Interesting rendez-vous with NDepend

This story starts in December 2008, but I found out only last June…..

Back in 2008 Patrick Smacchia of NDepend contacted me via my blog to ask me if I was interested in testing NDepend, but unfortunately I wasn’t notified of his message. Almost 4 years later (!) I came by accident across his message and decided to contact him and the request still stood Smile.

I already knew NDepend from early releases. Back then I ran into the famous “File or assembly name or one of its dependencies not found” exception and it was sometimes a challenge to find out which dependency was missing. Moreover because the dependencies also might have missing dependencies themselves, and so on. A first look at current NDepend made me happy because I saw the tool has evolved tremendously.

One of the reasons I started developing the BizTalk Software Factory is the fact that I think developers should be assisted in their work to build consistent, reliable and maintainable software. While looking at the features of NDepend I got enthusiastic about that part of the capabilities of NDepend.

This blog post is a review of some of the capabilities of NDepend. It is capable of much much more, so I’d like to refer to the website for additional information, documentation and instruction videos.

So of the list of features of NDepend, I like to focus on Code Quality, Code Query, Code Metrics, Explore Architecture, Detecting Dependency Cycles and Complexity and Diagrams.

If you’re involved in BizTalk development you probably know that tools like FxCop (now called Visual Studio Code Analysis) and things like Visual Studio Code Coverage are almost meaningless because most of the code is generated. But this doesn’t count for custom components like libraries, helper components, custom pipelines, custom functoids etc. It still is valuable to have tools checking the quality of your code and detect unwanted dependencies. But of course, the more custom written code you have, the more valuable tools become.

So lets start with some of the features that I like most from a code quality perspective. For this blog I use NDepend v4.0.2 Professional which I installed as Add-in for Visual Studio 2010. For my website I used the open source Orchard CMS and I took that code to do some testing.

In Visual Studio a new NDepend menu option shows up. With the option “Attach a new NDepend Project to VS Solution” you can add NDepend analysis to a project and it starts analyzing right away (if you leave the checkbox checked).

In the lower right corner of the Visual Studio a circle shaped indicator is visible after installing NDepend and after analyzing Orchard CMS the indicator is red. The results of the analysis are in the image below. Also clicking on the indicator displays the “Queries and Rules Explorer” which shows what rules actually are violated. This is a nice an quick overview of the violations.


In this example the “Methods too complex” violation is clicked, resulting in displaying the details in the “Queries and Rules Edit” dialog. By hovering over mehod “indexPOST”, a small dialog will be added on the right side of the explorer with details about the file and code metrics. Double clicking “indexPOST” will take you directly to the actual code. It is so easy to navigate to problem locations with this.

Because there are so many rules checked, it is also valuable to just take a look at the violations to learn from best practices. Besides the build-in rules, also custom queries over code are possible. All queries use LINQ style called CQLinq to retrieve information. All code metrics are written using the LINQ queries so it is easy to add your own (or take advantage of queries written by others).


Before NDepend I would have no idea how to find out the number of method in my code with more than 6 parameters, more than 10 declared variables or more than 50 lines of code. Or a combination of that. With this LINQ syntax it is a piece of cake.

For example a query to find all methods where the number of variables > 40(!) and are public.

from m in Methods where m.NbVariables > 40 && m.IsPublic select m
It is amazing to see what’s possible by just trying, assisted by intellisense!
Another really (and I mean really really) awsome feature is the Metric View, which is a visual representation of the code by module and size.

The size of every rectangle indicates the size of the method.

A second view uses LINQ queries again to visualize in this case the top 50 methods by number of lines of code. By visualizing this in the Metric View it becomes immediately clear where problems are located. Of course other metrics can be made visible in this way.

I’d like to end with another nice feature, the dependency graph and dependency matrix. The matrix shows an overview of the dependencies modules have on each other. Not only the dependencies between project components, but also dependencies on .NET system libraries are shown, which gives you insight into what assemblies actually are used in your project.

