Visual Studio 2012 Update 1 Sucks

Don’t install it unless you want VS to shut itself down multiple times a day and run slow as hell.

A Short, Friendly GUID/UUID in .NET

I recently committed to returning a unique ID that was 18 characters or less as part of the response from a new version of an existing web method I support. This value would be stored and used for subsequent calls to other web methods and would potentially be manually entered into a website query page.

Easy, you say. Just use an IDENTITY (or SEQUENCE in Oracle) column (which is already in place as a surrogate key, BTW). The problem with IDENTITY columns is that you have to wait for the call to the database to complete before you know what the value will be. In this scenario, we are using MSMQ to enhance the performance and reliability of the operation — this allows us to return from the web method call without waiting on the DB (which *usually* is quite fast but slows down for short periods of time infrequently). This web method gets called very frequently and the calls can be bursty, so the queuing maintains a very quick response time under all circumstances.

I had planned all along to use a GUID/UNIQUEIDENTIFIER column in the underlying table with the GUID generated during the web method call and written to the write queue with the rest of the data. Unfortunately, I confused two numbers in my head when I made this commitment. GUIDs are 16 *bytes* long but their default display format is actually 32 hex digits with 4 dashes thrown in for good measure.

I didn’t want to go back to the client and ask for them to increase the size of this field. Especially since this was going to be a human queriable field on a web site. I considered base 36 encoding the GUID, but that would still take 25 digits. Next I considered Base64 Encoding a GUID which is actually quite clever but it still came up “short” (or should I say long) by 4 digits compressing the GUID down to 22 digits. But still a nice improvement over 36.

Rick Strahl (a very prolific, well-written .net blogger) contemplated using GetHashCode().ToString(“x”) on a variety of targets, but I couldn’t get comfortable with statistical validity of this approach.

I considered using a combination of a time-based value (such as DateTime.Ticks) but I could not get past the bursty usage problem with those. I also felt that I must be re-inventing the wheel. The GUID was the “best practice” and I couldn’t help but feel I should utilize that approach or at least a similar one.

The “G” in GUID stands for global. I really didn’t need “global” uniqueness. In fact, I just needed to guarantee statistical uniqueness for all these specific types of calls made by a particular client. I could use the “client id” as part of the lookup to further reduce the “uniqueness” required. I then did some research on UUIDs (GUID is just MS’s brand name for UUID) and saw that later versions of the algorithm use random number generators. I decided that if 128 bits gets me “global” uniqueness, I could get by with a few less for my scenario. So now the question was how to encode those bits

I actually used base 36 over a decade ago in an Xbase application to avoid having to increase the width of a field but there are a couple of problems with it. First, because 36 is not a power of 2, you cannot easily (as in bit shifting) convert bits to digits. Second, 0/O (zero, and oh) and 1/I (one and eye) can easily be confused, particularly in some fonts.

Removing those four digits leads to my choice, base 32 with 2-9 and the capital letters minus O and I as the digits. You can easily convert to base 32 because it’s a power of 2 and you get a very friendly set of digits with good bit density.

Now the final piece of the puzzle was how to generate “good” random numbers. Good for me meant that there was a very, very low probability of collisions, even if I was generating an ID on the same machine every 10 milliseconds or so. As I mentioned above, usage of the service can be bursty. Some clients are psuedo-batching their work and hit the service hard for a relatively short period of time.

While doing some research on .net random number generation, I learned that it is much better to instantiate the generator once than it is to repeatedly instantiate it for each number. This sounds counter-intuitive at first, but makes sense when you think about the time-base default seeding these generators use. So a singleton was in order.

Finally, I had to choose between venerable RAND and RNGCryptoServiceProvider. Although I think using the singleton approach with a single instance of RAND would have worked, I felt more comfortable with the more robust seeding used by RNGCryptoServiceProvider. Particularly since we are running on clusters and our web service calls are sessionless (no affinity).

There’s one final wrinkle. In my scenario, I have a unique (most of the time) 32 bit integer value available. I wanted to incorporate that into my scheme to further reduce the odds of a collision. I do this by taking a byte array as an input that is “mixed” with the random bytes to produce the ID.

