflow Foundation 4 is a powerful platform for simplifying application coordination logic and state management. Learn about the core runtime abstractions and under-the-hood improvements related to areas such as performance, transactions, and persistence. Get insights and techniques that enhance your investments in Workflow.

The State of Parallel Programming
Parallel programming has been more difficult than it needs to be, perhaps because its tools have been treated as an “add-on” to serial programming. The objectives of composability and productivity demand something better. Come hear a relatively recent consensus view about what is needed for productive parallel programming, and why.

Petabytes for Peanuts! Making Sense Out of “Ambient” Data
Today, the key to success with data is no longer about who can afford to acquire, store and process data effectively. That’s the cheap and easy part. The challenge now is to develop ways to better use data than your competition so you can make sense of all the data you have. Learn how algorithmic processing, at modest and extreme scale, is completely changing how we build information systems. Hear how Microsoft is dealing with this shift and using these emerging concepts in their online services. Also see examples of how some of this technology is beginning to surface in Microsoft’s product stream.

Microsoft Unified Communications: Developer Platform Futures
Learn how Microsoft Communications Server and Microsoft Exchange provide a comprehensive and flexible communications platform for developers. Get a first look at the next generation of this platform through a series of demos and code examples. See how to embed Communicator features in your application using new Microsoft Silverlight and Windows Presentation Foundation (WPF) controls, and learn about the new API to develop full custom clients for Communications Server. Also see how the UC Managed API 3.0 provides access to the new Voice-over-IP features of Communication Server.

Developing Quality Software using Visual Studio Team System 2010
Poor software quality causes unnecessary losses for companies every year. Learn how Visual Studio Team System 2010's new code quality features can improve your teams ability to discover flaws early and to better understand the root cause of any issue. There are tools for everybody including architects, developers, managers, and testers.<br /><br />During this full-day workshop, we’ll start at the beginning with requirements and design, and then move into unit testing, debugging, testing, and collaboration. We will complement these with demonstrations of code quality best practices that have proven to work on a variety of projects. Come see how much easier it can be to improve code quality by using VSTS 2010!

It looks exciting! If anyone wants to hook me up with a trip to PDC, please use the contact form on my website.

Four new “How Do I” videos on Azure have been added to MSDN. Check them out!

Leverage Concurrency in Windows Azure Table Storage?

Windows Azure table storage is designed to support many users at the same time. In this session, you’ll learn how Windows Azure table storage supports concurrency, and you’ll learn a few strategies to help you deal with any concurrency violations.

Use Paging in Windows Azure Tables?

To improve application usability, many applications need to support viewing data page-by-page. In this screencast, you'll learn how Windows Azure table storage provides a built-in mechanism that allows you to efficiently page through query results.

Sync Between Devices and the Cloud with FeedSync?

Syncing the cloud and a growing world of devices is a fundamental need in today’s world. In this video, you will learn how to use FeedSync feeds to synchronize Live Framework data between a device and the cloud.

Get Started with the Messenger Web Toolkit?

Making your application sociable is easy. In this screencast, Chris Parker uses simple code to add instant messaging to his Web site. In minutes he connects his Web site to 320 million Instant Messenger (IM) users on PCs, Macs, mobile devices and Xbox 360. These efforts can help bring new users to his application and retain them for a longer period of time through the use of cool features like chat, presence, contacts and profile information.

Microsoft has published the documentation for Microsoft Office Communications Server 2007 R2. It follows the typical deployment process, so it's the first place you should look for instructions on setting one up. Here's the download link. 

At the very end of it is a Developer Guide which "provides references to a wide variety of Microsoft Office and Unified Communications SDKs and API sets." You got that right, it's really just a set of links with a few paragraphs explaining the purpose of the link. If that's all you're lookiing for, I'll save you some time by posting them here!

Office Communications Server 2007 R2 Server SDK

Unified Communications Managed API 2.0 Core SDK

Unified Communications Managed API 2.0 Speech SDK

Unified Communications Managed API 2.0 Windows Workflow Activities

Office Communicator 2007 Automation API SDK

Unified Communications Client 1.0 SDK

Unified Communications AJAX 2007 SDK

Office Live Meeting Service API

Office Live Meeting Service Portal API

Samples

I can't believe I've been writing packages for Visual Studio and didn't know about the series of blog articles on Visual Studio Exensibility by DiveDeeper or about the VSXtra project. Since I want a quick index of the LearnVSXNow! series, I'm posting links to every article. This is a series every managed package framework developer should read.