This view definitely will give you a better understanding of your code and might raise an eye brow if you find out you’re depending on an assembly that you’re not supposed to depend on. Especially if you’re responsible for a clean architecture in a large development team you need to verify the code doesn’t violate your architecture.

This tool is so comprehensive that I couldn’t possibly cover all features, but I’ve touched the ones that I’m most interested in. I’m really impressed by NDepend and I’m sure I’ll use it in upcoming projects. Being able to query the quality of your code is just awesome!


Didago IT Consultancy

SSO Config Cmd Tool

Every experienced BizTalk developer knows that the SSO store is a good place to safely store configuration information. It is secure, distributed and can be updated without having to dive into configuration files (but too bad the host instances have to be restarted after a change before it is picked up). Accessing the SSO used to be difficult until Richard Seroter wrote a tool for it.

In 2009 Microsoft acknowledged the problems and introduced an MMC snap-in to basically do the same thing, but then with a nice user interface. However so far no command line version appears to be available to support automated deployment. Although the Microsoft package contains MSBuild support, I couldn’t find a commandline version so I decided to write/create one myself.

The tool is no rocket science, most of the code is borrowed from the code the MMC snap-in executes to perform tasks (long live ILSpy).

The tool supports importing, exporting, deleting, retrieving details and listing SSO applications.

With the MMC snap-in there now are two SSO tools available, because also the good old ENTSSO Administration tool is present. The weird thing is that the ENTSSO Administration tool displays more SSO applications than the MMC snap-in does. The reason for this is the strange fact that the MMC snap-in only retrieves SSO applications where the contact information equals .com”>“BizTalkAdmin@<company_specified_in_sso>.com”. This is not always an issue because creating an SSO application automatically sets “BizTalkAdmin@<yourcompany>.com” as the contact email address. It will become an issue if you have to change the email address for example because you don’t have a .com domain…..

Filtering still serves a purpose because there are some default SSO applications that shouldn’t show up in the tool, like adapter configuration settings. In the SSO Config Cmd Tool this potential problem is solved by taking the opposite approach, namely to exclude the contact email addresses “” and “” because they are related to the build-in SSO applications.

Let’s take a look at the tool and go over the actions one by one.

If you open the SSO snap-in, you’ll get this user interface. For demo purposes I already created a ‘TestApp2’ with two keys.

If you run the SSOConfigCmdTool without arguments, you’ll get help about the usage of the tool.

To list all SSO applications, where the contact info is not “” or “”:

To retrieve the details of this ‘TestApp2’ application (as you can see the tool is case insensitive):

To export an SSO application, you need a encryption/decryption key and of course a file to export to. If you omit the extension automatically ‘.sso’ is appended. After the export a file is present at the specified location.

To be able to demonstrate the import, first the delete:

After delete, as expected the SSO snap-in doesn’t display the SSO application anymore:

Next we run the import to reinstall the SSO application. The nice thing is you can supply a different name for it (here ‘ImportedTestApp’ is used’).

Now we run into the issue mentioned above. The SSO snap-in doesn’t display the newly created application, while the good old ENTSSO Administration tool does. This is caused by the filter I previously discussed. The SSOConfigCmdTool doesn’t know your SSO company name, so it imports (creates) the SSO application with contact information ‘’, which will be filtered out by the SSO snap-in.

How to solve this?

One option is not to solve it, because the SSO application is actually there despite the fact that it isn’t displayed.

Another option is to go into the ENTSSO Administration tool and change the contact info to .com”>“BizTalkAdmin@<company_specified_in_sso>.com”, but that would involve manual intervention.

The most easy and sustainable way is to grab the source code from this tool and change “YourCompany” to <company_specified_in_sso>, which is in fact just a single line of code in the Program class.

Just compile it after the change and you’re good to go.

Anyhow, after setting the contact information correctly, the imported SSO application shows up.


The executable and the source code of the tool can be downloaded here at CodePlex.

If you run into an issue, please let me know so I can improve the tool. And of course I’m curious if this tool already existed…..


Didago IT Consultancy