Without further adieu, here’s the code for the class itself and some unit tests:

using System;
using System.Security.Cryptography;

public class UniqueIdGenerator
	private static readonly UniqueIdGenerator _instance = new UniqueIdGenerator();
	private static char[] _charMap = { // 0, 1, O, and I omitted intentionally giving 32 (2^5) symbols
		'2', '3', '4', '5', '6', '7', '8', '9', 
		'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'

	public static UniqueIdGenerator GetInstance()
		return _instance;

	private RNGCryptoServiceProvider _provider = new RNGCryptoServiceProvider();

	private UniqueIdGenerator()

	public void GetNext(byte[] bytes)

	public string GetBase32UniqueId(int numDigits)
		return GetBase32UniqueId(new byte[0], numDigits);
	public string GetBase32UniqueId(byte[] basis, int numDigits)
		int byteCount = 16;
		var randBytes = new byte[byteCount - basis.Length];
		var bytes = new byte[byteCount];
		Array.Copy(basis, 0, bytes, byteCount - basis.Length, basis.Length);
		Array.Copy(randBytes, 0, bytes, 0, randBytes.Length);

		ulong lo = (((ulong)BitConverter.ToUInt32(bytes, 8)) << 32) | BitConverter.ToUInt32(bytes, 12); // BitConverter.ToUInt64(bytes, 8);
		ulong hi = (((ulong)BitConverter.ToUInt32(bytes, 0)) << 32) | BitConverter.ToUInt32(bytes, 4);  // BitConverter.ToUInt64(bytes, 0);
		ulong mask = 0x1F;

		var chars = new char[26];
		int charIdx = 25;

		ulong work = lo;
		for (int i = 0; i < 26; i++)
			if (i == 12)
				work = ((hi & 0x01) << 4) & lo;
			else if (i == 13)
				work = hi >> 1;
			byte digit = (byte)(work & mask);
			chars[charIdx] = _charMap[digit];
			work = work >> 5;

		var ret = new string(chars, 26 - numDigits, numDigits);
		return ret;
using System;
using System.Collections.Generic;
using NUnit.Framework;

public class UniqueIdGeneratorTest
	public void GetInstanceTest()
		var instance = UniqueIdGenerator.GetInstance();
		Assert.AreSame(instance, UniqueIdGenerator.GetInstance());

	public void GetNextTest()
		var b1 = new byte[16];
		for (int i = 0; i < 16; i++ ) b1[i] = 0;
		Assert.That(Array.Exists(b1, b => b != 0)); // This could be false every billion years or so

	public void GetBase32UniqueIdTest()
		var b1 = new byte[16];	
		for (int i = 0; i < 16; i++) b1[i] = 0;
		string id = UniqueIdGenerator.GetInstance().GetBase32UniqueId(b1, 26);
		Assert.AreEqual(26, id.Length);
		Assert.AreEqual(new string('2', 26), id);

		b1 = new byte[] { 0xFF, 0xFF, 0xFF, 0xFF };
		id = UniqueIdGenerator.GetInstance().GetBase32UniqueId(b1, 26);
		Assert.AreEqual(26, id.Length);
		Assert.AreEqual("ZZZZZZ", id.Substring(20, 6));

		id = UniqueIdGenerator.GetInstance().GetBase32UniqueId(b1, 6);
		Assert.AreEqual(6, id.Length);
		Assert.AreEqual("ZZZZZZ", id);

		id = UniqueIdGenerator.GetInstance().GetBase32UniqueId(18);
		Assert.AreEqual(18, id.Length);

		var id2 = UniqueIdGenerator.GetInstance().GetBase32UniqueId(18);
		Assert.AreEqual(18, id2.Length);

		Assert.AreNotEqual(id, id2);

	[Test, Ignore]
	public void GetBase32UniqueIdDupeTest()
		var alreadySeen = new Dictionary<string, string>(1000000);
		for (int i = 0; i < 100000000; i++)
			var id = UniqueIdGenerator.GetInstance().GetBase32UniqueId(12);
			alreadySeen.Add(id, id);

Easily Create DataTables For Unit Tests

Ideally, you have a data access layer that only returns domain objects or data transfer objects. The key is real, strongly-typed objects. One of the many reasons for this is to make unit testing easier. Unfortunately, sometimes you are stuck working with code that uses datatables. I’ve recently written a function that takes most of the pain out of creating datatables for unit testing. This function and the code that calls it takes advantage of several new c# features: lamda expressions, object initializers, list initializers, and auto-implemented properties. It also uses generics and reflection.

The first thing that stinks about creating datatables from scratch is that you have to manually define the columns which is tedious. The second thing that stinks is that you can only add rows to the datatable using an object array which means you have to count commas to keep track of which column you are populating. Or you have to do something awkward like obj[datatable.Columns["FieldName"].Ordinal] = “somevalue”. To get around this, the first step is to define the structure of our rows by creating a simple class, EG:

public class Person
	public string LastName { get; set; }
	public string FirstName { get; set; }
	public DateTime DateOfBirth { get; set; }
	public decimal Salary { get; set; }

Now we can call the method with a very convenient syntax that capitalizes on object and list initializers:

public DataTable GetPeople()
	return ListToTable(new List<Person> {
		new Person {
			LastName = "Opincar",
			FirstName = "John",
			DateOfBirth = new DateTime(1901, 1, 1),
			Salary = 250000.00M
		new Person {
			LastName = "Lincoln",
			FirstName = "Abe",
			DateOfBirth = new DateTime(1801, 1, 15),
			Salary = 1000.00M

If you’ve ever manually populated datatables you can really appreciate what a huge improvement this is.