LearnVSXNow!

How to start VSX programming?
Creating an empty package
Creating a package with a simple command
Creating a package with a tool window
Basic VSX ideas
Creating our first toolset — Prolog
Creating our first toolset — Finishing the sample
Intermezzo — The regpkg.exe utility
Creating our first toolset — Refactoring to a service
Creating our first toolset — Reusing code
Testing a package
Stepping forward: “VsxLibrary” and “HowToPackage”
Menus and comands in VS IDE
Basics of the .vsct file
Creating a simple custom editor — the basics
Creating a simple custom editor — the first ten meter
Creating a simple custom editor — under pressure
Advanced VSCT concepts
PowerCommands Deep Dive — Command Architecture
PowerCommands Deep Dive — Commands and UI
PowerCommands Deep Dive — Analyzing Commands
Thinking about a new MPF
Coping with GUIDs
Introducing VSXtra
Advanced VSCT Concepts: Behind Combos
Services — with no-code service initialization
Multiple Tool Windows
VSXtraCommands Part 1 — Command handling patterns
VSXtraCommands Part 2 — Commands removing recent items
Custom Editors in VSXtra
Merging Package Menus with VSCT
VSXtra at DevCon - Part 1
VSXtra at DevCon - Part 2
Working with Hierarchies Part 1 - Hierarchy Basics
Working with Hierarchies Part 2 - Internal Structure of Hierarchies
Working with Hierarchies Part 3 - Properties and Hierarchy Traversal
Meet Visual Studio 2010 and the New VS SDK 2010 CTP
VS 2010 Editor - Text Coloring Sample Deep Dive
Working with Hierarchies Part 4 - Hierarchy Windows
Working with Hierarchies Part 5 - Managed Classes for Custom Hierarchies
Toolbar Layout and Persistence

Sidebar

Migrating to C# from C++ or VB? Redgate is offering an ebook of Illustrated C# 2008 by Daniel Solis to help you out. It has a very visual approach, with lots of figures and code samples. Best of all, it's free!

I've compiled a list of useful links for developing IE8 accelerators.

Accelerator Icon Usage Guidelines

OpenService Accelerators Developer Guide

OpenService Format Specification for Accelerators

Windows 7 Accelerator Platform

Writing an IE8 accelerator in 15 minutes (bookmark on Delicious)

How to write a "Find on MSDN" Accelerator

IE8 Accelerator for MSDN Social Bookmarks

Zune Game Development Using XNA 3.0 by Dan Waters will be released on March 23rd.

Here's the product description:

XNA 3.0 brings you the ability to create games that will run not just on the PC and Xbox 360, but also on the Zune mobile device. While creating games for Zune is, in many ways, similar to working on the other platforms, it also presents its own unique set of challenges and opportunities. Smaller screens, limited storage, and less processing power all affect the way you need to think about designing and implementing your games.

Zune Game Development Using XNA 3.0 is a comprehensive book that will guide you through the many aspects of XNA game development and their specific implementations on the Zune platform. The book addresses Zune game development concepts in detail and shows you how to apply them in practical, step–by–step examples, building complete, working XNA 3.0 examples along the way that you can download and play.

I primarily do business development, but the idea of making games for my Zune is just too good to pass up. I think I'll pick this book up next week.

The patterns & practices WCF Security Guidance project has released the the WCF 3.5 Security Guidelines. This is useful if you're trying to follow the best practices for securing your services.

Here are the categories and topics for the initial release of the guidelines. For more in depth information, go to the site.  

Categories

• Auditing and Logging
• Authentication
• Authorization
• Binding
• Configuration Management
• Exception Management
• Hosting
• Impersonation and Delegation
• Input/Data Validation
• Proxy Considerations
• Deployment considerations 

Auditing and Logging

• Use WCF auditing to audit your service
• If non-repudiation is important, consider setting SuppressAuditFailure property to false
• Use message logging to log operations on your service
• Instrument for user management events
• Instrument for significant business operations
• Protect log files from unauthorized access
• Do not log sensitive information

Authentication

• Know your authentication options
• Use Windows Authentication when you can
• If you support non-WCF clients using windows authentication and message security, consider using the Kerberos direct option
• If your users are in AD, but you can’t use windows authentication, consider using username authentication
• If your clients have certificates, consider using client certificate authentication
• If you need to streamline certificate distribution to your clients for message encryption, consider using the negotiate credentials option
• If your users are in a custom store, consider using username authentication with a custom validator
• If your users are in a SQL membership store, use the SQL Membership Provider
• If your partner applications need to be authenticated when calling WCF services, use client certificate authentication.
• If you are using username authentication, use SQL Server Membership Provider instead of custom authentication
• If you need to support intermediaries and a variety of transports between client and service, use message security to protect credentials
• If you are using username authentication, validate user login information
• Do not store passwords directly in the user store
• Enforce strong passwords
• Protect access to your credential store
• If you are using Windows Forms to connect to WCF, do not cache credentials

Authorization

• If you use ASP.NET roles, use the ASP.NET Role Provider
• If you use windows groups for authorization, use ASP.NET Role Provider with AspNetWindowsTokenRoleProvider
• If you store role information in SQL, consider using the SQL Server Role Provider for roles authorization
• If you store role information in Windows Groups, consider using the WCF PrincipalPermissionAttribute class for roles authorization
• If you need to authorize access to WCF operations, use declarative authorization
• If you need to perform fine-grained authorization based on business logic, use imperative authorization

Binding

• If you need to support clients over the internet, consider using wsHttpBinding.
• If you need to expose your WCF service to legacy clients as an ASMX web service, use basicHttpBinding
• If you need to support remote WCF clients within an intranet, consider using netTcpBinding.
• If you need to support local WCF clients, consider using netNamedPipeBinding.
• If you need to support disconnected queued calls, use netMsmqBinding.
• If you need to support bidirectional communication between WCF Client and WCF service, use wsDualHttpBinding.

Configuration Management

• Use Replay detection to protect against message replay attacks
• If you host your service in a Windows service, expose a metadata exchange (mex) binding
• If you don’t want to expose your WSDL, turn off HttpGetEnabled and metadata exchange (mex)
• Manage bindings and endpoints in config not code
• Associate names with the service configuration when you create service behavior, endpoint behavior, and binding configuration
• Encrypt configuration sections that contain sensitive data

Exception Management

• Use structured exception handling
• Do not divulge exception details to clients in production
• Use a fault contract to return error information to clients
• Use a global exception handler to catch unhandled exceptions

Hosting

• If you are hosting your service in a Windows Service, use a least privileged custom domain account
• If you are hosting your service in IIS, use a least privileged service account
• Use IIS to host your service unless you need to use a transport that IIS does not support

Impersonation and Delegation

• Know the impersonation options
• If you have to flow the original caller, use constrained delegation
• Consider LogonUser when you need to impersonate but you don’t have trusted delegation
• Consider S4U when you need a Windows token and you don’t have the original caller’s credentials
• Use programmatic impersonation to impersonate based on business logic
• When impersonating programmatically be sure to revert to original context
• Only impersonate on operations that require it
• Use OperationBehavior to impersonate declaratively

Input/Data Validation

• If you need to validate parameters, use parameter inspectors
• If your service has operations that accept message or data contracts, use schemas to validate your messages
• If you need to do schema validation, use message inspectors
• Validate operation parameters for length, range, format and type
• Validate parameter input on the server
• Validate service responses on the client
• Do not rely on client-side validation
• Avoid user-supplied file name and path input
• Do not echo untrusted input

Proxy Considerations

• Publish your metadata over HTTPS to protect your clients from proxy spoofing
• If you turn off mutual authentication, be aware of service spoofing

Deployment considerations

• Do not use temporary certificates in production
• If you are using a custom domain account in the identity pool for your WCF application, create an SPN for Kerberos to authenticate the client.
• If you are using a custom service account and need to use trusted for delegation, create an SPN
• If you are hosting your service in a Windows Service, using a custom domain identity, and ASP.NET needs to use constrained trusted for delegation when calling the service, create an SPN
• Use IIS to host your service unless you need to use a transport that IIS does not support
• Use a least privileged account to run your WCF service
• Protect sensitive data in your configuration files

My Related Posts