Finally, we discuss the method itself. Using reflection, we can leverage the type information stored in Person to create our datatable columns in a generic method that takes a List as input and returns a datatable:

public DataTable ListToTable<T>(List<T> rows)
	var dt = new DataTable();
	var props = typeof(T).GetProperties();
	Array.ForEach(props, p => dt.Columns.Add(p.Name, p.PropertyType));
	foreach ( var r in rows )
		object[] vals = new object[props.Length];
		for (int idx = 0; idx < vals.Length; idx++)
			vals[idx] = props[idx].GetValue(r, null);
	return dt;

I hope you find this method as useful as I have.

PGP Single Pass Sign and Encrypt with Bouncy Castle

Bouncy Castle is a great open source resource. However, the off-the-shelf PGP functionality is severely lacking in real-world-usabaility. Most of what you need is easy enough to code up yourself (and I would love to contribute what I’ve done if I could). One thing that you really need that doesn’t come built-in and is actually quite hard to do right is PGP Single Pass Sign and Encrypt. Here’s a class in the style of csharp\crypto\test\src\openpgp\examples\KeyBasedFileProcessor.cs that does exactly that.

using System;
using System.IO;
using Org.BouncyCastle.Bcpg;
using Org.BouncyCastle.Bcpg.OpenPgp;
using Org.BouncyCastle.Security;

namespace PgpCrypto
	public class PgpProcessor
		public void SignAndEncryptFile(string actualFileName, string embeddedFileName,
			Stream keyIn, long keyId, Stream outputStream,
			char[] password, bool armor, bool withIntegrityCheck, PgpPublicKey encKey)
			const int BUFFER_SIZE = 1 << 16; // should always be power of 2

			if (armor)
				outputStream = new ArmoredOutputStream(outputStream);

			// Init encrypted data generator
			PgpEncryptedDataGenerator encryptedDataGenerator =
				new PgpEncryptedDataGenerator(SymmetricKeyAlgorithmTag.Cast5, withIntegrityCheck, new SecureRandom());
			Stream encryptedOut = encryptedDataGenerator.Open(outputStream, new byte[BUFFER_SIZE]);

			// Init compression
			PgpCompressedDataGenerator compressedDataGenerator = new PgpCompressedDataGenerator(CompressionAlgorithmTag.Zip);
			Stream compressedOut = compressedDataGenerator.Open(encryptedOut);

			// Init signature
			PgpSecretKeyRingBundle pgpSecBundle = new PgpSecretKeyRingBundle(PgpUtilities.GetDecoderStream(keyIn));
			PgpSecretKey pgpSecKey = pgpSecBundle.GetSecretKey(keyId);
			if (pgpSecKey == null)
				throw new ArgumentException(keyId.ToString("X") + " could not be found in specified key ring bundle.", "keyId");
			PgpPrivateKey pgpPrivKey = pgpSecKey.ExtractPrivateKey(password);
			PgpSignatureGenerator signatureGenerator = new PgpSignatureGenerator(pgpSecKey.PublicKey.Algorithm, HashAlgorithmTag.Sha1);
			signatureGenerator.InitSign(PgpSignature.BinaryDocument, pgpPrivKey);
			foreach (string userId in pgpSecKey.PublicKey.GetUserIds())
				PgpSignatureSubpacketGenerator spGen = new PgpSignatureSubpacketGenerator();
				spGen.SetSignerUserId(false, userId);
				// Just the first one!

			// Create the Literal Data generator output stream
			PgpLiteralDataGenerator literalDataGenerator = new PgpLiteralDataGenerator();
			FileInfo embeddedFile = new FileInfo(embeddedFileName);
			FileInfo actualFile = new FileInfo(actualFileName);
			// TODO: Use lastwritetime from source file
			Stream literalOut = literalDataGenerator.Open(compressedOut, PgpLiteralData.Binary,
				embeddedFile.Name, actualFile.LastWriteTime, new byte[BUFFER_SIZE]);

			// Open the input file
			FileStream inputStream = actualFile.OpenRead();

			byte[] buf = new byte[BUFFER_SIZE];
			int len;
			while ((len = inputStream.Read(buf, 0, buf.Length)) > 0)
				literalOut.Write(buf, 0, len);
				signatureGenerator.Update(buf, 0, len);


			if (armor)

Compare Files Method in C# Unit Testing

I’ve been working on a class that wraps the low-level PGP crypto capabilities of Bouncy Castle and presents a higher-level, directly-usable interface similar to a command-line utility. One obvious test is to start with a file, sign and encrypt it, then decrypt it, and compare the result with the original. I’ve gotten so spoiled to having so many rudimentary things like this already available in the .net framework I was surprised when I didn’t find a Compare method on the File class or anything like it somewhere else. If there is something already built-in, please post a comment. If there isn’t, hopefully this small method will save a few people a few minutes.

private bool FileCompare(string srcFileName, string dstFileName)
	const int BUFFER_SIZE = 1 << 16;

	FileInfo src = new FileInfo(srcFileName);
	FileInfo dst = new FileInfo(dstFileName);
	if ( src.Length != dst.Length )
		return false;

	using ( Stream srcStream = src.OpenRead(), 
		dstStream = dst.OpenRead() )
		byte[] srcBuf = new byte[BUFFER_SIZE];
		byte[] dstBuf = new byte[BUFFER_SIZE];
		int len;
		while ((len = srcStream.Read(srcBuf, 0, srcBuf.Length)) > 0)
			dstStream.Read(dstBuf, 0, dstBuf.Length);
			for ( int i = 0; i < len; i++)
				if ( srcBuf[i] != dstBuf[i]) 
					return false;
		return true;

Counting Messages in an MSMQ MessageQueue from C#

Surprisingly, this not as easy as MessageQueue.Count; When I searched for how to do this, I kept seeing solutions that required use of COM interop or Performance Counters. I didn’t really like either of those suggestions so I figured I’d just try Peek with a cursor. I was pleasantly surprised to find that this method was more than adequate for my needs. I ran this against a queue with 1000 (relatively small) messages and, including the time to open the queue, this took only 0.04 seconds. I was using private, transactional queues. I haven’t tested any other scenarios. But for my needs, this worked fine.

protected Message PeekWithoutTimeout(MessageQueue q, Cursor cursor, PeekAction action)
	Message ret = null;
		ret = q.Peek(new TimeSpan(1), cursor, action);
	catch (MessageQueueException mqe)
		if (!mqe.Message.ToLower().Contains("timeout"))
	return ret;

protected int GetMessageCount(MessageQueue q)
	int count = 0;
	Cursor cursor = q.CreateCursor();

	Message m = PeekWithoutTimeout(q, cursor, PeekAction.Current);
	if (m != null)
		count = 1;
		while ((m = PeekWithoutTimeout(q, cursor, PeekAction.Next)) != null)
	return count;			


Generic Methods in Non-Generic Classes in c#

I’ve been using generic classes quite a bit over the last few years. However, I had never used a generic method in a non-generic class until today. I had a web service class that was using declaritive attributes to generate the WSDL. I already had a generic class, WebMethod<R>, that I was using as the base class of all my web methods to encapsulate common functionality such as authentication, logging, etc. There were some things that I needed to in the web service class that I did not want to move to the generic web method class. However, I did not want to duplicate that code in each web method of the web service. Here’s the solution, a generic method in a non-generic class. This code has been simplified for demo purposes:

  Description="Some web service.")]
public class SomeWebService : System.Web.Services.WebService {
	public R Run<R>(WebMethod<R> method) where R : IWebServiceResponse, new() {
		method.UserHostAddress = this.Context.Request.UserHostAddress;
		if (AppConfig.GetSetting("systemFactoryType").ToLower() == "local") {
			method.SystemFactory = new LocalSystemFactory();
		return method.Run();

	[WebMethod(Description = "Take Action.")]
	public ActionResponse Action(UserToken user, ActionRequest request) {
		return Run(new ActionWebMethod(user, request));

	[WebMethod(Description = "Fiddle.")]
	public FiddleResponse Fiddle(UserToken user, FiddleRequest request) {
		return Run(new FiddleWebMethod(user, request));

public abstract class WebMethod<R> where R : IWebServiceResponse, new() {
	public SystemFactory SystemFactory {
		set { _systemFactory = value; }

	protected abstract void RunMethod();

	public R Run() {
		_response = new R();
		if (Login()) {
		return _response;

WebMethod initializes SystemFactory to a remoted implementation in the constructor. I wanted to be able to change that to a non-remoted implementation via the web.config. Similarly, I did not want to add Host Address to the WebMethod constructor, but when I am actually calling the web methods from the web service, I do want to record the Host Address. Without the generic method, I would end up duplicating this code in the body of each web method.

Note that I do not have to explicitly provide a type when I am calling Run, the compiler infers it for me.


Get every new post delivered to your Inbox.